Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Proxy settings change automatically


  • This topic is locked This topic is locked
10 replies to this topic

#1 bturkmen

bturkmen

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 14 September 2014 - 11:32 AM

Greetings,

 

I'm using Windows 8.1 on an HP Pavilion PC. My problem is that in LAN settings, I cannot use automatic configuration. I select and save that option but when I check it after a short time, I see that "Use proxy server for your LAN" is selected automatically. I change it but the same thing happens. I suppose the problem began when I installed Hotspot Shield but although I've uninstalled it, the problem persists. Could anyone help? Thanks in advance.

 

I've run FRST. The addition.txt is attached to this post and here is the log.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by admin (administrator) on HP on 11-09-2014 22:34:28
Running from C:\Users\admin\Downloads
Platform: Windows 8.1 (X64) OS Language: Türkçe (Türkiye)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\nis.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
() C:\Program Files (x86)\RocketTab\Client.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17200_none_fa7026dd9b04586e\TiWorker.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-06-18] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-06-18] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-05-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKU\S-1-5-21-550401175-961969366-1688721761-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [115032 2014-02-12] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-550401175-961969366-1688721761-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-550401175-961969366-1688721761-1001\...\MountPoints2: J - "J:\autorun.exe" 
ShellIconOverlayIdentifiers: MountOverlayIcon -> {0F49CF41-FD97-4942-9F2A-35E8B489E7FB} => C:\Program Files\WinMount\WinMTExt.dll (WinMount International Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:49499;https=127.0.0.1:49499
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPALL13/155
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPALL13/155
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPALL13/155
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - 6C38E8F00C18B0E4FF68DB5F8C664B21 URL = http://gorsel.yandex.com.tr/yandsearch?win=119&clid=1979777&text={searchTerms}
SearchScopes: HKCU - 7B708D5CD3CF3B2712EE5CEB1EEAFA98 URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - A8EC1C80AE9DD01093D0A78A4E6AFBC7 URL = http://video.yandex.com.tr/#search?win=119&clid=1979777&text={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\..\Interfaces\{CBA94DB9-5FBC-4B1F-808C-C244ED5BD3F9}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default
FF NewTab: yafd:tabs
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.yandex.com.tr/?win=119&clid=1979776
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\gorsel.yandex.com.tr-203542.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\haber.yandex.com.tr-203542.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\video.yandex.com.tr-203542.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.com.tr-203542.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yqs-barff-yagorsel.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yqs-barff-yahaber.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yqs-barff-yandex.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yqs-barff-yavideo.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yandex-tr.xml
FF Extension: Візуальныя закладкі - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\vb@yandex.ru [2014-09-11]
FF Extension: Кампанент "Элементы Яндекса" - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\yasearch@yandex.ru [2014-09-06]
FF Extension: DownloadHelper - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: anonymoX - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\client@anonymox.net.xpi [2014-06-14]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn [2014-09-11]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com.tr/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> CA7434945B8179303D28F9D1921448DAE81541340383C815CF5D26298E3BE764
CHR DefaultSearchURL: Default -> E84E6EADBE360E8C138BB8081314B14BD44A4D043F2D2989EFC6FD0651FA8EA0
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Çeviri) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2013-05-13]
CHR Extension: (Avira Browser Safety) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-06-09]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2013-05-13]
CHR Extension: (Google Mail Checker) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-05-13]
CHR Extension: (Google Cüzdan) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-13]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\Exts\Chrome.crx [2014-08-10]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [387928 2014-02-12] (Garmin Ltd or its subsidiaries)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe [276376 2014-08-01] (Symantec Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-06-18] (IDT, Inc.) [File not signed]
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-25] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\BASHDefs\20140821.007\BHDrvx64.sys [1588016 2014-08-19] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1505000.013\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\IPSDefs\20140910.002\IDSvia64.sys [633560 2014-08-31] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140910.002\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140910.002\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1505000.013\SRTSP64.SYS [875736 2014-02-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1505000.013\SRTSPX64.SYS [36952 2014-02-11] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1505000.013\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1505000.013\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1505000.013\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-03-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1505000.013\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1505000.013\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
R3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R1 WMDrive; C:\WINDOWS\SysWOW64\drivers\WMDrive.sys [92536 2014-04-10] (WinMount International Inc)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-11 22:34 - 2014-09-11 22:34 - 00022398 _____ () C:\Users\admin\Downloads\FRST.txt
2014-09-11 22:33 - 2014-09-11 22:34 - 00000000 ____D () C:\FRST
2014-09-11 22:31 - 2014-09-11 22:31 - 02105856 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2014-09-11 08:31 - 2014-09-11 08:35 - 11877364 _____ () C:\Users\admin\Desktop\Disease_outbreak_threatens_Somali_refugees.mp4
2014-09-11 01:15 - 2014-09-11 01:17 - 05067019 _____ () C:\Users\admin\Desktop\UNLOCK_THE_CAMPS_IN_SRI_LANKA_Amnesty_International.mp4
2014-09-11 01:10 - 2014-09-11 01:15 - 12680596 _____ () C:\Users\admin\Desktop\Sri_Lankan_Tamils_300_000_detained_in_so_called_welfare_camps_FREE_THEM.mp4
2014-09-11 00:35 - 2014-09-11 01:13 - 110378417 _____ () C:\Users\admin\Desktop\Sri_Lanka_evidence_of_ongoing_repression_and_abuse.mp4
2014-09-11 00:00 - 2014-09-11 00:28 - 76757805 _____ () C:\Users\admin\Desktop\A_look_at_life_inside_a_refugee_camp_in_South_Sudan-1.mp4
2014-09-10 23:48 - 2014-09-10 23:55 - 10394304 _____ () C:\Users\admin\Desktop\Inside_a_Sri_Lankan_refugee_camp.mp4
2014-09-10 23:47 - 2014-09-10 23:57 - 17371597 _____ () C:\Users\admin\Desktop\A_look_at_life_inside_a_refugee_camp_in_South_Sudan.mp4
2014-09-10 23:16 - 2014-09-10 23:28 - 27368865 _____ () C:\Users\admin\Desktop\CNN_report_on_IDP_camp_-Sri_Lanka.mp4
2014-09-10 23:03 - 2014-09-10 23:13 - 22134324 _____ () C:\Users\admin\Desktop\Srilanka_Shocking_conditions_in_concentration_camps_in_Vavuniya_Channel_4_News.mp4
2014-09-10 23:02 - 2014-09-10 23:09 - 13861076 _____ () C:\Users\admin\Desktop\CNN_report_on_IDP_camp_-Sri_Lanka.3gp
2014-09-10 22:40 - 2014-09-10 22:41 - 00000000 ___SD () C:\32788R22FWJFW
2014-09-10 22:40 - 2014-09-10 22:40 - 00000000 ____D () C:\WINDOWS\erdnt
2014-09-10 22:39 - 2014-09-10 22:39 - 00001364 _____ () C:\Users\admin\Desktop\JRT.txt
2014-09-10 22:35 - 2014-09-10 22:35 - 05576769 ____R (Swearware) C:\Users\admin\Downloads\ComboFix.exe
2014-09-10 22:35 - 2014-09-10 22:35 - 00004470 _____ () C:\Users\admin\Desktop\AdwCleaner[S0].txt
2014-09-10 22:35 - 2014-09-10 22:35 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-10 22:34 - 2014-09-10 22:34 - 01016261 _____ (Thisisu) C:\Users\admin\Downloads\JRT.exe
2014-09-10 22:28 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-09-10 22:27 - 2014-09-10 22:29 - 00000000 ____D () C:\AdwCleaner
2014-09-10 22:26 - 2014-09-10 22:26 - 01370467 _____ () C:\Users\admin\Downloads\adwcleaner_3.309.exe
2014-09-10 20:24 - 2014-09-10 20:24 - 00001095 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-09-10 20:24 - 2014-09-10 20:24 - 00000000 ____D () C:\Users\admin\AppData\Local\VS Revo Group
2014-09-10 20:24 - 2014-09-10 20:24 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-09-10 20:24 - 2014-09-10 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-09-10 20:24 - 2014-09-10 20:24 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-09-10 20:24 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2014-09-10 20:23 - 2014-09-10 20:23 - 10619688 _____ (VS Revo Group ) C:\Users\admin\Downloads\RevoUninProSetup.exe
2014-09-10 08:46 - 2014-07-24 06:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2014-09-10 08:46 - 2014-07-24 06:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2014-09-04 23:43 - 2014-09-04 23:43 - 01101600 _____ () C:\Users\admin\Downloads\YandexDiskSetupTr.exe
2014-09-04 23:28 - 2014-09-10 21:13 - 00000000 ____D () C:\Program Files (x86)\RocketTab
2014-09-04 23:28 - 2014-09-04 23:28 - 00004128 _____ () C:\WINDOWS\System32\Tasks\RocketTab Update Task
2014-09-04 23:28 - 2014-09-04 23:28 - 00003342 _____ () C:\WINDOWS\System32\Tasks\RocketTab
2014-09-04 08:23 - 2014-09-04 08:25 - 113492816 _____ (Apple Inc.) C:\Users\admin\Downloads\iTunes64Setup.exe
2014-09-03 23:47 - 2014-09-03 23:47 - 00344576 _____ () C:\Users\admin\Downloads\2014-09-03-yurtdisi (1).xls
2014-09-03 23:47 - 2014-09-03 23:47 - 00018665 _____ () C:\Users\admin\Downloads\28-02-2014-ULUSLARARASI.xlsx
2014-09-03 23:44 - 2014-09-03 23:44 - 00344576 _____ () C:\Users\admin\Downloads\2014-09-03-yurtdisi.xls
2014-09-03 22:08 - 2014-09-03 22:08 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-03 22:08 - 2014-09-03 22:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-03 22:07 - 2014-09-03 22:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-03 22:07 - 2014-09-03 22:08 - 00000000 ____D () C:\Program Files\iTunes
2014-09-03 22:07 - 2014-09-03 22:08 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-03 22:07 - 2014-09-03 22:07 - 00000000 ____D () C:\Program Files\iPod
2014-09-03 22:05 - 2014-09-03 22:05 - 00035330 _____ () C:\Users\admin\Downloads\[kickass.to]nilufer.discography.torrent
2014-09-01 23:04 - 2014-09-03 22:20 - 00000000 ____D () C:\Users\admin\AppData\Local\Adobe
2014-08-28 21:36 - 2014-08-28 22:16 - 00015349 _____ () C:\Users\admin\Desktop\Excel Çalışma.xlsx
2014-08-28 21:36 - 2014-08-28 21:36 - 00015226 _____ () C:\Users\admin\Downloads\Excel Çalışma.xlsx
2014-08-27 23:16 - 2014-08-27 23:16 - 00098304 _____ () C:\Users\admin\Downloads\2014-2015-anketi.xls
2014-08-27 22:34 - 2014-08-23 03:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-20 18:39 - 2014-08-20 18:39 - 00020405 _____ () C:\Users\admin\Downloads\Ayakkabı Kayda Alma %28Rapor-18_08_2014%29.xlsx
2014-08-14 18:41 - 2014-07-25 17:52 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-14 18:41 - 2014-07-25 16:51 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-14 18:41 - 2014-07-25 15:28 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-14 18:41 - 2014-07-25 15:17 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-14 18:41 - 2014-07-25 14:34 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-14 18:41 - 2014-07-25 14:23 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-14 18:40 - 2014-07-25 16:28 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-08-14 18:40 - 2014-07-25 16:25 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-14 18:40 - 2014-07-25 16:25 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-08-14 18:40 - 2014-07-25 15:59 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-14 18:40 - 2014-07-25 15:40 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-14 18:40 - 2014-07-25 15:34 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-08-14 18:40 - 2014-07-25 15:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-08-14 18:40 - 2014-07-25 15:28 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-08-14 18:40 - 2014-07-25 15:21 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-14 18:40 - 2014-07-25 15:10 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-14 18:40 - 2014-07-25 15:08 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-08-14 18:40 - 2014-07-25 15:06 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-14 18:40 - 2014-07-25 14:52 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-14 18:40 - 2014-07-25 14:47 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-14 18:40 - 2014-07-25 14:43 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-14 18:40 - 2014-07-25 14:43 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 18:40 - 2014-07-25 14:42 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-14 18:40 - 2014-07-25 14:39 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-14 18:40 - 2014-07-25 14:29 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-14 18:40 - 2014-07-25 14:13 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-14 18:40 - 2014-07-25 14:09 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-14 18:40 - 2014-07-25 14:07 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-14 18:40 - 2014-07-25 14:03 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-14 18:40 - 2014-07-25 13:52 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-14 18:40 - 2014-07-25 13:26 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-14 18:40 - 2014-07-25 13:17 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-14 18:40 - 2014-07-25 13:09 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-08-14 18:40 - 2014-07-25 13:05 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-08-14 18:40 - 2014-07-25 13:00 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-14 18:40 - 2014-06-20 04:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2014-08-14 18:40 - 2014-06-20 02:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-08-14 18:40 - 2014-06-13 04:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-08-14 18:40 - 2014-06-13 04:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-08-14 18:40 - 2014-06-13 03:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-08-14 18:40 - 2014-06-06 14:34 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-08-14 18:40 - 2014-05-01 08:44 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-08-14 18:40 - 2014-04-30 06:42 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2014-08-14 18:40 - 2014-04-27 01:03 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-08-14 18:40 - 2014-04-26 23:14 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-08-14 18:40 - 2014-04-14 12:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-08-14 18:40 - 2014-04-14 11:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-08-14 18:39 - 2014-05-13 10:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-08-14 18:39 - 2014-05-13 08:07 - 02844160 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-08-14 18:39 - 2014-05-13 07:41 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-08-14 18:39 - 2014-05-13 06:59 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-08-14 18:39 - 2014-05-03 14:29 - 01726224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-08-14 18:39 - 2014-05-03 12:20 - 01473080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-08-14 18:39 - 2014-05-03 08:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-08-14 18:39 - 2014-05-03 08:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2014-08-14 18:39 - 2014-05-03 08:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2014-08-14 18:39 - 2014-05-03 08:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2014-08-14 18:39 - 2014-05-03 07:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2014-08-14 18:39 - 2014-05-03 07:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2014-08-14 18:39 - 2014-05-03 07:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
2014-08-14 18:39 - 2014-05-03 02:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat
2014-08-14 18:39 - 2014-04-30 09:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2014-08-14 18:39 - 2014-04-30 09:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-08-14 18:39 - 2014-04-30 09:41 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2014-08-14 18:39 - 2014-04-30 09:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2014-08-14 18:39 - 2014-04-30 08:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-08-14 18:39 - 2014-04-30 07:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-08-14 18:39 - 2014-04-30 07:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2014-08-14 18:39 - 2014-04-30 07:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2014-08-14 18:39 - 2014-04-30 07:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2014-08-14 18:39 - 2014-04-30 07:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2014-08-14 18:39 - 2014-04-30 07:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-08-14 18:39 - 2014-04-30 06:59 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-08-14 18:39 - 2014-04-30 06:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2014-08-14 18:39 - 2014-04-30 06:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2014-08-14 18:39 - 2014-04-30 06:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2014-08-14 18:39 - 2014-04-30 06:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2014-08-14 18:39 - 2014-04-29 01:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2014-08-14 18:39 - 2014-04-26 19:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2014-08-14 18:39 - 2014-04-14 08:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-08-14 18:39 - 2014-04-09 09:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-08-14 18:39 - 2014-04-09 08:20 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-08-14 18:38 - 2014-05-31 09:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-08-14 18:37 - 2014-06-10 01:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-14 18:37 - 2014-06-10 01:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-08-14 18:36 - 2014-06-05 17:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-08-14 18:36 - 2014-06-05 16:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-08-14 18:36 - 2014-06-02 05:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-08-14 18:36 - 2014-05-31 13:07 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-08-14 18:36 - 2014-05-31 13:07 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-08-14 18:36 - 2014-05-31 13:07 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-08-14 18:36 - 2014-05-31 13:07 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-08-14 18:36 - 2014-05-31 13:07 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-08-14 18:36 - 2014-05-31 09:30 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-08-14 18:36 - 2014-05-31 09:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-08-14 18:36 - 2014-05-31 09:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-08-14 18:36 - 2014-05-31 07:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-08-14 18:36 - 2014-05-31 07:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-08-14 18:36 - 2014-05-31 07:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-08-14 18:36 - 2014-05-27 18:53 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-08-14 18:36 - 2014-05-27 12:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-08-14 18:36 - 2014-05-27 12:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-08-14 18:36 - 2014-05-17 07:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-08-14 18:36 - 2014-05-17 07:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-08-14 18:34 - 2014-08-07 05:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-14 18:34 - 2014-08-02 06:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-08-14 18:34 - 2014-08-02 06:11 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-08-14 18:34 - 2014-07-15 21:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-08-14 18:34 - 2014-07-15 11:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-08-14 18:34 - 2014-07-15 11:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-08-14 18:34 - 2014-07-15 11:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-08-14 18:34 - 2014-07-12 07:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-08-14 18:34 - 2014-07-10 07:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-08-14 18:34 - 2014-07-10 07:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-08-14 18:34 - 2014-07-10 06:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-08-14 18:34 - 2014-06-04 12:27 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-08-14 18:34 - 2014-06-04 08:31 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-08-14 18:34 - 2014-06-04 08:22 - 02790912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-08-14 18:34 - 2014-06-04 07:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-08-14 18:34 - 2014-06-04 07:38 - 03304448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-08-14 18:34 - 2014-06-04 05:15 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-08-14 18:34 - 2014-06-04 05:14 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-08-14 18:34 - 2014-05-13 07:26 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-08-14 18:34 - 2014-05-13 06:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-08-14 12:43 - 2014-09-10 22:53 - 00000000 ____D () C:\Users\admin\dwhelper
2014-08-13 23:16 - 2014-08-13 23:18 - 00000000 ____D () C:\Users\admin\Desktop\EP
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-11 22:34 - 2014-09-11 22:34 - 00022398 _____ () C:\Users\admin\Downloads\FRST.txt
2014-09-11 22:34 - 2014-09-11 22:33 - 00000000 ____D () C:\FRST
2014-09-11 22:34 - 2012-07-26 10:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-11 22:31 - 2014-09-11 22:31 - 02105856 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2014-09-11 22:30 - 2013-05-09 09:58 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-550401175-961969366-1688721761-1001
2014-09-11 22:29 - 2013-10-25 08:33 - 01720767 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-11 22:28 - 2014-05-18 13:54 - 00003758 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2014-09-11 22:28 - 2013-10-25 20:06 - 00003932 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8589FDF3-82DF-4E16-9414-CE4304186651}
2014-09-11 22:26 - 2013-05-13 13:09 - 00002201 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-11 22:25 - 2013-05-13 13:08 - 00001020 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-11 22:23 - 2013-08-22 17:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-11 22:22 - 2012-11-23 13:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-11 08:47 - 2013-08-22 16:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-11 08:46 - 2013-07-24 03:05 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-11 08:38 - 2013-05-13 22:26 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-11 08:35 - 2014-09-11 08:31 - 11877364 _____ () C:\Users\admin\Desktop\Disease_outbreak_threatens_Somali_refugees.mp4
2014-09-11 08:35 - 2013-10-25 18:37 - 00427008 ___SH () C:\Users\admin\Desktop\Thumbs.db
2014-09-11 08:25 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-11 01:18 - 2014-04-19 23:42 - 00000814 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-11 01:17 - 2014-09-11 01:15 - 05067019 _____ () C:\Users\admin\Desktop\UNLOCK_THE_CAMPS_IN_SRI_LANKA_Amnesty_International.mp4
2014-09-11 01:15 - 2014-09-11 01:10 - 12680596 _____ () C:\Users\admin\Desktop\Sri_Lankan_Tamils_300_000_detained_in_so_called_welfare_camps_FREE_THEM.mp4
2014-09-11 01:13 - 2014-09-11 00:35 - 110378417 _____ () C:\Users\admin\Desktop\Sri_Lanka_evidence_of_ongoing_repression_and_abuse.mp4
2014-09-11 01:02 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-11 01:00 - 2013-05-13 13:08 - 00001024 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-11 00:42 - 2013-10-25 19:34 - 00843776 ___SH () C:\Users\admin\Downloads\Thumbs.db
2014-09-11 00:28 - 2014-09-11 00:00 - 76757805 _____ () C:\Users\admin\Desktop\A_look_at_life_inside_a_refugee_camp_in_South_Sudan-1.mp4
2014-09-10 23:57 - 2014-09-10 23:47 - 17371597 _____ () C:\Users\admin\Desktop\A_look_at_life_inside_a_refugee_camp_in_South_Sudan.mp4
2014-09-10 23:55 - 2014-09-10 23:48 - 10394304 _____ () C:\Users\admin\Desktop\Inside_a_Sri_Lankan_refugee_camp.mp4
2014-09-10 23:28 - 2014-09-10 23:16 - 27368865 _____ () C:\Users\admin\Desktop\CNN_report_on_IDP_camp_-Sri_Lanka.mp4
2014-09-10 23:13 - 2014-09-10 23:03 - 22134324 _____ () C:\Users\admin\Desktop\Srilanka_Shocking_conditions_in_concentration_camps_in_Vavuniya_Channel_4_News.mp4
2014-09-10 23:09 - 2014-09-10 23:02 - 13861076 _____ () C:\Users\admin\Desktop\CNN_report_on_IDP_camp_-Sri_Lanka.3gp
2014-09-10 22:53 - 2014-08-14 12:43 - 00000000 ____D () C:\Users\admin\dwhelper
2014-09-10 22:41 - 2014-09-10 22:40 - 00000000 ___SD () C:\32788R22FWJFW
2014-09-10 22:41 - 2014-04-17 22:07 - 00000000 ____D () C:\Users\admin\AppData\Local\CrashDumps
2014-09-10 22:40 - 2014-09-10 22:40 - 00000000 ____D () C:\WINDOWS\erdnt
2014-09-10 22:39 - 2014-09-10 22:39 - 00001364 _____ () C:\Users\admin\Desktop\JRT.txt
2014-09-10 22:35 - 2014-09-10 22:35 - 05576769 ____R (Swearware) C:\Users\admin\Downloads\ComboFix.exe
2014-09-10 22:35 - 2014-09-10 22:35 - 00004470 _____ () C:\Users\admin\Desktop\AdwCleaner[S0].txt
2014-09-10 22:35 - 2014-09-10 22:35 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-10 22:34 - 2014-09-10 22:34 - 01016261 _____ (Thisisu) C:\Users\admin\Downloads\JRT.exe
2014-09-10 22:30 - 2013-09-29 21:05 - 00034758 _____ () C:\WINDOWS\PFRO.log
2014-09-10 22:29 - 2014-09-10 22:27 - 00000000 ____D () C:\AdwCleaner
2014-09-10 22:29 - 2014-02-16 00:32 - 00000000 ____D () C:\Users\admin\AppData\Local\CRE
2014-09-10 22:29 - 2013-10-25 08:38 - 00000000 ____D () C:\Users\admin
2014-09-10 22:26 - 2014-09-10 22:26 - 01370467 _____ () C:\Users\admin\Downloads\adwcleaner_3.309.exe
2014-09-10 22:19 - 2014-03-25 21:53 - 00003152 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForadmin
2014-09-10 22:19 - 2014-03-25 21:53 - 00000338 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForadmin.job
2014-09-10 21:13 - 2014-09-04 23:28 - 00000000 ____D () C:\Program Files (x86)\RocketTab
2014-09-10 20:26 - 2013-09-30 07:16 - 01918510 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-10 20:26 - 2013-09-30 06:57 - 00787748 _____ () C:\WINDOWS\system32\perfh01F.dat
2014-09-10 20:26 - 2013-09-30 06:57 - 00180326 _____ () C:\WINDOWS\system32\perfc01F.dat
2014-09-10 20:24 - 2014-09-10 20:24 - 00001095 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-09-10 20:24 - 2014-09-10 20:24 - 00000000 ____D () C:\Users\admin\AppData\Local\VS Revo Group
2014-09-10 20:24 - 2014-09-10 20:24 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-09-10 20:24 - 2014-09-10 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-09-10 20:24 - 2014-09-10 20:24 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-09-10 20:23 - 2014-09-10 20:23 - 10619688 _____ (VS Revo Group ) C:\Users\admin\Downloads\RevoUninProSetup.exe
2014-09-10 20:13 - 2013-05-09 09:52 - 00000000 ____D () C:\Users\admin\AppData\Local\Packages
2014-09-10 19:56 - 2013-05-26 20:54 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Azureus
2014-09-09 23:18 - 2014-04-19 23:42 - 00003702 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-09-09 23:14 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-09-06 16:58 - 2013-08-22 17:46 - 00328606 _____ () C:\WINDOWS\setupact.log
2014-09-06 15:59 - 2013-09-02 18:01 - 00000000 ____D () C:\Users\admin\AppData\Roaming\vlc
2014-09-06 09:36 - 2013-08-22 16:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-09-04 23:43 - 2014-09-04 23:43 - 01101600 _____ () C:\Users\admin\Downloads\YandexDiskSetupTr.exe
2014-09-04 23:28 - 2014-09-04 23:28 - 00004128 _____ () C:\WINDOWS\System32\Tasks\RocketTab Update Task
2014-09-04 23:28 - 2014-09-04 23:28 - 00003342 _____ () C:\WINDOWS\System32\Tasks\RocketTab
2014-09-04 23:27 - 2013-09-15 16:43 - 00001808 _____ () C:\Users\Public\Desktop\Vuze.lnk
2014-09-04 23:27 - 2013-05-26 20:54 - 00001808 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2014-09-04 23:27 - 2013-05-26 20:54 - 00000000 ____D () C:\Program Files\Vuze
2014-09-04 08:25 - 2014-09-04 08:23 - 113492816 _____ (Apple Inc.) C:\Users\admin\Downloads\iTunes64Setup.exe
2014-09-03 23:47 - 2014-09-03 23:47 - 00344576 _____ () C:\Users\admin\Downloads\2014-09-03-yurtdisi (1).xls
2014-09-03 23:47 - 2014-09-03 23:47 - 00018665 _____ () C:\Users\admin\Downloads\28-02-2014-ULUSLARARASI.xlsx
2014-09-03 23:44 - 2014-09-03 23:44 - 00344576 _____ () C:\Users\admin\Downloads\2014-09-03-yurtdisi.xls
2014-09-03 22:20 - 2014-09-01 23:04 - 00000000 ____D () C:\Users\admin\AppData\Local\Adobe
2014-09-03 22:08 - 2014-09-03 22:08 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-03 22:08 - 2014-09-03 22:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-03 22:08 - 2014-09-03 22:07 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-03 22:08 - 2014-09-03 22:07 - 00000000 ____D () C:\Program Files\iTunes
2014-09-03 22:08 - 2014-09-03 22:07 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-03 22:07 - 2014-09-03 22:07 - 00000000 ____D () C:\Program Files\iPod
2014-09-03 22:05 - 2014-09-03 22:05 - 00035330 _____ () C:\Users\admin\Downloads\[kickass.to]nilufer.discography.torrent
2014-09-02 18:56 - 2013-05-21 21:07 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-09-02 18:56 - 2013-05-21 21:07 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-08-28 22:30 - 2014-06-26 22:11 - 00000000 ____D () C:\Users\admin\Desktop\BB3
2014-08-28 22:16 - 2014-08-28 21:36 - 00015349 _____ () C:\Users\admin\Desktop\Excel Çalışma.xlsx
2014-08-28 21:36 - 2014-08-28 21:36 - 00015226 _____ () C:\Users\admin\Downloads\Excel Çalışma.xlsx
2014-08-28 21:17 - 2013-08-22 17:44 - 05203664 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-27 23:16 - 2014-08-27 23:16 - 00098304 _____ () C:\Users\admin\Downloads\2014-2015-anketi.xls
2014-08-27 22:57 - 2014-05-29 22:06 - 00000166 _____ () C:\Users\admin\Desktop\film listesi.txt
2014-08-23 03:42 - 2014-08-27 22:34 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-20 18:39 - 2014-08-20 18:39 - 00020405 _____ () C:\Users\admin\Downloads\Ayakkabı Kayda Alma %28Rapor-18_08_2014%29.xlsx
2014-08-19 19:15 - 2013-07-26 00:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-19 19:14 - 2014-03-15 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-18 19:46 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-08-15 17:32 - 2012-07-26 11:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-08-15 07:33 - 2013-08-22 18:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-15 07:33 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\tr-TR
2014-08-15 07:33 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\system32\tr-TR
2014-08-15 07:33 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-08-15 07:33 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-08-15 07:33 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-08-15 07:33 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-08-13 23:18 - 2014-08-13 23:16 - 00000000 ____D () C:\Users\admin\Desktop\EP
 
Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\BackupSetup.exe
C:\Users\admin\AppData\Local\Temp\ExPromo.exe
C:\Users\admin\AppData\Local\Temp\i4jdel0.exe
C:\Users\admin\AppData\Local\Temp\i4jdel1.exe
C:\Users\admin\AppData\Local\Temp\i4jdel2.exe
C:\Users\admin\AppData\Local\Temp\i4jdel3.exe
C:\Users\admin\AppData\Local\Temp\i4jdel4.exe
C:\Users\admin\AppData\Local\Temp\i4jdel5.exe
C:\Users\admin\AppData\Local\Temp\install_helper.exe
C:\Users\admin\AppData\Local\Temp\Quarantine.exe
C:\Users\admin\AppData\Local\Temp\sp64126.exe
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite15347.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite16331.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite17336.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite18876.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite21776.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite28716.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite30335.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite34315.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite37009.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite37330.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite38083.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite38812.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite38813.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite41833.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite44157.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite44827.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite50850.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite51355.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite52102.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite52138.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite52223.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite52471.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite57328.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite57941.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite58883.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite65839.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite67905.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite67943.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite68142.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite71833.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite75005.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite76734.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite79321.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite81386.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite89637.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite94767.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite95648.dll
C:\Users\admin\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\admin\AppData\Local\Temp\vcredist_x64.exe
C:\Users\admin\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\admin\AppData\Local\Temp\vlc-2.1.3-win32.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-11 08:35
 
==================== End Of Log ============================

 

 



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 AM

Posted 14 September 2014 - 02:46 PM

Hello,

please give HitmanPro a shot:


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.
hitman.gif

#3 bturkmen

bturkmen
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 14 September 2014 - 10:46 PM

Hello and thanks for your reply. Here is the log:

 

HitmanPro 3.7.9.225
www.hitmanpro.com
 
   Computer name . . . . : HP
   Windows . . . . . . . : 6.3.0.9600.X64/4
   User name . . . . . . : hp\admin
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2014-09-15 06:34:43
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 8m 15s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 3
   Traces  . . . . . . . : 80
 
   Objects scanned . . . : 1.865.323
   Files scanned . . . . : 58.228
   Remnants scanned  . . : 584.276 files / 1.222.819 keys
 
