Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Image Repetition in Firefox (Combo Fix log inside)


  • This topic is locked This topic is locked
3 replies to this topic

#1 yolwerin

yolwerin

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 08 April 2015 - 10:32 AM

 

Ok, I've got a problem in Firefox and the Firefox troubleshoot page directed me to this forum to find some answers because I seem to shoot blanks with uninstall / reinstalling Firefox and using Malwarebyte.

 

My problem is, when I surf on a webpage some of the images or thumbnails repeat themselves anywhere on the page. For example, when I go to my youtube page and click history, there are the thumbnails for the videos I watched. And in back to back thumbnails the video images are repeated (some, and only the images - not the names) and when I hover my cursor above them, they return back to their original state. But scrolling back and forth, it's like a damn tide which keeps messing with the thumbnails.

 

Second, the scroll bar on the right side sometimes morph into a bar full of random images which are captured from cache or something, and sometimes I can see a list of friggin smileys forming the scroll bar.

 

What I tried:

 

- Malwarebyte. It found a trojan, and some malware and I cleaned them. Run the scan again, they were gone.

- I uninstalled the firefox, even got rid of the profile. Reinstalled again, created a new profile but the problem was still there.

 

If you could please help me solve this annoying problem, it would be much appreciated.

 

PS. Internet Explorer, and Chrome are just fine. There is no problem.

 

 

EDIT: I just ran Combo Fix too. It deleted couple of files here and there, but damn firefox is still same!!!

 

 

