Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure about what what to do.... please thumb through my hijack this log


  • This topic is locked This topic is locked
15 replies to this topic

#1 psybull12

psybull12

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 22 March 2016 - 07:29 AM

I am having some major issues with system security. I am running a windows 7 64 bit. I am trying to get the free upgrade to 10 but every time it pops up it is non responsive or closes right away. I try to run windows defender and it says I do not have access to it. here is my hijack this log file can anyone give me any insight as to what i'm dealing with. I have run multiple virus scans to no avail. thank you

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 8:11:26 AM, on 3/22/2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17937)
CHROME: 49.0.2623.87
FIREFOX: 21.0 (en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe
C:\Users\Sibel\AppData\Local\Akamai\netsession_win.exe
C:\Users\Sibel\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Users\Sibel\AppData\Roaming\VERIZON\UA_ar\UA.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\VIPRE\SBAMTray.exe
C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
C:\Users\Sibel\Downloads\HijackThis.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VIPRE Search Guard Helper - {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - C:\Program Files (x86)\VIPRE\VSGN.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [AddressBookReminderApp] C:\Program Files (x86)\Nova Development\Photo Explosion\4.0\ReminderApp.exe
O4 - HKLM\..\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files (x86)\VIPRE\SBAMTray.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Sibel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [EasyTether] "C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Sibel\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk"
O4 - HKCU\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe"
O4 - HKCU\..\Run: [pdiface] C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe -noshow
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2779714701-2045862592-1138290410-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2779714701-2045862592-1138290410-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Intel® Turbo Boost Technology Monitor 2.0.lnk = C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
O4 - Startup: Verizon Wireless Software Utility Application for Android – Samsung.lnk = Sibel\AppData\Roaming\VERIZON\UA_ar\UA.exe
O4 - Startup: w32tm.lnk = Sibel\AppData\Roaming\Microsoft\Windows\IEUpdate\w32tm.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll
O18 - Protocol: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Motorola Mobility LLC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Bitdefender 60-Second Virus Scanner Service (pdserv) - Bitdefender - C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PST Service - Motorola - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VIPRE Internet Security Pro (SBAMSvc) - ThreatTrack Security Inc. - C:\Program Files (x86)\VIPRE\SBAMSvc.exe
O23 - Service: SB Recovery Service (SBPIMSvc) - ThreatTrack Security Inc. - C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Client/Server Security Agent (svcGenericHost) - Trend Micro Inc. - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - c:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (TmPfw) - Trend Micro Inc. - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe
O23 - Service: Trend Micro Client/Server Security Agent Proxy Service (TmProxy) - Trend Micro Inc. - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe
O23 - Service: Intel® Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIPRE Edge Protection (VipreEdgeProtection) - ThreatTrack Security Inc. - C:\Program Files (x86)\VIPRE\VipreEdgeProtection.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16494 bytes



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:37 PM

Posted 22 March 2016 - 09:01 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

=======

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs.

Let me know what problems persists.

p.s.
HijackThis is no longer supported.
I suggest your remove it Using the Add/Remove programs applet.
Use the Farbar tool from now on to report problems.
<<<>>>

#3 psybull12

psybull12
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 22 March 2016 - 11:03 AM

I was able to run malware bytes, thanks for the link, and here is the result

 

Malwarebytes Anti-Malware

 

www.malwarebytes.org

 

 

Scan Date: 3/22/2016

 

Scan Time: 11:06 AM

 

Logfile: log.txt

 

Administrator: Yes

 

 

Version: 2.2.1.1043

 

Malware Database: v2016.03.22.06

 

Rootkit Database: v2016.03.12.01

 

License: Trial

 

Malware Protection: Enabled

 

Malicious Website Protection: Enabled

 

Self-protection: Disabled

 

 

OS: Windows 7 Service Pack 1

 

CPU: x64

 

File System: NTFS

 

User: Sibel

 

 

Scan Type: Threat Scan

 

Result: Completed

 

Objects Scanned: 471101

 

Time Elapsed: 37 min, 39 sec

 

 

Memory: Enabled

 

Startup: Enabled

 

Filesystem: Enabled

 

Archives: Enabled

 

Rootkits: Enabled

 

Deep Rootkit Scan: Enabled

 

Heuristics: Enabled

 

PUP: Warn

 

PUM: Enabled

 

 

Processes: 0

 

(No malicious items detected)

 

 

Modules: 0

 

(No malicious items detected)

 

 

Registry Keys: 1

 

Trojan.Poweliks, HKU\S-1-5-21-2779714701-2045862592-1138290410-1000_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}\LOCALSERVER32\ ^ , Quarantined, [4c82e9a1108939fdffafdc2612eed22e],

 

 

Registry Values: 0

 

(No malicious items detected)

 

 

Registry Data: 0

 

(No malicious items detected)

 

 

Folders: 0

 

(No malicious items detected)

 

 

Files: 0

 

(No malicious items detected)

 

 

Physical Sectors: 3

 

Rootkit.Pihar.c.MBR, Master Boot Record on Drive #0, Replace-on-Reboot, [76cd755b28d57554751db97c68956f3e],

 

Rootkit.Pihar.c.MBR, Physical Sector #53 on Drive #0, Replace-on-Reboot, [f0dcea00f57e93436b694cac7a0f5fbe],

 

Forged physical sector, Physical Sector #976772368 on Drive #0, Replace-on-Reboot, [bf619eac0cdf3f68d496ea9344137e8b],

 

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

here is the log for adwcleaner

# AdwCleaner v5.105 - Logfile created 22/03/2016 at 12:11:45
# Updated 21/03/2016 by Xplode
# Database : 2016-03-21.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Sibel - SIBEL-PC
# Running from : C:\Users\Sibel\Desktop\super\ADB\Temporary Internet Files\Content.IE5\YOOQ8R7K\adwcleaner_5.105.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Conduit
[-] Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
[-] Folder Deleted : C:\ProgramData\blekko toolbars
[-] Folder Deleted : C:\Users\Sibel\AppData\Roaming\PerformerSoft

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\adawaretb.xml
[-] File Deleted : C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_isearch.avg.com_0.localstorage
[-] File Deleted : C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_isearch.avg.com_0.localstorage-journal
[-] File Deleted : C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_blekko.com_0.localstorage
[-] File Deleted : C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_blekko.com_0.localstorage-journal
[-] File Deleted : C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_isearch.avg.com_0.localstorage
[-] File Deleted : C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_isearch.avg.com_0.localstorage-journal
[-] File Deleted : C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\invalidprefs.js
[-] File Deleted : C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\searchplugins\bingp.xml

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\SelectionLinks.DLL
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lfffjahnfbocnaooecgijfnbpcfekoik
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{EEE6C35B-6118-11DC-9C72-001320C79847}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{EEE6C35C-6118-11DC-9C72-001320C79847}]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKCU\Software\IGearSettings
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
[-] Key Deleted : HKLM\SOFTWARE\Toolbar Cleaner
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
[-] Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\B01F3F08771A494439EC8990D0180939
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\B01F3F08771A494439EC8990D0180939
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B01F3F08771A494439EC8990D0180939
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{83808E16-0C8A-4C32-BBE4-CDFA467461AF}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{09733A36-F8DB-43AE-A1CE-52A9F8838C69}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{AD5E6D1F-721A-4BA8-81E1-BF89ACFD66F0}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{59873F4C-F697-4E09-A447-D45ED0621879}]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

***** [ Web browsers ] *****

[-] [C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\prefs.js] [Preference] Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
[-] [C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\prefs.js] [Preference] Deleted : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
[-] [C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\prefs.js] [Preference] Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*.*.facebook.com/.*.*.google.com/.*.*.google.co.in/.*.*.google.com.br/.*.*.google.es/.*.*.youtube.com/.*.*.yahoo.com/.*.[...]
[-] [C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\prefs.js] [Preference] Deleted : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;&flavour=$flavr;");
[-] [C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\prefs.js] [Preference] Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
[-] [C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\prefs.js] [Preference] Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
[-] [C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\prefs.js] [Preference] Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*.*.bing..*.*.live..*.*.msn..*.*.yahoo..*.*.youtube.com.*.*ask.com.*.*.sweetim.com.*");
[-] [C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\prefs.js] [Preference] Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_blackList", "form=CONTLBbabsrc=toolbarbabsrc=tb_ssinvocationType=tb50-ie-aolsoftonic-tbsbox-en-usinvocationType=tb50-ff-aolsoftonic[...]
[-] [C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\prefs.js] [Preference] Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_referrer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://wap.mob.org/download/?code=g92906&waphash=067071a[...]
[-] [C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\prefs.js] [Preference] Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://wap.mob.org/download/?code=g92906&waphash=067[...]
[-] [C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com
[-] [C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : isearch.avg.com
[-] [C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : Blekko
[-] [C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [9327 bytes] - [22/03/2016 12:11:45]
C:\AdwCleaner\AdwCleaner[S1].txt - [9922 bytes] - [22/03/2016 12:05:15]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [9473 bytes] ##########

thank you for your time and help


Edited by psybull12, 22 March 2016 - 11:36 AM.


