Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can you analyze my combofix log report ??


  • This topic is locked This topic is locked
13 replies to this topic

#1 ez6733

ez6733

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 04 October 2015 - 04:56 AM

 
ComboFix 15-10-01.01 - kalkanli 04.10.2015  12:24:14.1.8 - x64 MINIMAL
Microsoft Windows 7 Professional   6.1.7601.1.1254.90.1033.18.6049.4671 [GMT 3:00]
Running from: c:\users\kalkanli\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Local Settings\Temp
c:\programdata\ntuser.pol
c:\windows\AsPatch10430001.exe
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\regobj.dll
c:\windows\SysWow64\UNWISE.EXE
D:\install.exe
D:\setup.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdobeUpdateService
.
.
(((((((((((((((((((((((((   Files Created from 2015-09-04 to 2015-10-04  )))))))))))))))))))))))))))))))
.
.
2015-10-04 09:01 . 2015-10-04 09:01 -------- d-----w- c:\users\kalkanli\AppData\Roaming\Zbshareware Lab
2015-10-04 09:00 . 2015-10-04 09:00 -------- d-----w- c:\program files (x86)\USB Disk Security
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-04 08:53 . 2015-08-22 15:20 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-22 11:02 . 2013-03-08 09:52 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-09-22 11:02 . 2013-03-08 09:52 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-06 21:04 . 2015-08-06 21:04 1415680 ----a-w- c:\program files\Y8JX7LWK.exe
2015-08-06 21:04 . 2015-08-06 21:04 1415680 ----a-w- c:\program files\YBMX7LVP.exe
2015-08-06 12:35 . 2015-08-06 12:35 1415680 ----a-w- c:\program files\5FK0EPZS.exe
2015-08-05 19:30 . 2015-08-05 19:30 1415680 ----a-w- c:\program files\6P82L4NO.exe
2015-08-05 19:30 . 2015-08-05 19:30 1415680 ----a-w- c:\program files\KK3M5ZII.exe
2015-08-05 19:29 . 2015-08-05 19:29 1415680 ----a-w- c:\program files\EXRA4N6P.exe
2015-08-05 19:29 . 2015-08-05 19:29 1415680 ----a-w- c:\program files\JXBS6KYZ.exe
2015-08-05 19:29 . 2015-08-05 19:29 1415680 ----a-w- c:\program files\FK0EPZA8.exe
2015-08-05 19:29 . 2015-08-05 19:29 1415680 ----a-w- c:\program files\HV9N4IZX.exe
2015-08-05 13:14 . 2015-08-05 13:14 1415680 ----a-w- c:\program files\ATN6P82L.exe
2015-08-05 13:14 . 2015-08-05 13:14 1415680 ----a-w- c:\program files\HBUDWK9Z.exe
2015-08-04 14:55 . 2015-08-04 14:55 1415680 ----a-w- c:\program files\N6P82L4N.exe
2015-08-04 14:54 . 2015-08-04 14:54 1415680 ----a-w- c:\program files\9SBUO7KK.exe
2015-08-04 14:54 . 2015-08-04 14:54 1415680 ----a-w- c:\program files\GC1PEAZN.exe
2015-08-04 14:54 . 2015-08-04 14:54 1415680 ----a-w- c:\program files\A987BA9I.exe
2015-08-04 14:54 . 2015-08-04 14:54 1415680 ----a-w- c:\program files\3JVJZFVB.exe
2015-08-04 14:54 . 2015-08-04 14:54 1415680 ----a-w- c:\program files\UD7K9SM3.exe
2015-08-04 14:53 . 2015-08-04 14:53 1415680 ----a-w- c:\program files\2LFYHB66.exe
2015-08-04 11:44 . 2015-08-04 11:44 1415680 ----a-w- c:\program files\5ZI1KEXX.exe
2015-08-04 11:44 . 2015-08-04 11:44 1415680 ----a-w- c:\program files\BUDWK9ST.exe
2015-08-04 11:44 . 2015-08-04 11:44 1415680 ----a-w- c:\program files\VBZFV7VV.exe
2015-08-04 11:43 . 2015-08-04 11:43 1415680 ----a-w- c:\program files\K3MGOI11.exe
2015-08-04 11:43 . 2015-08-04 11:43 1415680 ----a-w- c:\program files\6P82L4YA.exe
2015-08-04 11:43 . 2015-08-04 11:43 1415680 ----a-w- c:\program files\5ZTC60JG.exe
2015-08-04 11:43 . 2015-08-04 11:43 1415680 ----a-w- c:\program files\82L4NH0J.exe
2015-08-04 11:43 . 2015-08-04 11:43 1415680 ----a-w- c:\program files\3MGZ5MSL.exe
2015-08-04 11:42 . 2015-08-04 11:42 1415680 ----a-w- c:\program files\S3EO2CKJ.exe
2015-08-01 21:34 . 2015-08-01 21:34 1415680 ----a-w- c:\program files\0K2K2M4I.exe
2015-08-01 21:34 . 2015-08-01 21:34 1415680 ----a-w- c:\program files\WEYGYM4A.exe
2015-08-01 20:15 . 2015-08-01 20:15 1415680 ----a-w- c:\program files\KCWG0M6K.exe
2015-08-01 20:15 . 2015-08-01 20:15 1415680 ----a-w- c:\program files\BMZAKV9W.exe
2015-07-30 16:29 . 2015-07-30 16:29 1415680 ----a-w- c:\program files\8O4K8O0C.exe
2015-07-30 16:28 . 2015-07-30 16:28 1415680 ----a-w- c:\program files\Y210MKPY.exe
2015-07-30 16:28 . 2015-07-30 16:28 1415680 ----a-w- c:\program files\SB5O7KK3.exe
2015-07-30 16:28 . 2015-07-30 16:28 1415680 ----a-w- c:\program files\ZI1KEXGN.exe
2015-07-30 16:28 . 2015-07-30 16:28 1415680 ----a-w- c:\program files\E8RATN6P.exe
2015-07-30 16:28 . 2015-07-30 16:28 1415680 ----a-w- c:\program files\1K3XGZIU.exe
2015-07-30 16:27 . 2015-07-30 16:27 1415680 ----a-w- c:\program files\K9SB5OIG.exe
2015-07-30 16:27 . 2015-07-30 16:27 1415680 ----a-w- c:\program files\SBUO7K97.exe
2015-07-29 15:46 . 2015-07-29 15:46 1415680 ----a-w- c:\program files\FT7O2GUS.exe
2015-07-29 15:38 . 2015-07-29 15:38 1415680 ----a-w- c:\program files\A4N6PJJ6.exe
2015-07-29 15:38 . 2015-07-29 15:38 1415680 ----a-w- c:\program files\2LFYH0UK.exe
2015-07-29 15:38 . 2015-07-29 15:15 1415680 ----a-w- c:\program files\ZICVEXRA.exe
2015-07-29 15:37 . 2015-07-29 15:37 1415680 ----a-w- c:\program files\XJ2L9SMG.exe
2015-07-29 15:37 . 2015-07-29 15:37 1415680 ----a-w- c:\program files\SBUD7K9S.exe
2015-07-29 15:37 . 2015-07-29 15:37 1415680 ----a-w- c:\program files\BP3KYFTO.exe
2015-07-29 15:32 . 2015-07-29 15:09 35328 ----a-w- c:\windows\system32\drivers\haritaciyim_2.sys
2015-07-29 15:29 . 2013-07-13 14:25 162528 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-07-29 15:29 . 2013-07-13 14:25 141416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-07-29 15:20 . 2015-07-29 15:20 1415680 ----a-w- c:\program files\XGZICVE1.exe
2015-07-29 15:20 . 2015-07-29 15:20 1415680 ----a-w- c:\program files\WCS8W8O0.exe
2015-07-29 15:20 . 2015-07-29 15:20 1415680 ----a-w- c:\program files\SGWCOCSG.exe
2015-07-29 15:20 . 2015-07-29 15:20 1415680 ----a-w- c:\program files\K3M5ZICO.exe
2015-07-29 15:20 . 2015-07-29 15:20 1415680 ----a-w- c:\program files\ZANY8JXK.exe
2015-07-29 15:19 . 2015-07-29 15:19 1415680 ----a-w- c:\program files\GU5FK4MY.exe
2015-07-29 15:19 . 2015-07-29 15:19 1415680 ----a-w- c:\program files\NY8JW7IS.exe
2015-07-29 15:19 . 2015-07-29 15:19 1415680 ----a-w- c:\program files\YBMW7LVI.exe
2015-07-29 15:16 . 2015-07-29 15:16 1415680 ----a-w- c:\program files\J2LFYHBB.exe
2015-07-29 15:16 . 2015-07-29 15:16 1415680 ----a-w- c:\program files\Y88OYY8E.exe
2015-07-29 15:16 . 2015-07-29 15:16 1415680 ----a-w- c:\program files\ICVEXRAL.exe
2015-07-29 15:16 . 2015-07-29 15:16 1415680 ----a-w- c:\program files\O71K3XGZ.exe
2015-07-29 15:15 . 2015-07-29 15:15 1415680 ----a-w- c:\program files\W0K2KI0U.exe
2015-07-29 15:02 . 2015-07-29 15:02 1415680 ----a-w- c:\program files\WK0CSGO4.exe
2015-07-29 15:02 . 2015-07-29 15:02 1415680 ----a-w- c:\program files\UDWF9SBM.exe
2015-07-29 15:02 . 2015-07-29 15:02 1415680 ----a-w- c:\program files\Y4EUU4EK.exe
2015-07-29 15:02 . 2015-07-29 15:02 1415680 ----a-w- c:\program files\2EUAYE66.exe
2015-07-29 15:02 . 2015-07-29 15:02 1415680 ----a-w- c:\program files\K6M2K6UY.exe
2015-07-29 15:01 . 2015-07-29 15:01 1415680 ----a-w- c:\program files\E8RL4N6I.exe
2015-07-29 15:01 . 2015-07-29 15:01 1415680 ----a-w- c:\program files\WF9SM5VR.exe
2015-07-29 15:01 . 2015-07-29 15:01 1415680 ----a-w- c:\program files\GZTCVE89.exe
2015-07-29 15:01 . 2015-07-29 15:01 1415680 ----a-w- c:\program files\9SM5OI1K.exe
2015-07-29 15:01 . 2015-07-29 15:01 1415680 ----a-w- c:\program files\K8SAUYGK.exe
2015-07-29 15:01 . 2015-07-29 15:01 1415680 ----a-w- c:\program files\JU4FT3HK.exe
2015-07-29 15:00 . 2015-07-29 15:00 1415680 ----a-w- c:\program files\GR4FK0E7.exe
2015-07-27 17:47 . 2015-07-27 17:47 1415680 ----a-w- c:\program files\BP0DO2C9.exe
2015-07-25 11:27 . 2015-07-25 11:27 1415680 ----a-w- c:\program files\I1K3XGZB.exe
2015-07-25 11:27 . 2015-07-25 11:27 1415680 ----a-w- c:\program files\SM5ZI1KE.exe
2015-07-25 11:27 . 2015-07-25 11:27 1415680 ----a-w- c:\program files\9SM5O711.exe
2015-07-25 11:26 . 2015-07-25 11:26 1415680 ----a-w- c:\program files\SBUO7K9W.exe
2015-07-23 12:15 . 2015-07-23 12:15 1415680 ----a-w- c:\program files\JDWF9SBU.exe
2015-07-23 12:15 . 2015-07-23 12:15 1415680 ----a-w- c:\program files\1CM0AOZ9.exe
2015-07-23 12:15 . 2015-07-23 12:15 1415680 ----a-w- c:\program files\0I26O6K8.exe
2015-07-11 09:23 . 2015-07-11 09:23 1415680 ----a-w- c:\program files\LFYH0UDP.exe
2015-07-11 09:23 . 2015-07-11 09:23 1415680 ----a-w- c:\program files\EK6UAK6E.exe
2015-07-11 09:22 . 2015-07-11 09:22 1415680 ----a-w- c:\program files\M2I6MYEE.exe
2015-07-11 09:22 . 2015-07-11 09:22 1415680 ----a-w- c:\program files\XRATC6PP.exe
2015-07-11 09:22 . 2015-07-11 09:22 1415680 ----a-w- c:\program files\K6U6M2UK.exe
2015-07-11 09:22 . 2015-07-11 09:22 1415680 ----a-w- c:\program files\7IS6GR2F.exe
2015-07-11 09:22 . 2015-07-11 09:22 1415680 ----a-w- c:\program files\R5GK1EPS.exe
2015-07-11 09:21 . 2015-07-11 09:21 1415680 ----a-w- c:\program files\G0I2K4M6.exe
2015-07-10 16:46 . 2015-07-10 16:46 1415680 ----a-w- c:\program files\FR7NBRFV.exe
2015-07-10 16:46 . 2015-07-10 16:46 1415680 ----a-w- c:\program files\IYEUIYAK.exe
2015-07-09 21:40 . 2015-07-09 21:40 1415680 ----a-w- c:\program files\3EOZCNYR.exe
2015-07-08 18:48 . 2015-07-08 18:48 1415680 ----a-w- c:\program files\ER2CN1B4.exe
2015-07-07 11:28 . 2015-07-07 11:28 1415680 ----a-w- c:\program files\DR1CP0E7.exe
2015-07-05 11:06 . 2015-07-05 11:06 1415680 ----a-w- c:\program files\R9R9TBHZ.exe
2015-07-05 11:05 . 2015-07-05 11:05 1415680 ----a-w- c:\program files\FP3EOZC2.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-02-01 08:32 1722488 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-02-01 08:32 1722488 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-02-01 08:32 1722488 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\kalkanli\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-09-22 2025016]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-10-23 6501656]
"Google Photos Backup"="c:\users\kalkanli\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe" [2015-08-26 3787080]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2015-01-27 1310088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2011-02-24 40448]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-08-26 782008]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-11-06 311152]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2015-07-23 2303152]
"ADSKAppManager"="c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" [2015-09-07 523144]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe" [2015-07-03 1855672]
"Avira SystrayStartTrigger"="c:\program files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2015-09-10 66320]
"USB Security"="c:\program files (x86)\USB Disk Security\USBGuard.exe" [2015-01-31 695528]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2015-01-27 1310088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"361448601"="c:\programdata\msraq.exe" [2010-11-21 86016000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
"HideSCAHealth"= 1 (0x1)
.
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 arubavnic;Aruba Virtual Adapter;c:\windows\system32\DRIVERS\arubavnic.sys;c:\windows\SYSNATIVE\DRIVERS\arubavnic.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys;c:\windows\SYSNATIVE\DRIVERS\HtcVComV64.sys [x]
R3 ksapi64;ksapi64;c:\windows\system32\drivers\ksapi64.sys;c:\windows\SYSNATIVE\drivers\ksapi64.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 AdAppMgrSvc;Autodesk Application Manager Service;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe ;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe  [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys;c:\windows\SYSNATIVE\DRIVERS\aksdf.sys [x]
S2 ArcGIS License Manager;ArcGIS License Manager;c:\program files (x86)\ESRI\License\arcgis9x\lmgrd.exe;c:\program files (x86)\ESRI\License\arcgis9x\lmgrd.exe [x]
S2 Aruba Service;Aruba Service;c:\program files\Aruba Networks\Virtual Internet Agent\arubanetsvc.exe;c:\program files\Aruba Networks\Virtual Internet Agent\arubanetsvc.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 HASP Loader;HASP Loader;c:\windows\system32\nhsrvice.exe;c:\windows\SYSNATIVE\nhsrvice.exe [x]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe  -run;c:\windows\SYSNATIVE\hasplms.exe  -run [x]
S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 resetat;Haritaciyim.Com NetCad Emulator;c:\windows\system32\DRIVERS\haritaciyim_2.sys;c:\windows\SYSNATIVE\DRIVERS\haritaciyim_2.sys [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S3 ArubaNetFlt;Aruba Filter Driver Miniport;c:\windows\system32\DRIVERS\arubanetflt.sys;c:\windows\SYSNATIVE\DRIVERS\arubanetflt.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-29 09:31 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\45.0.2454.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-10-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-08 11:02]
.
2014-02-12 c:\windows\Tasks\ATKOSD2.job
- c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17 12:55]
.
2014-02-12 c:\windows\Tasks\ATKOSD2_6690087.job
- c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17 12:55]
.
2014-02-12 c:\windows\Tasks\DMedia_6690087.job
- c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2010-10-07 12:05]
.
2015-10-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2823460752-1825363325-1677760358-1000Core.job
- c:\users\kalkanli\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-04 21:06]
.
2015-10-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2823460752-1825363325-1677760358-1000UA.job
- c:\users\kalkanli\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-04 21:06]
.
2014-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf8e6595b6c427.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-15 08:24]
.
2014-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cff22143c2767e.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-15 08:24]
.
2015-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cffff42cbe2135.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-15 08:24]
.
2015-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d040c7340fe6fc.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-15 08:24]
.
2015-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d08fd8b9ff3bd9.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-15 08:24]
.
2015-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0c542349b9dd6.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-15 08:24]
.
2015-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-15 08:24]
.
2014-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2823460752-1825363325-1677760358-1000Core1cf8f2629d33ff3.job
- c:\users\kalkanli\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-08 01:28]
.
2014-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2823460752-1825363325-1677760358-1000Core1cff2bc8e690a14.job
- c:\users\kalkanli\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-08 01:28]
.
2015-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2823460752-1825363325-1677760358-1000Core1d0001f3918fe46.job
- c:\users\kalkanli\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-08 01:28]
.
2015-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2823460752-1825363325-1677760358-1000Core1d04260bedd123e.job
- c:\users\kalkanli\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-08 01:28]
.
2015-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2823460752-1825363325-1677760358-1000Core1d08faec6af3c01.job
- c:\users\kalkanli\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-08 01:28]
.
2015-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2823460752-1825363325-1677760358-1000Core1d0c541c80f101a.job
- c:\users\kalkanli\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-08 01:28]
.
2015-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2823460752-1825363325-1677760358-1000UA.job
- c:\users\kalkanli\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-08 01:28]
.
2014-02-12 c:\windows\Tasks\HControlUser_6690024.job
- c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 08:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2015-07-21 22:02 803488 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2015-07-21 22:02 803488 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2015-07-21 22:02 803488 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2015-07-22 500936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-08-14 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-08-14 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-08-14 442352]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add Web Page to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll/AcroIEAppend.html
IE: Append Lin&k Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll/AcroIEAppendSelLinks.html
IE: Convert &Web Page to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll/AcroIECapture.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll/AcroIECaptureSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\kalkanli\AppData\Roaming\Mozilla\Firefox\Profiles\2xp33zko.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-HASP HL Device Driver - c:\windows\System32\UNWISE.EXE
AddRemove-HASP License Manager - c:\windows\System32\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
c:\program files (x86)\ESRI\License\arcgis9x\ARCGIS.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\windows\SysWOW64\nhsrvice.exe
c:\windows\system32\hasplms.exe
c:\program files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
c:\users\kalkanli\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
c:\program files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
c:\program files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
c:\program files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
c:\program files (x86)\Avira\Launcher\Avira.Systray.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Completion time: 2015-10-04  12:43:27 - machine was rebooted
ComboFix-quarantined-files.txt  2015-10-04 09:43
.
Pre-Run: 214,372,540,416 bytes free
Post-Run: 240,595,550,208 bytes free
.
- - End Of File - - 130382E2509D8AACC4DD510200C98639
A36C5E4F47E84449FF07ED3517B43A31