ComboFix 15-04-01.01 - PC 08.04.2015   0:43.2.4 - x64
Microsoft Windows 7 Home Basic   6.1.7601.1.1254.90.1055.18.4078.2461 [GMT 9:00]
Running from: c:\users\PC\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 192 bytes in 2 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\INITECH
c:\windows\Downloaded Program Files\XPayPlugin
c:\windows\Downloaded Program Files\XPayPlugin\LGDacomPaymentView.ocx
c:\windows\Fonts\gothic.ttf
c:\windows\security\logs\scecomp.log
c:\windows\SysWow64\CKAgent.dat
.
.
(((((((((((((((((((((((((   Files Created from 2015-03-07 to 2015-04-07  )))))))))))))))))))))))))))))))
.
.
2015-04-07 15:55 . 2015-04-07 15:55    --------    d-----w-    c:\users\Public\AppData\Local\temp
2015-04-07 15:55 . 2015-04-07 15:55    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-04-07 15:33 . 2015-04-07 15:33    --------    d-----w-    C:\Intel
2015-04-07 14:56 . 2015-04-07 14:56    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{13C36FE3-5761-4AEA-ACB9-5277C15C54FC}\offreg.dll
2015-04-07 14:25 . 2015-03-14 10:02    12002392    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{13C36FE3-5761-4AEA-ACB9-5277C15C54FC}\mpengine.dll
2015-04-05 11:45 . 2015-04-05 11:45    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
2015-04-05 06:57 . 2015-04-05 06:57    --------    d-----w-    c:\programdata\Malwarebytes
2015-04-04 16:34 . 2015-04-04 16:35    --------    d-s---w-    c:\windows\system32\GWX
2015-04-04 16:34 . 2015-04-04 16:34    --------    d-s---w-    c:\windows\SysWow64\GWX
2015-03-25 15:43 . 2015-03-11 04:06    943616    ----a-w-    c:\windows\system32\appraiser.dll
2015-03-25 15:43 . 2015-03-11 04:05    30720    ----a-w-    c:\windows\system32\acmigration.dll
2015-03-25 15:43 . 2015-03-11 04:06    677888    ----a-w-    c:\windows\system32\generaltel.dll
2015-03-25 15:43 . 2015-03-11 04:02    1107456    ----a-w-    c:\windows\system32\aeinv.dll
2015-03-25 15:43 . 2015-03-11 04:06    760832    ----a-w-    c:\windows\system32\invagent.dll
2015-03-25 15:43 . 2015-03-11 04:06    414720    ----a-w-    c:\windows\system32\devinv.dll
2015-03-25 15:43 . 2015-03-11 04:05    227328    ----a-w-    c:\windows\system32\aepdu.dll
2015-03-25 15:43 . 2015-03-11 04:05    192000    ----a-w-    c:\windows\system32\aepic.dll
2015-03-21 08:21 . 2015-03-21 08:21    146952    ----a-r-    c:\windows\system32\CKAgent.exe
2015-03-21 08:21 . 2015-03-21 08:21    146952    ----a-r-    c:\windows\SysWow64\CKAgent.exe
2015-03-11 14:40 . 2015-02-03 03:28    6656    ----a-w-    c:\windows\system32\apisetschema.dll
2015-03-11 14:40 . 2015-02-03 03:30    12625920    ----a-w-    c:\windows\system32\wmploc.DLL
2015-03-11 14:40 . 2015-02-03 03:11    12625408    ----a-w-    c:\windows\SysWow64\wmploc.DLL
2015-03-11 14:40 . 2015-02-03 03:09    2048    ----a-w-    c:\windows\SysWow64\mferror.dll
2015-03-11 14:40 . 2015-02-03 03:28    2048    ----a-w-    c:\windows\system32\mferror.dll
2015-03-11 14:40 . 2015-01-31 03:48    3179520    ----a-w-    c:\windows\system32\rdpcorets.dll
2015-03-11 14:40 . 2015-01-31 03:48    16384    ----a-w-    c:\windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 14:40 . 2015-01-30 23:56    243200    ----a-w-    c:\windows\system32\rdpudd.dll
2015-03-11 14:39 . 2015-02-03 03:31    215552    ----a-w-    c:\windows\system32\ubpm.dll
2015-03-11 14:39 . 2015-02-03 03:12    171520    ----a-w-    c:\windows\SysWow64\ubpm.dll
2015-03-11 14:39 . 2015-02-13 05:22    14177280    ----a-w-    c:\windows\system32\shell32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-21 08:21 . 2013-09-26 14:10    141848    ----a-w-    c:\windows\system32\kcrtx64.sys
2015-03-18 13:51 . 2012-04-13 14:39    778928    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2015-03-18 13:51 . 2012-02-15 16:28    142512    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-11 17:58 . 2012-02-19 09:43    122905848    ----a-w-    c:\windows\system32\MRT.exe
2015-02-23 19:17 . 2010-11-21 03:27    295552    ------w-    c:\windows\system32\MpSigStub.exe
2015-02-17 06:19 . 2015-02-17 06:19    1614496    ----a-w-    c:\windows\system32\FM20.DLL
2015-02-06 04:45 . 2015-02-06 04:45    707104    ----a-w-    c:\windows\SysWow64\ISPPopUpDlg.exe
2015-02-05 08:28 . 2015-02-05 08:28    708096    ----a-w-    c:\windows\SysWow64\INIcrypto20.dll
2015-01-27 23:36 . 2015-02-11 11:59    1239720    ----a-w-    c:\windows\system32\aitstatic.exe
2015-01-18 09:16 . 2014-11-10 04:10    2522    ----a-w-    c:\windows\rescue_ocx_64.reg
2015-01-18 09:16 . 2014-11-10 04:10    2364    ----a-w-    c:\windows\rescue_inisb_64.reg
2015-01-09 03:14 . 2015-03-04 16:38    91136    ----a-w-    c:\windows\system32\wdi.dll
2015-01-09 03:14 . 2015-03-04 16:38    950272    ----a-w-    c:\windows\system32\perftrack.dll
2015-01-09 03:14 . 2015-03-04 16:38    29696    ----a-w-    c:\windows\system32\powertracker.dll
2015-01-09 02:48 . 2015-03-04 16:38    76800    ----a-w-    c:\windows\SysWow64\wdi.dll
2012-09-05 10:30 . 2012-09-05 10:30    2174976    ----a-w-    c:\program files (x86)\Common Files\atimpenc.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08    131480    ----a-w-    c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08    131480    ----a-w-    c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08    131480    ----a-w-    c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08    131480    ----a-w-    c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08    131480    ----a-w-    c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08    131480    ----a-w-    c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08    131480    ----a-w-    c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08    131480    ----a-w-    c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodecPackUpdateChecker.lnk - c:\windows\SysWOW64\C2MP\UpdateChecker.exe [2014-8-14 48680]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DataForder"= c:\users\PC\Desktop\Yeni klasör\
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 mathlm;Wolfram 9.0 License Manager;c:\progra~2\WOLFRA~1\MathLM\mathlm.exe;c:\progra~2\WOLFRA~1\MathLM\mathlm.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AhnFlt2K;AhnFlt2K;c:\windows\system32\drivers\AhnFlt2K.sys;c:\windows\SYSNATIVE\drivers\AhnFlt2K.sys [x]