#4 psybull12

psybull12
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 22 March 2016 - 11:39 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Sibel (administrator) on SIBEL-PC (22-03-2016 12:21:09)
Running from C:\Users\Sibel\Desktop\super\ADB\Temporary Internet Files\Content.IE5\YOOQ8R7K
Loaded Profiles: UpdatusUser & Sibel (Available Profiles: UpdatusUser & Sibel & Mcx1-SIBEL-PC)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Mobile Stream) C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe
(Akamai Technologies, Inc.) C:\Users\Sibel\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Sibel\AppData\Local\Akamai\netsession_win.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Motorola Mobility Inc.) C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(SAMSUNG Electornics Co., Ltd.) C:\Users\Sibel\AppData\Roaming\VERIZON\UA_ar\UA.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\PccNtMon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\Ntrtscan.exe
() C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmListen.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\SBAMSvc.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\x64\AVCProxy.exe
(ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\SBAMTray.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmPfw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\VipreEdgeProtection.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-10-01] ()
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4500640 2011-03-10] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [OfficeScanNT Monitor] => c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe [1705296 2010-06-25] (Trend Micro Inc.)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [AddressBookReminderApp] => C:\Program Files (x86)\Nova Development\Photo Explosion\4.0\ReminderApp.exe [144672 2009-09-04] ()
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [295304 2012-07-05] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542632 2013-01-31] (Lavasoft)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\VIPRE\SBAMTray.exe [3015696 2016-02-29] (ThreatTrack Security Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2779714701-2045862592-1138290410-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\...\Run: [Google Update] => C:\Users\Sibel\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-12-20] (Google Inc.)
HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\...\Run: [EasyTether] => C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe [48648 2011-05-22] (Mobile Stream)
HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Sibel\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\...\Run: [MotoCast] => C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk [2057 2013-06-29] ()
HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe"
HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\...\Run: [pdiface] => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe [283608 2013-10-30] (Bitdefender)
HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\...\MountPoints2: {2b34019a-c6f3-11e0-8dd9-806e6f6e6963} - D:\AUTORUN.EXE
HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\...\MountPoints2: {47f1af14-3bb8-11e4-93c9-ac72893dc628} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\...\MountPoints2: {4c6ac44f-86f5-11e1-b975-ac72893dc628} - E:\setup.exe -a
HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\...\MountPoints2: {a572669b-ba61-11e5-905f-ac72893dc628} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\...\MountPoints2: {bb767e29-2a60-11e5-8fc0-ac72893dc628} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\...\Winlogon: [Shell] C:\Windows\EXPLORER.EXE [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...A8F59079A8D5}\localserver32:  <==== ATTENTION
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-04-22] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [193128 2011-04-22] (NVIDIA Corporation)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\Sibel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk [2011-08-14]
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\Sibel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2014-09-13]
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Sibel\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
Startup: C:\Users\Sibel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\w32tm.lnk [2014-08-07]
ShortcutTarget: w32tm.lnk -> C:\Users\Sibel\AppData\Roaming\Microsoft\Windows\IEUpdate\w32tm.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0D6CDBBB-0B35-477D-931D-1606644BD161}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{516F8CA5-0DB5-4CF7-A3AA-B82DE4BF9CB0}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0CABBFA4-7632-40A4-8DDE-7DFC8E4EB133} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0CABBFA4-7632-40A4-8DDE-7DFC8E4EB133} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0CABBFA4-7632-40A4-8DDE-7DFC8E4EB133} URL =
SearchScopes: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001 -> DefaultScope {3CA17A0B-5EC3-4478-9085-B069F5B40DB8} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001 -> {1598A773-247F-47BA-A9F6-BCAE4BA3FCAD} URL = hxxp://www.bing.com/search?FORM=UP21DF&PC=UP21&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001 -> {3CA17A0B-5EC3-4478-9085-B069F5B40DB8} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll [2010-03-09] (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2016-02-29] ()
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-23] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-14] (Sun Microsystems, Inc.)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll [2010-03-09] (Trend Micro Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSGN.dll [2016-02-29] ()
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-23] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-14] (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-23] (Google Inc.)
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2016-02-29] ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-23] (Google Inc.)
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll [2016-02-29] ()
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-23] (Google Inc.)
Toolbar: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-23] (Google Inc.)
Toolbar: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001 -> No Name - {CCE665DD-F6DD-4808-968E-EAEC971F70EF} -  No File
Toolbar: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
Toolbar: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001 -> VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2016-02-29] ()
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll [2010-03-09] (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll [2010-03-09] (Trend Micro Inc.)
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2016-02-29] ()
Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll [2016-02-29] ()