Malware _____________________________________________________________________
 
   C:\Program Files (x86)\RocketTab\uninstall.exe
      Size . . . . . . . : 3.875.552 bytes
      Age  . . . . . . . : 10.3 days (2014-09-04 23:28:10)
      Entropy  . . . . . : 7.4
      SHA-256  . . . . . : 8DDFED56A9B2E4CBB56A644DBE5912C5E0DADEC1D1FBFCBE96FCFF18C248B305
      Needs elevation  . : Yes
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:AdWare.MSIL.RocketTab.ed
      Fuzzy  . . . . . . : 94.0
      Startup
         C:\WINDOWS\system32\Tasks\RocketTab Update Task
      Forensic Cluster
         -66.2s C:\Users\admin\AppData\Local\Temp\i4j_nlog_6
         -56.6s C:\Users\admin\AppData\Local\Temp\i4j_nlog_7
         -27.4s C:\Program Files\Vuze\Azureus.exe
         -27.4s C:\Program Files\Vuze\AzureusUpdater.exe
         -27.4s C:\Program Files\Vuze\aereg64.dll
         -27.3s C:\Program Files\Vuze\swt.jar
         -26.5s C:\Users\admin\AppData\Roaming\Azureus\plugins\aefeatman_v\aefeatman_v_1.3.1.jar
         -26.4s C:\Users\admin\AppData\Roaming\Azureus\plugins\aefeatman_v\aefeatman_v_1.3.1.jar.nopack
         -26.4s C:\Users\admin\AppData\Roaming\Azureus\plugins\aefeatman_v\azureus.sig
         -26.4s C:\Users\admin\AppData\Roaming\Azureus\plugins\aefeatman_v\plugin.properties
         -26.3s C:\Users\admin\AppData\Roaming\Azureus\plugins\aercm\aercm_0.4.12.jar
         -26.2s C:\Users\admin\AppData\Roaming\Azureus\plugins\azlocprov\GeoIP-Changes
         -26.2s C:\Users\admin\AppData\Roaming\Azureus\plugins\azlocprov\GeoIP-LICENSE
         -26.2s C:\Users\admin\AppData\Roaming\Azureus\plugins\azlocprov\GeoIP-README
         -26.2s C:\Users\admin\AppData\Roaming\Azureus\plugins\azlocprov\GeoIP_0.1.6.7.dat
         -26.1s C:\Users\admin\AppData\Roaming\Azureus\plugins\azlocprov\GeoIPv6_0.1.6.7.dat
         -26.0s C:\Users\admin\AppData\Roaming\Azureus\plugins\azlocprov\azlocprov_0.1.6.7.jar
         -25.8s C:\Users\admin\AppData\Roaming\Azureus\plugins\azlocprov\azureus.sig
         -25.8s C:\Users\admin\AppData\Roaming\Azureus\plugins\azlocprov\plugin.properties
         -25.8s C:\Users\admin\AppData\Roaming\Azureus\plugins\azrating\azrating_1.4.4.jar
         -25.8s C:\Users\admin\AppData\Roaming\Azureus\plugins\azutp\LICENSE
         -25.8s C:\Users\admin\AppData\Roaming\Azureus\plugins\azutp\azureus.sig
         -25.7s C:\Users\admin\AppData\Roaming\Azureus\plugins\azutp\azutp_0.5.4.1.jar
         -25.7s C:\Users\admin\AppData\Roaming\Azureus\plugins\azutp\plugin.properties
         -25.7s C:\Users\admin\AppData\Roaming\Azureus\plugins\azutp\plugin_install.properties
         -25.7s C:\Program Files\Vuze\Azureus.exe.manifest
         -25.6s C:\Program Files\Vuze\Azureus.properties
         -25.6s C:\Program Files\Vuze\Vuze.ico
         -25.6s C:\Program Files\Vuze\VuzeFW.exe
         -25.6s C:\Users\admin\AppData\Roaming\Azureus\plugins\azitunes\JACOB_LICENSE.TXT
         -25.6s C:\Users\admin\AppData\Roaming\Azureus\plugins\azitunes\JACOB_README.txt
         -25.6s C:\Users\admin\AppData\Roaming\Azureus\plugins\azitunes\azitunes_0.3.3.jar
         -25.5s C:\Users\admin\AppData\Roaming\Azureus\plugins\azitunes\azureus.sig
         -25.5s C:\Users\admin\AppData\Roaming\Azureus\plugins\azitunes\jacob-1.17-M2-x64.dll
         -25.5s C:\Users\admin\AppData\Roaming\Azureus\plugins\azitunes\jacob-1.17-M2-x86.dll
         -25.4s C:\Users\admin\AppData\Roaming\Azureus\plugins\azitunes\jacob_1.17.2.jar
         -25.4s C:\Users\admin\AppData\Roaming\Azureus\plugins\azitunes\libProcessAccess.dll
         -25.4s C:\Users\admin\AppData\Roaming\Azureus\plugins\azitunes\libProcessAccess64.dll
         -25.4s C:\Users\admin\AppData\Roaming\Azureus\plugins\azitunes\libProcessAccess_0.1.3.jar
         -25.4s C:\Users\admin\AppData\Roaming\Azureus\plugins\azitunes\plugin.properties
         -25.4s C:\Users\admin\AppData\Roaming\Azureus\plugins\aznettor\AzureusTor.exe
         -25.3s C:\Users\admin\AppData\Roaming\Azureus\plugins\aznettor\LICENSE
         -25.2s C:\Users\admin\AppData\Roaming\Azureus\plugins\aznettor\aznettor_0.6.4.jar
         -25.2s C:\Users\admin\AppData\Roaming\Azureus\plugins\aznettor\azureus.sig
         -25.2s C:\Users\admin\AppData\Roaming\Azureus\plugins\aznettor\plugin.properties
         -25.2s C:\Program Files\Vuze\plugins\azplugins\azplugins_2.1.9.jar
         -25.1s C:\Program Files\Vuze\plugins\azupdater\Updater.jar
         -25.0s C:\Program Files\Vuze\plugins\azupdater\azupdaterpatcher_1.9.1.jar
         -25.0s C:\Program Files\Vuze\plugins\azupdater\azureus.sig
         -25.0s C:\Program Files\Vuze\plugins\azupdater\plugin.properties
         -25.0s C:\Program Files\Vuze\plugins\azupnpav\azupnpav_0.4.9.jar
         -24.9s C:\Program Files\Vuze\plugins\azupnpav\azureus.sig
         -24.9s C:\Program Files\Vuze\plugins\azupnpav\plugin.properties
         -24.4s C:\Program Files\Vuze\Azureus2.jar
         -20.0s C:\Program Files\Vuze\GPL.txt
         -20.0s C:\Program Files\Vuze\GPLv3.txt
         -20.0s C:\Program Files\Vuze\LICENSES.txt
         -19.9s C:\Program Files\Vuze\installer.log
         -19.9s C:\Program Files\Vuze\uninstall.exe
         -19.9s C:\Program Files\Vuze\.install4j\i4jruntime.jar
         -19.9s C:\Program Files\Vuze\.install4j\inst_jre.cfg
         -19.9s C:\Program Files\Vuze\.install4j\MessagesDefault
         -19.9s C:\Program Files\Vuze\.install4j\i4jparams.conf
         -19.9s C:\Program Files\Vuze\.install4j\stats.properties
         -19.9s C:\Program Files\Vuze\.install4j\user.jar
         -19.8s C:\Program Files\Vuze\.install4j\i4jdel.exe
         -19.8s C:\Program Files\Vuze\.install4j\i4jinst.dll
         -19.8s C:\Program Files\Vuze\.install4j\i4j_extf_0_5p83tu.utf8
         -19.8s C:\Program Files\Vuze\.install4j\i4j_extf_10_5p83tu.utf8
         -19.8s C:\Program Files\Vuze\.install4j\i4j_extf_11_5p83tu.properties
         -19.8s C:\Program Files\Vuze\.install4j\i4j_extf_12_5p83tu.utf8
         -19.8s C:\Program Files\Vuze\.install4j\i4j_extf_13_5p83tu.properties
         -19.8s C:\Program Files\Vuze\.install4j\i4j_extf_14_5p83tu_12q8bqh.png
         -19.8s C:\Program Files\Vuze\.install4j\i4j_extf_15_5p83tu_1a89bbn.png
         -19.8s C:\Program Files\Vuze\.install4j\i4j_extf_16_5p83tu_x2womb.png
         -19.8s C:\Program Files\Vuze\.install4j\i4j_extf_17_5p83tu_1rv17he.png
         -19.8s C:\Program Files\Vuze\.install4j\i4j_extf_18_5p83tu_1uj26g4.png
         -19.8s C:\Program Files\Vuze\.install4j\i4j_extf_19_5p83tu_1v90f0m.png
         -19.8s C:\Program Files\Vuze\.install4j\i4j_extf_1_5p83tu.properties
         -19.8s C:\Program Files\Vuze\.install4j\i4j_extf_20_5p83tu_bm8amj.ico
         -19.7s C:\Program Files\Vuze\.install4j\i4j_extf_21_5p83tu_1c34961.png
         -19.7s C:\Program Files\Vuze\.install4j\i4j_extf_22_5p83tu_1etf9b9.png
         -19.7s C:\Program Files\Vuze\.install4j\i4j_extf_23_5p83tu_164dyc8.png
         -19.7s C:\Program Files\Vuze\.install4j\i4j_extf_24_5p83tu_10qu06u.png
         -19.7s C:\Program Files\Vuze\.install4j\i4j_extf_25_5p83tu_1jaybna.png
         -19.7s C:\Program Files\Vuze\.install4j\i4j_extf_2_5p83tu.utf8
         -19.7s C:\Program Files\Vuze\.install4j\i4j_extf_3_5p83tu.properties
         -19.7s C:\Program Files\Vuze\.install4j\i4j_extf_4_5p83tu.utf8
         -19.7s C:\Program Files\Vuze\.install4j\i4j_extf_5_5p83tu.properties
         -19.7s C:\Program Files\Vuze\.install4j\i4j_extf_6_5p83tu.utf8
         -19.7s C:\Program Files\Vuze\.install4j\i4j_extf_7_5p83tu.properties
         -19.7s C:\Program Files\Vuze\.install4j\i4j_extf_8_5p83tu.utf8
         -19.7s C:\Program Files\Vuze\.install4j\i4j_extf_9_5p83tu.properties
         -19.6s C:\Users\admin\AppData\Roaming\Azureus\custom\
         -19.6s C:\Users\admin\AppData\Roaming\Azureus\custom\installer.config.applied
         -19.5s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
         -18.5s C:\Users\Public\Desktop\Vuze.lnk
         -18.1s C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
         -6.6s C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B90B117906B8A74C79D1BC450C2B94B1_A54F26A8A41DE52C237D54D67F12793F
         -6.6s C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B90B117906B8A74C79D1BC450C2B94B1_A54F26A8A41DE52C237D54D67F12793F
         -6.4s C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F4D9C889B7AEBCF4E1A2DAABC5C3628A_A677A486809D9274C2997DCF2B531D38
         -6.4s C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F4D9C889B7AEBCF4E1A2DAABC5C3628A_A677A486809D9274C2997DCF2B531D38
         -5.4s C:\Users\admin\AppData\Local\Temp\System.Data.SQLite.dll
         -0.4s C:\Program Files (x86)\RocketTab\
         -0.4s C:\Program Files (x86)\RocketTab\Client.exe
         -0.3s C:\Program Files (x86)\RocketTab\makecert.exe
         -0.3s C:\Program Files (x86)\RocketTab\Resources\
         -0.3s C:\Program Files (x86)\RocketTab\Resources\certutil.exe
         -0.3s C:\Program Files (x86)\RocketTab\Resources\libnspr4.dll
         -0.3s C:\Program Files (x86)\RocketTab\Resources\libplc4.dll
         -0.3s C:\Program Files (x86)\RocketTab\Resources\libplds4.dll
         -0.3s C:\Program Files (x86)\RocketTab\Resources\nss3.dll
         -0.3s C:\Program Files (x86)\RocketTab\Resources\smime3.dll
         -0.3s C:\Program Files (x86)\RocketTab\Resources\softokn3.dll
          0.0s C:\Program Files (x86)\RocketTab\uninstall.exe
          0.2s C:\Windows\System32\Tasks\RocketTab
          0.6s C:\Windows\System32\LogFiles\Scm\d0bb0da4-f3f1-4956-a4ce-0451c3607822
          0.6s C:\Windows\System32\Tasks\RocketTab Update Task
          0.9s C:\Windows\System32\LogFiles\Scm\c1f40325-0835-4faa-94bc-6662e7cd0fcd
          1.1s C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-550401175-961969366-1688721761-1001\7b90a71bfc56f2582e916a51aed6df9a_0950e26d-69e1-40d6-8eca-f1cc66beee2b
          1.1s C:\Program Files (x86)\RocketTab\TrustedRoot.cer
          3.2s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\BASH\BASHV3.DB
          3.8s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\CmnClnt\ccSubSDK\{1B6CA4A7-33EA-4D0F-9B80-D87CD87CFE20}
          4.3s C:\Program Files (x86)\RocketTab\config.dat
          6.6s C:\Users\admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\rtinstaller.exe.log
          7.3s C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F4D9C889B7AEBCF4E1A2DAABC5C3628A_0EFBFB630AAA1A09DDAE8801ECC8BFDE
          7.3s C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F4D9C889B7AEBCF4E1A2DAABC5C3628A_0EFBFB630AAA1A09DDAE8801ECC8BFDE
         11.8s C:\Users\admin\AppData\Local\Temp\e4j399A.tmp_dir1409862502\
         11.8s C:\Users\admin\AppData\Local\Temp\e4j399A.tmp_dir1409862502\exe4jlib.jar
         11.8s C:\Users\admin\AppData\Local\Temp\e4j399A.tmp_dir1409862502\i4jdel.exe
         11.8s C:\Users\admin\AppData\Local\Temp\e4j399A.tmp
         12.8s C:\Program Files\Vuze\.install4j\autoUninstall.3
 
   C:\Users\admin\AppData\Local\Temp\ct2504091\ism.exe
      Size . . . . . . . : 111.824 bytes
      Age  . . . . . . . : 211.3 days (2014-02-16 00:31:15)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : 879E29A234B0B23C5B5EDB1C4FD9B21601F32E885F7C0E9609CD10AE3C134400
      Product  . . . . . : Installation Service Module
      Publisher  . . . . : Conduit Ltd.
      Description  . . . : Installation Service Module
      Version  . . . . . : 1.0.6.0
      RSA Key Size . . . : 2048
      LanguageID . . . . : 0
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:Downloader.NSIS.Agent.fj
      Fuzzy  . . . . . . : 101.0
 