R3 AhnRec2K;AhnRec2K;c:\windows\system32\drivers\AhnRec2K.sys;c:\windows\SYSNATIVE\drivers\AhnRec2K.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS;c:\windows\SYSNATIVE\JRSKD24.SYS [x]
R3 kcrtx64;kcrtx64;c:\windows\system32\kcrtx64.sys;c:\windows\SYSNATIVE\kcrtx64.sys [x]
R3 kcrtx86;kcrtx86;c:\windows\system32\kcrtx86.sys;c:\windows\SYSNATIVE\kcrtx86.sys [x]
R3 Mkd2Bthf;Mkd2Bthf;c:\windows\system32\drivers\Mkd2Bthf.sys;c:\windows\SYSNATIVE\drivers\Mkd2Bthf.sys [x]
R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys;c:\windows\SYSNATIVE\drivers\Mkd2Nadr.sys [x]
R3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\Mkd3kfNt.sys;c:\windows\SYSNATIVE\drivers\Mkd3kfNt.sys [x]
R3 npkcft64;npkcft64;c:\windows\SysWOW64\npkcft64.sys;c:\windows\SysWOW64\npkcft64.sys [x]
R3 npkuft64;npkuft64;c:\windows\SysWOW64\npkuft64.sys;c:\windows\SysWOW64\npkuft64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 ProDefense;ProDefense;c:\windows\system32\drivers\ProDefense.sys;c:\windows\SYSNATIVE\drivers\ProDefense.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 x64kdss;x64kdss;syswow64\Drivers\x64kdss.sys;syswow64\Drivers\x64kdss.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 ANSYS, Inc. License Manager;ANSYS, Inc. License Manager;c:\program files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe;c:\program files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 NAUpdate;Nero Güncelleme;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 JRSUKD25;JRSUKD25;c:\windows\system32\JRSUKD25.SYS;c:\windows\SYSNATIVE\JRSUKD25.SYS [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys;c:\windows\SYSNATIVE\drivers\QIOMem.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S4 AhnRghNt;AhnRghNt;c:\windows\system32\drivers\AhnRghNt.sys;c:\windows\SYSNATIVE\drivers\AhnRghNt.sys [x]
S4 AMonTDLH;AMonTDLH;c:\windows\system32\Drivers\AMonTDLH.sys;c:\windows\SYSNATIVE\Drivers\AMonTDLH.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - AhnSZE
*Deregistered* - AMonLWLH
*Deregistered* - ASZFltNt
*Deregistered* - ATamptNt_V3IS80
*Deregistered* - CdmDrvNt
*Deregistered* - ISIPSEnt
*Deregistered* - MeDCoreD_V3IS80
*Deregistered* - v3engine
*Deregistered* - V3Flt2K
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-02 00:04    1061704    ----a-w-    c:\program files (x86)\Google\Chrome\Application\41.0.2272.118\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-04-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 13:51]
.
2015-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 13:21]
.
2015-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 13:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08    164760    ----a-w-    c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08    164760    ----a-w-    c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08    164760    ----a-w-    c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08    164760    ----a-w-    c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08    164760    ----a-w-    c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08    164760    ----a-w-    c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08    164760    ----a-w-    c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08    164760    ----a-w-    c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-02-19 05:24    774472    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-02-19 05:24    774472    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-02-19 05:24    774472    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-02-19 05:24    774472    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-02-19 05:24    774472    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-08-03 150992]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 144.122.1.203:2003
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Microsoft Excel'e Gö&nder - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: TOSHIBA Bulletin Board'a Ekle - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
Trusted Zone: citibank.co.kr
Trusted Zone: hanacard.co.kr
Trusted Zone: kbstar.com
Trusted Zone: keb.co.kr
Trusted Zone: lgdacom.net
Trusted Zone: uplus.co.kr
TCP: DhcpNameServer = 203.237.32.100 203.237.32.101
TCP: Interfaces\{6C121A13-4F18-4F5E-AD40-BF1C9251B0FB}\2696C616C6: NameServer = 8.8.8.8,8.8.8.4
TCP: Interfaces\{6C121A13-4F18-4F5E-AD40-BF1C9251B0FB}\3313134386F6: NameServer = 8.8.8.8,8.8.8.4
TCP: Interfaces\{6C121A13-4F18-4F5E-AD40-BF1C9251B0FB}\7416A796F5D4963716669627: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{6C121A13-4F18-4F5E-AD40-BF1C9251B0FB}\7416A796F5F4762756E63696: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{ECC98196-9281-4E16-93D6-08D87C7E520E}: NameServer = 203.237.32.100,203.237.32.101
DPF: {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} - hxxp://plugin.inicis.com/wallet61/INIwallet61_win8.cab
DPF: {2587A1BE-8046-4FC3-A957-C489945110E1} - hxxps://pgdownload.uplus.co.kr/dacom/IssacWebProCMS_4_3_1_3_LG_UPLUS.cab
DPF: {5797B411-BD4D-4896-9A89-415A902430B6} - hxxp://bus.gjcity.net/smartmap/bin/SmartMapGXB.cab
DPF: {8E2A904F-FDD7-4086-A49C-834F1C47DC39}
DPF: {A2561EA5-D4C6-4C3D-97C7-67F2C12416AD} - hxxps://download.raonsecure.com/KSCertRelay/v2.0.3.4/KSCertRelay.cab
DPF: {CBE25D2B-A3CE-4170-8043-3214736DDD89} - hxxps://pgdownload.uplus.co.kr/lguplus/LGDacomPaymentView.cab
DPF: {E42F7FEB-DE20-43F4-A342-47F1DA77F667} - hxxp://pgdownload.uplus.co.kr/lguplus/XPayPlugin_3.0.0.2.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxp://www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA64.cab
FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\cz3cjdjo.Tensai\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (Eng)
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3736817853-2375902131-3305207086-1000_Classes\Wow6432Node\CLSID\{4e6db343-e998-4674-803d-2fb2942f49da}]
@Denied: (Full) (Everyone)
"Model"=dword:000000d5
"Therad"=dword:00000015
.
[HKEY_USERS\S-1-5-21-3736817853-2375902131-3305207086-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):71,8a,4e,db,ec,f7,2c,cf,a7,32,58,9b,5c,a1,a3,c6,04,d9,63,35,16,
   a5,9b,d8,cc,dd,dc,d1,c1,d4,9f,78,fa,2c,03,2d,c8,35,d5,c9,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-04-08  01:04:00
ComboFix-quarantined-files.txt  2015-04-07 16:03
ComboFix2.txt  2013-07-14 11:42
.
Pre-Run: 111.290.322.944 bayt boş
Post-Run: 111.830.466.560 bayt boş
.
- - End Of File - - 91F5840789F92508D08A5B5C5A7A64CF
 