FireFox:
========
FF ProfilePath: C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default
FF DefaultSearchUrl:
FF SelectedSearchEngine: Bing
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP21DF&PC=UP21&q=
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-10] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-08-14] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-10] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-08-14] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-04-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-04-21] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2779714701-2045862592-1138290410-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Sibel\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2779714701-2045862592-1138290410-1001: @talk.google.com/O1DPlugin -> C:\Users\Sibel\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2779714701-2045862592-1138290410-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Sibel\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2779714701-2045862592-1138290410-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Sibel\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-10] (Google Inc.)
FF user.js: detected! => C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\user.js [2013-04-16]
FF Plugin ProgramFiles/Appdata: C:\Users\Sibel\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Sibel\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: No Name - C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [not found]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-07-27] [not signed]
FF Extension: Lavasoft Search Plugin - C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-04-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF Extension: Trend Micro NSC Firefox Extension - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2016-03-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2011-08-14] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=UP21&ocid=UP21DHP
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=UP21&ocid=UP21DHP"
CHR DefaultSearchURL: Default -> hxxp://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={1D90A960-A709-11E2-92D8-AC72893DC628}
CHR DefaultSearchKeyword: Default -> search.bing.com
CHR Profile: C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-09]
CHR Extension: (Google Drive) - C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-13]
CHR Extension: (YouTube) - C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-13]
CHR Extension: (Google Search) - C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-13]
CHR Extension: (Google Docs Offline) - C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-13]
CHR Extension: (Gmail) - C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-09]
CHR Profile: C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Updater By SweetPacks) - C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd [2013-04-16]
StartMenuInternet: Google Chrome - C:\Users\Sibel\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [901184 2010-12-14] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-12-14] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [974912 2010-12-14] (Intel Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [121144 2013-03-25] (Motorola Mobility LLC)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
R2 ntrtscan; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe [1835912 2010-06-22] (Trend Micro Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-05-09] (Electronic Arts)
R2 pdserv; C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe [1445424 2013-11-11] (Bitdefender)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [6602192 2016-02-29] (ThreatTrack Security Inc.)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [373264 2016-02-29] (ThreatTrack Security Inc.)
R2 svcGenericHost; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [45056 2010-07-05] (Trend Micro Inc.) [File not signed]
R3 TMBMServer; c:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [570632 2009-07-06] (Trend Micro Inc.)
R2 tmlisten; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe [2057096 2010-06-22] (Trend Micro Inc.)
R3 TmPfw; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [595960 2009-07-15] (Trend Micro Inc.)
S3 TmProxy; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [917768 2009-07-15] (Trend Micro Inc.)
R3 VipreEdgeProtection; C:\Program Files (x86)\VIPRE\VipreEdgeProtection.exe [6816744 2015-10-16] (ThreatTrack Security Inc.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2011-09-06] (Google Inc) [File not signed]
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [282000 2015-12-21] (BitDefender)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-03-07] (AVG Technologies)
R3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [20752 2011-05-22] (Mobile Stream)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [40584 2015-08-27] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-22] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [89000 2016-02-29] (ThreatTrack Security Inc.)
S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [63696 2016-02-29] (ThreatTrack Security)
R1 sbwfw; C:\Windows\System32\DRIVERS\sbwfw.sys [345520 2016-02-29] (ThreatTrack Security)
R3 sbwtis; C:\Windows\System32\DRIVERS\sbwtis.sys [95608 2016-02-29] (ThreatTrack Security)
R2 TmFilter; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [265744 2010-05-11] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [200720 2009-07-15] (Trend Micro Inc.)
R2 TmPreFilter; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [42000 2010-05-11] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2009-07-15] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [339984 2009-07-15] (Trend Micro Inc.)
R2 VSApiNt; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys [2007056 2010-05-10] (Trend Micro Inc.)
S3 vzandnetbus; C:\Windows\System32\DRIVERS\lgvzandnetbus64.sys [27648 2014-12-12] (LG Electronics Inc.)
S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [30208 2014-12-12] (LG Electronics Inc.)
S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [36864 2014-12-12] (LG Electronics Inc.)
R2 WebExaminer; C:\Windows\system32\Drivers\WebExaminer64.sys [34408 2015-10-16] (ThreatTrack Security Inc.)
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 AndNetDiag2; system32\DRIVERS\lgandnetdiag264.sys [X]
S3 AndNetGps; system32\DRIVERS\lgandnetgps64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
S3 avc3; system32\DRIVERS\avc3.sys [X]
S3 avckf; system32\DRIVERS\avckf.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-22 12:20 - 2016-03-22 12:21 - 00000000 ____D C:\FRST
2016-03-22 12:04 - 2016-03-22 12:11 - 00000000 ____D C:\AdwCleaner
2016-03-22 11:52 - 2016-03-22 11:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
2016-03-22 11:05 - 2016-03-22 11:05 - 00001049 _____ C:\Users\Sibel\Documents\mal.txt
2016-03-22 11:02 - 2016-03-22 11:02 - 00001052 _____ C:\mallog.txt
2016-03-22 10:35 - 2016-03-22 12:19 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-22 10:34 - 2016-03-22 10:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-22 10:34 - 2016-03-22 10:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-22 10:34 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-22 10:34 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-22 10:34 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-22 10:24 - 2016-03-22 10:24 - 00262144 _____ C:\Windows\Minidump\032216-36270-01.dmp
2016-03-21 22:17 - 2016-03-22 08:36 - 00000000 ____D C:\Users\Sibel\Downloads\backups
2016-03-21 11:48 - 2016-03-22 11:17 - 00000000 ____D C:\Users\Sibel\Downloads\Rescue_2000
2016-03-21 11:47 - 2016-03-21 11:48 - 03612148 _____ C:\Users\Sibel\Downloads\Rescue_2000.zip
2016-03-21 11:36 - 2016-03-21 11:36 - 00000000 ____D C:\Users\Sibel\AppData\Roaming\Bitdefender
2016-03-21 00:47 - 2016-03-21 00:47 - 00000000 ____D C:\Users\Sibel\AppData\Local\IsolatedStorage
2016-03-20 20:10 - 2015-08-27 07:31 - 00040584 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2016-03-20 20:10 - 2013-09-04 14:57 - 00031264 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys
2016-03-20 20:04 - 2016-03-22 12:19 - 00003576 _____ C:\Windows\SysWOW64\VipreEdgeProtectionOff.ini
2016-03-20 20:04 - 2016-03-22 12:19 - 00003576 _____ C:\Windows\system32\VipreEdgeProtectionOff.ini
2016-03-20 20:04 - 2015-10-16 10:28 - 00034408 _____ (ThreatTrack Security Inc.) C:\Windows\system32\Drivers\WebExaminer64.sys
2016-03-20 20:02 - 2016-03-22 11:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIPRE
2016-03-20 20:02 - 2016-03-20 20:02 - 00001917 _____ C:\Users\Public\Desktop\VIPRE.lnk
2016-03-20 20:02 - 2016-02-29 14:56 - 00063696 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\sbhips.sys
2016-03-20 20:02 - 2016-02-29 14:56 - 00040976 _____ (ThreatTrack Security Inc.) C:\Windows\system32\sbbd.exe
2016-03-20 20:01 - 2016-03-20 20:09 - 00000000 ____D C:\ProgramData\VIPRE
2016-03-20 20:00 - 2016-03-22 11:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 60-Second Virus Scanner
2016-03-20 20:00 - 2016-03-20 20:00 - 00303031 _____ C:\ProgramData\1458518149.bdinstall.bin
2016-03-20 20:00 - 2016-03-20 20:00 - 00049276 _____ C:\ProgramData\1458518380.bdinstall.bin
2016-03-20 19:54 - 2016-03-22 12:11 - 00000000 ____D C:\Program Files (x86)\VIPRE
2016-03-20 19:54 - 2016-03-22 11:03 - 00000000 ____D C:\Users\Sibel\AppData\Local\VIPRE
2016-03-20 19:54 - 2016-03-21 00:47 - 00000000 ____D C:\Users\Sibel\AppData\Roaming\VIPRE
2016-03-20 19:07 - 2016-03-22 11:45 - 00000000 ____D C:\Windows\system32\MpEngineStore
2016-03-17 20:56 - 2016-03-17 20:56 - 00007476 _____ C:\Users\Sibel\Desktop\transcriptrequestform.pdf
2016-03-17 19:06 - 2016-03-17 19:06 - 00000000 ____D C:\Users\Sibel\AppData\LocalLow\Blue Jeans
2016-03-17 19:05 - 2016-03-17 19:05 - 00002091 _____ C:\Users\Sibel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blue Jeans.lnk
2016-03-17 19:05 - 2016-03-17 19:05 - 00002083 _____ C:\Users\Sibel\Desktop\Blue Jeans.lnk
2016-03-17 19:05 - 2016-03-17 19:05 - 00000000 ____D C:\Users\Sibel\AppData\Local\Blue Jeans
2016-02-29 15:06 - 2016-02-29 15:06 - 00634560 _____ (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) C:\Windows\SysWOW64\XceedZip.dll
2016-02-29 14:56 - 2016-02-29 14:56 - 00345520 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\sbwfw.sys
2016-02-29 14:56 - 2016-02-29 14:56 - 00095608 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\sbwtis.sys
2016-02-29 14:56 - 2016-02-29 14:56 - 00089000 _____ (ThreatTrack Security Inc.) C:\Windows\system32\Drivers\sbapifs.sys
2016-02-29 14:56 - 2016-02-29 14:56 - 00040976 _____ (ThreatTrack Security Inc.) C:\Windows\SysWOW64\sbbd.exe
2016-02-25 21:50 - 2016-02-25 21:50 - 00000000 ____D C:\ProgramData\bdch

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-22 12:21 - 2009-07-14 01:13 - 00006778 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-22 12:21 - 2009-07-14 00:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-22 12:21 - 2009-07-14 00:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-22 12:19 - 2011-08-14 22:33 - 00000032 _____ C:\tmuninst.ini
2016-03-22 12:15 - 2013-06-29 21:22 - 00000000 ____D C:\Users\Sibel\.gstreamer-0.10
2016-03-22 12:15 - 2013-06-29 21:17 - 00000000 ____D C:\Users\Sibel\AppData\Roaming\MotoCast
2016-03-22 12:15 - 2011-08-15 00:04 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-22 12:14 - 2013-04-22 14:43 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2016-03-22 12:14 - 2012-05-07 08:07 - 00000000 ____D C:\Temp
2016-03-22 12:14 - 2012-05-06 05:00 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-22 12:13 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-22 11:48 - 2012-05-13 18:38 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2779714701-2045862592-1138290410-1001UA.job
2016-03-22 11:40 - 2012-05-06 05:00 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-22 11:19 - 2015-08-18 07:32 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-03-22 11:19 - 2015-08-18 07:32 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-22 11:19 - 2014-12-13 20:05 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-22 11:19 - 2014-05-13 03:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-03-22 11:19 - 2013-12-07 13:16 - 00000000 ____D C:\Users\Mcx1-SIBEL-PC
2016-03-22 11:19 - 2012-03-30 23:52 - 00000000 ____D C:\Users\Sibel
2016-03-22 11:19 - 2010-11-21 03:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-22 11:19 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-03-22 11:19 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Dism
2016-03-22 11:19 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-03-22 11:19 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-03-22 11:18 - 2013-03-15 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-03-22 11:18 - 2013-03-15 20:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-03-22 11:18 - 2013-03-15 20:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-03-22 11:18 - 2012-11-25 18:36 - 00000000 ____D C:\Users\Sibel\AppData\Local\Akamai
2016-03-22 11:18 - 2011-08-14 22:56 - 00000000 ____D C:\ProgramData\Downloaded Installations
2016-03-22 11:18 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2016-03-22 11:18 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\servicing
2016-03-22 11:18 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-03-22 11:15 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2016-03-22 11:13 - 2012-05-06 05:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-22 11:09 - 2013-08-01 15:25 - 00000000 ____D C:\Windows\system32\MRT
2016-03-22 11:02 - 2015-05-10 15:00 - 00000000 ____D C:\Program Files\Bitdefender
2016-03-22 11:02 - 2015-05-10 14:45 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-03-22 11:02 - 2011-08-14 22:24 - 00000000 ____D C:\Program Files\Dell
2016-03-22 11:01 - 2013-04-23 01:30 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-03-22 10:50 - 2012-05-10 21:52 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2779714701-2045862592-1138290410-1001UA.job
2016-03-22 10:34 - 2013-10-20 04:05 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-22 10:28 - 2011-08-14 22:42 - 00000000 ____D C:\ProgramData\Sonic
2016-03-22 10:24 - 2013-04-22 14:56 - 03402154 _____ C:\Windows\ntbtlog.txt
2016-03-22 10:24 - 2012-09-02 21:35 - 998376261 _____ C:\Windows\MEMORY.DMP
2016-03-22 10:24 - 2012-09-02 21:35 - 00000000 ____D C:\Windows\Minidump
2016-03-22 07:48 - 2012-03-30 23:52 - 00120432 _____ C:\Users\Sibel\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-22 07:44 - 2011-08-14 22:10 - 00000000 ____D C:\Users\UpdatusUser
2016-03-22 05:21 - 2015-06-03 16:57 - 00038270 _____ C:\bdlog.txt
2016-03-21 11:36 - 2015-05-10 14:49 - 00000000 ____D C:\ProgramData\Bitdefender
2016-03-20 23:12 - 2009-07-14 00:45 - 00412816 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-20 19:50 - 2012-05-10 21:52 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2779714701-2045862592-1138290410-1001Core.job
2016-03-20 19:11 - 2012-05-13 18:37 - 00000000 ____D C:\Users\Sibel\AppData\Local\Deployment
2016-03-20 18:14 - 2013-05-16 01:00 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-17 17:50 - 2012-05-13 18:42 - 00002380 _____ C:\Users\Sibel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-17 17:50 - 2012-05-13 18:42 - 00002372 _____ C:\Users\Sibel\Desktop\Google Chrome.lnk
2016-03-13 21:07 - 2012-09-22 18:15 - 00000000 ____D C:\Windows\58B194D2ABD74D86BBA4FD27D4ED1BCE.TMP
2016-03-13 16:29 - 2009-07-13 23:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-03-13 16:28 - 2012-08-20 00:20 - 00000000 ___HD C:\ProgramData\CanonIJEGV
2016-03-13 16:17 - 2012-05-06 05:00 - 00000000 ____D C:\Windows\system32\Macromed
2016-03-13 16:14 - 2016-01-15 04:00 - 00000000 ____D C:\Users\Sibel\Desktop\Tor Browser
2016-03-13 16:14 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2016-03-13 16:13 - 2012-04-03 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2016-03-13 16:13 - 2012-04-03 19:06 - 00000000 ____D C:\Program Files\Canon
2016-03-13 16:13 - 2012-04-03 19:03 - 00000000 ___HD C:\Program Files\CanonBJ
2016-03-13 16:12 - 2012-04-03 19:02 - 00000000 ____D C:\Program Files (x86)\Canon
2016-03-12 19:26 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-03-10 15:13 - 2012-05-06 05:00 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-10 15:13 - 2012-05-06 05:00 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-10 15:13 - 2012-05-06 05:00 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-10 14:48 - 2012-05-13 18:38 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2779714701-2045862592-1138290410-1001Core.job
2016-03-10 14:43 - 2012-05-13 18:38 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2779714701-2045862592-1138290410-1001UA
2016-03-10 14:43 - 2012-05-13 18:38 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2779714701-2045862592-1138290410-1001Core
2016-03-10 11:35 - 2012-05-06 05:00 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-03-10 11:35 - 2012-05-06 05:00 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-03-01 21:42 - 2016-01-15 02:36 - 00000000 ____D C:\ProgramData\CanonIJPLM