   C:\Users\admin\AppData\Roaming\Azureus\plugins\aznettor\AzureusTor.exe
      Size . . . . . . . : 1.144.648 bytes
      Age  . . . . . . . : 10.3 days (2014-09-04 23:27:45)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 7A70A0A697BFBE289747C2EF527D3CBF76A14773D814DC151ACFCFD452959143
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:Downloader.Win32.Agent.bwfn
      Fuzzy  . . . . . . : 108.0
      Forensic Cluster
         -40.8s C:\Users\admin\AppData\Local\Temp\i4j_nlog_6
         -31.2s C:\Users\admin\AppData\Local\Temp\i4j_nlog_7
         -2.1s C:\Program Files\Vuze\Azureus.exe
         -2.0s C:\Program Files\Vuze\AzureusUpdater.exe
         -2.0s C:\Program Files\Vuze\aereg64.dll
         -1.9s C:\Program Files\Vuze\swt.jar
         -1.2s C:\Users\admin\AppData\Roaming\Azureus\plugins\aefeatman_v\aefeatman_v_1.3.1.jar
         -1.0s C:\Users\admin\AppData\Roaming\Azureus\plugins\aefeatman_v\aefeatman_v_1.3.1.jar.nopack
         -1.0s C:\Users\admin\AppData\Roaming\Azureus\plugins\aefeatman_v\azureus.sig
         -1.0s C:\Users\admin\AppData\Roaming\Azureus\plugins\aefeatman_v\plugin.properties
         -1.0s C:\Users\admin\AppData\Roaming\Azureus\plugins\aercm\aercm_0.4.12.jar
         -0.9s C:\Users\admin\AppData\Roaming\Azureus\plugins\azlocprov\GeoIP-Changes
         -0.8s C:\Users\admin\AppData\Roaming\Azureus\plugins\azlocprov\GeoIP-LICENSE
         -0.8s C:\Users\admin\AppData\Roaming\Azureus\plugins\azlocprov\GeoIP-README
         -0.8s C:\Users\admin\AppData\Roaming\Azureus\plugins\azlocprov\GeoIP_0.1.6.7.dat
         -0.8s C:\Users\admin\AppData\Roaming\Azureus\plugins\azlocprov\GeoIPv6_0.1.6.7.dat
         -0.7s C:\Users\admin\AppData\Roaming\Azureus\plugins\azlocprov\azlocprov_0.1.6.7.jar
         -0.5s C:\Users\admin\AppData\Roaming\Azureus\plugins\azlocprov\azureus.sig
         -0.5s C:\Users\admin\AppData\Roaming\Azureus\plugins\azlocprov\plugin.properties
         -0.4s C:\Users\admin\AppData\Roaming\Azureus\plugins\azrating\azrating_1.4.4.jar
         -0.4s C:\Users\admin\AppData\Roaming\Azureus\plugins\azutp\LICENSE
         -0.4s C:\Users\admin\AppData\Roaming\Azureus\plugins\azutp\azureus.sig
         -0.4s C:\Users\admin\AppData\Roaming\Azureus\plugins\azutp\azutp_0.5.4.1.jar
         -0.3s C:\Users\admin\AppData\Roaming\Azureus\plugins\azutp\plugin.properties
         -0.3s C:\Users\admin\AppData\Roaming\Azureus\plugins\azutp\plugin_install.properties
         -0.3s C:\Program Files\Vuze\Azureus.exe.manifest
         -0.3s C:\Program Files\Vuze\Azureus.properties
         -0.3s C:\Program Files\Vuze\Vuze.ico
         -0.3s C:\Program Files\Vuze\VuzeFW.exe
         -0.2s C:\Users\admin\AppData\Roaming\Azureus\plugins\azitunes\JACOB_LICENSE.TXT
         -0.2s C:\Users\admin\AppData\Roaming\Azureus\plugins\azitunes\JACOB_README.txt
         -0.2s C:\Users\admin\AppData\Roaming\Azureus\plugins\azitunes\azitunes_0.3.3.jar
         -0.1s C:\Users\admin\AppData\Roaming\Azureus\plugins\azitunes\azureus.sig
         -0.1s C:\Users\admin\AppData\Roaming\Azureus\plugins\azitunes\jacob-1.17-M2-x64.dll
         -0.1s C:\Users\admin\AppData\Roaming\Azureus\plugins\azitunes\jacob-1.17-M2-x86.dll
         -0.1s C:\Users\admin\AppData\Roaming\Azureus\plugins\azitunes\jacob_1.17.2.jar
         -0.0s C:\Users\admin\AppData\Roaming\Azureus\plugins\azitunes\libProcessAccess.dll
         -0.0s C:\Users\admin\AppData\Roaming\Azureus\plugins\azitunes\libProcessAccess64.dll
         -0.0s C:\Users\admin\AppData\Roaming\Azureus\plugins\azitunes\libProcessAccess_0.1.3.jar
         -0.0s C:\Users\admin\AppData\Roaming\Azureus\plugins\azitunes\plugin.properties
          0.0s C:\Users\admin\AppData\Roaming\Azureus\plugins\aznettor\AzureusTor.exe
          0.1s C:\Users\admin\AppData\Roaming\Azureus\plugins\aznettor\LICENSE
          0.1s C:\Users\admin\AppData\Roaming\Azureus\plugins\aznettor\aznettor_0.6.4.jar
          0.2s C:\Users\admin\AppData\Roaming\Azureus\plugins\aznettor\azureus.sig
          0.2s C:\Users\admin\AppData\Roaming\Azureus\plugins\aznettor\plugin.properties
          0.2s C:\Program Files\Vuze\plugins\azplugins\azplugins_2.1.9.jar
          0.3s C:\Program Files\Vuze\plugins\azupdater\Updater.jar
          0.3s C:\Program Files\Vuze\plugins\azupdater\azupdaterpatcher_1.9.1.jar
          0.3s C:\Program Files\Vuze\plugins\azupdater\azureus.sig
          0.4s C:\Program Files\Vuze\plugins\azupdater\plugin.properties
          0.4s C:\Program Files\Vuze\plugins\azupnpav\azupnpav_0.4.9.jar
          0.5s C:\Program Files\Vuze\plugins\azupnpav\azureus.sig
          0.5s C:\Program Files\Vuze\plugins\azupnpav\plugin.properties
          1.0s C:\Program Files\Vuze\Azureus2.jar
          5.4s C:\Program Files\Vuze\GPL.txt
          5.4s C:\Program Files\Vuze\GPLv3.txt
          5.4s C:\Program Files\Vuze\LICENSES.txt
          5.4s C:\Program Files\Vuze\installer.log
          5.4s C:\Program Files\Vuze\uninstall.exe
          5.5s C:\Program Files\Vuze\.install4j\i4jruntime.jar
          5.5s C:\Program Files\Vuze\.install4j\inst_jre.cfg
          5.5s C:\Program Files\Vuze\.install4j\MessagesDefault
          5.5s C:\Program Files\Vuze\.install4j\i4jparams.conf
          5.5s C:\Program Files\Vuze\.install4j\stats.properties
          5.5s C:\Program Files\Vuze\.install4j\user.jar
          5.5s C:\Program Files\Vuze\.install4j\i4jdel.exe
          5.5s C:\Program Files\Vuze\.install4j\i4jinst.dll
          5.5s C:\Program Files\Vuze\.install4j\i4j_extf_0_5p83tu.utf8
          5.5s C:\Program Files\Vuze\.install4j\i4j_extf_10_5p83tu.utf8
          5.5s C:\Program Files\Vuze\.install4j\i4j_extf_11_5p83tu.properties
          5.6s C:\Program Files\Vuze\.install4j\i4j_extf_12_5p83tu.utf8
          5.6s C:\Program Files\Vuze\.install4j\i4j_extf_13_5p83tu.properties
          5.6s C:\Program Files\Vuze\.install4j\i4j_extf_14_5p83tu_12q8bqh.png
          5.6s C:\Program Files\Vuze\.install4j\i4j_extf_15_5p83tu_1a89bbn.png
          5.6s C:\Program Files\Vuze\.install4j\i4j_extf_16_5p83tu_x2womb.png
          5.6s C:\Program Files\Vuze\.install4j\i4j_extf_17_5p83tu_1rv17he.png
          5.6s C:\Program Files\Vuze\.install4j\i4j_extf_18_5p83tu_1uj26g4.png
          5.6s C:\Program Files\Vuze\.install4j\i4j_extf_19_5p83tu_1v90f0m.png
          5.6s C:\Program Files\Vuze\.install4j\i4j_extf_1_5p83tu.properties
          5.6s C:\Program Files\Vuze\.install4j\i4j_extf_20_5p83tu_bm8amj.ico
          5.6s C:\Program Files\Vuze\.install4j\i4j_extf_21_5p83tu_1c34961.png
          5.6s C:\Program Files\Vuze\.install4j\i4j_extf_22_5p83tu_1etf9b9.png
          5.6s C:\Program Files\Vuze\.install4j\i4j_extf_23_5p83tu_164dyc8.png
          5.6s C:\Program Files\Vuze\.install4j\i4j_extf_24_5p83tu_10qu06u.png
          5.6s C:\Program Files\Vuze\.install4j\i4j_extf_25_5p83tu_1jaybna.png
          5.7s C:\Program Files\Vuze\.install4j\i4j_extf_2_5p83tu.utf8
          5.7s C:\Program Files\Vuze\.install4j\i4j_extf_3_5p83tu.properties
          5.7s C:\Program Files\Vuze\.install4j\i4j_extf_4_5p83tu.utf8
          5.7s C:\Program Files\Vuze\.install4j\i4j_extf_5_5p83tu.properties
          5.7s C:\Program Files\Vuze\.install4j\i4j_extf_6_5p83tu.utf8
          5.7s C:\Program Files\Vuze\.install4j\i4j_extf_7_5p83tu.properties
          5.7s C:\Program Files\Vuze\.install4j\i4j_extf_8_5p83tu.utf8
          5.7s C:\Program Files\Vuze\.install4j\i4j_extf_9_5p83tu.properties
          5.7s C:\Users\admin\AppData\Roaming\Azureus\custom\
          5.7s C:\Users\admin\AppData\Roaming\Azureus\custom\installer.config.applied
          5.9s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
          6.9s C:\Users\Public\Desktop\Vuze.lnk
          7.3s C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
         18.8s C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B90B117906B8A74C79D1BC450C2B94B1_A54F26A8A41DE52C237D54D67F12793F
         18.8s C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B90B117906B8A74C79D1BC450C2B94B1_A54F26A8A41DE52C237D54D67F12793F
         19.0s C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F4D9C889B7AEBCF4E1A2DAABC5C3628A_A677A486809D9274C2997DCF2B531D38
         19.0s C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F4D9C889B7AEBCF4E1A2DAABC5C3628A_A677A486809D9274C2997DCF2B531D38
         19.9s C:\Users\admin\AppData\Local\Temp\System.Data.SQLite.dll
         25.0s C:\Program Files (x86)\RocketTab\
         25.0s C:\Program Files (x86)\RocketTab\Client.exe
         25.0s C:\Program Files (x86)\RocketTab\makecert.exe
         25.0s C:\Program Files (x86)\RocketTab\Resources\
         25.0s C:\Program Files (x86)\RocketTab\Resources\certutil.exe
         25.0s C:\Program Files (x86)\RocketTab\Resources\libnspr4.dll
         25.0s C:\Program Files (x86)\RocketTab\Resources\libplc4.dll
         25.0s C:\Program Files (x86)\RocketTab\Resources\libplds4.dll
         25.0s C:\Program Files (x86)\RocketTab\Resources\nss3.dll
         25.1s C:\Program Files (x86)\RocketTab\Resources\smime3.dll
         25.1s C:\Program Files (x86)\RocketTab\Resources\softokn3.dll
         25.4s C:\Program Files (x86)\RocketTab\uninstall.exe
         25.6s C:\Windows\System32\Tasks\RocketTab
         26.0s C:\Windows\System32\LogFiles\Scm\d0bb0da4-f3f1-4956-a4ce-0451c3607822
         26.0s C:\Windows\System32\Tasks\RocketTab Update Task
         26.3s C:\Windows\System32\LogFiles\Scm\c1f40325-0835-4faa-94bc-6662e7cd0fcd
         26.4s C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-550401175-961969366-1688721761-1001\7b90a71bfc56f2582e916a51aed6df9a_0950e26d-69e1-40d6-8eca-f1cc66beee2b
         26.5s C:\Program Files (x86)\RocketTab\TrustedRoot.cer
         28.5s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\BASH\BASHV3.DB
         29.1s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\CmnClnt\ccSubSDK\{1B6CA4A7-33EA-4D0F-9B80-D87CD87CFE20}
         29.7s C:\Program Files (x86)\RocketTab\config.dat
         31.9s C:\Users\admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\rtinstaller.exe.log
         32.7s C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F4D9C889B7AEBCF4E1A2DAABC5C3628A_0EFBFB630AAA1A09DDAE8801ECC8BFDE
         32.7s C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F4D9C889B7AEBCF4E1A2DAABC5C3628A_0EFBFB630AAA1A09DDAE8801ECC8BFDE
         37.2s C:\Users\admin\AppData\Local\Temp\e4j399A.tmp_dir1409862502\
         37.2s C:\Users\admin\AppData\Local\Temp\e4j399A.tmp_dir1409862502\exe4jlib.jar
         37.2s C:\Users\admin\AppData\Local\Temp\e4j399A.tmp_dir1409862502\i4jdel.exe
         37.2s C:\Users\admin\AppData\Local\Temp\e4j399A.tmp
         38.2s C:\Program Files\Vuze\.install4j\autoUninstall.3
 
 
Suspicious files ____________________________________________________________
 
   C:\Users\admin\Downloads\FRST64.exe
      Size . . . . . . . : 2.105.856 bytes
      Age  . . . . . . . : 3.3 days (2014-09-11 22:31:26)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 55D4221CBB0FBC83E16379C673E0EC3A845CC71E2C456644CAB8BD05566CC0CA
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\admin\Downloads\FRST64.exe
          1.0s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\CmnClnt\ccSubSDK\{BD953150-A90F-4424-9058-833B381E98C0}
 
 
Repairs _____________________________________________________________________
 
   Bu bilgisayardaki vekil sunucu (Kullanıcı)
   127.0.0.1:59974
 
   Bu bilgisayardaki vekil sunucu (Kullanıcı)
   127.0.0.1:8555
 
   Bu bilgisayardaki vekil sunucu (Kullanıcı)
   127.0.0.1:8555
 
   Bu bilgisayardaki vekil sunucu (Kullanıcı)
   127.0.0.1:8555
 
 
Cookies _____________________________________________________________________
 
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.e-kolay.net
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.propellerads.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.reklamport.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.uptobox.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ad4game.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.advertig.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.betweendigital.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.divxplanet.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.escinteractive.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.gonuldensevenler.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.grabgoodusa.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mediade.sk
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.myadsrv04.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.offersquared.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.tunein.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:advert.uzmantv.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ar.atwola.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:atlanticmedia.122.2o7.net
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:canwestglobal.112.2o7.net
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:clickbank.net
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:clicksor.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:de.sitestat.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtracker.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:hotlog.ru
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:myroitracking.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:oracle.112.2o7.net
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:warnerbros.112.2o7.net
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:wileypublishing.112.2o7.net
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.etracker.de
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
   C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
 
 


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 AM

Posted 15 September 2014 - 06:12 AM

Ok.


Step 1

Please download AdwCleaner (by Xplode) and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.


Step 2

Start FRST with administator privileges.
  • Make sure the option Addition.txt (under Optional Scan) is checked.
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.