 



BC AdBot (Login to Remove)

 


m

#2 yolwerin

yolwerin
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 08 April 2015 - 10:34 AM

FRST.txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by PC (administrator) on NERSECAN on 09-04-2015 00:30:40
Running from C:\Users\PC\Desktop
Loaded Profiles: PC (Available profiles: PC)
Platform: Windows 7 Home Basic Service Pack 1 (X64) OS Language: Türkçe (Türkiye)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ANSYS, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\ASTSRV.EXE
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(ANSYS, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_monitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Flexera Software, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\lmgrd.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(ANSYS, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansyslmd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TBS\HSON.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-04] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-08-03] (Toshiba Europe GmbH)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3736817853-2375902131-3305207086-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd)
HKU\S-1-5-21-3736817853-2375902131-3305207086-1000\...\Policies\system: [DataForder] C:\Users\PC\Desktop\Yeni klasör\
HKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk
ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3736817853-2375902131-3305207086-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-3736817853-2375902131-3305207086-1000] => 144.122.1.203:2003
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3736817853-2375902131-3305207086-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3736817853-2375902131-3305207086-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
SearchScopes: HKLM-x32 -> DefaultScope {E6E82A00-8A76-4997-A57A-7BD32AC9FEA9} URL =
SearchScopes: HKU\S-1-5-21-3736817853-2375902131-3305207086-1000 -> {223008c0-37c1-43d5-80dd-20bc9aa66472} URL = http://haber.yandex.com.tr/yandsearch?clid=1806005-3000&text={searchTerms}&rpt=nnews2&grhow=clutop
SearchScopes: HKU\S-1-5-21-3736817853-2375902131-3305207086-1000 -> {c88a64e6-a048-41de-844c-56123edc9a54} URL = http://gorsel.yandex.com.tr/yandsearch?clid=1806005-3000&text={searchTerms}
SearchScopes: HKU\S-1-5-21-3736817853-2375902131-3305207086-1000 -> {dc2672c5-2386-4f0d-aaef-a604398586cc} URL = http://video.yandex.com.tr/#search?clid=1806005-3000&text={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-27] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-08-01] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-27] (Oracle Corporation)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-09] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-08-01] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} -  No File
Toolbar: HKU\S-1-5-21-3736817853-2375902131-3305207086-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM {6CE20149-ABE3-462E-A1B4-5B549971AA38}
DPF: HKLM-x32 {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} http://plugin.inicis.com/wallet61/INIwallet61_win8.cab
DPF: HKLM-x32 {2587A1BE-8046-4FC3-A957-C489945110E1} https://pgdownload.uplus.co.kr/dacom/IssacWebProCMS_4_3_1_3_LG_UPLUS.cab
DPF: HKLM-x32 {5797B411-BD4D-4896-9A89-415A902430B6} http://bus.gjcity.net/smartmap/bin/SmartMapGXB.cab
DPF: HKLM-x32 {6CE20149-ABE3-462E-A1B4-5B549971AA38} http://www.cultureland.co.kr/TouchEnKey/TouchEnkey3.1.0.15_32k.cab
DPF: HKLM-x32 {8E2A904F-FDD7-4086-A49C-834F1C47DC39}
DPF: HKLM-x32 {A2561EA5-D4C6-4C3D-97C7-67F2C12416AD} https://download.raonsecure.com/KSCertRelay/v2.0.3.4/KSCertRelay.cab
DPF: HKLM-x32 {CBE25D2B-A3CE-4170-8043-3214736DDD89} https://pgdownload.uplus.co.kr/lguplus/LGDacomPaymentView.cab
DPF: HKLM-x32 {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} http://update.nprotect.net/keycrypt/newcgv/npkcx_1103081.cab
DPF: HKLM-x32 {E42F7FEB-DE20-43F4-A342-47F1DA77F667} http://pgdownload.uplus.co.kr/lguplus/XPayPlugin_3.0.0.2.cab
DPF: HKLM-x32 {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} http://www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA64.cab
Handler: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files (x86)\Initech\SHTTP\InitechSHTTPInterface.10113.dll No File
Tcpip\Parameters: [DhcpNameServer] 203.237.32.100 203.237.32.101
Tcpip\..\Interfaces\{ECC98196-9281-4E16-93D6-08D87C7E520E}: [NameServer] 203.237.32.100,203.237.32.101

FireFox:
========
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\cz3cjdjo.Tensai
FF SelectedSearchEngine: Wikipedia (Eng)
FF NetworkProxy: "autoconfig_url", "http://www.metu.edu.tr/proxy.pac"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-18] ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-27] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-18] ()
FF Plugin-x32: @ahnlab.com/asp/npaosmgr.1 -> C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\npaosmgr.dll [2014-10-29] (AhnLab, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin-x32: @interezen.co.kr/npi3gmanager -> C:\Program Files (x86)\Interezen\Plugins\NPI3GManager.dll [2015-04-08] (Interezen © Interezen.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @lguplus.co.kr/application/lguplus-xpayplugin,version=1.0.4.7 -> C:\Program Files (x86)\XPayPlugin\npXPayPlugin.dll [2013-12-19] (LG Uplus Corp)
FF Plugin-x32: @lguplus.co.kr/application/lguplus-xpayplugin,version=1.0.4.8 -> C:\Program Files (x86)\XPayPlugin\npXPayPlugin_1.0.4.8.dll [2014-01-08] (LG Uplus Corp)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-03-25] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-05-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-05-12] (NVIDIA Corporation)
FF Plugin-x32: @softforum.com/npKeyPro -> C:\Windows\system32\npKeyPro.dll No File
FF Plugin-x32: @softforum.com/npXecureMacuxNPPlugin -> C:\Program Files (x86)\Softforum\XecureWeb\NPPlugin\dll\npXecureMacuxNPPlugin.dll [2014-10-01] (Softforum Co., LTD.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @wizvera.com/npVeraport20 -> C:\Program Files (x86)\Wizvera\Veraport20\npveraport20.dll [2013-11-15] ()
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4055459\npmathplugin.dll [2013-01-24] (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-27] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3736817853-2375902131-3305207086-1000: @kicc.co.kr/application/easypayplugin -> C:\Program Files (x86)\KICC\EasyPay70\ActiveX\npEasyPayPlugin.dll [2013-08-26] (KICC CO.,LTD)
FF Plugin HKU\S-1-5-21-3736817853-2375902131-3305207086-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\PC\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll [2011-03-23] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-3736817853-2375902131-3305207086-1000: @www.inicis.com/application/x-INIwallet61-INICIS -> C:\Program Files (x86)\INICIS61\plugins\npINIwallet61.dll [2013-01-22] (INICIS)
FF user.js: detected! => C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\e1rv2p8m.default\user.js [2015-04-08]
FF user.js: detected! => C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\cz3cjdjo.Tensai\user.js [2015-04-08]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdjvu.dll [2011-09-16] (Caminova, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-09-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-04-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-04-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-04-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-04-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-04-23] (Apple Inc.)
FF SearchPlugin: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\cz3cjdjo.Tensai\searchplugins\daemon-search.xml [2010-06-14]
FF SearchPlugin: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\cz3cjdjo.Tensai\searchplugins\wikipedia-eng.xml [2012-09-14]
FF SearchPlugin: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\cz3cjdjo.Tensai\searchplugins\youtube-video-search.xml [2015-03-29]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\cz3cjdjo.Tensai\Extensions\artur.dubovoy@gmail.com [2015-04-07]
FF Extension: MEGA - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\cz3cjdjo.Tensai\Extensions\firefox@mega.co.nz.xpi [2015-04-05]
FF Extension: Everplex YouTube Dark Black Theme - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\cz3cjdjo.Tensai\Extensions\jid0-sUJ6HxrOADekM82af7ZS99zumXI@jetpack.xpi [2015-04-05]
FF Extension: Black Youtube Theme - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\cz3cjdjo.Tensai\Extensions\{2c93446d-612b-416d-9af0-b7355797b611}.xpi [2015-04-05]
FF Extension: AddonFox - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\cz3cjdjo.Tensai\Extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}.xpi [2015-04-05]
FF Extension: Adblock Plus - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\cz3cjdjo.Tensai\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-05]
FF Extension: QuickStores-Toolbar - C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de [2015-04-04]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-08-25]
FF HKU\S-1-5-21-3736817853-2375902131-3305207086-1000\...\Firefox\Extensions: [npSandBox@initech.com] - C:\Program Files (x86)\initech\INISAFE SandBox V1\npSandBox.xpi