==================== Files in the root of some directories =======

2015-03-29 19:33 - 2015-03-29 19:33 - 0008680 _____ () C:\Users\Sibel\AppData\Roaming\HELP_DECRYPT.HTML
2015-03-29 19:33 - 2015-03-29 19:33 - 0045925 _____ () C:\Users\Sibel\AppData\Roaming\HELP_DECRYPT.PNG
2015-03-29 19:33 - 2015-03-29 19:33 - 0004280 _____ () C:\Users\Sibel\AppData\Roaming\HELP_DECRYPT.TXT
2015-03-29 19:33 - 2015-03-29 19:33 - 0000300 _____ () C:\Users\Sibel\AppData\Roaming\HELP_DECRYPT.URL
2013-09-25 00:36 - 2013-10-14 13:00 - 0000004 _____ () C:\Users\Sibel\AppData\Roaming\settings.ini
2015-03-29 19:32 - 2015-03-29 19:32 - 0008680 _____ () C:\Users\Sibel\AppData\Roaming\Microsoft\HELP_DECRYPT.HTML
2015-03-29 19:32 - 2015-03-29 19:32 - 0045925 _____ () C:\Users\Sibel\AppData\Roaming\Microsoft\HELP_DECRYPT.PNG
2015-03-29 19:32 - 2015-03-29 19:32 - 0004280 _____ () C:\Users\Sibel\AppData\Roaming\Microsoft\HELP_DECRYPT.TXT
2015-03-29 19:32 - 2015-03-29 19:32 - 0000300 _____ () C:\Users\Sibel\AppData\Roaming\Microsoft\HELP_DECRYPT.URL
2012-08-01 20:09 - 2012-08-19 22:41 - 0011264 _____ () C:\Users\Sibel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-29 19:32 - 2015-03-29 19:32 - 0008680 _____ () C:\Users\Sibel\AppData\Local\HELP_DECRYPT.HTML
2015-03-29 19:32 - 2015-03-29 19:32 - 0045925 _____ () C:\Users\Sibel\AppData\Local\HELP_DECRYPT.PNG
2015-03-29 19:32 - 2015-03-29 19:32 - 0004280 _____ () C:\Users\Sibel\AppData\Local\HELP_DECRYPT.TXT
2015-03-29 19:32 - 2015-03-29 19:32 - 0000300 _____ () C:\Users\Sibel\AppData\Local\HELP_DECRYPT.URL
2012-04-01 01:11 - 2012-04-01 01:11 - 0001808 _____ () C:\Users\Sibel\AppData\Local\PDLSetup.20120401.001153.txt
2012-04-08 09:47 - 2012-04-08 09:48 - 0001824 _____ () C:\Users\Sibel\AppData\Local\PDLSetup.20120408.084757.txt
2012-08-19 21:06 - 2012-08-19 21:06 - 0001824 _____ () C:\Users\Sibel\AppData\Local\PDLSetup.20120819.200609.txt
2012-08-20 00:20 - 2012-08-20 00:20 - 0001824 _____ () C:\Users\Sibel\AppData\Local\PDLSetup.20120819.232015.txt
2012-11-01 14:39 - 2013-09-25 00:41 - 0000600 _____ () C:\Users\Sibel\AppData\Local\PUTTY.RND
2012-09-23 13:42 - 2012-09-24 03:26 - 0007605 _____ () C:\Users\Sibel\AppData\Local\resmon.resmoncfg
2016-03-20 20:00 - 2016-03-20 20:00 - 0303031 _____ () C:\ProgramData\1458518149.bdinstall.bin
2016-03-20 20:00 - 2016-03-20 20:00 - 0049276 _____ () C:\ProgramData\1458518380.bdinstall.bin
2015-03-29 19:02 - 2015-03-29 19:02 - 0008680 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-03-29 19:02 - 2015-03-29 19:02 - 0045925 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-03-29 19:02 - 2015-03-29 19:02 - 0004280 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-03-29 19:02 - 2015-03-29 19:02 - 0000300 _____ () C:\ProgramData\HELP_DECRYPT.URL
2014-12-21 11:55 - 2014-12-21 11:55 - 0000040 _____ () C:\ProgramData\ra3.ini

Files to move or delete:
====================
C:\Users\Sibel\AppData\Roaming\settings.ini

Some files in TEMP:
====================
C:\Users\Sibel\AppData\Local\Temp\jna1010392423814592101.dll
C:\Users\Sibel\AppData\Local\Temp\jna1761117151162066336.dll
C:\Users\Sibel\AppData\Local\Temp\jna2133603914606165721.dll
C:\Users\Sibel\AppData\Local\Temp\jna268985105728047753.dll
C:\Users\Sibel\AppData\Local\Temp\jna2747044835863120723.dll
C:\Users\Sibel\AppData\Local\Temp\jna2761717758769194574.dll
C:\Users\Sibel\AppData\Local\Temp\jna2875306250786463128.dll
C:\Users\Sibel\AppData\Local\Temp\jna303005408799569290.dll
C:\Users\Sibel\AppData\Local\Temp\jna3193011727772435610.dll
C:\Users\Sibel\AppData\Local\Temp\jna3258470005019578000.dll
C:\Users\Sibel\AppData\Local\Temp\jna3501975783581453361.dll
C:\Users\Sibel\AppData\Local\Temp\jna3530376628142575212.dll
C:\Users\Sibel\AppData\Local\Temp\jna3546723906934626863.dll
C:\Users\Sibel\AppData\Local\Temp\jna3638264665272625427.dll
C:\Users\Sibel\AppData\Local\Temp\jna3758268717174400949.dll
C:\Users\Sibel\AppData\Local\Temp\jna3773713049583399091.dll
C:\Users\Sibel\AppData\Local\Temp\jna4054615942627684009.dll
C:\Users\Sibel\AppData\Local\Temp\jna4185738339065714169.dll
C:\Users\Sibel\AppData\Local\Temp\jna4281167734737416485.dll
C:\Users\Sibel\AppData\Local\Temp\jna4576742524579333411.dll
C:\Users\Sibel\AppData\Local\Temp\jna470663297573332075.dll
C:\Users\Sibel\AppData\Local\Temp\jna4937273757276929476.dll
C:\Users\Sibel\AppData\Local\Temp\jna531835982086670441.dll
C:\Users\Sibel\AppData\Local\Temp\jna5541366617004716738.dll
C:\Users\Sibel\AppData\Local\Temp\jna6039997238307017288.dll
C:\Users\Sibel\AppData\Local\Temp\jna619564046314554307.dll
C:\Users\Sibel\AppData\Local\Temp\jna6490525731681466820.dll
C:\Users\Sibel\AppData\Local\Temp\jna6832897827105795399.dll
C:\Users\Sibel\AppData\Local\Temp\jna7187406873860835179.dll
C:\Users\Sibel\AppData\Local\Temp\jna7375080643419982048.dll
C:\Users\Sibel\AppData\Local\Temp\jna756319077332068560.dll
C:\Users\Sibel\AppData\Local\Temp\jna8200269743641149347.dll
C:\Users\Sibel\AppData\Local\Temp\jna8507699221750179551.dll
C:\Users\Sibel\AppData\Local\Temp\jna8986857007962314477.dll
C:\Users\Sibel\AppData\Local\Temp\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
C:\Users\Sibel\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll
C:\Users\Sibel\AppData\Local\Temp\sqlite3.dll
C:\Users\Sibel\AppData\Local\Temp\_is7242.exe
C:\Users\Sibel\AppData\Local\Temp\_isCD9B.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-21 10:03