#5 bturkmen

bturkmen
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 15 September 2014 - 10:03 AM

Thanks a lot for your help. AdwCleaner log is in Turkish but I'm sure you can understand it. "silindi" means deleted. So here is the AdwCleaner log:

 

# AdwCleaner v3.310 - Rapor olusturuldu 15/09/2014 tarihinde 17:32:09
# Guncellendi 12/09/2014 tarafindan Xplode
# Isletim sistemi : Windows 8.1  (64 bits)
# Kullanici adi : admin - HP
# Adwcleaner konumu : C:\Users\admin\Desktop\AdwCleaner.exe
# Tarama turu : Temizle
 
***** [ Servisler ] *****
 
 
***** [ Dosyalar / Klasorler ] *****
 
Klasor Silindi : C:\Program Files (x86)\RocketTab
 
***** [ Görevler ] *****
 
Görev Silindi : RocketTab Update Task
Görev Silindi : RocketTab
 
***** [ Kisayollar ] *****
 
 
***** [ Registry ] *****
 
Registry Key Silindi : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Registry Key Silindi : HKCU\Software\RocketTabInstalled
Registry Key Silindi : HKLM\SOFTWARE\RocketTab
Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RocketTab
 
***** [ Tarayicilar ] *****
 
-\\ Internet Explorer v11.0.9600.17278
 
 
-\\ Mozilla Firefox v31.0 (x86 tr)
 
[ Dosya : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.120
 
[ Dosya : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Silindi [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk
 
*************************
 
AdwCleaner[R0].txt - [5091 octets] - [10/09/2014 22:27:42]
AdwCleaner[R1].txt - [1594 octets] - [15/09/2014 17:30:42]
AdwCleaner[S0].txt - [4470 octets] - [10/09/2014 22:29:24]
AdwCleaner[S1].txt - [1454 octets] - [15/09/2014 17:32:09]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1514 octets] ##########
 
And here are the FRST and Addition logs:
 