Chrome:
=======
CHR HomePage: Profile 1 -> hxxp://metu.edu.tr/
CHR StartupUrls: Profile 1 -> "hxxp://metu.edu.tr/"
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj [2013-09-22]
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-04]
CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-19]
CHR Extension: (Google+) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2013-11-19]
CHR Extension: (PageSpeed Insights (by Google)) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gplegfbjlmmehdoakndmohflojccocli [2013-01-22]
CHR Extension: (Google Wallet) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-19]
CHR HKU\S-1-5-21-3736817853-2375902131-3305207086-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\PC\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-11-19]
CHR HKU\S-1-5-21-3736817853-2375902131-3305207086-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ANSYS, Inc. License Manager; C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe [4954112 2011-10-18] (ANSYS, Inc.) [File not signed]
R2 astcc; C:\Windows\SysWOW64\ASTSRV.EXE [61760 2009-09-15] (Nalpeiron Ltd.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 mathlm; C:\Program Files (x86)\Wolfram Research\MathLM\mathlm.exe [293752 2012-11-11] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-03-25] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-14] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AMonTDLH; C:\Windows\system32\Drivers\AMonTDLH.sys [118072 2012-09-14] (AhnLab, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
S3 CdmDrvNt; C:\Windows\system32\Drivers\CdmDrvNt.sys [25656 2009-07-21] (AhnLab, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-14] (DT Soft Ltd)
R3 JRSUKD25; C:\Windows\system32\JRSUKD25.SYS [19888 2013-11-16] (lumensoft Corporation)
S3 kcrtx64; C:\Windows\system32\kcrtx64.sys [141848 2015-04-08] (Kings Information & Network)
S3 kcrtx86; C:\Windows\SysWOW64\kcrtx86.sys [126048 2010-05-03] (Kings Information & Network)
S3 MfFWEnt; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys [127224 2014-10-16] (AhnLab, Inc.)
S3 MfIPSEnt; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys [156408 2014-10-16] (AhnLab, Inc.)
S3 Mkd2Bthf; C:\Windows\System32\drivers\Mkd2Bthf.sys [98552 2013-11-26] (AhnLab, Inc.)
S3 Mkd2Nadr; C:\Windows\System32\drivers\Mkd2Nadr.sys [112888 2013-11-26] (AhnLab, Inc.)
S3 Mkd3kfNt; C:\Windows\System32\drivers\Mkd3kfNt.sys [168184 2014-01-20] (AhnLab, Inc.)
S3 ProDefense; C:\Windows\system32\drivers\ProDefense.sys [17816 2013-12-29] (Bluegem Security)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-02-22] (Anchorfree Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-04-25] (Apple, Inc.) [File not signed]
S3 AhnFlt2K; \??\C:\Windows\system32\drivers\AhnFlt2K.sys [X]
S3 AhnRec2K; \??\C:\Windows\system32\drivers\AhnRec2K.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 JRSKD24; \??\C:\Windows\system32\JRSKD24.SYS [X]
S3 npkcft64; \??\C:\Windows\SysWOW64\npkcft64.sys [X]
S3 npkuft64; \??\C:\Windows\SysWOW64\npkuft64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 x64kdss; syswow64\Drivers\x64kdss.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-09 00:30 - 2015-04-09 00:31 - 00027258 _____ () C:\Users\PC\Desktop\FRST.txt
2015-04-09 00:30 - 2015-04-09 00:30 - 00000000 ____D () C:\FRST
2015-04-09 00:29 - 2015-04-09 00:29 - 02095616 _____ (Farbar) C:\Users\PC\Desktop\FRST64.exe
2015-04-08 01:18 - 2015-04-06 21:35 - 03652064 _____ (AhnLab, Inc.) C:\Windows\system32\btscan.exe
2015-04-08 01:18 - 2012-09-14 16:42 - 00118072 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\AmonTDLh.sys
2015-04-08 01:18 - 2009-07-21 10:00 - 00025656 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\CdmDrvNt.sys
2015-04-08 01:17 - 2015-04-08 01:17 - 00146952 ____R (RaonSecure Co., Ltd.) C:\Windows\SysWOW64\CKAgent.exe
2015-04-08 01:17 - 2015-04-08 01:17 - 00146952 ____R (RaonSecure Co., Ltd.) C:\Windows\SysWOW64\CKAgent.dat
2015-04-08 01:17 - 2015-04-08 01:17 - 00146952 ____R (RaonSecure Co., Ltd.) C:\Windows\system32\CKAgent.exe
2015-04-08 01:16 - 2015-04-08 01:16 - 00531072 _____ (Interezen) C:\Windows\SysWOW64\I3GManager.dll
2015-04-08 01:16 - 2015-04-08 01:16 - 00223432 _____ (Interezen) C:\Windows\SysWOW64\I3GEX.exe
2015-04-08 01:16 - 2015-04-08 01:16 - 00072272 _____ () C:\Windows\SysWOW64\cosa.dll
2015-04-08 01:16 - 2015-04-08 01:16 - 00058600 _____ (Interezen) C:\Windows\SysWOW64\I3Gescp.dll
2015-04-08 01:16 - 2015-04-08 01:16 - 00015512 _____ () C:\Windows\SysWOW64\IRTrace.dll
2015-04-08 01:16 - 2015-04-08 01:16 - 00000000 ____D () C:\Program Files (x86)\Wizvera
2015-04-08 01:04 - 2015-04-08 01:04 - 00032288 _____ () C:\ComboFix.txt
2015-04-08 00:33 - 2015-04-08 00:33 - 00000000 ____D () C:\Intel
2015-04-08 00:32 - 2015-04-08 00:32 - 00006087 _____ () C:\Windows\setup_mkd25.log
2015-04-05 20:45 - 2015-04-05 20:45 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-05 20:45 - 2015-04-05 20:45 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-05 20:45 - 2015-04-05 20:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-05 19:53 - 2015-04-05 19:53 - 40866864 _____ () C:\Users\PC\Downloads\Firefox Setup 37.0.1.exe
2015-04-05 19:49 - 2015-04-05 19:49 - 00000000 ____D () C:\Users\PC\Desktop\Eski Firefox verileri
2015-04-05 15:57 - 2015-04-05 15:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-05 01:34 - 2015-04-05 01:35 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 01:34 - 2015-04-05 01:34 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 13:50 - 2015-04-05 20:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-26 00:43 - 2015-03-11 13:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-26 00:43 - 2015-03-11 13:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-26 00:43 - 2015-03-11 13:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-26 00:43 - 2015-03-11 13:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-26 00:43 - 2015-03-11 13:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-26 00:43 - 2015-03-11 13:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-26 00:43 - 2015-03-11 13:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-26 00:43 - 2015-03-11 13:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-21 16:35 - 2015-03-21 16:38 - 00000000 ____D () C:\Users\PC\Desktop\Saturday
2015-03-11 23:41 - 2015-02-20 13:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 23:41 - 2015-02-20 13:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 23:41 - 2015-02-20 13:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 23:41 - 2015-02-20 13:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 23:41 - 2015-02-20 13:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 23:41 - 2015-02-20 13:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 23:41 - 2015-02-20 13:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 23:41 - 2015-02-20 13:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 23:41 - 2015-02-20 12:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 23:41 - 2015-02-20 12:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 23:41 - 2015-02-03 12:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 23:41 - 2015-02-03 12:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 23:41 - 2015-02-03 12:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 23:41 - 2015-02-03 12:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 23:41 - 2015-02-03 12:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 23:41 - 2015-02-03 12:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 23:41 - 2015-02-03 12:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 23:41 - 2015-02-03 12:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 23:41 - 2015-02-03 12:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 23:41 - 2015-02-03 12:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 23:41 - 2015-02-03 12:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 23:41 - 2015-02-03 12:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 23:41 - 2015-02-03 12:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 23:41 - 2015-02-03 12:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 23:41 - 2015-02-03 12:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 23:41 - 2015-02-03 12:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 23:41 - 2015-02-03 12:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 23:41 - 2015-02-03 12:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 23:41 - 2015-02-03 12:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 23:41 - 2015-02-03 12:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 23:41 - 2015-02-03 12:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 23:41 - 2015-02-03 12:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 23:41 - 2015-02-03 12:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 23:41 - 2015-02-03 12:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 23:41 - 2015-02-03 12:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 23:41 - 2015-02-03 12:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 23:41 - 2015-02-03 12:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 23:41 - 2015-02-03 12:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 23:41 - 2015-02-03 12:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 23:41 - 2015-02-03 12:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 23:41 - 2015-02-03 12:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 23:41 - 2015-02-03 12:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 23:41 - 2015-02-03 12:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 23:41 - 2015-02-03 12:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 23:41 - 2015-02-03 12:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 23:41 - 2015-02-03 12:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 23:41 - 2015-02-03 12:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 23:41 - 2015-02-03 12:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 23:41 - 2015-02-03 12:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 23:41 - 2015-02-03 12:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 23:41 - 2015-02-03 12:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 23:41 - 2015-02-03 12:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 23:41 - 2015-02-03 12:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 23:41 - 2015-02-03 12:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 23:41 - 2015-02-03 12:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 23:41 - 2015-02-03 12:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 23:41 - 2015-02-03 12:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 23:41 - 2015-02-03 12:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 23:41 - 2015-02-03 12:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 23:41 - 2015-02-03 12:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 23:41 - 2015-02-03 12:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 23:41 - 2015-02-03 12:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 23:41 - 2015-02-03 12:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 23:41 - 2015-02-03 12:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 23:41 - 2015-02-03 12:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 23:41 - 2015-02-03 12:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 23:41 - 2015-02-03 12:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 23:41 - 2015-02-03 12:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 23:41 - 2015-02-03 12:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 23:41 - 2015-02-03 12:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 23:41 - 2015-02-03 12:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 23:41 - 2015-02-03 12:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 23:41 - 2015-02-03 12:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 23:41 - 2015-02-03 12:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 23:41 - 2015-02-03 12:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 23:41 - 2015-02-03 12:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 23:41 - 2015-02-03 12:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 23:41 - 2015-02-03 12:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 23:41 - 2015-02-03 12:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 23:41 - 2015-02-03 12:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 23:41 - 2015-02-03 12:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 23:41 - 2015-02-03 12:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 23:41 - 2015-02-03 12:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 23:41 - 2015-02-03 12:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 23:41 - 2015-02-03 12:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 23:41 - 2015-02-03 12:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 23:41 - 2015-02-03 12:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 23:41 - 2015-02-03 12:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 23:41 - 2015-02-03 12:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 23:41 - 2015-02-03 12:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 23:41 - 2015-02-03 12:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 23:41 - 2015-02-03 12:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 23:41 - 2015-02-03 12:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 23:41 - 2015-02-03 11:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 23:41 - 2014-11-01 07:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 23:40 - 2015-02-03 12:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 23:40 - 2015-02-03 12:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 23:40 - 2015-02-03 12:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 23:40 - 2015-02-03 12:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 23:40 - 2015-02-03 12:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 23:40 - 2015-01-31 12:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 23:40 - 2015-01-31 12:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 23:40 - 2015-01-31 08:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 23:39 - 2015-02-13 14:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 23:39 - 2015-02-13 14:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 23:39 - 2015-02-03 12:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 23:39 - 2015-02-03 12:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 23:38 - 2015-03-06 14:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 23:38 - 2015-03-06 14:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 23:38 - 2015-03-06 14:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 23:38 - 2015-03-06 14:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 23:38 - 2015-03-06 14:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 23:38 - 2015-03-06 14:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 23:38 - 2015-03-06 14:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 23:38 - 2015-03-06 14:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 23:38 - 2015-03-06 14:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 23:38 - 2015-03-06 14:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 23:38 - 2015-03-06 14:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 23:38 - 2015-03-06 14:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 23:38 - 2015-03-06 14:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 23:38 - 2015-03-06 14:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 23:38 - 2015-03-06 14:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 23:38 - 2015-03-06 14:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 23:38 - 2015-03-06 14:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 23:38 - 2015-03-06 14:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 23:38 - 2015-03-06 14:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 23:38 - 2015-03-06 14:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 23:38 - 2015-03-06 14:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 23:38 - 2015-03-06 14:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 23:38 - 2015-03-06 14:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 23:38 - 2015-03-06 14:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 23:38 - 2015-03-06 14:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 23:38 - 2015-03-06 14:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 23:38 - 2015-03-06 14:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 23:38 - 2015-03-06 14:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 23:38 - 2015-03-06 14:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 23:38 - 2015-03-06 14:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 23:38 - 2015-03-06 14:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 23:38 - 2015-02-26 12:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 23:38 - 2015-02-24 12:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 23:38 - 2015-02-24 11:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 23:38 - 2015-02-21 10:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 23:38 - 2015-02-21 09:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 23:38 - 2015-02-21 09:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 23:38 - 2015-02-21 09:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 23:38 - 2015-02-21 09:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 23:38 - 2015-02-21 08:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 23:38 - 2015-02-21 08:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 23:38 - 2015-02-20 12:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 23:38 - 2015-02-20 12:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 23:38 - 2015-02-20 11:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 23:38 - 2015-02-20 11:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 23:38 - 2015-02-20 11:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 23:38 - 2015-02-20 11:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 23:38 - 2015-02-20 11:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 23:38 - 2015-02-20 11:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 23:38 - 2015-02-20 11:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 23:38 - 2015-02-20 11:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 23:38 - 2015-02-20 11:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 23:38 - 2015-02-20 11:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 23:38 - 2015-02-20 11:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 23:38 - 2015-02-20 11:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 23:38 - 2015-02-20 11:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 23:38 - 2015-02-20 11:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 23:38 - 2015-02-20 11:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 23:38 - 2015-02-20 11:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 23:38 - 2015-02-20 11:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 23:38 - 2015-02-20 11:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 23:38 - 2015-02-20 11:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 23:38 - 2015-02-20 11:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 23:38 - 2015-02-20 11:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 23:38 - 2015-02-20 11:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 23:38 - 2015-02-20 11:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 23:38 - 2015-02-20 11:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 23:38 - 2015-02-20 11:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 23:38 - 2015-02-20 10:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 23:38 - 2015-02-20 10:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 23:38 - 2015-02-20 10:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 23:38 - 2015-02-20 10:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 23:38 - 2015-02-20 10:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 23:38 - 2015-02-20 10:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 23:38 - 2015-02-20 10:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 23:38 - 2015-02-20 10:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 23:38 - 2015-02-20 10:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 23:38 - 2015-02-20 10:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 23:38 - 2015-02-20 10:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 23:38 - 2015-02-20 10:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 23:38 - 2015-02-20 10:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 23:38 - 2015-02-20 10:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 23:38 - 2015-02-20 10:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 23:38 - 2015-02-20 10:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 23:38 - 2015-02-20 10:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 23:38 - 2015-02-20 10:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 23:38 - 2015-02-20 09:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 23:38 - 2015-02-20 09:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 23:38 - 2015-02-04 12:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 23:38 - 2015-02-04 11:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 23:38 - 2015-02-03 12:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 23:38 - 2015-02-03 12:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 23:38 - 2015-01-31 08:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 23:38 - 2015-01-17 11:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 23:38 - 2015-01-17 11:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-09 00:30 - 2009-07-14 13:45 - 00023136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-09 00:30 - 2009-07-14 13:45 - 00023136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-09 00:28 - 2011-09-22 12:57 - 01467119 _____ () C:\Windows\WindowsUpdate.log
2015-04-09 00:24 - 2011-08-03 19:16 - 00001016 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-09 00:23 - 2011-09-22 12:58 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-09 00:22 - 2009-07-14 14:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-09 00:22 - 2009-07-14 13:51 - 00274345 _____ () C:\Windows\setupact.log
2015-04-08 02:00 - 2014-08-25 07:37 - 00000000 ____D () C:\Users\PC\AppData\Local\Adobe
2015-04-08 01:50 - 2012-04-13 23:39 - 00000814 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-08 01:39 - 2011-08-03 19:16 - 00001020 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-08 01:17 - 2013-09-26 23:11 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts_tmp
2015-04-08 01:17 - 2013-09-26 23:10 - 00141848 _____ (Kings Information & Network) C:\Windows\system32\kcrtx64.sys
2015-04-08 01:05 - 2010-11-21 12:47 - 00246066 _____ () C:\Windows\PFRO.log
2015-04-08 01:04 - 2013-07-14 20:25 - 00000000 ____D () C:\Qoobox
2015-04-08 00:55 - 2009-07-14 11:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-08 00:36 - 2011-08-03 18:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-08 00:31 - 2013-08-22 12:44 - 00021168 _____ () C:\Windows\V3Inst.log
2015-04-08 00:31 - 2013-08-22 12:44 - 00000000 ____D () C:\ProgramData\AhnLab
2015-04-08 00:29 - 2014-08-10 22:05 - 00000000 ____D () C:\Users\PC\AppData\Roaming\uTorrent
2015-04-08 00:24 - 2011-08-03 19:20 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA Games
2015-04-08 00:24 - 2011-08-03 19:19 - 00000000 ____D () C:\ProgramData\WildTangent
2015-04-08 00:24 - 2009-07-14 14:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-08 00:23 - 2012-06-02 03:31 - 00000000 ____D () C:\Users\PC\AppData\Roaming\WildTangent
2015-04-07 23:17 - 2013-08-22 12:52 - 00000294 _____ () C:\Windows\system32\ayboot.ini
2015-04-07 02:33 - 2012-02-16 00:04 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Skype
2015-04-05 20:45 - 2012-02-16 00:25 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Mozilla
2015-04-05 01:33 - 2014-10-06 19:28 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-05 01:33 - 2011-08-03 18:53 - 00000000 ____D () C:\ProgramData\Skype
2015-03-26 00:59 - 2014-12-12 03:21 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-26 00:59 - 2014-05-07 00:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-26 00:57 - 2013-02-16 05:35 - 00423510 _____ () C:\Windows\system32\perfh012.dat
2015-03-26 00:57 - 2013-02-16 05:35 - 00121474 _____ () C:\Windows\system32\perfc012.dat
2015-03-26 00:57 - 2012-03-18 17:40 - 02091766 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-26 00:57 - 2011-02-11 23:17 - 00659898 _____ () C:\Windows\system32\perfh01F.dat
2015-03-26 00:57 - 2011-02-11 23:17 - 00141234 _____ () C:\Windows\system32\perfc01F.dat
2015-03-26 00:57 - 2009-07-14 14:13 - 02091766 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-21 16:46 - 2013-11-19 21:55 - 00000000 ___RD () C:\Users\PC\Google Drive
2015-03-18 22:51 - 2012-04-13 23:39 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-18 22:51 - 2012-04-13 23:39 - 00003752 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-18 22:51 - 2012-02-16 01:28 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-15 12:41 - 2013-11-19 21:54 - 00002049 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-03-15 12:41 - 2013-11-19 21:54 - 00002047 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-03-15 12:41 - 2013-11-19 21:54 - 00002037 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-03-15 12:41 - 2013-11-19 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-13 00:57 - 2009-07-14 14:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-13 00:56 - 2009-07-14 13:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-13 00:56 - 2009-07-14 13:45 - 05551424 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-13 00:49 - 2009-07-14 12:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2015-03-13 00:49 - 2009-07-14 12:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-13 00:49 - 2009-07-14 12:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-03-13 00:49 - 2009-07-14 12:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 03:29 - 2012-09-14 21:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 03:13 - 2013-07-16 06:41 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 02:58 - 2012-02-19 18:43 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-12 02:55 - 2009-07-14 11:34 - 00000533 _____ () C:\Windows\win.ini