Attached Files

  • Attached File  log.txt   40.84KB   2 downloads


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:34 AM

Posted 05 October 2015 - 07:50 PM

Greetings ez6733 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Why did you find it necessary to run Combofix? What problems are you having?

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Why run Combofix?
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:34 AM

Posted 09 October 2015 - 08:38 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 ez6733

ez6733
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 10 October 2015 - 03:03 AM

Gary thank you very much, my name is Duygu. I haven't got any notification for your first post so i didn't notice your reply. I'll follow your instructions and inform you.
Why i run combofix is that, I had a serious shortcut virus problem and combifix is recommended in most of the forums.

#5 ez6733

ez6733
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 10 October 2015 - 04:22 AM

Gary thank you very much, my name is Duygu. I haven't got any notification for your first post so i didn't notice your reply. I'll follow your instructions and inform you. 
Why i run combofix is that, I had a serious shortcut virus problem and combifix is recommended in most of the forums. 



#6 ez6733

ez6733
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 10 October 2015 - 04:36 AM

- FRST RESULTS: 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-10-2015
Ran by kalkanli (administrator) on KALKANLI-PC (10-10-2015 12:25:07)
Running from C:\Users\kalkanli\Desktop
Loaded Profiles: kalkanli & UpdatusUser (Available Profiles: kalkanli & UpdatusUser & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Acresso Software Inc.) C:\Program Files (x86)\ESRI\License\arcgis9x\lmgrd.exe
(Acresso Software Inc.) C:\Program Files (x86)\ESRI\License\arcgis9x\lmgrd.exe
(Aruba Networks) C:\Program Files\Aruba Networks\Virtual Internet Agent\arubanetsvc.exe
() C:\Program Files (x86)\ESRI\License\arcgis9x\ARCGIS.EXE
(Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Aladdin Knowledge Systems Ltd.) C:\Windows\SysWOW64\nhsrvice.exe
(Aladdin Knowledge Systems Ltd.) C:\Windows\System32\hasplms.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Spotify Ltd) C:\Users\kalkanli\AppData\Roaming\Spotify\SpotifyWebHelper.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Windows ® Win 7 DDK provider) C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Zbshareware Lab) C:\Program Files (x86)\USB Disk Security\USBGuard.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Autodesk Inc.) C:\Users\kalkanli\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FLxHCIm] => C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [40448 2011-02-24] (Windows ® Win 7 DDK provider)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-08-26] ()
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-06] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2292912 2015-09-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [523144 2015-09-07] (Autodesk Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1855672 2015-07-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-09-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [USB Security] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [695528 2015-01-31] (Zbshareware Lab)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [361448601] => C:\ProgramData\msraq.exe [86016000 2010-11-21] (THOMSON)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2823460752-1825363325-1677760358-1000\...\Run: [Spotify Web Helper] => C:\Users\kalkanli\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2541160 2015-10-07] (Spotify Ltd)
HKU\S-1-5-21-2823460752-1825363325-1677760358-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-2823460752-1825363325-1677760358-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1310088 2015-01-27] (Autodesk, Inc.)
HKU\S-1-5-21-2823460752-1825363325-1677760358-1000\...\Run: [{D0A11D05-C358-4106-81EC-C9ED9688C540}] => C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe [473600 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2823460752-1825363325-1677760358-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2823460752-1825363325-1677760358-1000\...\Policies\Explorer: [] 
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1310088 2015-01-27] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2015-02-06] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{339656D2-BF7A-492C-BD97-EDD8A3A19460}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{B74A5F2F-249D-40CC-A5A0-26A9236C9B1E}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2823460752-1825363325-1677760358-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2823460752-1825363325-1677760358-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2823460752-1825363325-1677760358-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000 -> DefaultScope {8A7CD658-CD95-4BE8-94A1-5CFA82A77632} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000 -> {8A7CD658-CD95-4BE8-94A1-5CFA82A77632} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2013-01-25] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-07-03] (Adobe Systems Incorporated)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-07-03] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-07-03] (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2013-02-01] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-07-03] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-07-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-07-03] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-07-03] (Adobe Systems Incorporated)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\kalkanli\AppData\Roaming\Mozilla\Firefox\Profiles\2xp33zko.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-02-20] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-01-25] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-22] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2823460752-1825363325-1677760358-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\kalkanli\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2823460752-1825363325-1677760358-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\kalkanli\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2823460752-1825363325-1677760358-1000: @talk.google.com/O1DPlugin -> C:\Users\kalkanli\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2823460752-1825363325-1677760358-1000: @tools.google.com/Google Update;version=3 -> C:\Users\kalkanli\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-22] (Google Inc.)
FF Plugin HKU\S-1-5-21-2823460752-1825363325-1677760358-1000: @tools.google.com/Google Update;version=9 -> C:\Users\kalkanli\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-22] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-01-25] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\kalkanli\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\kalkanli\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: Avira Browser Safety - C:\Users\kalkanli\AppData\Roaming\Mozilla\Firefox\Profiles\2xp33zko.default\Extensions\abs@avira.com [2014-08-25]
FF Extension: mOTP - C:\Users\kalkanli\AppData\Roaming\Mozilla\Firefox\Profiles\2xp33zko.default\Extensions\jid1-bx0kNvfJip1nXw@jetpack.xpi [2014-07-21]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2015-08-23]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.co.uk/
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"
CHR Profile: C:\Users\kalkanli\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adobe Acrobat - PDF Oluştur) - C:\Users\kalkanli\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-08-23]
CHR Extension: (Avira SafeSearch) - C:\Users\kalkanli\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2015-08-23]
CHR Extension: (Emma Bridgewater) - C:\Users\kalkanli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ennchkafgbngcmjcbbicbobbdomhmklc [2015-08-23]
CHR Extension: (Avira Browser Safety) - C:\Users\kalkanli\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-08-23]
CHR Extension: (MagicScroll eBook Reader) - C:\Users\kalkanli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2015-08-23]
CHR Extension: (AdBlock) - C:\Users\kalkanli\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-08-23]
CHR Extension: (Kindle Cloud Reader) - C:\Users\kalkanli\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-08-23]
CHR Extension: (GameofSpoils: Game of Thrones Spoiler Blocker) - C:\Users\kalkanli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipjhpmdippbajafafidlinjjmfkdamci [2015-08-23]
CHR Extension: (TouristEye Planner) - C:\Users\kalkanli\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjpejalhlnocbhggpnokneghfenoneg [2015-08-23]
CHR Extension: (Chrome Web Mağazası Ödemeleri) - C:\Users\kalkanli\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-23]
CHR Extension: (Readability) - C:\Users\kalkanli\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2015-08-23]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1136520 2015-09-07] (Autodesk Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [669872 2015-09-15] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015936 2015-09-29] (Adobe Systems, Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-07-29] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-08-26] () [File not signed]
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-08-26] () [File not signed]
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-08-26] () [File not signed]
R2 ArcGIS License Manager; C:\Program Files (x86)\ESRI\License\arcgis9x\lmgrd.exe [1431440 2008-08-02] (Acresso Software Inc.)
R2 Aruba Service; C:\Program Files\Aruba Networks\Virtual Internet Agent\arubanetsvc.exe [352080 2014-04-10] (Aruba Networks)
R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [240872 2015-09-10] (Avira Operations GmbH & Co. KG)
R2 HASP Loader; C:\Windows\SysWOW64\nhsrvice.exe [249856 2005-05-29] (Aladdin Knowledge Systems Ltd.) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-04-02] (Nero AG)
R2 mi-raysat_3dsmax2012_64; C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [86016 2011-02-22] () [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ArubaNetFlt; C:\Windows\System32\DRIVERS\arubanetflt.sys [129328 2013-09-23] (Aruba Networks)
S3 arubavnic; C:\Windows\System32\DRIVERS\arubavnic.sys [35664 2009-12-18] (Aruba Networks)
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17024 2010-07-26] (ASUS)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162528 2015-07-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-07-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-11] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [81920 2011-02-24] (Fresco Logic)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2014-10-28] (Kingsoft Corporation)
R2 resetat; C:\Windows\System32\DRIVERS\haritaciyim_2.sys [35328 2015-07-29] (Chingachguk & Denger2k (Elit & SP edition))
S2 Sentinel; C:\Windows\System32\Drivers\SENTINEL64.SYS [141888 2006-04-20] (SafeNet, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-10 12:25 - 2015-10-10 12:25 - 00030604 _____ C:\Users\kalkanli\Desktop\FRST.txt
2015-10-10 12:24 - 2015-10-10 12:25 - 00000000 ____D C:\FRST
2015-10-10 12:23 - 2015-10-10 12:23 - 02194944 _____ (Farbar) C:\Users\kalkanli\Desktop\FRST64.exe
2015-10-09 14:19 - 2015-10-09 14:19 - 00001028 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2015.lnk
2015-10-09 13:52 - 2015-10-09 13:52 - 00001225 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-10-09 13:52 - 2015-10-09 13:52 - 00001213 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-10-07 19:11 - 2015-10-07 19:11 - 00000000 ____D C:\Users\kalkanli\AppData\OICE_15_974FA576_32C1D314_2D04
2015-10-04 12:43 - 2015-10-04 12:43 - 00041818 _____ C:\ComboFix.txt
2015-10-04 12:33 - 2015-10-04 12:33 - 00000552 _____ C:\Windows\PFRO.log
2015-10-04 12:22 - 2015-10-04 12:56 - 00000000 ____D C:\ComboFix
2015-10-04 12:22 - 2015-10-04 12:43 - 00000000 ____D C:\Qoobox
2015-10-04 12:22 - 2011-06-26 09:45 - 00256000 _____ C:\Windows\PEV.exe
2015-10-04 12:22 - 2010-11-07 20:20 - 00208896 _____ C:\Windows\MBR.exe
2015-10-04 12:22 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-10-04 12:22 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-10-04 12:22 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-10-04 12:22 - 2000-08-31 03:00 - 00098816 _____ C:\Windows\sed.exe
2015-10-04 12:22 - 2000-08-31 03:00 - 00080412 _____ C:\Windows\grep.exe
2015-10-04 12:22 - 2000-08-31 03:00 - 00068096 _____ C:\Windows\zip.exe
2015-10-04 12:21 - 2015-10-04 12:39 - 00000000 ____D C:\Windows\erdnt
2015-10-04 12:19 - 2015-10-04 12:19 - 00295800 _____ C:\Windows\Minidump\100415-27128-01.dmp
2015-10-04 12:10 - 2015-10-04 12:11 - 05636125 ____R (Swearware) C:\Users\kalkanli\Downloads\ComboFix.exe
2015-10-04 12:09 - 2015-10-04 12:20 - 00000000 ____D C:\Users\kalkanli\Desktop\toshiba flash
2015-10-04 12:01 - 2015-10-04 12:01 - 00000000 ____D C:\Users\kalkanli\AppData\Roaming\Zbshareware Lab
2015-10-04 12:00 - 2015-10-04 12:00 - 04027752 _____ (Zbshareware Lab ) C:\Users\kalkanli\Downloads\USBGuard6.5.0.0.exe
2015-10-04 12:00 - 2015-10-04 12:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Disk Security
2015-10-04 12:00 - 2015-10-04 12:00 - 00000000 ____D C:\Program Files (x86)\USB Disk Security
2015-10-02 13:29 - 2015-10-04 12:19 - 670207780 _____ C:\Windows\MEMORY.DMP
2015-10-02 13:29 - 2015-10-02 13:29 - 00305056 _____ C:\Windows\Minidump\100215-30513-01.dmp
2015-09-23 19:43 - 2015-10-10 11:04 - 00001232 _____ C:\Windows\setupact.log
2015-09-23 19:43 - 2015-09-23 19:43 - 00000000 _____ C:\Windows\setuperr.log
2015-09-22 13:42 - 2015-09-22 13:42 - 00279023 _____ C:\Users\kalkanli\Downloads\sf-new-republic.zip
2015-09-22 13:41 - 2015-09-22 13:41 - 00021858 _____ C:\Users\kalkanli\Downloads\Flatform.zip
2015-09-22 13:41 - 2015-09-22 13:41 - 00012489 _____ C:\Users\kalkanli\Downloads\gabriele-magurno_steiner.zip
2015-09-22 13:37 - 2015-09-22 13:37 - 00369839 _____ C:\Users\kalkanli\Downloads\new_cicle.zip
2015-09-22 13:37 - 2015-09-22 13:37 - 00074162 _____ C:\Users\kalkanli\Downloads\Existence-Light.zip
2015-09-22 13:37 - 2015-09-22 13:37 - 00068078 _____ C:\Users\kalkanli\Downloads\geo_sans_light.zip
2015-09-22 13:37 - 2015-09-22 13:37 - 00052257 _____ C:\Users\kalkanli\Downloads\Kontrapunkt.zip
2015-09-22 13:37 - 2015-09-22 13:37 - 00020750 _____ C:\Users\kalkanli\Downloads\whola_regular.zip
2015-09-22 13:37 - 2015-09-22 13:37 - 00015249 _____ C:\Users\kalkanli\Downloads\typo_slab_serif.zip
2015-09-22 13:36 - 2015-09-22 13:37 - 00159343 _____ C:\Users\kalkanli\Downloads\tall_films.zip
2015-09-22 13:35 - 2015-09-22 13:43 - 00000000 ____D C:\Users\kalkanli\Desktop\FONT
2015-09-22 13:33 - 2015-09-22 13:33 - 00037849 _____ C:\Users\kalkanli\Downloads\espacio.zip
2015-09-22 13:12 - 2015-09-22 13:13 - 00933099 _____ C:\Users\kalkanli\Downloads\logo.psd
2015-09-22 11:54 - 2014-04-15 03:47 - 00037624 ____N C:\Users\kalkanli\Downloads\JosefinSans-ThinItalic.ttf
2015-09-22 11:54 - 2014-04-15 03:47 - 00037336 ____N C:\Users\kalkanli\Downloads\JosefinSans-LightItalic.ttf
2015-09-22 11:54 - 2014-04-15 03:47 - 00037092 ____N C:\Users\kalkanli\Downloads\JosefinSans-SemiBoldItalic.ttf
2015-09-22 11:54 - 2014-04-15 03:47 - 00037044 ____N C:\Users\kalkanli\Downloads\JosefinSans-Italic.ttf
2015-09-22 11:54 - 2014-04-15 03:47 - 00037008 ____N C:\Users\kalkanli\Downloads\JosefinSans-BoldItalic.ttf
2015-09-22 11:54 - 2014-04-15 03:47 - 00033180 ____N C:\Users\kalkanli\Downloads\JosefinSans-Light.ttf
2015-09-22 11:54 - 2014-04-15 03:47 - 00033008 ____N C:\Users\kalkanli\Downloads\JosefinSans-Regular.ttf
2015-09-22 11:54 - 2014-04-15 03:47 - 00033004 ____N C:\Users\kalkanli\Downloads\JosefinSans-SemiBold.ttf
2015-09-22 11:54 - 2014-04-15 03:47 - 00033000 ____N C:\Users\kalkanli\Downloads\JosefinSans-Thin.ttf
2015-09-22 11:54 - 2014-04-15 03:47 - 00032912 ____N C:\Users\kalkanli\Downloads\JosefinSans-Bold.ttf
2015-09-22 11:54 - 2014-04-15 03:47 - 00004447 ____N C:\Users\kalkanli\Downloads\OFL.txt
2015-09-22 11:53 - 2015-09-22 11:53 - 00037640 _____ C:\Users\kalkanli\Downloads\futura-normal.ttf
2015-09-22 11:52 - 2015-09-22 11:52 - 00208285 _____ C:\Users\kalkanli\Downloads\josefin-sans.zip
2015-09-22 11:25 - 2015-09-22 11:25 - 00003764 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0c542349b9dd6
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-10 12:23 - 2009-07-14 07:45 - 00019152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-10 12:23 - 2009-07-14 07:45 - 00019152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-10 12:21 - 2013-03-08 11:59 - 01776158 _____ C:\Windows\WindowsUpdate.log
2015-10-10 12:20 - 2013-03-15 18:04 - 00000000 ____D C:\Users\kalkanli\AppData\Local\Google
2015-10-10 12:18 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\tracing
2015-10-10 12:11 - 2013-06-05 00:06 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2823460752-1825363325-1677760358-1000UA.job
2015-10-10 12:02 - 2013-03-15 18:53 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-10 11:30 - 2015-08-28 04:28 - 00001042 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2823460752-1825363325-1677760358-1000UA.job
2015-10-10 11:30 - 2015-07-23 15:22 - 00001016 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0c542349b9dd6.job
2015-10-10 11:30 - 2015-07-23 15:19 - 00000990 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2823460752-1825363325-1677760358-1000Core1d0c541c80f101a.job
2015-10-10 11:30 - 2013-03-15 18:04 - 00001020 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-10 11:15 - 2013-03-08 13:32 - 00000000 ____D C:\Users\kalkanli\AppData\Local\Adobe
2015-10-10 11:10 - 2015-08-22 23:49 - 00000000 ___RD C:\Users\kalkanli\Creative Cloud Files
2015-10-10 11:09 - 2015-08-22 23:49 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-10-10 11:06 - 2014-06-23 23:58 - 00000000 ____D C:\Users\kalkanli\AppData\Local\HTC MediaHub
2015-10-10 11:05 - 2015-08-27 13:01 - 00000439 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-10-10 11:05 - 2015-07-29 17:52 - 00000012 _____ C:\Windows\SysWOW64\haspaddr.dat
2015-10-10 11:04 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-10 00:11 - 2013-06-05 00:06 - 00000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2823460752-1825363325-1677760358-1000Core.job
2015-10-09 23:30 - 2014-08-09 20:58 - 00000000 ____D C:\Users\kalkanli\AppData\Roaming\Spotify
2015-10-09 22:17 - 2014-08-09 20:59 - 00000000 ____D C:\Users\kalkanli\AppData\Local\Spotify
2015-10-09 14:19 - 2013-03-08 13:33 - 00000000 ____D C:\ProgramData\Adobe
2015-10-09 14:14 - 2013-03-08 14:09 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-10-09 14:13 - 2014-04-01 21:58 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-09 14:13 - 2013-03-08 14:12 - 00000000 ____D C:\Program Files\Adobe
2015-10-09 14:13 - 2013-03-08 12:52 - 00000000 ____D C:\Users\kalkanli\AppData\Roaming\Adobe
2015-10-09 13:52 - 2013-03-08 14:06 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-10-09 13:20 - 2015-06-30 14:19 - 00000000 ____D C:\Users\kalkanli\Desktop\lisansüstü başvuru
2015-10-04 12:43 - 2009-07-14 06:20 - 00000000 __RHD C:\Users\Default
2015-10-04 12:34 - 2013-03-08 13:16 - 00002488 _____ C:\Windows\system32\AutoRunFilter.ini
2015-10-04 12:34 - 2009-07-14 05:34 - 00000215 _____ C:\Windows\system.ini
2015-10-04 12:33 - 2009-07-14 05:34 - 21233664 _____ C:\Windows\system32\config\system.bak
2015-10-04 12:33 - 2009-07-14 05:34 - 129236992 _____ C:\Windows\system32\config\software.bak
2015-10-04 12:33 - 2009-07-14 05:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2015-10-04 12:33 - 2009-07-14 05:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2015-10-04 12:33 - 2009-07-14 05:34 - 00262144 _____ C:\Windows\system32\config\default.bak
2015-10-04 12:21 - 2013-06-13 00:22 - 00935424 ___SH C:\Users\kalkanli\Thumbs.db
2015-10-04 12:19 - 2014-02-20 14:59 - 00000000 ____D C:\Windows\Minidump
2015-10-04 11:56 - 2009-07-14 08:13 - 00780428 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-03 21:45 - 2013-07-13 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-09-23 19:44 - 2014-10-29 12:38 - 05252816 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-22 16:13 - 2014-10-29 02:41 - 00142928 _____ C:\Users\kalkanli\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-22 14:02 - 2013-03-15 18:53 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-22 14:02 - 2013-03-08 12:52 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-22 14:02 - 2013-03-08 12:52 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-22 12:17 - 2013-03-18 02:22 - 00000000 ____D C:\Users\kalkanli\AppData\Roaming\uTorrent
2015-09-22 12:07 - 2013-03-08 12:01 - 00000000 ____D C:\Users\kalkanli
2015-09-22 11:25 - 2015-08-28 04:28 - 00004022 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2823460752-1825363325-1677760358-1000UA
2015-09-22 11:25 - 2015-08-28 04:28 - 00003626 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2823460752-1825363325-1677760358-1000Core1d0c541c80f101a
2015-09-22 11:25 - 2013-03-15 18:04 - 00004016 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
 