FRST
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by admin (administrator) on HP on 15-09-2014 17:57:28
Running from C:\Users\admin\Desktop
Platform: Windows 8.1 (X64) OS Language: Türkçe (Türkiye)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\nis.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\nis.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17200_none_fa7026dd9b04586e\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-06-18] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-06-18] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-05-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKU\S-1-5-21-550401175-961969366-1688721761-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [115032 2014-02-12] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-550401175-961969366-1688721761-1001\...\Run: [AkisSIL.exe] => C:\Program Files\AKIS\AkisSIL.exe
HKU\S-1-5-21-550401175-961969366-1688721761-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-550401175-961969366-1688721761-1001\...\MountPoints2: J - "J:\autorun.exe" 
ShellIconOverlayIdentifiers: MountOverlayIcon -> {0F49CF41-FD97-4942-9F2A-35E8B489E7FB} => C:\Program Files\WinMount\WinMTExt.dll (WinMount International Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: http=127.0.0.1:59974;https=127.0.0.1:59974
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPALL13/155
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPALL13/155
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPALL13/155
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - 6C38E8F00C18B0E4FF68DB5F8C664B21 URL = http://gorsel.yandex.com.tr/yandsearch?win=119&clid=1979777&text={searchTerms}
SearchScopes: HKCU - 7B708D5CD3CF3B2712EE5CEB1EEAFA98 URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - A8EC1C80AE9DD01093D0A78A4E6AFBC7 URL = http://video.yandex.com.tr/#search?win=119&clid=1979777&text={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\..\Interfaces\{CBA94DB9-5FBC-4B1F-808C-C244ED5BD3F9}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default
FF NewTab: yafd:tabs
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.yandex.com.tr/?win=119&clid=1979776
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\gorsel.yandex.com.tr-203542.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\haber.yandex.com.tr-203542.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\video.yandex.com.tr-203542.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.com.tr-203542.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yqs-barff-yagorsel.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yqs-barff-yahaber.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yqs-barff-yandex.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yqs-barff-yavideo.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yandex-tr.xml
FF Extension: Візуальныя закладкі - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\vb@yandex.ru [2014-09-11]
FF Extension: Кампанент "Элементы Яндекса" - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\yasearch@yandex.ru [2014-09-06]
FF Extension: DownloadHelper - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: anonymoX - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\client@anonymox.net.xpi [2014-06-14]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn [2014-09-15]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com.tr/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> CA7434945B8179303D28F9D1921448DAE81541340383C815CF5D26298E3BE764
CHR DefaultSearchURL: Default -> E84E6EADBE360E8C138BB8081314B14BD44A4D043F2D2989EFC6FD0651FA8EA0
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Çeviri) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2013-05-13]
CHR Extension: (Avira Browser Safety) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-06-09]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2013-05-13]
CHR Extension: (Google Mail Checker) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-05-13]
CHR Extension: (Google Cüzdan) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-13]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [387928 2014-02-12] (Garmin Ltd or its subsidiaries)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe [276376 2014-08-01] (Symantec Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-06-18] (IDT, Inc.) [File not signed]
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-25] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 A38CCID; C:\Windows\system32\DRIVERS\a38ccid.sys [62848 2014-08-21] (Advanced Card Systems Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\BASHDefs\20140821.007\BHDrvx64.sys [1588016 2014-08-19] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1505000.013\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\IPSDefs\20140912.001\IDSvia64.sys [633560 2014-08-31] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140913.021\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140913.021\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1505000.013\SRTSP64.SYS [875736 2014-02-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1505000.013\SRTSPX64.SYS [36952 2014-02-11] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1505000.013\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1505000.013\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1505000.013\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-03-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1505000.013\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1505000.013\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
R3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R1 WMDrive; C:\WINDOWS\SysWOW64\drivers\WMDrive.sys [92536 2014-04-10] (WinMount International Inc)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-15 17:30 - 2014-09-15 17:30 - 01373475 _____ () C:\Users\admin\Downloads\AdwCleaner.exe
2014-09-15 17:30 - 2014-09-15 17:30 - 01373475 _____ () C:\Users\admin\Desktop\AdwCleaner.exe
2014-09-15 06:44 - 2014-09-15 06:44 - 00063306 _____ () C:\Users\admin\Desktop\HitmanPro_20140915_0644.log
2014-09-15 06:44 - 2014-08-23 10:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-09-15 06:44 - 2014-08-23 10:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-09-15 06:44 - 2014-08-23 09:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-09-15 06:44 - 2014-08-23 08:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-09-15 06:44 - 2014-08-23 07:44 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-09-15 06:44 - 2014-08-23 07:34 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-09-15 06:44 - 2014-08-23 07:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-09-15 06:44 - 2014-08-23 07:31 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-09-15 06:44 - 2014-08-23 07:20 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-09-15 06:44 - 2014-07-30 04:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2014-09-15 06:44 - 2014-07-29 08:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2014-09-15 06:44 - 2014-07-24 18:28 - 00412992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-09-15 06:44 - 2014-07-24 18:28 - 00143680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2014-09-15 06:44 - 2014-07-24 18:20 - 21266336 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-09-15 06:44 - 2014-07-24 18:20 - 00645592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2014-09-15 06:44 - 2014-07-24 18:16 - 02574208 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2014-09-15 06:44 - 2014-07-24 18:07 - 07424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-09-15 06:44 - 2014-07-24 18:07 - 02009920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-09-15 06:44 - 2014-07-24 18:03 - 02141920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-09-15 06:44 - 2014-07-24 18:03 - 00882136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-09-15 06:44 - 2014-07-24 18:03 - 00818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-09-15 06:44 - 2014-07-24 18:03 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2014-09-15 06:44 - 2014-07-24 17:57 - 02515264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-09-15 06:44 - 2014-07-24 17:57 - 00475968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-09-15 06:44 - 2014-07-24 16:48 - 02410976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2014-09-15 06:44 - 2014-07-24 16:46 - 18760328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-09-15 06:44 - 2014-07-24 16:36 - 02145472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-09-15 06:44 - 2014-07-24 16:36 - 00707536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-09-15 06:44 - 2014-07-24 16:36 - 00674512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-09-15 06:44 - 2014-07-24 16:36 - 00355800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2014-09-15 06:44 - 2014-07-24 14:44 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-09-15 06:44 - 2014-07-24 14:43 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2014-09-15 06:44 - 2014-07-24 13:20 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2014-09-15 06:44 - 2014-07-24 13:06 - 00438272 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-09-15 06:44 - 2014-07-24 12:44 - 16874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-09-15 06:44 - 2014-07-24 12:39 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-09-15 06:44 - 2014-07-24 12:33 - 01741824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2014-09-15 06:44 - 2014-07-24 12:16 - 12730880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-09-15 06:44 - 2014-07-24 12:03 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-09-15 06:44 - 2014-07-24 11:53 - 01261056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-09-15 06:44 - 2014-07-24 11:49 - 01287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-09-15 06:44 - 2014-07-24 11:38 - 00371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-09-15 06:44 - 2014-07-24 11:32 - 01532416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-09-15 06:44 - 2014-07-24 11:29 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2014-09-15 06:44 - 2014-07-24 11:27 - 00907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-09-15 06:44 - 2014-07-24 11:21 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-09-15 06:44 - 2014-07-24 11:21 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2014-09-15 06:44 - 2014-07-24 11:18 - 00795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2014-09-15 06:44 - 2014-07-24 11:10 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-09-15 06:44 - 2014-07-24 11:10 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-09-15 06:44 - 2014-07-24 11:02 - 03465216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-09-15 06:44 - 2014-07-24 11:01 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-09-15 06:44 - 2014-07-24 11:01 - 01992192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2014-09-15 06:44 - 2014-07-24 10:50 - 01182208 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.dll
2014-09-15 06:44 - 2014-07-24 10:46 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-09-15 06:44 - 2014-07-24 10:44 - 01057792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.dll
2014-09-15 06:44 - 2014-07-24 10:43 - 02696704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-09-15 06:44 - 2014-07-24 10:39 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-09-15 06:44 - 2014-07-24 10:38 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-09-15 06:44 - 2014-07-24 10:38 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-09-15 06:44 - 2014-07-24 10:30 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-09-15 06:44 - 2014-07-24 10:28 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-09-15 06:44 - 2014-07-04 12:30 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2014-09-15 06:44 - 2014-07-04 12:27 - 00474112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2014-09-15 06:44 - 2014-06-26 03:32 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-09-15 06:44 - 2014-06-19 05:13 - 00310080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-09-15 06:44 - 2014-06-14 09:03 - 02389504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-09-15 06:44 - 2014-06-14 08:46 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-09-15 06:44 - 2014-06-05 13:18 - 01018368 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2014-09-15 06:44 - 2014-06-05 12:42 - 00889856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2014-09-15 06:44 - 2014-05-06 07:41 - 00486744 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2014-09-15 06:44 - 2014-05-06 03:55 - 00391000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2014-09-15 06:43 - 2014-07-24 18:28 - 00468288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-09-15 06:43 - 2014-07-24 18:28 - 00419648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-09-15 06:43 - 2014-07-24 18:28 - 00280384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2014-09-15 06:43 - 2014-07-24 18:25 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-09-15 06:43 - 2014-07-24 18:23 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-09-15 06:43 - 2014-07-24 18:23 - 00125472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-09-15 06:43 - 2014-07-24 18:20 - 00263400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-09-15 06:43 - 2014-07-24 18:16 - 00211216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVol.exe
2014-09-15 06:43 - 2014-07-24 18:05 - 01660048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-09-15 06:43 - 2014-07-24 18:05 - 01519560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-09-15 06:43 - 2014-07-24 18:05 - 01488008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2014-09-15 06:43 - 2014-07-24 18:05 - 01356840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2014-09-15 06:43 - 2014-07-24 18:03 - 00233888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-09-15 06:43 - 2014-07-24 18:03 - 00205512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2014-09-15 06:43 - 2014-07-24 16:50 - 00098048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-09-15 06:43 - 2014-07-24 16:48 - 00180208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVol.exe
2014-09-15 06:43 - 2014-07-24 16:46 - 00477200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2014-09-15 06:43 - 2014-07-24 16:36 - 00180720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2014-09-15 06:43 - 2014-07-24 14:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL
2014-09-15 06:43 - 2014-07-24 14:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL
2014-09-15 06:43 - 2014-07-24 14:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTT102.DLL
2014-09-15 06:43 - 2014-07-24 14:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL
2014-09-15 06:43 - 2014-07-24 14:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL
2014-09-15 06:43 - 2014-07-24 14:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL
2014-09-15 06:43 - 2014-07-24 14:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL
2014-09-15 06:43 - 2014-07-24 14:47 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-09-15 06:43 - 2014-07-24 14:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2014-09-15 06:43 - 2014-07-24 14:45 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-09-15 06:43 - 2014-07-24 14:42 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-09-15 06:43 - 2014-07-24 14:42 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys
2014-09-15 06:43 - 2014-07-24 14:41 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2014-09-15 06:43 - 2014-07-24 14:33 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-09-15 06:43 - 2014-07-24 14:33 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-09-15 06:43 - 2014-07-24 14:22 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2014-09-15 06:43 - 2014-07-24 14:06 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasnap.dll
2014-09-15 06:43 - 2014-07-24 14:05 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2014-09-15 06:43 - 2014-07-24 14:05 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-09-15 06:43 - 2014-07-24 13:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL
2014-09-15 06:43 - 2014-07-24 13:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTT102.DLL
2014-09-15 06:43 - 2014-07-24 13:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL
2014-09-15 06:43 - 2014-07-24 13:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL
2014-09-15 06:43 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL
2014-09-15 06:43 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL
2014-09-15 06:43 - 2014-07-24 13:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL
2014-09-15 06:43 - 2014-07-24 13:49 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll
2014-09-15 06:43 - 2014-07-24 13:33 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-09-15 06:43 - 2014-07-24 13:32 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.cpl
2014-09-15 06:43 - 2014-07-24 13:18 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpedit.dll
2014-09-15 06:43 - 2014-07-24 13:12 - 00878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2014-09-15 06:43 - 2014-07-24 13:10 - 01844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-09-15 06:43 - 2014-07-24 13:10 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-09-15 06:43 - 2014-07-24 13:10 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-09-15 06:43 - 2014-07-24 13:10 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasnap.dll
2014-09-15 06:43 - 2014-07-24 13:09 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-09-15 06:43 - 2014-07-24 13:05 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-09-15 06:43 - 2014-07-24 12:53 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2014-09-15 06:43 - 2014-07-24 12:52 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2014-09-15 06:43 - 2014-07-24 12:42 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.cpl
2014-09-15 06:43 - 2014-07-24 12:40 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2014-09-15 06:43 - 2014-07-24 12:32 - 01048064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpedit.dll
2014-09-15 06:43 - 2014-07-24 12:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-09-15 06:43 - 2014-07-24 12:27 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-09-15 06:43 - 2014-07-24 12:25 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2014-09-15 06:43 - 2014-07-24 12:24 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-09-15 06:43 - 2014-07-24 12:23 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2014-09-15 06:43 - 2014-07-24 12:21 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2014-09-15 06:43 - 2014-07-24 12:18 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2014-09-15 06:43 - 2014-07-24 12:14 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2014-09-15 06:43 - 2014-07-24 12:13 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2014-09-15 06:43 - 2014-07-24 12:12 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2014-09-15 06:43 - 2014-07-24 12:11 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2014-09-15 06:43 - 2014-07-24 12:11 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2014-09-15 06:43 - 2014-07-24 12:10 - 00540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2014-09-15 06:43 - 2014-07-24 12:09 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-09-15 06:43 - 2014-07-24 12:04 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2014-09-15 06:43 - 2014-07-24 12:04 - 00183808 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
2014-09-15 06:43 - 2014-07-24 12:02 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2014-09-15 06:43 - 2014-07-24 11:58 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2014-09-15 06:43 - 2014-07-24 11:53 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-09-15 06:43 - 2014-07-24 11:49 - 01361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-09-15 06:43 - 2014-07-24 11:49 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-09-15 06:43 - 2014-07-24 11:49 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-09-15 06:43 - 2014-07-24 11:48 - 00659968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2014-09-15 06:43 - 2014-07-24 11:47 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2014-09-15 06:43 - 2014-07-24 11:43 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2014-09-15 06:43 - 2014-07-24 11:39 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2014-09-15 06:43 - 2014-07-24 11:36 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2014-09-15 06:43 - 2014-07-24 11:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2014-09-15 06:43 - 2014-07-24 11:28 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2014-09-15 06:43 - 2014-07-24 11:24 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-15 06:43 - 2014-07-24 11:23 - 01404416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2014-09-15 06:43 - 2014-07-24 11:22 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-09-15 06:43 - 2014-07-24 11:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2014-09-15 06:43 - 2014-07-24 11:19 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-09-15 06:43 - 2014-07-24 11:18 - 01144320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2014-09-15 06:43 - 2014-07-24 11:18 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-09-15 06:43 - 2014-07-24 11:16 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll
2014-09-15 06:43 - 2014-07-24 11:16 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2014-09-15 06:43 - 2014-07-24 11:15 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-09-15 06:43 - 2014-07-24 11:15 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2014-09-15 06:43 - 2014-07-24 11:15 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2014-09-15 06:43 - 2014-07-24 11:13 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2014-09-15 06:43 - 2014-07-24 11:12 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-15 06:43 - 2014-07-24 11:10 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-09-15 06:43 - 2014-07-24 11:10 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2014-09-15 06:43 - 2014-07-24 11:08 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2014-09-15 06:43 - 2014-07-24 11:08 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2014-09-15 06:43 - 2014-07-24 11:07 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-09-15 06:43 - 2014-07-24 11:06 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-09-15 06:43 - 2014-07-24 11:05 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2014-09-15 06:43 - 2014-07-24 11:04 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-09-15 06:43 - 2014-07-24 11:01 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-09-15 06:43 - 2014-07-24 11:00 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-09-15 06:43 - 2014-07-24 10:58 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2014-09-15 06:43 - 2014-07-24 10:58 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2014-09-15 06:43 - 2014-07-24 10:54 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2014-09-15 06:43 - 2014-07-24 10:50 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-09-15 06:43 - 2014-07-24 10:49 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2014-09-15 06:43 - 2014-07-24 10:47 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2014-09-15 06:43 - 2014-07-24 10:43 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-09-15 06:43 - 2014-07-24 10:43 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2014-09-15 06:43 - 2014-07-24 10:41 - 00459264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2014-09-15 06:43 - 2014-07-24 10:33 - 03360768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-09-15 06:43 - 2014-07-24 07:11 - 00513544 _____ () C:\WINDOWS\SysWOW64\locale.nls
2014-09-15 06:43 - 2014-07-24 07:11 - 00513544 _____ () C:\WINDOWS\system32\locale.nls
2014-09-15 06:43 - 2014-07-12 08:55 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2014-09-15 06:43 - 2014-07-12 08:23 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-09-15 06:43 - 2014-07-12 07:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2014-09-15 06:43 - 2014-07-12 07:33 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-09-15 06:43 - 2014-07-12 07:13 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-09-15 06:43 - 2014-07-10 02:19 - 00387391 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-09-15 06:43 - 2014-07-04 15:59 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2014-09-15 06:43 - 2014-07-04 13:29 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2014-09-15 06:43 - 2014-07-04 13:20 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2014-09-15 06:43 - 2014-07-04 13:06 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2014-09-15 06:43 - 2014-07-04 13:00 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2014-09-15 06:43 - 2014-06-27 09:22 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-09-15 06:43 - 2014-06-26 03:29 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2014-09-15 06:43 - 2014-06-20 02:37 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-09-15 06:43 - 2014-06-07 15:46 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-09-15 06:43 - 2014-06-07 13:20 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-09-15 06:43 - 2014-06-05 17:00 - 01118040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-09-15 06:43 - 2014-05-31 08:00 - 01463808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2014-09-15 06:43 - 2014-05-31 07:18 - 01319936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2014-09-15 06:43 - 2014-05-29 09:23 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-09-15 06:43 - 2014-05-29 08:25 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2014-09-15 06:43 - 2014-05-29 08:20 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-09-15 06:43 - 2014-05-29 07:36 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-09-15 06:43 - 2014-05-26 10:26 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2014-09-15 06:43 - 2014-05-10 13:12 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2014-09-15 06:43 - 2014-05-10 11:46 - 00335680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2014-09-15 06:43 - 2014-03-25 05:27 - 00160600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll
2014-09-15 06:43 - 2014-03-25 05:27 - 00123920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll
2014-09-15 06:43 - 2014-03-25 04:20 - 00128568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll
2014-09-15 06:43 - 2014-03-25 04:20 - 00127544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll
2014-09-15 06:34 - 2014-08-15 03:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2014-09-15 06:18 - 2014-09-15 06:33 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-15 06:16 - 2014-09-15 06:16 - 11194928 _____ (SurfRight B.V.) C:\Users\admin\Desktop\HitmanPro_x64.exe
2014-09-12 08:38 - 2014-09-12 08:38 - 00000000 ____D () C:\Users\admin\Downloads\App
2014-09-12 08:37 - 2014-09-05 18:30 - 185071835 _____ (Wondershare Software) C:\Users\admin\Downloads\VideoEditor.exe
2014-09-12 00:56 - 2014-08-16 05:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-09-12 00:56 - 2014-08-16 05:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-09-12 00:56 - 2014-08-16 05:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-09-12 00:56 - 2014-08-16 05:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-09-12 00:56 - 2014-08-16 04:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-09-12 00:56 - 2014-08-16 04:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-09-12 00:56 - 2014-08-16 04:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-09-12 00:56 - 2014-08-16 04:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-09-12 00:56 - 2014-08-16 04:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-09-12 00:56 - 2014-08-16 04:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-09-12 00:56 - 2014-08-16 04:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-09-12 00:56 - 2014-08-16 04:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-09-12 00:56 - 2014-08-16 04:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-09-12 00:56 - 2014-08-16 04:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-09-12 00:56 - 2014-08-16 04:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-09-12 00:56 - 2014-08-16 04:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-09-12 00:56 - 2014-08-16 04:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-09-12 00:56 - 2014-08-16 04:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-09-12 00:56 - 2014-08-16 04:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-09-12 00:56 - 2014-08-16 04:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-09-12 00:56 - 2014-08-16 04:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-09-12 00:56 - 2014-08-16 03:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 00:56 - 2014-08-16 03:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-09-12 00:56 - 2014-08-16 03:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-09-12 00:56 - 2014-08-16 03:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-09-12 00:56 - 2014-08-16 03:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-09-12 00:56 - 2014-08-16 03:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-09-12 00:56 - 2014-08-16 03:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-09-12 00:56 - 2014-08-16 03:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-09-12 00:56 - 2014-08-16 03:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-09-12 00:56 - 2014-08-16 03:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-09-12 00:56 - 2014-08-16 03:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-09-12 00:56 - 2014-08-16 03:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-09-12 00:56 - 2014-08-16 03:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-09-12 00:56 - 2014-08-16 03:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-09-12 00:12 - 2014-09-12 00:46 - 102899957 _____ () C:\Users\admin\Downloads\VideoEditor (1).rar
2014-09-12 00:09 - 2014-09-12 00:35 - 82213764 _____ () C:\Users\admin\Downloads\VideoEditor.rar
2014-09-11 23:15 - 2014-09-11 23:16 - 10495609 _____ () C:\Users\admin\Desktop\CNN_Inside_a_refugee_camp_for_Syrians.mp4
2014-09-11 23:14 - 2014-09-11 23:14 - 03825902 _____ () C:\Users\admin\Desktop\Protesters_clash_with_police_at_Syrian_refugee_camp_in_Turkey.mp4
2014-09-11 23:08 - 2014-09-11 23:09 - 07708310 _____ () C:\Users\admin\Desktop\Turkey_Camp_Life_for_Syrian_Refugees.mp4
2014-09-11 23:06 - 2014-09-11 23:11 - 40645628 _____ () C:\Users\admin\Desktop\Syrian_Refugee_Camps_in_Turkey_Strained_Over_Crowded.mp4
2014-09-11 22:53 - 2014-09-11 22:53 - 00000000 ____D () C:\Program Files\DIFX
2014-09-11 22:53 - 2014-09-11 22:53 - 00000000 ____D () C:\Program Files\ACR38_100_122 PCSC Driver
2014-09-11 22:52 - 2014-09-11 22:52 - 00001981 _____ () C:\Users\Public\Desktop\Akis Kart Izleme Araci.lnk
2014-09-11 22:52 - 2014-09-11 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AKIS
2014-09-11 22:52 - 2014-09-11 22:52 - 00000000 ____D () C:\Program Files\AKIS
2014-09-11 22:52 - 2014-09-11 22:52 - 00000000 ____D () C:\AkisLog
2014-09-11 22:51 - 2014-09-11 22:51 - 00000000 ____D () C:\Users\admin\Downloads\ACR38_MSI_Winx64_1160_P
2014-09-11 22:51 - 2012-02-09 20:39 - 13603328 _____ () C:\Users\admin\Downloads\AKIS Yonetici x64(1.1).msi
2014-09-11 22:46 - 2014-09-11 22:56 - 00000000 ____D () C:\Users\admin\AppData\Local\Deployment
2014-09-11 22:42 - 2014-09-11 22:42 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WUDFUsbccidDriver_01_11_00.Wdf
2014-09-11 22:36 - 2014-09-15 17:57 - 00022685 _____ () C:\Users\admin\Desktop\FRST.txt
2014-09-11 22:36 - 2014-09-11 22:36 - 00044802 _____ () C:\Users\admin\Desktop\Addition.txt
2014-09-11 22:35 - 2014-09-11 22:35 - 00044802 _____ () C:\Users\admin\Downloads\Addition.txt
2014-09-11 22:34 - 2014-09-11 22:35 - 00056806 _____ () C:\Users\admin\Downloads\FRST.txt
2014-09-11 22:33 - 2014-09-15 17:57 - 00000000 ____D () C:\FRST
2014-09-11 22:31 - 2014-09-11 22:31 - 02105856 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2014-09-10 22:40 - 2014-09-10 22:41 - 00000000 ___SD () C:\32788R22FWJFW
2014-09-10 22:40 - 2014-09-10 22:40 - 00000000 ____D () C:\WINDOWS\erdnt
2014-09-10 22:39 - 2014-09-10 22:39 - 00001364 _____ () C:\Users\admin\Desktop\JRT.txt
2014-09-10 22:35 - 2014-09-10 22:35 - 00004470 _____ () C:\Users\admin\Desktop\AdwCleaner[S0].txt
2014-09-10 22:35 - 2014-09-10 22:35 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-10 22:34 - 2014-09-10 22:34 - 01016261 _____ (Thisisu) C:\Users\admin\Downloads\JRT.exe
2014-09-10 22:28 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-09-10 22:27 - 2014-09-15 17:32 - 00000000 ____D () C:\AdwCleaner
2014-09-10 22:26 - 2014-09-10 22:26 - 01370467 _____ () C:\Users\admin\Downloads\adwcleaner_3.309.exe
2014-09-10 20:24 - 2014-09-10 20:24 - 00001095 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-09-10 20:24 - 2014-09-10 20:24 - 00000000 ____D () C:\Users\admin\AppData\Local\VS Revo Group
2014-09-10 20:24 - 2014-09-10 20:24 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-09-10 20:24 - 2014-09-10 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-09-10 20:24 - 2014-09-10 20:24 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-09-10 20:24 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2014-09-10 20:23 - 2014-09-10 20:23 - 10619688 _____ (VS Revo Group ) C:\Users\admin\Downloads\RevoUninProSetup.exe
2014-09-10 08:46 - 2014-08-02 03:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-09-10 08:46 - 2014-07-24 06:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2014-09-10 08:46 - 2014-07-24 06:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2014-09-04 23:43 - 2014-09-04 23:43 - 01101600 _____ () C:\Users\admin\Downloads\YandexDiskSetupTr.exe
2014-09-04 08:23 - 2014-09-04 08:25 - 113492816 _____ (Apple Inc.) C:\Users\admin\Downloads\iTunes64Setup.exe
2014-09-03 23:47 - 2014-09-03 23:47 - 00344576 _____ () C:\Users\admin\Downloads\2014-09-03-yurtdisi (1).xls
2014-09-03 23:47 - 2014-09-03 23:47 - 00018665 _____ () C:\Users\admin\Downloads\28-02-2014-ULUSLARARASI.xlsx
2014-09-03 23:44 - 2014-09-03 23:44 - 00344576 _____ () C:\Users\admin\Downloads\2014-09-03-yurtdisi.xls
2014-09-03 22:08 - 2014-09-03 22:08 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-03 22:08 - 2014-09-03 22:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-03 22:07 - 2014-09-03 22:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-03 22:07 - 2014-09-03 22:08 - 00000000 ____D () C:\Program Files\iTunes
2014-09-03 22:07 - 2014-09-03 22:08 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-03 22:07 - 2014-09-03 22:07 - 00000000 ____D () C:\Program Files\iPod
2014-09-03 22:05 - 2014-09-03 22:05 - 00035330 _____ () C:\Users\admin\Downloads\[kickass.to]nilufer.discography.torrent
2014-09-01 23:04 - 2014-09-03 22:20 - 00000000 ____D () C:\Users\admin\AppData\Local\Adobe
2014-08-28 21:36 - 2014-08-28 22:16 - 00015349 _____ () C:\Users\admin\Desktop\Excel Çalışma.xlsx
2014-08-28 21:36 - 2014-08-28 21:36 - 00015226 _____ () C:\Users\admin\Downloads\Excel Çalışma.xlsx
2014-08-27 23:16 - 2014-08-27 23:16 - 00098304 _____ () C:\Users\admin\Downloads\2014-2015-anketi.xls
2014-08-27 22:34 - 2014-08-23 03:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-21 02:51 - 2014-08-21 02:51 - 00062848 _____ (Advanced Card Systems Ltd.) C:\WINDOWS\system32\Drivers\a38ccid.sys
2014-08-20 18:39 - 2014-08-20 18:39 - 00020405 _____ () C:\Users\admin\Downloads\Ayakkabı Kayda Alma %28Rapor-18_08_2014%29.xlsx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-15 17:57 - 2014-09-11 22:36 - 00022685 _____ () C:\Users\admin\Desktop\FRST.txt
2014-09-15 17:57 - 2014-09-11 22:33 - 00000000 ____D () C:\FRST
2014-09-15 17:47 - 2013-05-09 09:58 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-550401175-961969366-1688721761-1001
2014-09-15 17:41 - 2014-05-18 13:54 - 00003758 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2014-09-15 17:41 - 2013-09-30 07:16 - 01918510 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-15 17:41 - 2013-09-30 06:57 - 00787748 _____ () C:\WINDOWS\system32\perfh01F.dat
2014-09-15 17:41 - 2013-09-30 06:57 - 00180326 _____ () C:\WINDOWS\system32\perfc01F.dat
2014-09-15 17:40 - 2013-10-25 08:33 - 01903286 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-15 17:39 - 2013-05-13 13:09 - 00002201 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-15 17:39 - 2013-05-13 13:08 - 00001020 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-15 17:37 - 2013-08-22 17:46 - 00329615 _____ () C:\WINDOWS\setupact.log
2014-09-15 17:35 - 2013-08-22 17:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-15 17:35 - 2012-11-23 13:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-15 17:34 - 2013-09-29 21:05 - 00035414 _____ () C:\WINDOWS\PFRO.log
2014-09-15 17:34 - 2013-08-22 16:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-15 17:32 - 2014-09-10 22:27 - 00000000 ____D () C:\AdwCleaner
2014-09-15 17:32 - 2013-09-30 07:00 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-15 17:32 - 2013-09-30 06:56 - 00000000 ____D () C:\WINDOWS\system32\Drivers\tr-TR
2014-09-15 17:32 - 2013-08-22 18:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-09-15 17:32 - 2013-08-22 18:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-09-15 17:32 - 2013-08-22 18:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-15 17:32 - 2013-08-22 18:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-15 17:32 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-09-15 17:32 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\tr-TR
2014-09-15 17:32 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2014-09-15 17:32 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InputMethod
2014-09-15 17:32 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\system32\tr-TR
2014-09-15 17:32 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-09-15 17:32 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-09-15 17:30 - 2014-09-15 17:30 - 01373475 _____ () C:\Users\admin\Downloads\AdwCleaner.exe
2014-09-15 17:30 - 2014-09-15 17:30 - 01373475 _____ () C:\Users\admin\Desktop\AdwCleaner.exe
2014-09-15 17:00 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-15 17:00 - 2013-05-13 13:08 - 00001024 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-15 16:18 - 2014-04-19 23:42 - 00000814 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-15 15:36 - 2013-10-25 20:06 - 00003932 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8589FDF3-82DF-4E16-9414-CE4304186651}
2014-09-15 07:33 - 2012-07-26 10:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-15 07:30 - 2014-03-15 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-09-15 07:30 - 2013-07-26 00:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-15 06:44 - 2014-09-15 06:44 - 00063306 _____ () C:\Users\admin\Desktop\HitmanPro_20140915_0644.log
2014-09-15 06:33 - 2014-09-15 06:18 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-15 06:16 - 2014-09-15 06:16 - 11194928 _____ (SurfRight B.V.) C:\Users\admin\Desktop\HitmanPro_x64.exe
2014-09-14 22:19 - 2014-03-25 21:53 - 00003152 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForadmin
2014-09-14 22:19 - 2014-03-25 21:53 - 00000338 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForadmin.job
2014-09-14 19:08 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-14 18:52 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-14 18:41 - 2013-08-22 16:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-09-12 08:40 - 2013-10-25 08:38 - 00000000 ____D () C:\Users\admin
2014-09-12 08:38 - 2014-09-12 08:38 - 00000000 ____D () C:\Users\admin\Downloads\App
2014-09-12 00:57 - 2014-06-11 22:39 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-09-12 00:57 - 2014-06-11 22:39 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-09-12 00:57 - 2014-05-04 18:14 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-09-12 00:57 - 2014-05-04 18:14 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-12 00:56 - 2014-06-11 22:41 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-09-12 00:56 - 2014-06-11 22:41 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-12 00:56 - 2014-06-11 22:39 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-12 00:56 - 2014-06-11 22:39 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-09-12 00:56 - 2014-06-11 22:39 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-09-12 00:56 - 2014-06-11 22:39 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-09-12 00:56 - 2014-06-11 22:39 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-12 00:56 - 2014-06-11 22:39 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-09-12 00:56 - 2014-06-11 22:39 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-09-12 00:56 - 2014-06-11 22:39 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-09-12 00:56 - 2014-06-11 22:39 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-09-12 00:56 - 2014-06-11 22:39 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-09-12 00:46 - 2014-09-12 00:12 - 102899957 _____ () C:\Users\admin\Downloads\VideoEditor (1).rar
2014-09-12 00:35 - 2014-09-12 00:09 - 82213764 _____ () C:\Users\admin\Downloads\VideoEditor.rar
2014-09-12 00:22 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-09-11 23:16 - 2014-09-11 23:15 - 10495609 _____ () C:\Users\admin\Desktop\CNN_Inside_a_refugee_camp_for_Syrians.mp4
2014-09-11 23:16 - 2013-10-25 18:37 - 00468480 ___SH () C:\Users\admin\Desktop\Thumbs.db
2014-09-11 23:14 - 2014-09-11 23:14 - 03825902 _____ () C:\Users\admin\Desktop\Protesters_clash_with_police_at_Syrian_refugee_camp_in_Turkey.mp4
2014-09-11 23:11 - 2014-09-11 23:06 - 40645628 _____ () C:\Users\admin\Desktop\Syrian_Refugee_Camps_in_Turkey_Strained_Over_Crowded.mp4
2014-09-11 23:09 - 2014-09-11 23:08 - 07708310 _____ () C:\Users\admin\Desktop\Turkey_Camp_Life_for_Syrian_Refugees.mp4
2014-09-11 22:56 - 2014-09-11 22:46 - 00000000 ____D () C:\Users\admin\AppData\Local\Deployment
2014-09-11 22:53 - 2014-09-11 22:53 - 00000000 ____D () C:\Program Files\DIFX
2014-09-11 22:53 - 2014-09-11 22:53 - 00000000 ____D () C:\Program Files\ACR38_100_122 PCSC Driver
2014-09-11 22:52 - 2014-09-11 22:52 - 00001981 _____ () C:\Users\Public\Desktop\Akis Kart Izleme Araci.lnk
2014-09-11 22:52 - 2014-09-11 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AKIS
2014-09-11 22:52 - 2014-09-11 22:52 - 00000000 ____D () C:\Program Files\AKIS
2014-09-11 22:52 - 2014-09-11 22:52 - 00000000 ____D () C:\AkisLog
2014-09-11 22:51 - 2014-09-11 22:51 - 00000000 ____D () C:\Users\admin\Downloads\ACR38_MSI_Winx64_1160_P
2014-09-11 22:42 - 2014-09-11 22:42 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WUDFUsbccidDriver_01_11_00.Wdf
2014-09-11 22:36 - 2014-09-11 22:36 - 00044802 _____ () C:\Users\admin\Desktop\Addition.txt
2014-09-11 22:35 - 2014-09-11 22:35 - 00044802 _____ () C:\Users\admin\Downloads\Addition.txt
2014-09-11 22:35 - 2014-09-11 22:34 - 00056806 _____ () C:\Users\admin\Downloads\FRST.txt
2014-09-11 22:31 - 2014-09-11 22:31 - 02105856 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2014-09-11 08:46 - 2013-07-24 03:05 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-11 08:38 - 2013-05-13 22:26 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-11 00:42 - 2013-10-25 19:34 - 00843776 ___SH () C:\Users\admin\Downloads\Thumbs.db
2014-09-10 22:53 - 2014-08-14 12:43 - 00000000 ____D () C:\Users\admin\dwhelper
2014-09-10 22:41 - 2014-09-10 22:40 - 00000000 ___SD () C:\32788R22FWJFW
2014-09-10 22:41 - 2014-04-17 22:07 - 00000000 ____D () C:\Users\admin\AppData\Local\CrashDumps
2014-09-10 22:40 - 2014-09-10 22:40 - 00000000 ____D () C:\WINDOWS\erdnt
2014-09-10 22:39 - 2014-09-10 22:39 - 00001364 _____ () C:\Users\admin\Desktop\JRT.txt
2014-09-10 22:35 - 2014-09-10 22:35 - 00004470 _____ () C:\Users\admin\Desktop\AdwCleaner[S0].txt
2014-09-10 22:35 - 2014-09-10 22:35 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-10 22:34 - 2014-09-10 22:34 - 01016261 _____ (Thisisu) C:\Users\admin\Downloads\JRT.exe
2014-09-10 22:29 - 2014-02-16 00:32 - 00000000 ____D () C:\Users\admin\AppData\Local\CRE
2014-09-10 22:26 - 2014-09-10 22:26 - 01370467 _____ () C:\Users\admin\Downloads\adwcleaner_3.309.exe
2014-09-10 20:24 - 2014-09-10 20:24 - 00001095 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-09-10 20:24 - 2014-09-10 20:24 - 00000000 ____D () C:\Users\admin\AppData\Local\VS Revo Group
2014-09-10 20:24 - 2014-09-10 20:24 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-09-10 20:24 - 2014-09-10 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-09-10 20:24 - 2014-09-10 20:24 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-09-10 20:23 - 2014-09-10 20:23 - 10619688 _____ (VS Revo Group ) C:\Users\admin\Downloads\RevoUninProSetup.exe
2014-09-10 20:13 - 2013-05-09 09:52 - 00000000 ____D () C:\Users\admin\AppData\Local\Packages
2014-09-10 19:56 - 2013-05-26 20:54 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Azureus
2014-09-09 23:18 - 2014-04-19 23:42 - 00003702 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-09-06 15:59 - 2013-09-02 18:01 - 00000000 ____D () C:\Users\admin\AppData\Roaming\vlc
2014-09-05 18:30 - 2014-09-12 08:37 - 185071835 _____ (Wondershare Software) C:\Users\admin\Downloads\VideoEditor.exe
2014-09-04 23:43 - 2014-09-04 23:43 - 01101600 _____ () C:\Users\admin\Downloads\YandexDiskSetupTr.exe
2014-09-04 23:27 - 2013-09-15 16:43 - 00001808 _____ () C:\Users\Public\Desktop\Vuze.lnk
2014-09-04 23:27 - 2013-05-26 20:54 - 00001808 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2014-09-04 23:27 - 2013-05-26 20:54 - 00000000 ____D () C:\Program Files\Vuze
2014-09-04 08:25 - 2014-09-04 08:23 - 113492816 _____ (Apple Inc.) C:\Users\admin\Downloads\iTunes64Setup.exe
2014-09-03 23:47 - 2014-09-03 23:47 - 00344576 _____ () C:\Users\admin\Downloads\2014-09-03-yurtdisi (1).xls
2014-09-03 23:47 - 2014-09-03 23:47 - 00018665 _____ () C:\Users\admin\Downloads\28-02-2014-ULUSLARARASI.xlsx
2014-09-03 23:44 - 2014-09-03 23:44 - 00344576 _____ () C:\Users\admin\Downloads\2014-09-03-yurtdisi.xls
2014-09-03 22:20 - 2014-09-01 23:04 - 00000000 ____D () C:\Users\admin\AppData\Local\Adobe
2014-09-03 22:08 - 2014-09-03 22:08 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-03 22:08 - 2014-09-03 22:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-03 22:08 - 2014-09-03 22:07 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-03 22:08 - 2014-09-03 22:07 - 00000000 ____D () C:\Program Files\iTunes
2014-09-03 22:08 - 2014-09-03 22:07 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-03 22:07 - 2014-09-03 22:07 - 00000000 ____D () C:\Program Files\iPod
2014-09-03 22:05 - 2014-09-03 22:05 - 00035330 _____ () C:\Users\admin\Downloads\[kickass.to]nilufer.discography.torrent
2014-09-02 23:06 - 2013-08-22 18:38 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-09-02 23:06 - 2013-08-22 18:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-02 18:56 - 2013-05-21 21:07 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-09-02 18:56 - 2013-05-21 21:07 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-08-28 22:30 - 2014-06-26 22:11 - 00000000 ____D () C:\Users\admin\Desktop\BB3
2014-08-28 22:16 - 2014-08-28 21:36 - 00015349 _____ () C:\Users\admin\Desktop\Excel Çalışma.xlsx
2014-08-28 21:36 - 2014-08-28 21:36 - 00015226 _____ () C:\Users\admin\Downloads\Excel Çalışma.xlsx
2014-08-28 21:17 - 2013-08-22 17:44 - 05203664 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-27 23:16 - 2014-08-27 23:16 - 00098304 _____ () C:\Users\admin\Downloads\2014-2015-anketi.xls
2014-08-27 22:57 - 2014-05-29 22:06 - 00000166 _____ () C:\Users\admin\Desktop\film listesi.txt
2014-08-23 10:48 - 2014-09-15 06:44 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-08-23 10:13 - 2014-09-15 06:44 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-08-23 09:10 - 2014-09-15 06:44 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-08-23 08:32 - 2014-09-15 06:44 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-08-23 07:44 - 2014-09-15 06:44 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-08-23 07:34 - 2014-09-15 06:44 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-08-23 07:33 - 2014-09-15 06:44 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-08-23 07:31 - 2014-09-15 06:44 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-08-23 07:20 - 2014-09-15 06:44 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-08-23 03:42 - 2014-08-27 22:34 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-21 02:51 - 2014-08-21 02:51 - 00062848 _____ (Advanced Card Systems Ltd.) C:\WINDOWS\system32\Drivers\a38ccid.sys
2014-08-20 18:39 - 2014-08-20 18:39 - 00020405 _____ () C:\Users\admin\Downloads\Ayakkabı Kayda Alma %28Rapor-18_08_2014%29.xlsx
2014-08-16 05:40 - 2014-09-12 00:56 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-16 05:04 - 2014-09-12 00:56 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-16 05:00 - 2014-09-12 00:56 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-16 05:00 - 2014-09-12 00:56 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-16 04:56 - 2014-09-12 00:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-08-16 04:54 - 2014-09-12 00:56 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-08-16 04:45 - 2014-09-12 00:56 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-16 04:43 - 2014-09-12 00:56 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-16 04:32 - 2014-09-12 00:56 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-16 04:25 - 2014-09-12 00:56 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-08-16 04:22 - 2014-09-12 00:56 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-08-16 04:20 - 2014-09-12 00:56 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-08-16 04:19 - 2014-09-12 00:56 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-16 04:18 - 2014-09-12 00:56 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-16 04:18 - 2014-09-12 00:56 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-16 04:11 - 2014-09-12 00:56 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-08-16 04:06 - 2014-09-12 00:56 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-16 04:05 - 2014-09-12 00:56 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-16 04:05 - 2014-09-12 00:56 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-16 04:03 - 2014-09-12 00:56 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-16 04:03 - 2014-09-12 00:56 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-16 03:58 - 2014-09-12 00:56 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-16 03:56 - 2014-09-12 00:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-16 03:53 - 2014-09-12 00:56 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-16 03:53 - 2014-09-12 00:56 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-16 03:53 - 2014-09-12 00:56 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-16 03:51 - 2014-09-12 00:56 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-16 03:45 - 2014-09-12 00:56 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-16 03:44 - 2014-09-12 00:56 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-16 03:44 - 2014-09-12 00:56 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-16 03:34 - 2014-09-12 00:56 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-16 03:20 - 2014-09-12 00:56 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-08-16 03:18 - 2014-09-12 00:56 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-16 03:14 - 2014-09-12 00:56 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-16 03:12 - 2014-09-12 00:56 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
 
Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\BackupSetup.exe
C:\Users\admin\AppData\Local\Temp\ExPromo.exe
C:\Users\admin\AppData\Local\Temp\i4jdel0.exe
C:\Users\admin\AppData\Local\Temp\i4jdel1.exe
C:\Users\admin\AppData\Local\Temp\i4jdel2.exe
C:\Users\admin\AppData\Local\Temp\i4jdel3.exe
C:\Users\admin\AppData\Local\Temp\i4jdel4.exe
C:\Users\admin\AppData\Local\Temp\i4jdel5.exe
C:\Users\admin\AppData\Local\Temp\install_helper.exe
C:\Users\admin\AppData\Local\Temp\Quarantine.exe
C:\Users\admin\AppData\Local\Temp\sp64126.exe
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite15347.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite16331.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite17336.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite18876.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite21776.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite28360.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite28716.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite30335.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite34315.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite37009.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite37330.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite38083.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite38812.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite38813.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite39813.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite41833.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite44157.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite44827.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite45499.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite50850.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite51355.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite52102.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite52138.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite52223.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite52471.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite52494.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite53392.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite57328.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite57941.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite58883.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite65839.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite67905.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite67943.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite68142.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite71833.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite75005.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite76734.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite79321.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite80049.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite81386.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite84303.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite89637.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite90867.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite94410.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite94767.dll
C:\Users\admin\AppData\Local\Temp\System.Data.SQLite95648.dll
C:\Users\admin\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\admin\AppData\Local\Temp\vcredist_x64.exe
C:\Users\admin\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\admin\AppData\Local\Temp\vlc-2.1.3-win32.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-15 17:47
 