==================== End of FRST.txt ============================

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:37 PM

Posted 22 March 2016 - 02:45 PM


Please remove the toolbar in bold using the Control Panel > Programs and Features applet.

Internet Explorer Toolbar 4.7 by SweetPacks (HKLM-x32\...\{80F3F10B-A177-4494-93CE-98090D819093}) (Version: 4.7.0008 - SweetIM Technologies Ltd.) <==== ATTENTION
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2779714701-2045862592-1138290410-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\...\Winlogon: [Shell] C:\Windows\EXPLORER.EXE [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...A8F59079A8D5}\localserver32:  <==== ATTENTION
Startup: C:\Users\Sibel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\w32tm.lnk [2014-08-07]
ShortcutTarget: w32tm.lnk -> C:\Users\Sibel\AppData\Roaming\Microsoft\Windows\IEUpdate\w32tm.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
Toolbar: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001 -> No Name - {CCE665DD-F6DD-4808-968E-EAEC971F70EF} -  No File
Toolbar: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF user.js: detected! => C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\user.js [2013-04-16]
FF Extension: No Name - C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [not found]
FF Extension: Lavasoft Search Plugin - C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-04-22] [not signed]
CHR DefaultSearchURL: Default -> hxxp://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={1D90A960-A709-11E2-92D8-AC72893DC628}
CHR Extension: (Updater By SweetPacks) - C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd [2013-04-16]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 AndNetDiag2; system32\DRIVERS\lgandnetdiag264.sys [X]
S3 AndNetGps; system32\DRIVERS\lgandnetgps64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
S3 avc3; system32\DRIVERS\avc3.sys [X]
S3 avckf; system32\DRIVERS\avckf.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
CustomCLSID: HKU\S-1-5-21-2779714701-2045862592-1138290410-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 250 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Sibel\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Sibel\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Sibel\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Sibel\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Sibel\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Sibel\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Sibel\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Sibel\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Sibel\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {9E78E741-E54E-451D-9C3A-72437473E9D3} - System32\Tasks\{13AA541A-4FDD-4A25-BF08-2B7EFA8C1EDD} => pcalua.exe -a C:\Users\Sibel\Downloads\HijackThis.exe -d C:\Users\Sibel\Downloads
C:\Users\Sibel\AppData\Local\Temp\jna1010392423814592101.dll
C:\Users\Sibel\AppData\Local\Temp\jna1761117151162066336.dll
C:\Users\Sibel\AppData\Local\Temp\jna2133603914606165721.dll
C:\Users\Sibel\AppData\Local\Temp\jna268985105728047753.dll
C:\Users\Sibel\AppData\Local\Temp\jna2747044835863120723.dll
C:\Users\Sibel\AppData\Local\Temp\jna2761717758769194574.dll
C:\Users\Sibel\AppData\Local\Temp\jna2875306250786463128.dll
C:\Users\Sibel\AppData\Local\Temp\jna303005408799569290.dll
C:\Users\Sibel\AppData\Local\Temp\jna3193011727772435610.dll
C:\Users\Sibel\AppData\Local\Temp\jna3258470005019578000.dll
C:\Users\Sibel\AppData\Local\Temp\jna3501975783581453361.dll
C:\Users\Sibel\AppData\Local\Temp\jna3530376628142575212.dll
C:\Users\Sibel\AppData\Local\Temp\jna3546723906934626863.dll
C:\Users\Sibel\AppData\Local\Temp\jna3638264665272625427.dll
C:\Users\Sibel\AppData\Local\Temp\jna3758268717174400949.dll
C:\Users\Sibel\AppData\Local\Temp\jna3773713049583399091.dll
C:\Users\Sibel\AppData\Local\Temp\jna4054615942627684009.dll
C:\Users\Sibel\AppData\Local\Temp\jna4185738339065714169.dll
C:\Users\Sibel\AppData\Local\Temp\jna4281167734737416485.dll
C:\Users\Sibel\AppData\Local\Temp\jna4576742524579333411.dll
C:\Users\Sibel\AppData\Local\Temp\jna470663297573332075.dll
C:\Users\Sibel\AppData\Local\Temp\jna4937273757276929476.dll
C:\Users\Sibel\AppData\Local\Temp\jna531835982086670441.dll
C:\Users\Sibel\AppData\Local\Temp\jna5541366617004716738.dll
C:\Users\Sibel\AppData\Local\Temp\jna6039997238307017288.dll
C:\Users\Sibel\AppData\Local\Temp\jna619564046314554307.dll
C:\Users\Sibel\AppData\Local\Temp\jna6490525731681466820.dll
C:\Users\Sibel\AppData\Local\Temp\jna6832897827105795399.dll
C:\Users\Sibel\AppData\Local\Temp\jna7187406873860835179.dll
C:\Users\Sibel\AppData\Local\Temp\jna7375080643419982048.dll
C:\Users\Sibel\AppData\Local\Temp\jna756319077332068560.dll
C:\Users\Sibel\AppData\Local\Temp\jna8200269743641149347.dll
C:\Users\Sibel\AppData\Local\Temp\jna8507699221750179551.dll
C:\Users\Sibel\AppData\Local\Temp\jna8986857007962314477.dll
C:\Users\Sibel\AppData\Local\Temp\_is7242.exe
C:\Users\Sibel\AppData\Local\Temp\_isCD9B.exe
C:\Users\Sibel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\w32tm.lnk
C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features applet.
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java™ 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)

Please let me know what problem persists with this computer.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:37 PM

Posted 28 March 2016 - 07:11 AM

Are you still with me?

#7 psybull12

psybull12
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 28 March 2016 - 08:06 AM

I am still with you. I ran into the problem of too many hands on one key board. And someone updated the computer to wondows 10. Is there any different steps to take?

Edited by psybull12, 28 March 2016 - 09:46 AM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:37 PM

Posted 28 March 2016 - 12:18 PM

The Farbar program can work on Windows 10.

Give it a try.

Post the log for my review.

#9 psybull12

psybull12
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 28 March 2016 - 12:55 PM

Ok sounds good. Im away from the computer till late tomorrow. When i get to it i will run it. Thanks again for your time and support!

#10 psybull12

psybull12
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 29 March 2016 - 07:54 PM