==================== Files in the root of some directories =======

2012-09-05 19:30 - 2012-09-05 19:30 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2013-05-09 03:35 - 2013-05-09 03:35 - 0000132 _____ () C:\Users\PC\AppData\Roaming\Adobe BMP Format CS5 Prefs
2012-10-30 22:25 - 2012-10-30 22:25 - 0000132 _____ () C:\Users\PC\AppData\Roaming\Adobe GIF Format CS5 Prefs
2012-10-18 02:18 - 2014-05-13 20:29 - 0000132 _____ () C:\Users\PC\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-01-05 20:08 - 2014-01-05 20:08 - 0000268 ___RH () C:\Users\PC\AppData\Roaming\Horn Section
2014-01-05 20:09 - 2014-01-05 20:09 - 0000268 ___RH () C:\Users\PC\AppData\Roaming\Horns
2014-01-05 20:08 - 2014-01-05 20:08 - 0000268 ___RH () C:\Users\PC\AppData\Roaming\Hybrid Basic
2014-01-05 20:07 - 2014-01-21 11:15 - 0000268 ___RH () C:\Users\PC\AppData\Roaming\Installer Plugin
2012-11-10 20:44 - 2014-10-26 16:11 - 0001456 _____ () C:\Users\PC\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-03-08 02:08 - 2012-03-08 02:08 - 0003584 _____ () C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-03 17:07 - 2013-10-03 17:10 - 0000000 _____ () C:\Users\PC\AppData\Local\Temptable.xml
2014-01-21 11:15 - 2014-01-21 11:15 - 0000000 _____ () C:\ProgramData\Generic
2013-09-06 16:55 - 2013-09-06 17:03 - 0000340 _____ () C:\ProgramData\hpzinstall.log
2014-01-05 20:08 - 2014-01-05 20:08 - 0000268 ___RH () C:\ProgramData\Hybrid Morph
2014-01-05 20:09 - 2014-01-05 20:09 - 0000268 ___RH () C:\ProgramData\Hybrid Synthesizers
2014-01-05 20:08 - 2014-01-05 20:08 - 0000268 ___RH () C:\ProgramData\Icons
2014-01-21 11:15 - 2014-01-21 11:15 - 0000000 _____ () C:\ProgramData\InkjetPrinter
2014-01-05 20:07 - 2014-01-21 11:15 - 0000268 ___RH () C:\ProgramData\Iterate Items
2014-01-05 20:07 - 2014-01-21 11:15 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT
2014-01-05 20:09 - 2014-01-05 20:09 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2014-01-05 20:08 - 2014-01-05 20:13 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-01-05 20:08 - 2014-01-05 20:08 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 13:03

==================== End Of Log ============================

 

 

Attached Files



#3 yolwerin

yolwerin
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 08 April 2015 - 01:14 PM

I fixed it. It was related to graphic drivers. This topic can be closed.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:13 PM

Posted 09 April 2015 - 08:43 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users