==================== End Of Log ============================
 
Addition txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014
Ran by admin at 2014-09-15 17:58:05
Running from C:\Users\admin\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ACR38/100/122 PC/SC Driver 1.1.6.0 (HKLM\...\{9B2C0BDB-88BC-45D9-8B18-287B0708E2B2}) (Version: 1.1.6 - Advanced Card Systems Ltd.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AKIS Yonetici x64(1.1) (HKLM\...\{2510D83C-5158-4A14-B93B-8674404EFB85}) (Version: 1.1 - Şirketinizin Adı)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1.5510 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.1.3109 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.1.1902 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.1.4319 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9719DFA1-7CB0-422E-98AE-C77FD3426BE8}) (Version:  - Microsoft)
Dic Michaelis - UOL (HKLM-x32\...\WDIC) (Version:  - )
Elevated Installer (x32 Version: 2.4.6.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{29382fb9-c7e9-45a6-a223-db732d64f6a6}) (Version: 2.4.6.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.4.6.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.4.6.0 - Garmin Ltd or its subsidiaries) Hidden
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.62.5207 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKCU\...\HPConnectedMusic) (Version: 1.1 (build 37) hp - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Postscript Converter (Version: 3.1.3591 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6457.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
K-Lite Codec Pack 4.5.3 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 4.5.3 - )
Microsoft Access MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 2013 Yazım Denetleme Araçları - Türkçe (HKLM\...\{90150000-001F-041F-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 tr) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 tr)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.5.0.19 - Symantec Corporation)
NVIDIA 3D Vision Sürücüsü 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Denetim Masası 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Grafik Sürücüsü 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA HD Ses Sürücüsü 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0613 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2702 - NVIDIA Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Oxford Advanced Learner's Dictionary - 8th Edition (HKLM-x32\...\NSIS_oald8) (Version:  - )
Oxford Collocations Dictionary (HKLM-x32\...\NSIS_ocoll2e) (Version:  - )
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PDFMate Free PDF Merger 1.0.7 (HKLM-x32\...\PDFMate Free PDF Merger_is1) (Version:  - pdfmate.com)
Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.0.0 - Ralink)
Readiris Corporate 14 (HKLM-x32\...\{4FAAB5FC-DADF-4444-A782-778CB49FDDF3}) (Version: 14.00.2826 - I.R.I.S.)
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Sigil 0.7.3 (HKLM-x32\...\Sigil_is1) (Version:  - John Schember)
Simpo PDF Merge & Split 2.2.1.0 (HKLM-x32\...\Simpo PDF Merge & Split_is1) (Version:  - )
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881083) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{8260F0BF-F234-41FC-AB11-218A9925F77B}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{75FECCEB-66B8-4376-8A25-6137D30D3C93}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{75FECCEB-66B8-4376-8A25-6137D30D3C93}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{75FECCEB-66B8-4376-8A25-6137D30D3C93}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{7A4AB8E1-C091-4BD3-B308-844BA6EE752A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D692E9FF-84BF-4F44-A0EA-D58ECE0D538E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881001) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DF1B7B95-4A86-4605-A628-556394B5580A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881009) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3033838D-15E0-4199-8CBD-A7F2057AE653}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0090-0409-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881039) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C675FC43-E413-49A7-B3DC-44967B4FE22D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881081) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3BE27413-9FFE-4AB1-9013-344E111E718F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E919ACF4-A1D7-4CAA-A103-5EB115563721}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883049) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{39D9DAC1-16A7-430A-B2F3-4D3D000454D0}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F9C35D99-CA8E-4D17-B785-66AC654D5664}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUS_{18C53DCB-FA98-4A7B-BC2E-6DA30D4E4901}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{6E2862B8-C10A-4FD0-9B82-8D9761301AAA}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889862) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CC0535B0-340B-4740-A63D-DBBE389DC83A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889862) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CC0535B0-340B-4740-A63D-DBBE389DC83A}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00BA-0409-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00A1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2889847) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{7F1008C2-8C87-497F-B6D8-56B53DA0FAB3}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2889847) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{7F1008C2-8C87-497F-B6D8-56B53DA0FAB3}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0019-0409-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version:  - Microsoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.4.0.0 - Azureus Software, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Algılayıcı (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Sürücü Paketi - ACS (A38CCID) SmartCardReader  (01/17/2013 1.1.6.8) (HKLM\...\BCD8ED52CEA9FE88CE7BB1DB77396FA804688184) (Version: 01/17/2013 1.1.6.8 - ACS)
Windows Sürücü Paketi - ACS (ACR122U) SmartCardReader  (10/10/2012 1.1.6.4) (HKLM\...\29742EF5326446C82D0D4B3E1F0EF5AB430EF141) (Version: 10/10/2012 1.1.6.4 - ACS)
Windows Sürücü Paketi - ACS (ACSSCR) SmartCardReader  (09/18/2012 1.1.6.3) (HKLM\...\B3AA751CA8C52015C434B2790E0A934C2585A3C6) (Version: 09/18/2012 1.1.6.3 - ACS)
WinMount V3.4.1020 (HKLM-x32\...\WinMount_is1) (Version: 3.4.1020 - WinMount)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Xilisoft PDF to Word Converter (HKLM-x32\...\Xilisoft PDF to Word Converter) (Version: 1.0.3.20120522 - Xilisoft)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-550401175-961969366-1688721761-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\admin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-550401175-961969366-1688721761-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\admin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-550401175-961969366-1688721761-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\admin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-550401175-961969366-1688721761-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\admin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-550401175-961969366-1688721761-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\admin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
04-09-2014 06:00:12 Zamanlanmış Denetim Noktası
11-09-2014 05:36:40 Windows Update
15-09-2014 03:45:02 HitmanPro Kontrol Noktası
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 16:25 - 2013-08-22 16:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {08A16859-B72E-4884-B5A7-B149EDAF655F} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0E4678E1-72DC-4A6D-9469-2E5D06261377} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-13] (Google Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {313A9FBA-FE41-48B6-910D-6B13FFA79009} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3D52E768-2B0A-4F4C-BF3D-1D12583F1808} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {50E0B507-763C-4FA4-A4D1-4A79DE957445} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {52041197-DA2F-4CE6-BC98-EE1AD666D18D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {56B81BBF-EAB0-49B2-AEBE-47D8E9DE24A5} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)
Task: {5B7C23DB-0036-4E92-B4BA-5D5DE2B23C64} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2014-05-18] ()
Task: {63A16678-5438-4EF8-9FED-FF06E2814213} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6B47D575-2D8C-41C3-8E6E-DEA48578EBF9} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6F0FD37F-66FB-4460-B7FF-1C420D70CE35} - System32\Tasks\HPCeeScheduleForadmin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7BDACC07-1614-4AF2-9AF7-C537C24E6636} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {89FD8E8E-957A-4F0D-B6B6-7D94525DE7F5} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {8A11673D-553D-4317-96AC-7B398DC7C06F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {965F40B0-DEB5-45A4-B4CF-F1084CBB1280} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {9F4D62CA-068E-4E83-A43C-F8E4979D4DA9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-13] (Google Inc.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {ACA43AB0-7209-464C-A86C-40379AF32EB5} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {BE5A6E68-A6DB-4B60-8C8E-6C624772FA20} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {C72C3D59-8C14-4A15-9919-95F768F833B8} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D20CA01F-77ED-4B73-A8CC-8B9699BF7FF7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-09-11] (Microsoft Corporation)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F874CE4F-EBFA-4454-801F-00825DEB5C16} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForadmin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-08-29 13:02 - 2012-08-29 13:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-08-29 13:02 - 2012-08-29 13:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-08-29 13:02 - 2012-08-29 13:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2013-10-25 18:29 - 2013-10-25 18:29 - 00120224 _____ () C:\Users\admin\AppData\Local\assembly\dl3\1Q5PV2LY.JW2\PJYNHNAY.1EO\42e05ccc\0017145d_cd85cd01\HPItunesModule.DLL
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-23 13:57 - 2012-06-08 06:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-09-14 19:03 - 2014-09-04 06:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-14 19:03 - 2014-09-04 06:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-14 19:03 - 2014-09-04 06:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-14 19:03 - 2014-09-04 06:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-14 19:03 - 2014-09-04 06:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2012-11-23 13:50 - 2012-07-18 11:50 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-09-14 19:03 - 2014-09-04 06:01 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/15/2014 06:45:01 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Birim Gölge Kopya Hizmeti hatası: IVssWriterCallback arabirimi sorgulanırken hata oluştu.  hr = 0x80070005, Erişim engellendi.
.
Bu duruma genellikle yazan veya istekte bulunan işlemdeki yanlış güvenlik ayarları neden olur.
 
 
İşlem:
   Yazıcı Verileri Toplanıyor
 
Bağlam:
   Yazıcı Sınıf Kimliği: {e8132975-6f93-4464-a53e-1050253ae220}
   Yazıcı Adı: System Writer
   Yazıcı Örnek Kimliği: {dbba9697-f6b5-4414-8b77-ea0c769a1e46}
 
Error: (09/12/2014 00:57:02 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\WINDOWS\System32\bitsperf.dll8
 
Error: (09/10/2014 10:41:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Hatalı uygulama adı: NirCmd.3XE, sürüm: 2.3.5.189, zaman damgası: 0x49ec5532
Hatalı modül adı: ntdll.dll, sürüm: 6.3.9600.17114, zaman damgası: 0x53648f36
Özel durum kodu: 0xc0000005
Hata uzaklığı 0x00050363
Hatalı işlem kimliği: 0x1244
Uygulama başlangıç zamanı: 0xNirCmd.3XE0
Hatalı uygulama yolu: NirCmd.3XE1
Hatalı modül yolu: NirCmd.3XE2
Rapor kimliği: NirCmd.3XE3
Hatalı paket tam adı: NirCmd.3XE4
Hatalı paketle ilgili uygulama kimliği: NirCmd.3XE5
 
Error: (09/10/2014 10:41:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Hatalı uygulama adı: Firefox.exe, sürüm: 2.3.5.189, zaman damgası: 0x49ec5532
Hatalı modül adı: ntdll.dll, sürüm: 6.3.9600.17114, zaman damgası: 0x53648f36
Özel durum kodu: 0xc0000005
Hata uzaklığı 0x00050363
Hatalı işlem kimliği: 0x1418
Uygulama başlangıç zamanı: 0xFirefox.exe0
Hatalı uygulama yolu: Firefox.exe1
Hatalı modül yolu: Firefox.exe2
Rapor kimliği: Firefox.exe3
Hatalı paket tam adı: Firefox.exe4
Hatalı paketle ilgili uygulama kimliği: Firefox.exe5
 
Error: (09/10/2014 10:41:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Hatalı uygulama adı: iexplore.exe, sürüm: 2.3.5.189, zaman damgası: 0x49ec5532
Hatalı modül adı: ntdll.dll, sürüm: 6.3.9600.17114, zaman damgası: 0x53648f36
Özel durum kodu: 0xc0000005
Hata uzaklığı 0x00050363
Hatalı işlem kimliği: 0x1424
Uygulama başlangıç zamanı: 0xiexplore.exe0
Hatalı uygulama yolu: iexplore.exe1
Hatalı modül yolu: iexplore.exe2
Rapor kimliği: iexplore.exe3
Hatalı paket tam adı: iexplore.exe4
Hatalı paketle ilgili uygulama kimliği: iexplore.exe5
 
 
System errors:
=============
Error: (09/15/2014 05:40:25 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Önemli uyarı oluşturuldu ve uzak bitiş noktasına gönderildi. Bu durum bağlantının sonlandırılmasına neden olabilir. TLS protokolü tanımlı önemli hata kodu: 70. Windows SChannel hata durumu: 105.
 
Error: (09/15/2014 05:40:01 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Önemli uyarı oluşturuldu ve uzak bitiş noktasına gönderildi. Bu durum bağlantının sonlandırılmasına neden olabilir. TLS protokolü tanımlı önemli hata kodu: 70. Windows SChannel hata durumu: 105.
 
Error: (09/15/2014 05:39:23 PM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)
Description: SSL sunucu kimlik bilgisi özel anahtarını erişme girişiminde önemli bir hata oluştu. Şifreleme modülünden döndürülen hata kodu 0x8009030d. İç hata durumu: 10001.
 
Error: (09/15/2014 05:39:19 PM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)
Description: SSL sunucu kimlik bilgisi özel anahtarını erişme girişiminde önemli bir hata oluştu. Şifreleme modülünden döndürülen hata kodu 0x8009030d. İç hata durumu: 10001.
 
Error: (09/15/2014 05:36:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Defender Hizmeti hizmeti şu hata nedeniyle başlatılamadı: 
%%577
 
Error: (09/15/2014 05:32:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: uygulamaya özgüYerelEtkinleştirme{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (LRPC Kullanan)YokYok
 
Error: (09/15/2014 05:17:47 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (09/15/2014 08:10:48 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (09/15/2014 06:53:08 AM) (Source: DCOM) (EventID: 10010) (User: hp)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (09/15/2014 06:52:22 AM) (Source: DCOM) (EventID: 10010) (User: hp)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
 
Microsoft Office Sessions:
=========================
Error: (09/15/2014 06:45:01 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Erişim engellendi.
 
 
İşlem:
   Yazıcı Verileri Toplanıyor
 
Bağlam:
   Yazıcı Sınıf Kimliği: {e8132975-6f93-4464-a53e-1050253ae220}
   Yazıcı Adı: System Writer
   Yazıcı Örnek Kimliği: {dbba9697-f6b5-4414-8b77-ea0c769a1e46}
 
Error: (09/12/2014 00:57:02 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\WINDOWS\System32\bitsperf.dll8
 
Error: (09/10/2014 10:41:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NirCmd.3XE2.3.5.18949ec5532ntdll.dll6.3.9600.1711453648f36c000000500050363124401cfcd2f2a28a673C:\32788R22FWJFW\NirCmd.3XEC:\WINDOWS\SYSTEM32\ntdll.dll67dc5974-3922-11e4-bec4-10604b5e2050
 
Error: (09/10/2014 10:41:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Firefox.exe2.3.5.18949ec5532ntdll.dll6.3.9600.1711453648f36c000000500050363141801cfcd2f29651d16C:\32788R22FWJFW\Firefox.exeC:\WINDOWS\SYSTEM32\ntdll.dll6718cff7-3922-11e4-bec4-10604b5e2050
 
Error: (09/10/2014 10:41:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe2.3.5.18949ec5532ntdll.dll6.3.9600.1711453648f36c000000500050363142401cfcd2f27a9977dC:\32788R22FWJFW\iexplore.exeC:\WINDOWS\SYSTEM32\ntdll.dll65e2d6a2-3922-11e4-bec4-10604b5e2050
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-09-15 17:36:06.811
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-09-14 18:41:01.860
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-09-11 23:54:58.301
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-09-11 22:24:24.565
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3350P CPU @ 3.10GHz
Percentage of memory in use: 22%
Total physical RAM: 8144.98 MB
Available physical RAM: 6281.26 MB
Total Pagefile: 8544.98 MB
Available Pagefile: 6401.26 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:461.45 GB) (Free:352.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:11.05 GB) (Free:1.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (Yedek) (Fixed) (Total:457.54 GB) (Free:90.5 GB) NTFS
Drive j: (OALD8) (CDROM) (Total:0.65 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 72D49658)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
 
Thanks again for the help.
 
 


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 AM

Posted 15 September 2014 - 10:19 AM

Ok, now please run HitmanPro again. But this time don't close HitmanPro when the scan has finished but click "Next" instead to do the repairs. Afterwards reboot your computer. Is the problem with the proxy server still present afterwards?

#7 bturkmen

bturkmen
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 15 September 2014 - 10:40 AM

Wow yes, it's done! You were of great help, thank you so much aharonov!

 

Cheers



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 AM

Posted 15 September 2014 - 10:56 AM

I'm glad to hear that!

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Java 7 Update 55




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#9 bturkmen

bturkmen
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 15 September 2014 - 02:20 PM

All done ;) Thanks a lot again for the help...



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 AM

Posted 15 September 2014 - 02:24 PM

Thank you and take care.

#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 AM

Posted 15 September 2014 - 02:24 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users