ok here is my log from Fabar on windows 10 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Sibel (administrator) on SIBEL-PC (29-03-2016 20:50:09)
Running from C:\Users\Sibel\Downloads
Loaded Profiles: UpdatusUser & Sibel (Available Profiles: UpdatusUser & Sibel & Mcx1-SIBEL-PC)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Mobile Stream) C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe
(Akamai Technologies, Inc.) C:\Users\Sibel\AppData\Local\Akamai\netsession_win.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe
(Akamai Technologies, Inc.) C:\Users\Sibel\AppData\Local\Akamai\netsession_win.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Motorola Mobility Inc.) C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe
(SAMSUNG Electornics Co., Ltd.) C:\Users\Sibel\AppData\Roaming\VERIZON\UA_ar\UA.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\SBAMSvc.exe
() C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\SBAMTray.exe
(ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\VipreEdgeProtection.exe
(ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\x64\AVCProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Google Inc.) C:\Users\Sibel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sibel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sibel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sibel\AppData\Local\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Sibel\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-07-08] (Alps Electric Co., Ltd.)
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [IntelWireless] => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4500640 2011-03-10] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [OfficeScanNT Monitor] => "c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [AddressBookReminderApp] => C:\Program Files (x86)\Nova Development\Photo Explosion\4.0\ReminderApp.exe [144672 2009-09-04] ()
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [295304 2012-07-05] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542632 2013-01-31] (Lavasoft)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\VIPRE\SBAMTray.exe [3015696 2016-02-29] (ThreatTrack Security Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2779714701-2045862592-1138290410-1000\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2779714701-2045862592-1138290410-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\...\Run: [Google Update] => C:\Users\Sibel\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-12-20] (Google Inc.)
HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\...\Run: [EasyTether] => C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe [48648 2011-05-22] (Mobile Stream)
HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Sibel\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\...\Run: [MotoCast] => C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk [2057 2013-06-29] ()
HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\...\Run: [pdiface] => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe [283608 2013-10-30] (Bitdefender)
HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\...\RunOnce: [Uninstall C:\Users\Sibel\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sibel\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\...\RunOnce: [Uninstall C:\Users\Sibel\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sibel\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\...\MountPoints2: {09c93847-f111-11e5-bdc6-806e6f6e6963} - "D:\AUTORUN.EXE" 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\Sibel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk [2011-08-14]
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\Sibel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2014-09-13]
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Sibel\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
Startup: C:\Users\Sibel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\w32tm.lnk [2014-08-07]
ShortcutTarget: w32tm.lnk -> C:\Users\Sibel\AppData\Roaming\Microsoft\Windows\IEUpdate\w32tm.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{516f8ca5-0db5-4cf7-a3aa-b82de4bf9cb0}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
SearchScopes: HKLM -> {0CABBFA4-7632-40A4-8DDE-7DFC8E4EB133} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = 
SearchScopes: HKLM-x32 -> {0CABBFA4-7632-40A4-8DDE-7DFC8E4EB133} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0CABBFA4-7632-40A4-8DDE-7DFC8E4EB133} URL = 
SearchScopes: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001 -> {1598A773-247F-47BA-A9F6-BCAE4BA3FCAD} URL = hxxp://www.bing.com/search?FORM=UP21DF&PC=UP21&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001 -> {3CA17A0B-5EC3-4478-9085-B069F5B40DB8} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2016-02-29] ()
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-23] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-14] (Sun Microsystems, Inc.)
BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSGN.dll [2016-02-29] ()
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-23] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-14] (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-23] (Google Inc.)
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2016-02-29] ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-23] (Google Inc.)
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll [2016-02-29] ()
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-23] (Google Inc.)
Toolbar: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-23] (Google Inc.)
Toolbar: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001 -> No Name - {CCE665DD-F6DD-4808-968E-EAEC971F70EF} -  No File
Toolbar: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
Toolbar: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001 -> VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2016-02-29] ()
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2016-02-29] ()
Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll [2016-02-29] ()
 