==================== Files in the root of some directories =======
 
2015-07-23 15:15 - 2015-07-23 15:15 - 1415680 _____ (wj32) C:\Program Files\0I26O6K8.exe
2015-07-04 23:54 - 2015-07-04 23:54 - 1415680 _____ (wj32) C:\Program Files\0I2K2K4W.exe
2015-08-02 00:34 - 2015-08-02 00:34 - 1415680 _____ (wj32) C:\Program Files\0K2K2M4I.exe
2015-07-23 15:15 - 2015-07-23 15:15 - 1415680 _____ (wj32) C:\Program Files\1CM0AOZ9.exe
2015-07-30 19:28 - 2015-07-30 19:28 - 1415680 _____ (wj32) C:\Program Files\1K3XGZIU.exe
2015-07-29 18:02 - 2015-07-29 18:02 - 1415680 _____ (wj32) C:\Program Files\2EUAYE66.exe
2015-07-02 15:25 - 2015-07-02 15:25 - 1415680 _____ (wj32) C:\Program Files\2L4YH0JU.exe
2015-07-29 18:38 - 2015-07-29 18:38 - 1415680 _____ (wj32) C:\Program Files\2LFYH0UK.exe
2015-08-04 17:53 - 2015-08-04 17:53 - 1415680 _____ (wj32) C:\Program Files\2LFYHB66.exe
2015-07-10 00:40 - 2015-07-10 00:40 - 1415680 _____ (wj32) C:\Program Files\3EOZCNYR.exe
2015-08-04 17:54 - 2015-08-04 17:54 - 1415680 _____ (wj32) C:\Program Files\3JVJZFVB.exe
2015-08-04 14:43 - 2015-08-04 14:43 - 1415680 _____ (wj32) C:\Program Files\3MGZ5MSL.exe
2015-08-06 15:35 - 2015-08-06 15:35 - 1415680 _____ (wj32) C:\Program Files\5FK0EPZS.exe
2015-08-04 14:44 - 2015-08-04 14:44 - 1415680 _____ (wj32) C:\Program Files\5ZI1KEXX.exe
2015-08-04 14:43 - 2015-08-04 14:43 - 1415680 _____ (wj32) C:\Program Files\5ZTC60JG.exe
2015-08-05 22:30 - 2015-08-05 22:30 - 1415680 _____ (wj32) C:\Program Files\6P82L4NO.exe
2015-08-04 14:43 - 2015-08-04 14:43 - 1415680 _____ (wj32) C:\Program Files\6P82L4YA.exe
2015-07-11 12:22 - 2015-07-11 12:22 - 1415680 _____ (wj32) C:\Program Files\7IS6GR2F.exe
2015-06-25 23:16 - 2015-06-25 23:16 - 1415680 _____ (wj32) C:\Program Files\7K9SM5OB.exe
2015-08-04 14:43 - 2015-08-04 14:43 - 1415680 _____ (wj32) C:\Program Files\82L4NH0J.exe
2015-07-30 19:29 - 2015-07-30 19:29 - 1415680 _____ (wj32) C:\Program Files\8O4K8O0C.exe
2015-08-04 17:54 - 2015-08-04 17:54 - 1415680 _____ (wj32) C:\Program Files\9SBUO7KK.exe
2015-07-25 14:27 - 2015-07-25 14:27 - 1415680 _____ (wj32) C:\Program Files\9SM5O711.exe
2015-07-29 18:01 - 2015-07-29 18:01 - 1415680 _____ (wj32) C:\Program Files\9SM5OI1K.exe
2015-07-29 18:38 - 2015-07-29 18:38 - 1415680 _____ (wj32) C:\Program Files\A4N6PJJ6.exe
2015-08-04 17:54 - 2015-08-04 17:54 - 1415680 _____ (wj32) C:\Program Files\A987BA9I.exe
2015-08-05 16:14 - 2015-08-05 16:14 - 1415680 _____ (wj32) C:\Program Files\ATN6P82L.exe
2015-08-01 23:15 - 2015-08-01 23:15 - 1415680 _____ (wj32) C:\Program Files\BMZAKV9W.exe
2015-07-27 20:47 - 2015-07-27 20:47 - 1415680 _____ (wj32) C:\Program Files\BP0DO2C9.exe
2015-07-29 18:37 - 2015-07-29 18:37 - 1415680 _____ (wj32) C:\Program Files\BP3KYFTO.exe
2015-08-04 14:44 - 2015-08-04 14:44 - 1415680 _____ (wj32) C:\Program Files\BUDWK9ST.exe
2015-07-07 14:28 - 2015-07-07 14:28 - 1415680 _____ (wj32) C:\Program Files\DR1CP0E7.exe
2015-07-30 19:28 - 2015-07-30 19:28 - 1415680 _____ (wj32) C:\Program Files\E8RATN6P.exe
2015-07-29 18:01 - 2015-07-29 18:01 - 1415680 _____ (wj32) C:\Program Files\E8RL4N6I.exe
2015-07-11 12:23 - 2015-07-11 12:23 - 1415680 _____ (wj32) C:\Program Files\EK6UAK6E.exe
2015-06-29 16:20 - 2015-06-29 16:20 - 1415680 _____ (wj32) C:\Program Files\EOZ9NY83.exe
2015-07-08 21:48 - 2015-07-08 21:48 - 1415680 _____ (wj32) C:\Program Files\ER2CN1B4.exe
2015-07-04 23:54 - 2015-07-04 23:54 - 1415680 _____ (wj32) C:\Program Files\ES3GR2CK.exe
2015-08-05 22:29 - 2015-08-05 22:29 - 1415680 _____ (wj32) C:\Program Files\EXRA4N6P.exe
2015-08-05 22:29 - 2015-08-05 22:29 - 1415680 _____ (wj32) C:\Program Files\FK0EPZA8.exe
2015-07-05 14:05 - 2015-07-05 14:05 - 1415680 _____ (wj32) C:\Program Files\FP3EOZC2.exe
2015-07-10 19:46 - 2015-07-10 19:46 - 1415680 _____ (wj32) C:\Program Files\FR7NBRFV.exe
2015-07-29 18:46 - 2015-07-29 18:46 - 1415680 _____ (wj32) C:\Program Files\FT7O2GUS.exe
2015-07-11 12:21 - 2015-07-11 12:21 - 1415680 _____ (wj32) C:\Program Files\G0I2K4M6.exe
2015-08-04 17:54 - 2015-08-04 17:54 - 1415680 _____ (wj32) C:\Program Files\GC1PEAZN.exe
2015-07-29 18:00 - 2015-07-29 18:00 - 1415680 _____ (wj32) C:\Program Files\GR4FK0E7.exe
2015-07-29 18:19 - 2015-07-29 18:19 - 1415680 _____ (wj32) C:\Program Files\GU5FK4MY.exe
2015-07-29 18:01 - 2015-07-29 18:01 - 1415680 _____ (wj32) C:\Program Files\GZTCVE89.exe
2015-08-05 16:14 - 2015-08-05 16:14 - 1415680 _____ (wj32) C:\Program Files\HBUDWK9Z.exe
2015-08-05 22:29 - 2015-08-05 22:29 - 1415680 _____ (wj32) C:\Program Files\HV9N4IZX.exe
2015-07-25 14:27 - 2015-07-25 14:27 - 1415680 _____ (wj32) C:\Program Files\I1K3XGZB.exe
2015-07-29 18:16 - 2015-07-29 18:16 - 1415680 _____ (wj32) C:\Program Files\ICVEXRAL.exe
2015-07-10 19:46 - 2015-07-10 19:46 - 1415680 _____ (wj32) C:\Program Files\IYEUIYAK.exe
2015-07-29 18:16 - 2015-07-29 18:16 - 1415680 _____ (wj32) C:\Program Files\J2LFYHBB.exe
2015-07-23 15:15 - 2015-07-23 15:15 - 1415680 _____ (wj32) C:\Program Files\JDWF9SBU.exe
2015-06-25 23:16 - 2015-06-25 23:16 - 1415680 _____ (wj32) C:\Program Files\JDWFYSBB.exe
2015-07-29 18:01 - 2015-07-29 18:01 - 1415680 _____ (wj32) C:\Program Files\JU4FT3HK.exe
2015-08-05 22:29 - 2015-08-05 22:29 - 1415680 _____ (wj32) C:\Program Files\JXBS6KYZ.exe
2015-07-29 18:20 - 2015-07-29 18:20 - 1415680 _____ (wj32) C:\Program Files\K3M5ZICO.exe
2015-08-04 14:43 - 2015-08-04 14:43 - 1415680 _____ (wj32) C:\Program Files\K3MGOI11.exe
2015-07-29 18:02 - 2015-07-29 18:02 - 1415680 _____ (wj32) C:\Program Files\K6M2K6UY.exe
2015-07-11 12:22 - 2015-07-11 12:22 - 1415680 _____ (wj32) C:\Program Files\K6U6M2UK.exe
2015-07-29 18:01 - 2015-07-29 18:01 - 1415680 _____ (wj32) C:\Program Files\K8SAUYGK.exe
2015-07-30 19:27 - 2015-07-30 19:27 - 1415680 _____ (wj32) C:\Program Files\K9SB5OIG.exe
2015-08-01 23:15 - 2015-08-01 23:15 - 1415680 _____ (wj32) C:\Program Files\KCWG0M6K.exe
2015-08-05 22:30 - 2015-08-05 22:30 - 1415680 _____ (wj32) C:\Program Files\KK3M5ZII.exe
2015-07-11 12:23 - 2015-07-11 12:23 - 1415680 _____ (wj32) C:\Program Files\LFYH0UDP.exe
2015-07-11 12:22 - 2015-07-11 12:22 - 1415680 _____ (wj32) C:\Program Files\M2I6MYEE.exe
2015-08-04 17:55 - 2015-08-04 17:55 - 1415680 _____ (wj32) C:\Program Files\N6P82L4N.exe
2015-07-29 18:19 - 2015-07-29 18:19 - 1415680 _____ (wj32) C:\Program Files\NY8JW7IS.exe
2015-06-29 00:12 - 2015-06-29 00:12 - 1415680 _____ (wj32) C:\Program Files\O2CNXBMC.exe
2015-07-29 18:16 - 2015-07-29 18:16 - 1415680 _____ (wj32) C:\Program Files\O71K3XGZ.exe
2015-07-11 12:22 - 2015-07-11 12:22 - 1415680 _____ (wj32) C:\Program Files\R5GK1EPS.exe
2015-07-05 14:06 - 2015-07-05 14:06 - 1415680 _____ (wj32) C:\Program Files\R9R9TBHZ.exe
2015-08-04 14:42 - 2015-08-04 14:42 - 1415680 _____ (wj32) C:\Program Files\S3EO2CKJ.exe
2015-07-30 19:28 - 2015-07-30 19:28 - 1415680 _____ (wj32) C:\Program Files\SB5O7KK3.exe
2015-07-29 18:37 - 2015-07-29 18:37 - 1415680 _____ (wj32) C:\Program Files\SBUD7K9S.exe
2015-07-30 19:27 - 2015-07-30 19:27 - 1415680 _____ (wj32) C:\Program Files\SBUO7K97.exe
2015-07-25 14:26 - 2015-07-25 14:26 - 1415680 _____ (wj32) C:\Program Files\SBUO7K9W.exe
2015-07-29 18:20 - 2015-07-29 18:20 - 1415680 _____ (wj32) C:\Program Files\SGWCOCSG.exe
2015-07-25 14:27 - 2015-07-25 14:27 - 1415680 _____ (wj32) C:\Program Files\SM5ZI1KE.exe
2015-08-04 17:54 - 2015-08-04 17:54 - 1415680 _____ (wj32) C:\Program Files\UD7K9SM3.exe
2015-07-29 18:02 - 2015-07-29 18:02 - 1415680 _____ (wj32) C:\Program Files\UDWF9SBM.exe
2015-07-04 23:54 - 2015-07-04 23:54 - 1415680 _____ (wj32) C:\Program Files\UG0K4KAK.exe
2015-08-04 14:44 - 2015-08-04 14:44 - 1415680 _____ (wj32) C:\Program Files\VBZFV7VV.exe
2015-07-29 18:15 - 2015-07-29 18:15 - 1415680 _____ (wj32) C:\Program Files\W0K2KI0U.exe
2015-06-27 02:54 - 2015-06-27 02:54 - 1415680 _____ (wj32) C:\Program Files\W9N4IWDC.exe
2015-07-29 18:20 - 2015-07-29 18:20 - 1415680 _____ (wj32) C:\Program Files\WCS8W8O0.exe
2015-08-02 00:34 - 2015-08-02 00:34 - 1415680 _____ (wj32) C:\Program Files\WEYGYM4A.exe
2015-07-29 18:01 - 2015-07-29 18:01 - 1415680 _____ (wj32) C:\Program Files\WF9SM5VR.exe
2015-07-29 18:02 - 2015-07-29 18:02 - 1415680 _____ (wj32) C:\Program Files\WK0CSGO4.exe
2015-07-29 18:20 - 2015-07-29 18:20 - 1415680 _____ (wj32) C:\Program Files\XGZICVE1.exe
2015-07-29 18:37 - 2015-07-29 18:37 - 1415680 _____ (wj32) C:\Program Files\XJ2L9SMG.exe
2015-07-11 12:22 - 2015-07-11 12:22 - 1415680 _____ (wj32) C:\Program Files\XRATC6PP.exe
2015-07-30 19:28 - 2015-07-30 19:28 - 1415680 _____ (wj32) C:\Program Files\Y210MKPY.exe
2015-07-29 18:02 - 2015-07-29 18:02 - 1415680 _____ (wj32) C:\Program Files\Y4EUU4EK.exe
2015-07-29 18:16 - 2015-07-29 18:16 - 1415680 _____ (wj32) C:\Program Files\Y88OYY8E.exe
2015-08-07 00:04 - 2015-08-07 00:04 - 1415680 _____ (wj32) C:\Program Files\Y8JX7LWK.exe
2015-07-29 18:19 - 2015-07-29 18:19 - 1415680 _____ (wj32) C:\Program Files\YBMW7LVI.exe
2015-08-07 00:04 - 2015-08-07 00:04 - 1415680 _____ (wj32) C:\Program Files\YBMX7LVP.exe
2015-07-29 18:20 - 2015-07-29 18:20 - 1415680 _____ (wj32) C:\Program Files\ZANY8JXK.exe
2015-06-30 13:47 - 2015-06-30 13:47 - 1415680 _____ (wj32) C:\Program Files\ZAOY9JXS.exe
2015-07-30 19:28 - 2015-07-30 19:28 - 1415680 _____ (wj32) C:\Program Files\ZI1KEXGN.exe
2015-07-29 18:15 - 2015-07-29 18:38 - 1415680 _____ (wj32) C:\Program Files\ZICVEXRA.exe
2015-04-14 19:28 - 2015-04-14 19:28 - 0004387 _____ () C:\Users\kalkanli\AppData\Roaming\6BKtpZYhtDzLG2uErr1vmq8HgkA
2015-04-19 15:20 - 2015-04-19 15:20 - 0005872 _____ () C:\Users\kalkanli\AppData\Roaming\6Pys0Flj2k
2014-02-18 21:02 - 2015-05-04 02:34 - 0000132 _____ () C:\Users\kalkanli\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-04-18 18:53 - 2014-04-18 18:58 - 0000815 _____ () C:\ProgramData\hpzinstall.log
2013-03-14 11:09 - 2013-03-14 11:09 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2015-08-02 00:53 - 2015-08-02 00:53 - 0000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2010-11-21 06:24 - 2010-11-21 06:24 - 86016000 ___SH (THOMSON) C:\ProgramData\msraq.exe
 
Files to move or delete:
====================
C:\ProgramData\msraq.exe
 
 
Some files in TEMP:
====================
C:\Users\kalkanli\AppData\Local\Temp\cdo1170356221.dll
C:\Users\kalkanli\AppData\Local\Temp\cdo1178333949.dll
C:\Users\kalkanli\AppData\Local\Temp\cdo1357404101.dll
C:\Users\kalkanli\AppData\Local\Temp\cdo1414486263.dll
C:\Users\kalkanli\AppData\Local\Temp\cdo1987068232.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION
 