FireFox:
========
FF ProfilePath: C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-24] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-08-14] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-24] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-08-14] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-04-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-04-21] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2779714701-2045862592-1138290410-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Sibel\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2779714701-2045862592-1138290410-1001: @talk.google.com/O1DPlugin -> C:\Users\Sibel\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2779714701-2045862592-1138290410-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Sibel\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2779714701-2045862592-1138290410-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Sibel\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-10] (Google Inc.)
FF user.js: detected! => C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\user.js [2013-04-16]
FF Plugin ProgramFiles/Appdata: C:\Users\Sibel\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Sibel\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: No Name - C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [not found]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-07-27] [not signed]
FF Extension: No Name - C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2016-03-23] [not signed]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-03] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2011-08-14] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-25]
CHR Profile: C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (No Name) - C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd [2013-04-16]
StartMenuInternet: Google Chrome - C:\Users\Sibel\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-12-14] (Intel Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [121144 2013-03-25] (Motorola Mobility LLC)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-05-09] (Electronic Arts)
R2 pdserv; C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe [1445424 2013-11-11] (Bitdefender)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [6602192 2016-02-29] (ThreatTrack Security Inc.)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [373264 2016-02-29] (ThreatTrack Security Inc.)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1042304 2016-03-23] (Enigma Software Group USA, LLC.)
R3 VipreEdgeProtection; C:\Program Files (x86)\VIPRE\VipreEdgeProtection.exe [6816744 2015-10-16] (ThreatTrack Security Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [282000 2015-12-21] (BitDefender)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-03-07] (AVG Technologies)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2016-03-23] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-23] ()
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [40584 2015-08-27] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-29] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [89000 2016-02-29] (ThreatTrack Security Inc.)
S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [63696 2016-02-29] (ThreatTrack Security)
R1 sbwfw; C:\Windows\System32\DRIVERS\sbwfw.sys [345520 2016-02-29] (ThreatTrack Security)
R3 sbwtis; C:\Windows\System32\DRIVERS\sbwtis.sys [95608 2016-02-29] (ThreatTrack Security)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R2 WebExaminer; C:\Windows\system32\Drivers\WebExaminer64.sys [34408 2015-10-16] (ThreatTrack Security Inc.)
U3 idsvc; no ImagePath
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
S1 tmlwf; \SystemRoot\system32\DRIVERS\tmlwf.sys [X]
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-29 20:49 - 2016-03-29 20:49 - 02374144 _____ (Farbar) C:\Users\Sibel\Downloads\FRST64 (1).exe
2016-03-25 11:31 - 2016-03-29 17:43 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\65FD3498.sys
2016-03-24 15:26 - 2016-03-24 15:26 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\0B411A01.sys
2016-03-24 11:11 - 2016-03-24 11:11 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\660E56CF.sys
2016-03-23 22:50 - 2016-03-23 22:51 - 00032319 _____ C:\Users\Sibel\Downloads\Addition.txt
2016-03-23 22:50 - 2016-03-23 22:51 - 00002062 _____ C:\Users\Sibel\Desktop\Rkill.txt
2016-03-23 22:50 - 2016-03-23 22:50 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Sibel\Downloads\rkill.exe
2016-03-23 22:50 - 2016-03-23 22:50 - 01107912 _____ (Bleeping Computer, LLC) C:\Users\Sibel\Downloads\rkill64.exe
2016-03-23 22:46 - 2016-03-23 22:47 - 05658151 _____ (Swearware) C:\Users\Sibel\Downloads\ComboFix.exe
2016-03-23 22:45 - 2016-03-29 20:50 - 00026274 _____ C:\Users\Sibel\Downloads\FRST.txt
2016-03-23 22:45 - 2016-03-23 22:45 - 02374144 _____ (Farbar) C:\Users\Sibel\Downloads\FRST64.exe
2016-03-23 22:31 - 2016-03-23 22:31 - 00003414 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2016-03-23 22:31 - 2016-03-23 22:31 - 00001134 _____ C:\Users\Sibel\Desktop\SpyHunter.lnk
2016-03-23 22:31 - 2016-03-23 22:31 - 00000000 ____D C:\Users\Sibel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2016-03-23 22:31 - 2016-03-23 22:31 - 00000000 ____D C:\Users\Sibel\AppData\Roaming\Enigma Software Group
2016-03-23 22:30 - 2016-03-23 22:30 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-03-23 22:29 - 2016-03-23 22:30 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Sibel\Downloads\SpyHunter-Installer.exe
2016-03-23 22:08 - 2016-03-29 17:47 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FF002419-BE37-4CBC-8901-7B6CB096C79F}
2016-03-23 16:04 - 2016-03-23 13:58 - 00000000 ___DC C:\WINDOWS\Panther
2016-03-23 15:57 - 2016-03-23 15:57 - 00000000 ____D C:\Windows.old
2016-03-23 15:53 - 2016-03-23 15:53 - 24600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-23 15:53 - 2016-03-23 15:53 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 05661696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-23 15:53 - 2016-03-23 15:53 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-23 15:53 - 2016-03-23 15:53 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-03-23 15:53 - 2016-03-23 15:53 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-23 15:53 - 2016-03-23 15:53 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-23 15:53 - 2016-03-23 15:53 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-03-23 15:53 - 2016-03-23 15:53 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-23 15:53 - 2016-03-23 15:53 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-23 15:53 - 2016-03-23 15:53 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-03-23 15:53 - 2016-03-23 15:53 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-03-23 15:53 - 2016-03-23 15:53 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-03-23 15:53 - 2016-03-23 15:53 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-23 15:53 - 2016-03-23 15:53 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-03-23 15:53 - 2016-03-23 15:53 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-03-23 15:53 - 2016-03-23 15:53 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-03-23 15:53 - 2016-03-23 15:53 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-23 15:53 - 2016-03-23 15:53 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-03-23 15:53 - 2016-03-23 15:53 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-03-23 15:53 - 2016-03-23 15:53 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-23 15:53 - 2016-03-23 15:53 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-03-23 15:53 - 2016-03-23 15:53 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-03-23 15:53 - 2016-03-23 15:53 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-03-23 15:53 - 2016-03-23 15:53 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-03-23 15:53 - 2016-03-23 15:53 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-03-23 15:53 - 2016-03-23 15:53 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-03-23 15:53 - 2016-03-23 15:53 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-03-23 15:53 - 2016-03-23 15:53 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-03-23 15:53 - 2016-03-23 15:53 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-03-23 15:53 - 2016-03-23 15:53 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-03-23 15:53 - 2016-03-23 15:53 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-23 15:53 - 2016-03-23 15:53 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-03-23 15:53 - 2016-03-23 15:53 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-03-23 15:53 - 2016-03-23 15:53 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-03-23 15:53 - 2016-03-23 15:53 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-03-23 15:53 - 2016-03-23 15:53 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-23 15:53 - 2016-03-23 15:53 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-03-23 15:53 - 2016-03-23 15:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-23 15:53 - 2016-03-23 15:53 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-03-23 15:53 - 2016-03-23 15:53 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-23 15:53 - 2016-03-23 15:53 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-03-23 15:53 - 2016-03-23 15:53 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-03-23 15:53 - 2016-03-23 15:53 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-23 15:53 - 2016-03-23 15:53 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-03-23 15:53 - 2016-03-23 15:53 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-03-23 15:53 - 2016-03-23 15:53 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-03-23 15:53 - 2016-03-23 15:53 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-03-23 15:53 - 2016-03-23 15:53 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-03-23 15:53 - 2016-03-23 15:53 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-03-23 15:53 - 2016-03-23 15:53 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-03-23 15:53 - 2016-03-23 15:53 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-03-23 15:42 - 2016-03-23 15:42 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-03-23 15:38 - 2012-03-14 09:00 - 00385024 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMAA.DLL
2016-03-23 15:32 - 2016-03-23 15:32 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2016-03-23 15:32 - 2016-03-23 15:32 - 00000000 ____D C:\WINDOWS\system32\msmq
2016-03-23 15:32 - 2016-03-23 15:32 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2016-03-23 15:32 - 2016-03-23 15:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-03-23 15:32 - 2016-03-23 15:32 - 00000000 ____D C:\Program Files\MSBuild
2016-03-23 15:32 - 2016-03-23 15:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-03-23 15:32 - 2016-03-23 15:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-03-23 15:32 - 2016-03-23 15:32 - 00000000 ____D C:\inetpub
2016-03-23 15:30 - 2016-03-23 15:30 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-03-23 15:30 - 2016-03-23 15:30 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-03-23 15:30 - 2016-03-23 15:30 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-03-23 15:30 - 2016-03-23 15:30 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-03-23 15:30 - 2015-10-23 21:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-03-23 15:30 - 2015-10-23 21:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-03-23 15:30 - 2015-10-23 21:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-03-23 15:30 - 2015-10-23 21:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-03-23 15:30 - 2015-10-23 21:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-03-23 15:30 - 2015-10-23 21:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-03-23 14:24 - 2016-03-23 14:24 - 00000000 ____D C:\Users\Sibel\AppData\Local\Comms
2016-03-23 14:12 - 2016-03-23 21:48 - 00000000 ____D C:\Users\Sibel\AppData\Local\Deployment
2016-03-23 14:11 - 2016-03-23 14:11 - 08076992 _____ (Microsoft Corporation) C:\Users\Sibel\Downloads\OneDriveSetup.exe
2016-03-23 14:11 - 2016-03-23 14:11 - 00000000 ____D C:\Users\Sibel\AppData\Local\NetworkTiles
2016-03-23 14:10 - 2016-03-23 22:25 - 00000000 ____D C:\Users\Sibel\AppData\Local\MicrosoftEdge
2016-03-23 14:08 - 2016-03-23 14:08 - 00000000 ____D C:\Users\Sibel\AppData\Local\PeerDistRepub
2016-03-23 14:05 - 2016-03-29 17:44 - 00002409 _____ C:\Users\Sibel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-23 14:05 - 2016-03-29 17:44 - 00000000 ___RD C:\Users\Sibel\OneDrive
2016-03-23 14:00 - 2016-03-23 14:00 - 00000000 ____D C:\Users\Sibel\AppData\Local\ActiveSync
2016-03-23 13:59 - 2016-03-23 13:59 - 00000000 ____D C:\Users\Sibel\AppData\Local\Publishers
2016-03-23 13:57 - 2016-03-23 22:07 - 00000000 ____D C:\Users\Sibel\AppData\Local\Packages
2016-03-23 13:57 - 2016-03-23 13:57 - 00000020 ___SH C:\Users\Sibel\ntuser.ini
2016-03-23 13:57 - 2016-03-23 13:57 - 00000000 ____D C:\Users\Sibel\AppData\Local\TileDataLayer
2016-03-23 12:58 - 2016-03-23 12:58 - 00000000 _SHDL C:\Users\Default\My Documents