 
LastRegBack: 2015-10-02 16:09
 
==================== End of FRST.txt ============================
 
-ADDITION LOG :
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-10-2015
Ran by kalkanli (2015-10-10 12:26:36)
Running from C:\Users\kalkanli\Desktop
Windows 7 Professional Service Pack 1 (X64) (2013-03-08 09:01:47)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2823460752-1825363325-1677760358-500 - Administrator - Disabled)
Guest (S-1-5-21-2823460752-1825363325-1677760358-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2823460752-1825363325-1677760358-1003 - Limited - Enabled)
kalkanli (S-1-5-21-2823460752-1825363325-1677760358-1000 - Administrator - Enabled) => C:\Users\kalkanli
UpdatusUser (S-1-5-21-2823460752-1825363325-1677760358-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2823460752-1825363325-1677760358-1000\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
A360 Desktop (HKLM\...\{B209E611-5511-4AD6-B4B3-9D36F93DBCD4}) (Version: 6.0.3.1100 - Autodesk)
ACA & MEP 2016 Object Enabler (Version: 7.8.41.0 - Autodesk) Hidden
ACAD Private (Version: 20.1.49.0 - Autodesk) Hidden
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.3.0.151 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Web Premium (HKLM-x32\...\{CDC08463-9303-4BF1-BF8C-E1A2ECEE3248}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2015 (HKLM-x32\...\{DBFD0312-6E55-1014-8952-E78D43BC0147}) (Version: 11.1.0.122 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcGIS Desktop (HKLM-x32\...\ArcGIS Desktop) (Version: 9.3.1770 - Environmental Systems Research Institute, Inc.)
ArcGIS Desktop (x32 Version: 9.3.1770 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS Desktop SDK for VB6 (HKLM-x32\...\ArcGIS Desktop SDK for VB6) (Version: 9.3.1770 - Environmental Systems Research Institute, Inc.)
ArcGIS Desktop SDK for VB6 (x32 Version: 9.3.1770 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS Desktop VBA Developer Resources (HKLM-x32\...\ArcGIS Desktop VBA Developer Resources) (Version: 9.3.1770 - Environmental Systems Research Institute, Inc.)
ArcGIS Desktop VBA Developer Resources (x32 Version: 9.3.1770 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS License Manager (HKLM-x32\...\ArcGIS License Manager) (Version:  - )
ArcGIS Pre 9.3 GDB Direct Connect (HKLM-x32\...\ArcGIS Pre 9.3 GDB Direct Connect) (Version: 9.3.1770 - Environmental Systems Research Institute, Inc.)
ArcGIS Pre 9.3 GDB Direct Connect (x32 Version: 9.3.1770 - Environmental Systems Research Institute, Inc.) Hidden
Aruba Networks Virtual Intranet Access 2.1.1.5.62588 (HKLM\...\{AC93D3F1-09B8-4F48-A43E-16DB406260C5}) (Version: 2.1.1.62588 - Aruba Networks)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0008 - ASUS)
AutoCAD 2012 - English (HKLM\...\AutoCAD 2012 - English) (Version: 18.2.51.0 - Autodesk)
AutoCAD 2012 - English (Version: 18.2.51.0 - Autodesk) Hidden
AutoCAD 2012 Language Pack - English (Version: 18.2.51.0 - Autodesk) Hidden
AutoCAD 2016 - English (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 Language Pack - English (Version: 20.1.49.0 - Autodesk) Hidden
Autodesk 3ds Max 2012 64-bit - English (HKLM\...\Autodesk 3ds Max 2012 64-bit - English) (Version: 14.0 - Autodesk)
Autodesk 3ds Max 2012 64-bit - English (Version: 14.0 - Autodesk) Hidden
Autodesk 3ds Max 2012 SDK (HKLM-x32\...\{3E66D17B-6A22-4C1D-9931-57FCA0A04416}) (Version: 14.0.0.120 - Autodesk)
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk)
Autodesk App Manager 2016 (HKLM-x32\...\{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 5.0.142.5 - Autodesk)
Autodesk AutoCAD 2016 - English (HKLM\...\AutoCAD 2016 - English) (Version: 20.1.49.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM-x32\...\{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk)
Autodesk Backburner 2012.0.0 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2012.0.0 - Autodesk, Inc.)
Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit (HKLM\...\{4BEE127E-95C4-434D-ABAC-65155192BB24}) (Version: 4.35.1742 - Autodesk)
Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit (HKLM\...\Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit) (Version:  - Autodesk)
Autodesk Featured Apps 2016 (HKLM-x32\...\{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk)
Autodesk Inventor Fusion 2012 (HKLM\...\Autodesk Inventor Fusion 2012) (Version: 1.0.0.79 - Autodesk, Inc.)
Autodesk Inventor Fusion 2012 (Version: 1.0.0.79 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion 2012 Language Pack (Version: 1.0.0.79 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion plug-in for AutoCAD 2012 (HKLM\...\Autodesk Inventor Fusion plug-in for AutoCAD 2012) (Version: 0.0.1.138 - Autodesk)
Autodesk Inventor Fusion plug-in for AutoCAD 2012 (Version: 0.0.1.138 - Autodesk) Hidden
Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012 (Version: 0.0.1.138 - Autodesk) Hidden
Autodesk Material Library 2012 (HKLM-x32\...\{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2012 (HKLM-x32\...\{65420DC9-306E-4371-905F-F4DC3B418E52}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2012 (HKLM-x32\...\{B5751715-EC10-43D9-8C95-62E1368433EF}) (Version: 2.5.0.8 - Autodesk)
Autodesk Network License Manager (HKLM-x32\...\{EAB8A41D-FABA-4569-A0A1-60A8B358D6F1}) (Version: 1.0.0 - Autodesk)
Autodesk ReCap 2016 (HKLM\...\Autodesk ReCap 2016) (Version: 1.5.0.33 - Autodesk)
Autodesk ReCap 2016 (Version: 1.5.0.33 - Autodesk) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.12.408 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{5dfbeba9-9f22-463d-8c95-c861911810a2}) (Version: 1.1.47.11018 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.47.11018 - Avira Operations GmbH & Co. KG) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.64.1073 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Composite 2012 64-bit (HKLM\...\{EA234BC3-39FE-4734-B72F-076086889F6D}) (Version: 7.0.0 - Autodesk)
DJ_AIO_06_F4500_SW_MIN (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-2823460752-1825363325-1677760358-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
FARO LS 1.1.502.0 (64bit) (HKLM-x32\...\{66D83FE0-D798-4B38-86FE-FB48151E5AEF}) (Version: 5.2.0.35213 - FARO Scanner Production)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.9 - ASUS)
Fresco Logic USB3.0 Host Controller (HKLM\...\{AF1C2840-E9DC-483C-9120-C0E2FA08085A}) (Version: 3.0.116.3 - Fresco Logic Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HASP HL Device Driver (HKLM-x32\...\HASP HL Device Driver) (Version:  - )
HASP License Manager (HKLM-x32\...\HASP License Manager) (Version:  - )
HASP SRM Run-time (HKLM-x32\...\{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}) (Version: 3.50.1.8213 - Aladdin Knowledge Systems Ltd. ® 1985-2008.)
HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}) (Version: 14.0 - HP)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.11.0.001 - Şirketinizin Adı)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.13.0 - HTC)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3223 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)
K-Lite Codec Pack 9.7.5 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.7.5 - )
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Netcad 5.1.0.962 (HKLM-x32\...\{91731DDD-396F-4964-ACF1-8BB3EFB6A11E}) (Version: 5.1.0.962 - ulusal)
Netcad Imar Kadastro Uygulamalari 5.4.0.543 (HKLM-x32\...\{C42443C3-FFF9-4749-B9CB-58D511262F36}) (Version: 5.4.0.543 - ulusal)
Netcad Netpro 6.0.0.1042 (HKLM-x32\...\{1E3C8C87-B5F9-4EC0-A2B4-C42A522E5617}) (Version: 6.0.0.1042 - ulusal)
Netcad Netsurf Halihazir Harita Modulu 5.0.0.186 (HKLM-x32\...\{FA789ECB-0FE5-4428-9572-FE1E72068E87}) (Version: 5.0.0.186 - ulusal)
Netcad Vectory 3.5.0.85 (HKLM-x32\...\{A31F7CCF-2E76-4F6F-AB0F-AB319747BAB6}) (Version: 3.5.0.85 - ulusal)
NVIDIA Graphics Driver 267.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.54 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Planet Planlama (HKLM-x32\...\{C6FAC230-646B-499F-B245-B43024567617}) (Version: 2.5.010 - ulusal)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14013.45 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14013.45 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Sentinel System Driver(64-bit) 7.2.2 (HKLM\...\{97407E09-4EA8-49F0-A513-2C1776A6DEC0}) (Version: 7.2.2 - SafeNet, Inc.)
SketchUp 2014 (HKLM-x32\...\{A608A8D3-E77C-4BEE-8F2A-F8124F5F0FE2}) (Version: 14.0.4900 - Trimble Navigation Limited)
SketchUp Import 2016 (HKLM-x32\...\{C769FB7C-1F55-4B31-9A2A-21CEC50F4F92}) (Version: 2.0.0 - Autodesk)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2823460752-1825363325-1677760358-1000\...\Spotify) (Version: 1.0.15.133.gf21970bd - Spotify AB)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TTNET Internet (HKLM-x32\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - ZTE)
USB Disk Security (HKLM-x32\...\USB Disk Security_is1) (Version:  - Zbshareware Lab)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\kalkanli\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\kalkanli\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\kalkanli\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\kalkanli\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\kalkanli\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\kalkanli\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\kalkanli\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{B77E471C-FBF3-4CB5-880F-D7528AD4B349}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\kalkanli\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{C92FB640-AD4D-498A-9979-A51A2540C977}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\kalkanli\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\kalkanli\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2016\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\kalkanli\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kalkanli\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\kalkanli\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 05:34 - 2015-10-04 12:34 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {25B5731E-201D-42BE-A566-876071FB90DA} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2823460752-1825363325-1677760358-1000
Task: {2A005A68-3EEC-4EB2-8DB2-E92818CFE82A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {339424F7-45A6-43D4-8F21-557D270D0673} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {3904552E-529D-4D4C-B489-51DB4531FDB7} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {3D30B8D7-324A-476C-9C26-D891D58CDFFC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2823460752-1825363325-1677760358-1000UA => C:\Users\kalkanli\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-05] (Facebook Inc.)
Task: {416F1DF7-6073-4218-945A-C94B4007A244} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {42989F15-4D1D-45C9-9D17-0D6443585684} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {461C5BB5-9CF3-4995-BCD9-1E5865A7E277} - System32\Tasks\AdobeAAMUpdater-1.0-kalkanli-PC-kalkanli => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-09-04] (Adobe Systems Incorporated)
Task: {4DFA2A41-33D4-4AEE-AE35-3FE49146986C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-22] (Google Inc.)
Task: {4F943A53-6839-45B4-B6E4-93016CD4DB6F} - System32\Tasks\E1B7C124-2E61-4904-AC51-8D2EE6FC2D2 => C:\Users\kalkanli\AppData\Local\E1B7C124-2E61-4904-AC51-8D2EE6FC2D2\E1B7C124-2E61-4904-AC51-8D2EE6FC2D2.exe <==== ATTENTION
Task: {53362FE4-5398-47D1-903C-0A859D15C7CD} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {59E04613-6DBB-4C21-A943-9B7CB6E2DDA1} - System32\Tasks\ASUS Patch 10430001 => C:\Windows\AsPatch10430001.exe
Task: {5C1135AF-0013-45DC-A89A-70F8AA9F274A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {61EC5F0D-DA11-4DDA-8E97-DBC9013DD71C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {8DFE60CE-05CA-492C-B62A-C0AED9405231} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9B1FEB06-C8C9-486A-8A5D-B52E0B9D143D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2823460752-1825363325-1677760358-1000Core1d0c541c80f101a => C:\Users\kalkanli\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {BA7609DE-2CEA-46F7-B57F-8FDB25D76A41} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-22] (Google Inc.)
Task: {BE2950CF-44AC-44D7-995D-7E2101F6582B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {C0561768-6211-4DED-8CD7-3353706AAD0F} - System32\Tasks\GoogleUpdateTaskMachineCore1d0c542349b9dd6 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-22] (Google Inc.)
Task: {CA72F722-3703-439D-9A45-53841AD492A6} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {CB01C205-1E2E-4E8B-9D26-0B5A330148FF} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {CD05FFE5-C9E5-4B87-ACDE-27D6BDFC5460} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2823460752-1825363325-1677760358-1000Core => C:\Users\kalkanli\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-05] (Facebook Inc.)
Task: {D96411B8-2087-4DC1-B7B3-E9DC8389A8ED} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22] (Adobe Systems Incorporated)
Task: {E00E7F22-8821-47F1-8A23-2F76D3E3BB7A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2823460752-1825363325-1677760358-1000UA => C:\Users\kalkanli\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {FB95988B-2DBA-48FE-B750-B1B619990165} - System32\Tasks\{5136CF5B-9D9A-4D57-BE17-46283A882166} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.3.0.107&amp;LastError=12002
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ATKOSD2.job => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
Task: C:\Windows\Tasks\ATKOSD2_6690087.job => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
Task: C:\Windows\Tasks\DMedia_6690087.job => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2823460752-1825363325-1677760358-1000Core.job => C:\Users\kalkanli\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2823460752-1825363325-1677760358-1000UA.job => C:\Users\kalkanli\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8e6595b6c427.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cff22143c2767e.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cffff42cbe2135.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d040c7340fe6fc.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d08fd8b9ff3bd9.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0c542349b9dd6.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2823460752-1825363325-1677760358-1000Core1cf8f2629d33ff3.job => C:\Users\kalkanli\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2823460752-1825363325-1677760358-1000Core1cff2bc8e690a14.job => C:\Users\kalkanli\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2823460752-1825363325-1677760358-1000Core1d0001f3918fe46.job => C:\Users\kalkanli\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2823460752-1825363325-1677760358-1000Core1d04260bedd123e.job => C:\Users\kalkanli\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2823460752-1825363325-1677760358-1000Core1d08faec6af3c01.job => C:\Users\kalkanli\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2823460752-1825363325-1677760358-1000Core1d0c541c80f101a.job => C:\Users\kalkanli\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2823460752-1825363325-1677760358-1000UA.job => C:\Users\kalkanli\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HControlUser_6690024.job => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-09-10 21:08 - 2008-08-02 08:57 - 01757184 _____ () C:\Program Files (x86)\ESRI\License\arcgis9x\ARCGIS.exe
2011-02-22 22:52 - 2011-02-22 22:52 - 00086016 _____ () C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2015-09-11 19:02 - 2015-09-11 19:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2013-03-08 12:20 - 2011-05-24 03:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-05-27 12:33 - 2014-05-27 12:33 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2014-10-23 22:19 - 2014-10-23 22:19 - 00043520 _____ () C:\Program Files\CCleaner\lang\lang-1055.dll
2014-04-14 22:41 - 2014-04-14 22:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2015-01-27 21:23 - 2015-01-27 21:23 - 00232328 _____ () C:\Program Files\Autodesk\Autodesk Sync\qjson_Ad_0.dll
2015-01-27 21:23 - 2015-01-27 21:23 - 00059784 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
2015-01-27 21:23 - 2015-01-27 21:23 - 00922504 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
2015-01-27 21:23 - 2015-01-27 21:23 - 00048520 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
2015-09-11 19:01 - 2015-09-11 19:01 - 31958688 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-08-02 01:29 - 2015-09-07 06:33 - 00055688 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2015-08-02 01:29 - 2015-09-07 06:33 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2013-01-28 14:08 - 2013-01-28 14:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 14:08 - 2013-01-28 14:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-27 12:32 - 2014-05-27 12:32 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-05-27 12:32 - 2014-05-27 12:32 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-05-27 12:33 - 2014-05-27 12:33 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-05-27 12:32 - 2014-05-27 12:32 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-05-27 12:33 - 2014-05-27 12:33 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-05-27 12:34 - 2014-05-27 12:34 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-05-27 12:35 - 2014-05-27 12:35 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2015-09-15 08:08 - 2015-09-15 08:08 - 40523440 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2015-10-10 11:07 - 2015-09-07 06:33 - 00104328 _____ () C:\Users\kalkanli\AppData\Local\Autodesk\.AdskAppManager\R1\qjson0.dll
2013-02-01 11:31 - 2013-02-01 11:31 - 06522944 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-09-15 08:08 - 2015-09-15 08:08 - 01365680 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libglesv2.dll
2015-09-15 08:08 - 2015-09-15 08:08 - 00219312 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libegl.dll
2015-09-11 16:39 - 2015-09-11 16:39 - 00124416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2015-09-11 16:39 - 2015-09-11 16:39 - 00121856 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-imslib\node_modules\ref\build\Release\binding.node
2015-09-11 16:39 - 2015-09-11 16:39 - 00122880 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-imslib\node_modules\ffi\build\Release\ffi_bindings.node
2015-09-11 16:39 - 2015-09-11 16:39 - 00188416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2015-09-11 16:39 - 2015-09-11 16:39 - 00085504 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ws\build\Release\bufferutil.node
2015-09-11 16:39 - 2015-09-11 16:39 - 00086016 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ws\build\Release\validation.node
2015-09-11 16:39 - 2015-09-11 16:39 - 00081408 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node
2015-09-29 12:32 - 2015-09-24 05:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-09-29 12:32 - 2015-09-24 05:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2823460752-1825363325-1677760358-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\kalkanli\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\kalkanli\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: Wireless Console 3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{D8F222B4-3528-4CE7-AA08-3B4D22F370CF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{1FF5E292-B03B-4F86-946D-9F24CA7F0572}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{BBE7D106-897C-46BD-9BFF-DF3A49233E24}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{2EE1A0B8-6EF3-4431-94DF-69D7878D5103}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{2EA70AEF-3336-4B2A-8C10-1EB2CB991B74}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7A87527F-24CE-496D-9C40-C4A1A3C4EBFE}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C202769E-41E9-46E7-8B6C-03748C44829E}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{14D5A32D-9F34-4522-A846-CAC9DDE3A133}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{F0388EF6-359D-4E81-A091-0C96E34EE95A}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{A9CCFABD-6001-4339-BB6D-1A26DF6A67D4}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{B5F9D1C9-5FF8-4423-8C34-2ABA4CCBA38E}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{580CF023-C960-4FBF-9E0C-A625804BCEDF}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{FCE95921-808A-47FB-8ED4-F2B1C7E09663}] => (Allow) C:\Program Files\Autodesk\3ds Max 2012\3dsmax.exe
FirewallRules: [{E2D3B763-4FDF-458A-B1F2-CD31A4C13332}] => (Allow) C:\Program Files\Autodesk\3ds Max 2012\3dsmax.exe
FirewallRules: [{92887966-B88E-45CA-92F5-B55ED8042CDC}] => (Allow) C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
FirewallRules: [{15CDA110-D351-46C6-8C20-73B51C8C5117}] => (Allow) C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
FirewallRules: [{48666159-963E-47C0-B874-1B422AC44796}] => (Allow) C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64.exe
FirewallRules: [{50381C33-2F8C-42CD-A8E4-5D51B54E9959}] => (Allow) C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64.exe
FirewallRules: [{0321143B-4E3C-4142-8CFC-0D71CF52811F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{1FFDDD43-8AC0-4434-8735-C3D2C21ABD4D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9E0CEC59-8D71-4C52-A046-7E56BC3B1003}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{587214C4-B8EC-4D23-ACD5-6B092393E711}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{329180EA-3206-42EF-B3AC-10844CF8A75C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BB93202A-C534-447E-A634-1D4011920291}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{BCE5E450-1899-4895-8957-8B54AB2DB0AF}] => (Allow) C:\Users\kalkanli\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{066F7308-9093-4DBB-BA99-4B53DC59B14B}] => (Allow) C:\Users\kalkanli\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3E838399-16DB-4DC2-AA0A-52B9563919A5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{AD03CE81-59D6-4865-A5D8-008EC85F1493}C:\program files (x86)\airties wireless networks\airties network assistant\anagui.exe] => (Allow) C:\program files (x86)\airties wireless networks\airties network assistant\anagui.exe
FirewallRules: [UDP Query User{E921FA05-949B-4A9D-B838-6CF5DDED9ECA}C:\program files (x86)\airties wireless networks\airties network assistant\anagui.exe] => (Allow) C:\program files (x86)\airties wireless networks\airties network assistant\anagui.exe
FirewallRules: [{5DB19F3C-97F3-4ECC-9A5C-B60ADC5F42C9}] => (Block) C:\program files (x86)\airties wireless networks\airties network assistant\anagui.exe
FirewallRules: [{44332339-965B-4C8B-92C1-B9DBF9111379}] => (Block) C:\program files (x86)\airties wireless networks\airties network assistant\anagui.exe
FirewallRules: [{5902668D-A1A2-48AB-A0CC-DAFE2AFC3B59}] => (Allow) C:\Users\kalkanli\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{45B15921-7C86-45AA-B43B-842078FF8641}] => (Allow) C:\Users\kalkanli\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{25C59AE9-7A70-4B09-A1AA-C10D14D4F46B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{B8251215-9411-40E6-B742-CFB46777EE96}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{E443E21A-576E-4F65-85EC-68DF79E35CE0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{1C1D71E5-187B-42B8-9914-5D964FC8783B}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [TCP Query User{35122E30-AF42-4640-B578-A40B23E87EB4}C:\users\kalkanli\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\kalkanli\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{16DB1324-7CA4-4560-9956-E2E2C427EF5D}C:\users\kalkanli\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\kalkanli\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{C6020D8C-9190-4599-9793-384430A645A7}] => (Allow) C:\Users\kalkanli\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{5DEF1C71-2264-4169-A2AB-E2EC1BA98C3E}] => (Allow) C:\Users\kalkanli\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{A3361D03-9B89-4EC2-8E62-45CDABBFCE98}] => (Allow) C:\Users\kalkanli\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{E8D8F0DE-9D00-4369-A4CE-B5942238A5A7}] => (Allow) C:\Users\kalkanli\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{76C38D2D-C724-427F-8CEF-38CF9AA0CC2A}] => (Allow) C:\Users\kalkanli\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{011B1A61-C659-46E5-B235-DFD6866B2FAA}] => (Allow) LPort=475
FirewallRules: [{36821E1A-6A68-4A56-A5A7-40DEC389EBC4}] => (Allow) LPort=475
FirewallRules: [{DD8884AA-508E-4910-A780-EA3679DB2D13}] => (Allow) LPort=1947
FirewallRules: [{ABB7A2F2-6C7D-45F6-9A40-E506FBB46187}] => (Allow) LPort=1947
FirewallRules: [TCP Query User{18693A9A-7CAF-4149-B0DF-2CFDEE6115D3}C:\users\kalkanli\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\kalkanli\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{06CB89CB-6091-44EB-AA4D-A1C571AAE374}C:\users\kalkanli\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\kalkanli\appdata\local\akamai\netsession_win.exe
FirewallRules: [{123132E1-F5A6-4438-A75A-D3B2E874FC37}] => (Allow) LPort=50248
FirewallRules: [TCP Query User{91001587-6D10-4B82-A5F7-BBB023CAF672}C:\users\kalkanli\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\kalkanli\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{94F0A782-E483-4416-B36F-C544EF5E65E5}C:\users\kalkanli\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\kalkanli\appdata\local\akamai\netsession_win.exe
FirewallRules: [{C2EC7BFE-B0DE-4EC1-9297-E4E1733C3F1F}] => (Allow) C:\Users\kalkanli\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{61C6A8DD-035B-45FA-826C-09AAD18222DE}] => (Allow) C:\Users\kalkanli\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B7B18648-338F-4A1D-AC3F-5A608E20F518}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Aruba Virtual Adapter
Description: Aruba Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Aruba Networks
Service: arubavnic
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Bluetooth Module
Description: Bluetooth Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Atheros Communications
Service: BTHUSB
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/10/2015 11:22:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6021
 
Error: (10/10/2015 11:22:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6021
 
Error: (10/10/2015 11:22:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/10/2015 11:22:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5023
 
Error: (10/10/2015 11:22:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5023
 
Error: (10/10/2015 11:22:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/10/2015 11:22:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4009
 
Error: (10/10/2015 11:22:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4009
 
Error: (10/10/2015 11:22:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/10/2015 11:22:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3011
 
 
System errors:
=============
Error: (10/10/2015 12:09:39 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
 
Error: (10/10/2015 11:55:50 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
 
Error: (10/10/2015 11:53:36 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
 
Error: (10/10/2015 11:42:24 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
 
Error: (10/10/2015 11:26:40 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
 
Error: (10/10/2015 11:09:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (10/10/2015 11:08:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/10/2015 11:08:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/10/2015 11:05:24 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Avira Mail Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error: 
%%216
 
Error: (10/10/2015 11:05:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Sentinel service failed to start due to the following error: 
%%577
 
 
CodeIntegrity:
===================================
  Date: 2015-10-10 11:05:24.852
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-10 11:05:24.837
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-09 12:48:57.671
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-09 12:48:57.624
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-09 12:18:00.937
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-09 12:18:00.906
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-07 19:14:04.101
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-07 19:14:04.085
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-07 15:34:43.751
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-07 15:34:43.751
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 49%
Total physical RAM: 6049.06 MB
Available physical RAM: 3041.57 MB
Total Virtual: 12096.3 MB
Available Virtual: 8960.18 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:304.36 GB) (Free:222.33 GB) NTFS
Drive d: (DATA) (Fixed) (Total:394.18 GB) (Free:158.75 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 496B9619)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=304.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=394.2 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 

 

 

Attached Files



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:34 AM

Posted 10 October 2015 - 02:38 PM

Greetings Duygu, glad we are able to work on your computer.

Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CreateRestorePoint:
CloseProcesses:
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\...\Policies\Explorer\Run: [361448601] => C:\ProgramData\msraq.exe [86016000 2010-11-21] (THOMSON)
C:\ProgramData\msraq.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2823460752-1825363325-1677760358-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll No File
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
2015-07-23 15:15 - 2015-07-23 15:15 - 1415680 _____ (wj32) C:\Program Files\0I26O6K8.exe
2015-07-04 23:54 - 2015-07-04 23:54 - 1415680 _____ (wj32) C:\Program Files\0I2K2K4W.exe
2015-08-02 00:34 - 2015-08-02 00:34 - 1415680 _____ (wj32) C:\Program Files\0K2K2M4I.exe
2015-07-23 15:15 - 2015-07-23 15:15 - 1415680 _____ (wj32) C:\Program Files\1CM0AOZ9.exe
2015-07-30 19:28 - 2015-07-30 19:28 - 1415680 _____ (wj32) C:\Program Files\1K3XGZIU.exe
2015-07-29 18:02 - 2015-07-29 18:02 - 1415680 _____ (wj32) C:\Program Files\2EUAYE66.exe
2015-07-02 15:25 - 2015-07-02 15:25 - 1415680 _____ (wj32) C:\Program Files\2L4YH0JU.exe
2015-07-29 18:38 - 2015-07-29 18:38 - 1415680 _____ (wj32) C:\Program Files\2LFYH0UK.exe
2015-08-04 17:53 - 2015-08-04 17:53 - 1415680 _____ (wj32) C:\Program Files\2LFYHB66.exe
2015-07-10 00:40 - 2015-07-10 00:40 - 1415680 _____ (wj32) C:\Program Files\3EOZCNYR.exe
2015-08-04 17:54 - 2015-08-04 17:54 - 1415680 _____ (wj32) C:\Program Files\3JVJZFVB.exe
2015-08-04 14:43 - 2015-08-04 14:43 - 1415680 _____ (wj32) C:\Program Files\3MGZ5MSL.exe
2015-08-06 15:35 - 2015-08-06 15:35 - 1415680 _____ (wj32) C:\Program Files\5FK0EPZS.exe
2015-08-04 14:44 - 2015-08-04 14:44 - 1415680 _____ (wj32) C:\Program Files\5ZI1KEXX.exe
2015-08-04 14:43 - 2015-08-04 14:43 - 1415680 _____ (wj32) C:\Program Files\5ZTC60JG.exe
2015-08-05 22:30 - 2015-08-05 22:30 - 1415680 _____ (wj32) C:\Program Files\6P82L4NO.exe
2015-08-04 14:43 - 2015-08-04 14:43 - 1415680 _____ (wj32) C:\Program Files\6P82L4YA.exe
2015-07-11 12:22 - 2015-07-11 12:22 - 1415680 _____ (wj32) C:\Program Files\7IS6GR2F.exe
2015-06-25 23:16 - 2015-06-25 23:16 - 1415680 _____ (wj32) C:\Program Files\7K9SM5OB.exe
2015-08-04 14:43 - 2015-08-04 14:43 - 1415680 _____ (wj32) C:\Program Files\82L4NH0J.exe
2015-07-30 19:29 - 2015-07-30 19:29 - 1415680 _____ (wj32) C:\Program Files\8O4K8O0C.exe
2015-08-04 17:54 - 2015-08-04 17:54 - 1415680 _____ (wj32) C:\Program Files\9SBUO7KK.exe
2015-07-25 14:27 - 2015-07-25 14:27 - 1415680 _____ (wj32) C:\Program Files\9SM5O711.exe
2015-07-29 18:01 - 2015-07-29 18:01 - 1415680 _____ (wj32) C:\Program Files\9SM5OI1K.exe
2015-07-29 18:38 - 2015-07-29 18:38 - 1415680 _____ (wj32) C:\Program Files\A4N6PJJ6.exe
2015-08-04 17:54 - 2015-08-04 17:54 - 1415680 _____ (wj32) C:\Program Files\A987BA9I.exe
2015-08-05 16:14 - 2015-08-05 16:14 - 1415680 _____ (wj32) C:\Program Files\ATN6P82L.exe
2015-08-01 23:15 - 2015-08-01 23:15 - 1415680 _____ (wj32) C:\Program Files\BMZAKV9W.exe
2015-07-27 20:47 - 2015-07-27 20:47 - 1415680 _____ (wj32) C:\Program Files\BP0DO2C9.exe
2015-07-29 18:37 - 2015-07-29 18:37 - 1415680 _____ (wj32) C:\Program Files\BP3KYFTO.exe
2015-08-04 14:44 - 2015-08-04 14:44 - 1415680 _____ (wj32) C:\Program Files\BUDWK9ST.exe
2015-07-07 14:28 - 2015-07-07 14:28 - 1415680 _____ (wj32) C:\Program Files\DR1CP0E7.exe
2015-07-30 19:28 - 2015-07-30 19:28 - 1415680 _____ (wj32) C:\Program Files\E8RATN6P.exe
2015-07-29 18:01 - 2015-07-29 18:01 - 1415680 _____ (wj32) C:\Program Files\E8RL4N6I.exe
2015-07-11 12:23 - 2015-07-11 12:23 - 1415680 _____ (wj32) C:\Program Files\EK6UAK6E.exe
2015-06-29 16:20 - 2015-06-29 16:20 - 1415680 _____ (wj32) C:\Program Files\EOZ9NY83.exe
2015-07-08 21:48 - 2015-07-08 21:48 - 1415680 _____ (wj32) C:\Program Files\ER2CN1B4.exe
2015-07-04 23:54 - 2015-07-04 23:54 - 1415680 _____ (wj32) C:\Program Files\ES3GR2CK.exe
2015-08-05 22:29 - 2015-08-05 22:29 - 1415680 _____ (wj32) C:\Program Files\EXRA4N6P.exe
2015-08-05 22:29 - 2015-08-05 22:29 - 1415680 _____ (wj32) C:\Program Files\FK0EPZA8.exe
2015-07-05 14:05 - 2015-07-05 14:05 - 1415680 _____ (wj32) C:\Program Files\FP3EOZC2.exe
2015-07-10 19:46 - 2015-07-10 19:46 - 1415680 _____ (wj32) C:\Program Files\FR7NBRFV.exe
2015-07-29 18:46 - 2015-07-29 18:46 - 1415680 _____ (wj32) C:\Program Files\FT7O2GUS.exe
2015-07-11 12:21 - 2015-07-11 12:21 - 1415680 _____ (wj32) C:\Program Files\G0I2K4M6.exe
2015-08-04 17:54 - 2015-08-04 17:54 - 1415680 _____ (wj32) C:\Program Files\GC1PEAZN.exe
2015-07-29 18:00 - 2015-07-29 18:00 - 1415680 _____ (wj32) C:\Program Files\GR4FK0E7.exe
2015-07-29 18:19 - 2015-07-29 18:19 - 1415680 _____ (wj32) C:\Program Files\GU5FK4MY.exe
2015-07-29 18:01 - 2015-07-29 18:01 - 1415680 _____ (wj32) C:\Program Files\GZTCVE89.exe
2015-08-05 16:14 - 2015-08-05 16:14 - 1415680 _____ (wj32) C:\Program Files\HBUDWK9Z.exe
2015-08-05 22:29 - 2015-08-05 22:29 - 1415680 _____ (wj32) C:\Program Files\HV9N4IZX.exe
2015-07-25 14:27 - 2015-07-25 14:27 - 1415680 _____ (wj32) C:\Program Files\I1K3XGZB.exe
2015-07-29 18:16 - 2015-07-29 18:16 - 1415680 _____ (wj32) C:\Program Files\ICVEXRAL.exe
2015-07-10 19:46 - 2015-07-10 19:46 - 1415680 _____ (wj32) C:\Program Files\IYEUIYAK.exe
2015-07-29 18:16 - 2015-07-29 18:16 - 1415680 _____ (wj32) C:\Program Files\J2LFYHBB.exe
2015-07-23 15:15 - 2015-07-23 15:15 - 1415680 _____ (wj32) C:\Program Files\JDWF9SBU.exe
2015-06-25 23:16 - 2015-06-25 23:16 - 1415680 _____ (wj32) C:\Program Files\JDWFYSBB.exe
2015-07-29 18:01 - 2015-07-29 18:01 - 1415680 _____ (wj32) C:\Program Files\JU4FT3HK.exe
2015-08-05 22:29 - 2015-08-05 22:29 - 1415680 _____ (wj32) C:\Program Files\JXBS6KYZ.exe
2015-07-29 18:20 - 2015-07-29 18:20 - 1415680 _____ (wj32) C:\Program Files\K3M5ZICO.exe
2015-08-04 14:43 - 2015-08-04 14:43 - 1415680 _____ (wj32) C:\Program Files\K3MGOI11.exe
2015-07-29 18:02 - 2015-07-29 18:02 - 1415680 _____ (wj32) C:\Program Files\K6M2K6UY.exe
2015-07-11 12:22 - 2015-07-11 12:22 - 1415680 _____ (wj32) C:\Program Files\K6U6M2UK.exe
2015-07-29 18:01 - 2015-07-29 18:01 - 1415680 _____ (wj32) C:\Program Files\K8SAUYGK.exe
2015-07-30 19:27 - 2015-07-30 19:27 - 1415680 _____ (wj32) C:\Program Files\K9SB5OIG.exe
2015-08-01 23:15 - 2015-08-01 23:15 - 1415680 _____ (wj32) C:\Program Files\KCWG0M6K.exe
2015-08-05 22:30 - 2015-08-05 22:30 - 1415680 _____ (wj32) C:\Program Files\KK3M5ZII.exe
2015-07-11 12:23 - 2015-07-11 12:23 - 1415680 _____ (wj32) C:\Program Files\LFYH0UDP.exe
2015-07-11 12:22 - 2015-07-11 12:22 - 1415680 _____ (wj32) C:\Program Files\M2I6MYEE.exe
2015-08-04 17:55 - 2015-08-04 17:55 - 1415680 _____ (wj32) C:\Program Files\N6P82L4N.exe
2015-07-29 18:19 - 2015-07-29 18:19 - 1415680 _____ (wj32) C:\Program Files\NY8JW7IS.exe
2015-06-29 00:12 - 2015-06-29 00:12 - 1415680 _____ (wj32) C:\Program Files\O2CNXBMC.exe
2015-07-29 18:16 - 2015-07-29 18:16 - 1415680 _____ (wj32) C:\Program Files\O71K3XGZ.exe
2015-07-11 12:22 - 2015-07-11 12:22 - 1415680 _____ (wj32) C:\Program Files\R5GK1EPS.exe
2015-07-05 14:06 - 2015-07-05 14:06 - 1415680 _____ (wj32) C:\Program Files\R9R9TBHZ.exe
2015-08-04 14:42 - 2015-08-04 14:42 - 1415680 _____ (wj32) C:\Program Files\S3EO2CKJ.exe
2015-07-30 19:28 - 2015-07-30 19:28 - 1415680 _____ (wj32) C:\Program Files\SB5O7KK3.exe
2015-07-29 18:37 - 2015-07-29 18:37 - 1415680 _____ (wj32) C:\Program Files\SBUD7K9S.exe
2015-07-30 19:27 - 2015-07-30 19:27 - 1415680 _____ (wj32) C:\Program Files\SBUO7K97.exe
2015-07-25 14:26 - 2015-07-25 14:26 - 1415680 _____ (wj32) C:\Program Files\SBUO7K9W.exe
2015-07-29 18:20 - 2015-07-29 18:20 - 1415680 _____ (wj32) C:\Program Files\SGWCOCSG.exe
2015-07-25 14:27 - 2015-07-25 14:27 - 1415680 _____ (wj32) C:\Program Files\SM5ZI1KE.exe
2015-08-04 17:54 - 2015-08-04 17:54 - 1415680 _____ (wj32) C:\Program Files\UD7K9SM3.exe
2015-07-29 18:02 - 2015-07-29 18:02 - 1415680 _____ (wj32) C:\Program Files\UDWF9SBM.exe
2015-07-04 23:54 - 2015-07-04 23:54 - 1415680 _____ (wj32) C:\Program Files\UG0K4KAK.exe
2015-08-04 14:44 - 2015-08-04 14:44 - 1415680 _____ (wj32) C:\Program Files\VBZFV7VV.exe
2015-07-29 18:15 - 2015-07-29 18:15 - 1415680 _____ (wj32) C:\Program Files\W0K2KI0U.exe
2015-06-27 02:54 - 2015-06-27 02:54 - 1415680 _____ (wj32) C:\Program Files\W9N4IWDC.exe
2015-07-29 18:20 - 2015-07-29 18:20 - 1415680 _____ (wj32) C:\Program Files\WCS8W8O0.exe
2015-08-02 00:34 - 2015-08-02 00:34 - 1415680 _____ (wj32) C:\Program Files\WEYGYM4A.exe
2015-07-29 18:01 - 2015-07-29 18:01 - 1415680 _____ (wj32) C:\Program Files\WF9SM5VR.exe
2015-07-29 18:02 - 2015-07-29 18:02 - 1415680 _____ (wj32) C:\Program Files\WK0CSGO4.exe
2015-07-29 18:20 - 2015-07-29 18:20 - 1415680 _____ (wj32) C:\Program Files\XGZICVE1.exe
2015-07-29 18:37 - 2015-07-29 18:37 - 1415680 _____ (wj32) C:\Program Files\XJ2L9SMG.exe
2015-07-11 12:22 - 2015-07-11 12:22 - 1415680 _____ (wj32) C:\Program Files\XRATC6PP.exe
2015-07-30 19:28 - 2015-07-30 19:28 - 1415680 _____ (wj32) C:\Program Files\Y210MKPY.exe
2015-07-29 18:02 - 2015-07-29 18:02 - 1415680 _____ (wj32) C:\Program Files\Y4EUU4EK.exe
2015-07-29 18:16 - 2015-07-29 18:16 - 1415680 _____ (wj32) C:\Program Files\Y88OYY8E.exe
2015-08-07 00:04 - 2015-08-07 00:04 - 1415680 _____ (wj32) C:\Program Files\Y8JX7LWK.exe
2015-07-29 18:19 - 2015-07-29 18:19 - 1415680 _____ (wj32) C:\Program Files\YBMW7LVI.exe
2015-08-07 00:04 - 2015-08-07 00:04 - 1415680 _____ (wj32) C:\Program Files\YBMX7LVP.exe
2015-07-29 18:20 - 2015-07-29 18:20 - 1415680 _____ (wj32) C:\Program Files\ZANY8JXK.exe
2015-06-30 13:47 - 2015-06-30 13:47 - 1415680 _____ (wj32) C:\Program Files\ZAOY9JXS.exe
2015-07-30 19:28 - 2015-07-30 19:28 - 1415680 _____ (wj32) C:\Program Files\ZI1KEXGN.exe
2015-07-29 18:15 - 2015-07-29 18:38 - 1415680 _____ (wj32) C:\Program Files\ZICVEXRA.exe
2015-04-14 19:28 - 2015-04-14 19:28 - 0004387 _____ () C:\Users\kalkanli\AppData\Roaming\6BKtpZYhtDzLG2uErr1vmq8HgkA
2015-04-19 15:20 - 2015-04-19 15:20 - 0005872 _____ () C:\Users\kalkanli\AppData\Roaming\6Pys0Flj2k
C:\Users\kalkanli\AppData\Local\Temp\cdo1170356221.dll
C:\Users\kalkanli\AppData\Local\Temp\cdo1178333949.dll
C:\Users\kalkanli\AppData\Local\Temp\cdo1357404101.dll
C:\Users\kalkanli\AppData\Local\Temp\cdo1414486263.dll
C:\Users\kalkanli\AppData\Local\Temp\cdo1987068232.dll
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\kalkanli\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\kalkanli\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\kalkanli\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\kalkanli\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\kalkanli\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\kalkanli\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\kalkanli\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\kalkanli\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\kalkanli\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {4F943A53-6839-45B4-B6E4-93016CD4DB6F} - System32\Tasks\E1B7C124-2E61-4904-AC51-8D2EE6FC2D2 => C:\Users\kalkanli\AppData\Local\E1B7C124-2E61-4904-AC51-8D2EE6FC2D2\E1B7C124-2E61-4904-AC51-8D2EE6FC2D2.exe
C:\Users\kalkanli\AppData\Local\E1B7C124-2E61-4904-AC51-8D2EE6FC2D2\E1B7C124-2E61-4904-AC51-8D2EE6FC2D2.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Scan
  • Upon completion click Report
  • Review the entries and uncheck any items you would like to keep on your computer (leaving an item checked will cause its deletion)
  • Click Clean to remove the items still checked
  • Click OK twice to reboot your computer
  • Copy and paste the contents of the text file on your desktop upon reboot in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • What problems are you still having?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:34 AM

Posted 13 October 2015 - 12:35 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:34 AM

Posted 15 October 2015 - 01:37 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:34 AM

Posted 16 October 2015 - 06:07 PM

This topic has been re-opened at the request of the person who originally posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 ez6733

ez6733
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 16 October 2015 - 06:58 PM

Fixlog :

Fix result of Farbar Recovery Scan Tool (x64) Version:16-10-2015
Ran by kalkanli (2015-10-16 23:21:28) Run:1
Running from C:\Users\kalkanli\Desktop
Loaded Profiles: kalkanli & UpdatusUser (Available Profiles: kalkanli & UpdatusUser & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\...\Policies\Explorer\Run: [361448601] => C:\ProgramData\msraq.exe [86016000 2010-11-21] (THOMSON)
C:\ProgramData\msraq.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2823460752-1825363325-1677760358-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll No File
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
2015-07-23 15:15 - 2015-07-23 15:15 - 1415680 _____ (wj32) C:\Program Files\0I26O6K8.exe
2015-07-04 23:54 - 2015-07-04 23:54 - 1415680 _____ (wj32) C:\Program Files\0I2K2K4W.exe
2015-08-02 00:34 - 2015-08-02 00:34 - 1415680 _____ (wj32) C:\Program Files\0K2K2M4I.exe
2015-07-23 15:15 - 2015-07-23 15:15 - 1415680 _____ (wj32) C:\Program Files\1CM0AOZ9.exe
2015-07-30 19:28 - 2015-07-30 19:28 - 1415680 _____ (wj32) C:\Program Files\1K3XGZIU.exe
2015-07-29 18:02 - 2015-07-29 18:02 - 1415680 _____ (wj32) C:\Program Files\2EUAYE66.exe
2015-07-02 15:25 - 2015-07-02 15:25 - 1415680 _____ (wj32) C:\Program Files\2L4YH0JU.exe
2015-07-29 18:38 - 2015-07-29 18:38 - 1415680 _____ (wj32) C:\Program Files\2LFYH0UK.exe
2015-08-04 17:53 - 2015-08-04 17:53 - 1415680 _____ (wj32) C:\Program Files\2LFYHB66.exe
2015-07-10 00:40 - 2015-07-10 00:40 - 1415680 _____ (wj32) C:\Program Files\3EOZCNYR.exe
2015-08-04 17:54 - 2015-08-04 17:54 - 1415680 _____ (wj32) C:\Program Files\3JVJZFVB.exe
2015-08-04 14:43 - 2015-08-04 14:43 - 1415680 _____ (wj32) C:\Program Files\3MGZ5MSL.exe
2015-08-06 15:35 - 2015-08-06 15:35 - 1415680 _____ (wj32) C:\Program Files\5FK0EPZS.exe
2015-08-04 14:44 - 2015-08-04 14:44 - 1415680 _____ (wj32) C:\Program Files\5ZI1KEXX.exe
2015-08-04 14:43 - 2015-08-04 14:43 - 1415680 _____ (wj32) C:\Program Files\5ZTC60JG.exe
2015-08-05 22:30 - 2015-08-05 22:30 - 1415680 _____ (wj32) C:\Program Files\6P82L4NO.exe
2015-08-04 14:43 - 2015-08-04 14:43 - 1415680 _____ (wj32) C:\Program Files\6P82L4YA.exe
2015-07-11 12:22 - 2015-07-11 12:22 - 1415680 _____ (wj32) C:\Program Files\7IS6GR2F.exe
2015-06-25 23:16 - 2015-06-25 23:16 - 1415680 _____ (wj32) C:\Program Files\7K9SM5OB.exe
2015-08-04 14:43 - 2015-08-04 14:43 - 1415680 _____ (wj32) C:\Program Files\82L4NH0J.exe
2015-07-30 19:29 - 2015-07-30 19:29 - 1415680 _____ (wj32) C:\Program Files\8O4K8O0C.exe
2015-08-04 17:54 - 2015-08-04 17:54 - 1415680 _____ (wj32) C:\Program Files\9SBUO7KK.exe
2015-07-25 14:27 - 2015-07-25 14:27 - 1415680 _____ (wj32) C:\Program Files\9SM5O711.exe
2015-07-29 18:01 - 2015-07-29 18:01 - 1415680 _____ (wj32) C:\Program Files\9SM5OI1K.exe
2015-07-29 18:38 - 2015-07-29 18:38 - 1415680 _____ (wj32) C:\Program Files\A4N6PJJ6.exe
2015-08-04 17:54 - 2015-08-04 17:54 - 1415680 _____ (wj32) C:\Program Files\A987BA9I.exe
2015-08-05 16:14 - 2015-08-05 16:14 - 1415680 _____ (wj32) C:\Program Files\ATN6P82L.exe
2015-08-01 23:15 - 2015-08-01 23:15 - 1415680 _____ (wj32) C:\Program Files\BMZAKV9W.exe
2015-07-27 20:47 - 2015-07-27 20:47 - 1415680 _____ (wj32) C:\Program Files\BP0DO2C9.exe
2015-07-29 18:37 - 2015-07-29 18:37 - 1415680 _____ (wj32) C:\Program Files\BP3KYFTO.exe
2015-08-04 14:44 - 2015-08-04 14:44 - 1415680 _____ (wj32) C:\Program Files\BUDWK9ST.exe
2015-07-07 14:28 - 2015-07-07 14:28 - 1415680 _____ (wj32) C:\Program Files\DR1CP0E7.exe
2015-07-30 19:28 - 2015-07-30 19:28 - 1415680 _____ (wj32) C:\Program Files\E8RATN6P.exe
2015-07-29 18:01 - 2015-07-29 18:01 - 1415680 _____ (wj32) C:\Program Files\E8RL4N6I.exe
2015-07-11 12:23 - 2015-07-11 12:23 - 1415680 _____ (wj32) C:\Program Files\EK6UAK6E.exe
2015-06-29 16:20 - 2015-06-29 16:20 - 1415680 _____ (wj32) C:\Program Files\EOZ9NY83.exe
2015-07-08 21:48 - 2015-07-08 21:48 - 1415680 _____ (wj32) C:\Program Files\ER2CN1B4.exe
2015-07-04 23:54 - 2015-07-04 23:54 - 1415680 _____ (wj32) C:\Program Files\ES3GR2CK.exe
2015-08-05 22:29 - 2015-08-05 22:29 - 1415680 _____ (wj32) C:\Program Files\EXRA4N6P.exe
2015-08-05 22:29 - 2015-08-05 22:29 - 1415680 _____ (wj32) C:\Program Files\FK0EPZA8.exe
2015-07-05 14:05 - 2015-07-05 14:05 - 1415680 _____ (wj32) C:\Program Files\FP3EOZC2.exe
2015-07-10 19:46 - 2015-07-10 19:46 - 1415680 _____ (wj32) C:\Program Files\FR7NBRFV.exe
2015-07-29 18:46 - 2015-07-29 18:46 - 1415680 _____ (wj32) C:\Program Files\FT7O2GUS.exe
2015-07-11 12:21 - 2015-07-11 12:21 - 1415680 _____ (wj32) C:\Program Files\G0I2K4M6.exe
2015-08-04 17:54 - 2015-08-04 17:54 - 1415680 _____ (wj32) C:\Program Files\GC1PEAZN.exe
2015-07-29 18:00 - 2015-07-29 18:00 - 1415680 _____ (wj32) C:\Program Files\GR4FK0E7.exe
2015-07-29 18:19 - 2015-07-29 18:19 - 1415680 _____ (wj32) C:\Program Files\GU5FK4MY.exe
2015-07-29 18:01 - 2015-07-29 18:01 - 1415680 _____ (wj32) C:\Program Files\GZTCVE89.exe
2015-08-05 16:14 - 2015-08-05 16:14 - 1415680 _____ (wj32) C:\Program Files\HBUDWK9Z.exe
2015-08-05 22:29 - 2015-08-05 22:29 - 1415680 _____ (wj32) C:\Program Files\HV9N4IZX.exe
2015-07-25 14:27 - 2015-07-25 14:27 - 1415680 _____ (wj32) C:\Program Files\I1K3XGZB.exe
2015-07-29 18:16 - 2015-07-29 18:16 - 1415680 _____ (wj32) C:\Program Files\ICVEXRAL.exe
2015-07-10 19:46 - 2015-07-10 19:46 - 1415680 _____ (wj32) C:\Program Files\IYEUIYAK.exe
2015-07-29 18:16 - 2015-07-29 18:16 - 1415680 _____ (wj32) C:\Program Files\J2LFYHBB.exe
2015-07-23 15:15 - 2015-07-23 15:15 - 1415680 _____ (wj32) C:\Program Files\JDWF9SBU.exe
2015-06-25 23:16 - 2015-06-25 23:16 - 1415680 _____ (wj32) C:\Program Files\JDWFYSBB.exe
2015-07-29 18:01 - 2015-07-29 18:01 - 1415680 _____ (wj32) C:\Program Files\JU4FT3HK.exe
2015-08-05 22:29 - 2015-08-05 22:29 - 1415680 _____ (wj32) C:\Program Files\JXBS6KYZ.exe
2015-07-29 18:20 - 2015-07-29 18:20 - 1415680 _____ (wj32) C:\Program Files\K3M5ZICO.exe
2015-08-04 14:43 - 2015-08-04 14:43 - 1415680 _____ (wj32) C:\Program Files\K3MGOI11.exe
2015-07-29 18:02 - 2015-07-29 18:02 - 1415680 _____ (wj32) C:\Program Files\K6M2K6UY.exe
2015-07-11 12:22 - 2015-07-11 12:22 - 1415680 _____ (wj32) C:\Program Files\K6U6M2UK.exe
2015-07-29 18:01 - 2015-07-29 18:01 - 1415680 _____ (wj32) C:\Program Files\K8SAUYGK.exe
2015-07-30 19:27 - 2015-07-30 19:27 - 1415680 _____ (wj32) C:\Program Files\K9SB5OIG.exe
2015-08-01 23:15 - 2015-08-01 23:15 - 1415680 _____ (wj32) C:\Program Files\KCWG0M6K.exe
2015-08-05 22:30 - 2015-08-05 22:30 - 1415680 _____ (wj32) C:\Program Files\KK3M5ZII.exe
2015-07-11 12:23 - 2015-07-11 12:23 - 1415680 _____ (wj32) C:\Program Files\LFYH0UDP.exe
2015-07-11 12:22 - 2015-07-11 12:22 - 1415680 _____ (wj32) C:\Program Files\M2I6MYEE.exe
2015-08-04 17:55 - 2015-08-04 17:55 - 1415680 _____ (wj32) C:\Program Files\N6P82L4N.exe
2015-07-29 18:19 - 2015-07-29 18:19 - 1415680 _____ (wj32) C:\Program Files\NY8JW7IS.exe
2015-06-29 00:12 - 2015-06-29 00:12 - 1415680 _____ (wj32) C:\Program Files\O2CNXBMC.exe
2015-07-29 18:16 - 2015-07-29 18:16 - 1415680 _____ (wj32) C:\Program Files\O71K3XGZ.exe
2015-07-11 12:22 - 2015-07-11 12:22 - 1415680 _____ (wj32) C:\Program Files\R5GK1EPS.exe
2015-07-05 14:06 - 2015-07-05 14:06 - 1415680 _____ (wj32) C:\Program Files\R9R9TBHZ.exe
2015-08-04 14:42 - 2015-08-04 14:42 - 1415680 _____ (wj32) C:\Program Files\S3EO2CKJ.exe
2015-07-30 19:28 - 2015-07-30 19:28 - 1415680 _____ (wj32) C:\Program Files\SB5O7KK3.exe
2015-07-29 18:37 - 2015-07-29 18:37 - 1415680 _____ (wj32) C:\Program Files\SBUD7K9S.exe
2015-07-30 19:27 - 2015-07-30 19:27 - 1415680 _____ (wj32) C:\Program Files\SBUO7K97.exe
2015-07-25 14:26 - 2015-07-25 14:26 - 1415680 _____ (wj32) C:\Program Files\SBUO7K9W.exe
2015-07-29 18:20 - 2015-07-29 18:20 - 1415680 _____ (wj32) C:\Program Files\SGWCOCSG.exe
2015-07-25 14:27 - 2015-07-25 14:27 - 1415680 _____ (wj32) C:\Program Files\SM5ZI1KE.exe
2015-08-04 17:54 - 2015-08-04 17:54 - 1415680 _____ (wj32) C:\Program Files\UD7K9SM3.exe
2015-07-29 18:02 - 2015-07-29 18:02 - 1415680 _____ (wj32) C:\Program Files\UDWF9SBM.exe
2015-07-04 23:54 - 2015-07-04 23:54 - 1415680 _____ (wj32) C:\Program Files\UG0K4KAK.exe
2015-08-04 14:44 - 2015-08-04 14:44 - 1415680 _____ (wj32) C:\Program Files\VBZFV7VV.exe
2015-07-29 18:15 - 2015-07-29 18:15 - 1415680 _____ (wj32) C:\Program Files\W0K2KI0U.exe
2015-06-27 02:54 - 2015-06-27 02:54 - 1415680 _____ (wj32) C:\Program Files\W9N4IWDC.exe
2015-07-29 18:20 - 2015-07-29 18:20 - 1415680 _____ (wj32) C:\Program Files\WCS8W8O0.exe
2015-08-02 00:34 - 2015-08-02 00:34 - 1415680 _____ (wj32) C:\Program Files\WEYGYM4A.exe
2015-07-29 18:01 - 2015-07-29 18:01 - 1415680 _____ (wj32) C:\Program Files\WF9SM5VR.exe
2015-07-29 18:02 - 2015-07-29 18:02 - 1415680 _____ (wj32) C:\Program Files\WK0CSGO4.exe
2015-07-29 18:20 - 2015-07-29 18:20 - 1415680 _____ (wj32) C:\Program Files\XGZICVE1.exe
2015-07-29 18:37 - 2015-07-29 18:37 - 1415680 _____ (wj32) C:\Program Files\XJ2L9SMG.exe
2015-07-11 12:22 - 2015-07-11 12:22 - 1415680 _____ (wj32) C:\Program Files\XRATC6PP.exe
2015-07-30 19:28 - 2015-07-30 19:28 - 1415680 _____ (wj32) C:\Program Files\Y210MKPY.exe
2015-07-29 18:02 - 2015-07-29 18:02 - 1415680 _____ (wj32) C:\Program Files\Y4EUU4EK.exe
2015-07-29 18:16 - 2015-07-29 18:16 - 1415680 _____ (wj32) C:\Program Files\Y88OYY8E.exe
2015-08-07 00:04 - 2015-08-07 00:04 - 1415680 _____ (wj32) C:\Program Files\Y8JX7LWK.exe
2015-07-29 18:19 - 2015-07-29 18:19 - 1415680 _____ (wj32) C:\Program Files\YBMW7LVI.exe
2015-08-07 00:04 - 2015-08-07 00:04 - 1415680 _____ (wj32) C:\Program Files\YBMX7LVP.exe
2015-07-29 18:20 - 2015-07-29 18:20 - 1415680 _____ (wj32) C:\Program Files\ZANY8JXK.exe
2015-06-30 13:47 - 2015-06-30 13:47 - 1415680 _____ (wj32) C:\Program Files\ZAOY9JXS.exe
2015-07-30 19:28 - 2015-07-30 19:28 - 1415680 _____ (wj32) C:\Program Files\ZI1KEXGN.exe
2015-07-29 18:15 - 2015-07-29 18:38 - 1415680 _____ (wj32) C:\Program Files\ZICVEXRA.exe
2015-04-14 19:28 - 2015-04-14 19:28 - 0004387 _____ () C:\Users\kalkanli\AppData\Roaming\6BKtpZYhtDzLG2uErr1vmq8HgkA
2015-04-19 15:20 - 2015-04-19 15:20 - 0005872 _____ () C:\Users\kalkanli\AppData\Roaming\6Pys0Flj2k
C:\Users\kalkanli\AppData\Local\Temp\cdo1170356221.dll
C:\Users\kalkanli\AppData\Local\Temp\cdo1178333949.dll
C:\Users\kalkanli\AppData\Local\Temp\cdo1357404101.dll
C:\Users\kalkanli\AppData\Local\Temp\cdo1414486263.dll
C:\Users\kalkanli\AppData\Local\Temp\cdo1987068232.dll
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\kalkanli\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\kalkanli\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\kalkanli\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\kalkanli\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\kalkanli\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\kalkanli\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\kalkanli\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\kalkanli\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\kalkanli\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {4F943A53-6839-45B4-B6E4-93016CD4DB6F} - System32\Tasks\E1B7C124-2E61-4904-AC51-8D2EE6FC2D2 => C:\Users\kalkanli\AppData\Local\E1B7C124-2E61-4904-AC51-8D2EE6FC2D2\E1B7C124-2E61-4904-AC51-8D2EE6FC2D2.exe
C:\Users\kalkanli\AppData\Local\E1B7C124-2E61-4904-AC51-8D2EE6FC2D2\E1B7C124-2E61-4904-AC51-8D2EE6FC2D2.exe
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\361448601 => value not found.
C:\ProgramData\msraq.exe => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2823460752-1825363325-1677760358-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
"HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
"HKCR\PROTOCOLS\Handler\skype-ie-addon-data" => key removed successfully
"HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => key removed successfully
catchme => service removed successfully
dgderdrv => service removed successfully
MBAMSwissArmy => service removed successfully
C:\Program Files\0I26O6K8.exe => moved successfully
C:\Program Files\0I2K2K4W.exe => moved successfully
C:\Program Files\0K2K2M4I.exe => moved successfully
C:\Program Files\1CM0AOZ9.exe => moved successfully
C:\Program Files\1K3XGZIU.exe => moved successfully
C:\Program Files\2EUAYE66.exe => moved successfully
C:\Program Files\2L4YH0JU.exe => moved successfully
C:\Program Files\2LFYH0UK.exe => moved successfully
C:\Program Files\2LFYHB66.exe => moved successfully
C:\Program Files\3EOZCNYR.exe => moved successfully
C:\Program Files\3JVJZFVB.exe => moved successfully
C:\Program Files\3MGZ5MSL.exe => moved successfully
C:\Program Files\5FK0EPZS.exe => moved successfully
C:\Program Files\5ZI1KEXX.exe => moved successfully
C:\Program Files\5ZTC60JG.exe => moved successfully
C:\Program Files\6P82L4NO.exe => moved successfully
C:\Program Files\6P82L4YA.exe => moved successfully
C:\Program Files\7IS6GR2F.exe => moved successfully
C:\Program Files\7K9SM5OB.exe => moved successfully
C:\Program Files\82L4NH0J.exe => moved successfully
C:\Program Files\8O4K8O0C.exe => moved successfully
C:\Program Files\9SBUO7KK.exe => moved successfully
C:\Program Files\9SM5O711.exe => moved successfully
C:\Program Files\9SM5OI1K.exe => moved successfully
C:\Program Files\A4N6PJJ6.exe => moved successfully
C:\Program Files\A987BA9I.exe => moved successfully
C:\Program Files\ATN6P82L.exe => moved successfully
C:\Program Files\BMZAKV9W.exe => moved successfully
C:\Program Files\BP0DO2C9.exe => moved successfully
C:\Program Files\BP3KYFTO.exe => moved successfully
C:\Program Files\BUDWK9ST.exe => moved successfully
C:\Program Files\DR1CP0E7.exe => moved successfully
C:\Program Files\E8RATN6P.exe => moved successfully
C:\Program Files\E8RL4N6I.exe => moved successfully
C:\Program Files\EK6UAK6E.exe => moved successfully
C:\Program Files\EOZ9NY83.exe => moved successfully
C:\Program Files\ER2CN1B4.exe => moved successfully
C:\Program Files\ES3GR2CK.exe => moved successfully
C:\Program Files\EXRA4N6P.exe => moved successfully
C:\Program Files\FK0EPZA8.exe => moved successfully
C:\Program Files\FP3EOZC2.exe => moved successfully
C:\Program Files\FR7NBRFV.exe => moved successfully
C:\Program Files\FT7O2GUS.exe => moved successfully
C:\Program Files\G0I2K4M6.exe => moved successfully
C:\Program Files\GC1PEAZN.exe => moved successfully
C:\Program Files\GR4FK0E7.exe => moved successfully
C:\Program Files\GU5FK4MY.exe => moved successfully
C:\Program Files\GZTCVE89.exe => moved successfully
C:\Program Files\HBUDWK9Z.exe => moved successfully
C:\Program Files\HV9N4IZX.exe => moved successfully
C:\Program Files\I1K3XGZB.exe => moved successfully
C:\Program Files\ICVEXRAL.exe => moved successfully
C:\Program Files\IYEUIYAK.exe => moved successfully
C:\Program Files\J2LFYHBB.exe => moved successfully
C:\Program Files\JDWF9SBU.exe => moved successfully
C:\Program Files\JDWFYSBB.exe => moved successfully
C:\Program Files\JU4FT3HK.exe => moved successfully
C:\Program Files\JXBS6KYZ.exe => moved successfully
C:\Program Files\K3M5ZICO.exe => moved successfully
C:\Program Files\K3MGOI11.exe => moved successfully
C:\Program Files\K6M2K6UY.exe => moved successfully
C:\Program Files\K6U6M2UK.exe => moved successfully
C:\Program Files\K8SAUYGK.exe => moved successfully
C:\Program Files\K9SB5OIG.exe => moved successfully
C:\Program Files\KCWG0M6K.exe => moved successfully
C:\Program Files\KK3M5ZII.exe => moved successfully
C:\Program Files\LFYH0UDP.exe => moved successfully
C:\Program Files\M2I6MYEE.exe => moved successfully
C:\Program Files\N6P82L4N.exe => moved successfully
C:\Program Files\NY8JW7IS.exe => moved successfully
C:\Program Files\O2CNXBMC.exe => moved successfully
C:\Program Files\O71K3XGZ.exe => moved successfully
C:\Program Files\R5GK1EPS.exe => moved successfully
C:\Program Files\R9R9TBHZ.exe => moved successfully
C:\Program Files\S3EO2CKJ.exe => moved successfully
C:\Program Files\SB5O7KK3.exe => moved successfully
C:\Program Files\SBUD7K9S.exe => moved successfully
C:\Program Files\SBUO7K97.exe => moved successfully
C:\Program Files\SBUO7K9W.exe => moved successfully
C:\Program Files\SGWCOCSG.exe => moved successfully
C:\Program Files\SM5ZI1KE.exe => moved successfully
C:\Program Files\UD7K9SM3.exe => moved successfully
C:\Program Files\UDWF9SBM.exe => moved successfully
C:\Program Files\UG0K4KAK.exe => moved successfully
C:\Program Files\VBZFV7VV.exe => moved successfully
C:\Program Files\W0K2KI0U.exe => moved successfully
C:\Program Files\W9N4IWDC.exe => moved successfully
C:\Program Files\WCS8W8O0.exe => moved successfully
C:\Program Files\WEYGYM4A.exe => moved successfully
C:\Program Files\WF9SM5VR.exe => moved successfully
C:\Program Files\WK0CSGO4.exe => moved successfully
C:\Program Files\XGZICVE1.exe => moved successfully
C:\Program Files\XJ2L9SMG.exe => moved successfully
C:\Program Files\XRATC6PP.exe => moved successfully
C:\Program Files\Y210MKPY.exe => moved successfully
C:\Program Files\Y4EUU4EK.exe => moved successfully
C:\Program Files\Y88OYY8E.exe => moved successfully
C:\Program Files\Y8JX7LWK.exe => moved successfully
C:\Program Files\YBMW7LVI.exe => moved successfully
C:\Program Files\YBMX7LVP.exe => moved successfully
C:\Program Files\ZANY8JXK.exe => moved successfully
C:\Program Files\ZAOY9JXS.exe => moved successfully
C:\Program Files\ZI1KEXGN.exe => moved successfully
C:\Program Files\ZICVEXRA.exe => moved successfully
C:\Users\kalkanli\AppData\Roaming\6BKtpZYhtDzLG2uErr1vmq8HgkA => moved successfully
C:\Users\kalkanli\AppData\Roaming\6Pys0Flj2k => moved successfully
C:\Users\kalkanli\AppData\Local\Temp\cdo1170356221.dll => moved successfully
C:\Users\kalkanli\AppData\Local\Temp\cdo1178333949.dll => moved successfully
C:\Users\kalkanli\AppData\Local\Temp\cdo1357404101.dll => moved successfully
C:\Users\kalkanli\AppData\Local\Temp\cdo1414486263.dll => moved successfully
C:\Users\kalkanli\AppData\Local\Temp\cdo1987068232.dll => moved successfully
"HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-2823460752-1825363325-1677760358-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4F943A53-6839-45B4-B6E4-93016CD4DB6F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F943A53-6839-45B4-B6E4-93016CD4DB6F}" => key removed successfully
C:\Windows\System32\Tasks\E1B7C124-2E61-4904-AC51-8D2EE6FC2D2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\E1B7C124-2E61-4904-AC51-8D2EE6FC2D2" => key removed successfully
"C:\Users\kalkanli\AppData\Local\E1B7C124-2E61-4904-AC51-8D2EE6FC2D2\E1B7C124-2E61-4904-AC51-8D2EE6FC2D2.exe" => File/Folder not found.
 
 
The system needed a reboot.
 

 

==== End of Fixlog 23:21:34 ====
 
  • AdwCleaner log:
  • # AdwCleaner v5.013 - Logfile created 16/10/2015 at 23:35:47
    # Updated 09/10/2015 by Xplode
    # Database : 2015-10-16.1 [Server]
    # Operating system : Windows 7 Professional Service Pack 1 (x64)
    # Username : kalkanli - KALKANLI-PC
    # Running from : C:\Users\kalkanli\Desktop\AdwCleaner.exe
    # Option : Scan
     
    ***** [ Services ] *****
     
     
    ***** [ Folders ] *****
     
     
    ***** [ Files ] *****
     
     
    ***** [ DLLs ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Scheduled tasks ] *****
     
     
    ***** [ Registry ] *****
     
    Key Found : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
    Key Found : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
    Key Found : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
    Key Found : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    Key Found : HKCU\Software\Conduit
    Key Found : [x64] HKCU\Software\Conduit
     
    ***** [ Web browsers ] *****
     
    [C:\Users\kalkanli\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : uk.ask.com
    [C:\Users\kalkanli\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : tandfonline.com
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [1605 bytes] ##########
  •  
    Junkware log :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Professional x64
Ran by kalkanli on 16.10.2015 at 23:57:15.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Users\kalkanli\AppData\Roaming\nico mak computing
Successfully deleted: [Folder] C:\Windows\SysWOW64\ai_recyclebin
Successfully deleted: [Folder] C:\Users\kalkanli\Appdata\Local\E1B7C124-2E61-4904-AC51-8D2EE6FC2D2
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\kalkanli\AppData\Roaming\mozilla\firefox\profiles\2xp33zko.default\minidumps [2 files]
 
 
 
~~~ Chrome
 
 
[C:\Users\kalkanli\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\kalkanli\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\kalkanli\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\kalkanli\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.10.2015 at  0:06:48.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
PROBLEMS THAT I HAVE: 
 
Currently, i couldn't run any kind of antivirus programs. I installed different ones, as avira, avast etc., and tried to run them but the softwares give incomprehensible error and didn't scan my PC. Besides, action center detected more than one issues and one of them stated that there is a problem with computer's hard disk, but when i commanded troubleshoot the problem it always says try it again later. Another problem occured about system security, i was unable to turn on system restore because system protection gives ERROR (0x81000203).  Also my computer gives blue screen of death many times in last 2 months, but i don't know if its related with these virus problems. 

Edited by ez6733, 16 October 2015 - 08:24 PM.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:34 AM

Posted 17 October 2015 - 12:00 PM

Thank you for the detailed description.

Please do this.

===================================================

GSmartControl for Windows

-------------------
  • Download GSmartControl for Windows and save it to your desktop
  • Unzip the folder to your desktop
  • Double click gsmartcontrol.exe
  • Allow the program to search for and list your hard drive(s)
  • Double click your drive
  • Go to the PERFORM TESTS tab
  • Make sure that the TEST TYPE is set to SHORT SELF-TEST
  • Click the EXECUTE button
  • After the test completes, click the VIEW OUTPUT button and copy and paste the contents in your reply
===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • GSmart report
  • FSS.txt
  • Attached System Summary report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:34 AM

Posted 21 October 2015 - 01:34 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:34 AM

Posted 23 October 2015 - 12:23 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users