2016-03-23 12:58 - 2016-03-23 12:58 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-03-23 12:58 - 2016-03-23 12:58 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-03-23 12:58 - 2016-03-23 12:58 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-03-23 12:58 - 2016-03-23 12:58 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-03-23 12:58 - 2016-03-23 12:58 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-03-23 12:58 - 2016-03-23 12:58 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-03-23 12:55 - 2016-03-23 12:55 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-03-23 12:42 - 2016-03-23 12:42 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2016-03-23 12:34 - 2016-03-23 12:34 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-23 12:34 - 2016-03-23 12:34 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2016-03-23 12:34 - 2016-03-23 12:34 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2016-03-23 12:21 - 2016-03-23 12:21 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2016-03-23 12:17 - 2016-03-29 17:45 - 00000000 ____D C:\Users\UpdatusUser
2016-03-23 12:17 - 2016-03-23 14:05 - 00000000 ____D C:\Users\Sibel
2016-03-23 12:17 - 2016-03-23 12:43 - 00000000 ____D C:\Users\Mcx1-SIBEL-PC
2016-03-23 12:17 - 2016-03-23 12:17 - 00000000 _SHDL C:\Users\UpdatusUser\My Documents
2016-03-23 12:17 - 2016-03-23 12:17 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\My Videos
2016-03-23 12:17 - 2016-03-23 12:17 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\My Pictures
2016-03-23 12:17 - 2016-03-23 12:17 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\My Music
2016-03-23 12:17 - 2016-03-23 12:17 - 00000000 _SHDL C:\Users\Sibel\My Documents
2016-03-23 12:17 - 2016-03-23 12:17 - 00000000 _SHDL C:\Users\Sibel\Documents\My Videos
2016-03-23 12:17 - 2016-03-23 12:17 - 00000000 _SHDL C:\Users\Sibel\Documents\My Pictures
2016-03-23 12:17 - 2016-03-23 12:17 - 00000000 _SHDL C:\Users\Sibel\Documents\My Music
2016-03-23 12:17 - 2016-03-23 12:17 - 00000000 _SHDL C:\Users\Mcx1-SIBEL-PC\My Documents
2016-03-23 12:15 - 2016-03-29 17:46 - 01008220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-23 12:15 - 2016-03-23 12:15 - 00965390 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-03-23 12:11 - 2016-03-29 17:42 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-23 12:11 - 2016-03-23 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2016-03-23 12:11 - 2016-03-23 12:37 - 00000000 ____D C:\WINDOWS\system32\NV
2016-03-23 12:11 - 2016-03-23 12:11 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-03-23 12:11 - 2015-07-22 21:10 - 06873928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-03-23 12:11 - 2015-07-22 21:10 - 03493008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-03-23 12:11 - 2015-07-22 21:10 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-03-23 12:11 - 2015-07-22 21:10 - 01059984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-03-23 12:11 - 2015-07-22 21:10 - 00937800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-03-23 12:11 - 2015-07-22 21:10 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-03-23 12:11 - 2015-07-22 21:10 - 00074896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-03-23 12:11 - 2015-07-22 21:10 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-03-23 12:11 - 2015-07-22 00:29 - 05121613 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-03-23 12:10 - 2016-03-23 12:21 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-03-23 12:10 - 2016-03-23 12:11 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-03-23 12:10 - 2016-03-23 12:10 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2016-03-23 12:10 - 2016-03-23 12:10 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
2016-03-23 12:10 - 2016-03-23 12:10 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Apfiltr_01009.Wdf
2016-03-23 12:10 - 2016-03-23 12:10 - 00000000 ____D C:\Program Files\DellTPad
2016-03-23 12:10 - 2016-03-23 12:10 - 00000000 ____D C:\iBTWU
2016-03-23 12:09 - 2016-03-23 12:09 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2016-03-23 12:09 - 2016-03-23 12:09 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-03-23 12:09 - 2016-03-23 12:09 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2016-03-23 12:09 - 2016-03-23 12:09 - 00000000 ____D C:\Program Files\Realtek
2016-03-23 10:50 - 2016-03-23 12:57 - 00018069 _____ C:\WINDOWS\diagerr.xml
2016-03-23 10:50 - 2016-03-23 12:57 - 00017148 _____ C:\WINDOWS\diagwrn.xml
2016-03-23 10:10 - 2016-03-23 10:10 - 00000000 _____ C:\WINDOWS\system32\SBRC.dat
2016-03-22 12:35 - 2016-03-22 12:35 - 00064243 _____ C:\Users\Sibel\Desktop\Addition.txt
2016-03-22 12:20 - 2016-03-29 20:50 - 00000000 ____D C:\FRST
2016-03-22 12:04 - 2016-03-22 12:11 - 00000000 ____D C:\AdwCleaner
2016-03-22 11:05 - 2016-03-22 11:05 - 00001049 _____ C:\Users\Sibel\Documents\mal.txt
2016-03-22 11:02 - 2016-03-22 11:02 - 00001052 _____ C:\mallog.txt
2016-03-22 10:35 - 2016-03-29 18:24 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-22 10:34 - 2016-03-23 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-22 10:34 - 2016-03-22 10:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-22 10:34 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-22 10:34 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-22 10:34 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-21 22:17 - 2016-03-22 08:36 - 00000000 ____D C:\Users\Sibel\Downloads\backups
2016-03-21 11:48 - 2016-03-22 11:17 - 00000000 ____D C:\Users\Sibel\Downloads\Rescue_2000
2016-03-21 11:47 - 2016-03-21 11:48 - 03612148 _____ C:\Users\Sibel\Downloads\Rescue_2000.zip
2016-03-21 11:36 - 2016-03-21 11:36 - 00000000 ____D C:\Users\Sibel\AppData\Roaming\Bitdefender
2016-03-21 00:47 - 2016-03-21 00:47 - 00000000 ____D C:\Users\Sibel\AppData\Local\IsolatedStorage
2016-03-20 20:10 - 2015-08-27 07:31 - 00040584 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiark.sys
2016-03-20 20:10 - 2013-09-04 14:57 - 00031264 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiutil.sys
2016-03-20 20:04 - 2016-03-29 17:45 - 00003504 _____ C:\WINDOWS\SysWOW64\VipreEdgeProtectionOff.ini
2016-03-20 20:04 - 2016-03-29 17:45 - 00003504 _____ C:\WINDOWS\system32\VipreEdgeProtectionOff.ini
2016-03-20 20:04 - 2015-10-16 10:28 - 00034408 _____ (ThreatTrack Security Inc.) C:\WINDOWS\system32\Drivers\WebExaminer64.sys
2016-03-20 20:02 - 2016-03-23 12:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIPRE
2016-03-20 20:02 - 2016-03-20 20:02 - 00001917 _____ C:\Users\Public\Desktop\VIPRE.lnk
2016-03-20 20:02 - 2016-02-29 14:56 - 00063696 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\sbhips.sys
2016-03-20 20:02 - 2016-02-29 14:56 - 00040976 _____ (ThreatTrack Security Inc.) C:\WINDOWS\system32\sbbd.exe
2016-03-20 20:01 - 2016-03-23 10:10 - 00000000 ____D C:\ProgramData\VIPRE
2016-03-20 20:00 - 2016-03-23 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 60-Second Virus Scanner
2016-03-20 19:54 - 2016-03-29 17:44 - 00000000 ____D C:\Program Files (x86)\VIPRE
2016-03-20 19:54 - 2016-03-22 11:03 - 00000000 ____D C:\Users\Sibel\AppData\Local\VIPRE
2016-03-20 19:54 - 2016-03-21 00:47 - 00000000 ____D C:\Users\Sibel\AppData\Roaming\VIPRE
2016-03-20 19:07 - 2016-03-22 11:45 - 00000000 ____D C:\WINDOWS\system32\MpEngineStore
2016-03-20 18:30 - 2015-07-22 12:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2016-03-20 18:29 - 2015-12-08 14:54 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SETF8B8.tmp
2016-03-20 18:29 - 2015-12-08 14:54 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SETE351.tmp
2016-03-20 18:29 - 2015-12-08 14:54 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SETA7B.tmp
2016-03-20 18:29 - 2015-12-08 14:54 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SET5FAC.tmp
2016-03-20 18:29 - 2015-12-08 14:54 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SET5443.tmp
2016-03-20 18:29 - 2015-12-08 14:54 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SET4ACA.tmp
2016-03-20 18:29 - 2015-12-08 14:54 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SET30D0.tmp
2016-03-20 18:29 - 2015-12-08 14:54 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SET2548.tmp
2016-03-20 18:29 - 2015-12-08 14:54 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SET1C3F.tmp
2016-03-20 18:29 - 2015-12-08 14:54 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SET1B1.tmp
2016-03-20 18:29 - 2015-12-08 14:54 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SET1355.tmp
2016-03-20 18:29 - 2015-12-08 14:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SETF8E9.tmp
2016-03-20 18:29 - 2015-12-08 14:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SETAAC.tmp
2016-03-20 18:29 - 2015-12-08 14:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SET5FED.tmp
2016-03-20 18:29 - 2015-12-08 14:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SET5474.tmp
2016-03-20 18:29 - 2015-12-08 14:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SET4B0A.tmp
2016-03-20 18:29 - 2015-12-08 14:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SET3111.tmp
2016-03-20 18:29 - 2015-12-08 14:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SET2588.tmp
2016-03-20 18:29 - 2015-12-08 14:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SET1F1.tmp
2016-03-20 18:29 - 2015-12-08 14:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SET1C70.tmp
2016-03-20 18:29 - 2015-12-08 14:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SET1396.tmp
2016-03-19 17:04 - 2016-02-12 14:18 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2016-03-19 17:04 - 2015-11-19 10:07 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:07 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:07 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:07 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:07 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:07 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:07 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:07 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:07 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-localization-l1-2-0.dll
2016-03-19 17:04 - 2015-11-19 10:07 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-synch-l1-2-0.dll
2016-03-19 17:04 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-19 17:04 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-file-l2-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-file-l1-2-0.dll
2016-03-19 17:04 - 2015-11-19 10:06 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:06 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:06 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:06 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:06 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:06 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:06 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:06 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:06 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-03-19 17:04 - 2015-11-19 10:06 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-03-19 17:04 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-19 17:04 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-03-19 17:04 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-03-19 17:03 - 2016-02-08 16:01 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmlmedia.dll
2016-03-19 17:03 - 2016-02-08 14:06 - 00968704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.exe
2016-03-19 17:03 - 2016-02-08 13:33 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmlmedia.dll
2016-03-17 20:56 - 2016-03-17 20:56 - 00007476 _____ C:\Users\Sibel\Desktop\transcriptrequestform.pdf
2016-03-17 19:06 - 2016-03-17 19:06 - 00000000 ____D C:\Users\Sibel\AppData\LocalLow\Blue Jeans
2016-03-17 19:05 - 2016-03-17 19:05 - 00002091 _____ C:\Users\Sibel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blue Jeans.lnk
2016-03-17 19:05 - 2016-03-17 19:05 - 00002083 _____ C:\Users\Sibel\Desktop\Blue Jeans.lnk
2016-03-17 19:05 - 2016-03-17 19:05 - 00000000 ____D C:\Users\Sibel\AppData\Local\Blue Jeans
2016-02-29 15:06 - 2016-02-29 15:06 - 00634560 _____ (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) C:\WINDOWS\SysWOW64\XceedZip.dll
2016-02-29 14:56 - 2016-02-29 14:56 - 00345520 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\sbwfw.sys
2016-02-29 14:56 - 2016-02-29 14:56 - 00095608 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\sbwtis.sys
2016-02-29 14:56 - 2016-02-29 14:56 - 00089000 _____ (ThreatTrack Security Inc.) C:\WINDOWS\system32\Drivers\sbapifs.sys
2016-02-29 14:56 - 2016-02-29 14:56 - 00040976 _____ (ThreatTrack Security Inc.) C:\WINDOWS\SysWOW64\sbbd.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-29 20:48 - 2012-05-13 18:38 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2779714701-2045862592-1138290410-1001UA.job
2016-03-29 20:44 - 2012-05-06 05:00 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-29 20:43 - 2012-05-10 21:52 - 00000928 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2779714701-2045862592-1138290410-1001UA.job
2016-03-29 20:43 - 2012-05-10 21:52 - 00000906 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2779714701-2045862592-1138290410-1001Core.job
2016-03-29 20:43 - 2012-05-06 05:00 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-29 17:58 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-29 17:58 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-29 17:46 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-03-29 17:46 - 2013-04-22 14:43 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2016-03-29 17:45 - 2013-06-29 21:22 - 00000000 ____D C:\Users\Sibel\.gstreamer-0.10
2016-03-29 17:45 - 2013-06-29 21:17 - 00000000 ____D C:\Users\Sibel\AppData\Roaming\MotoCast
2016-03-29 17:43 - 2012-05-06 05:00 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-29 17:42 - 2012-05-07 08:07 - 00000000 ____D C:\Temp
2016-03-29 17:41 - 2016-02-13 09:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-29 17:41 - 2012-09-03 06:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-29 17:30 - 2013-05-17 01:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-29 17:30 - 2012-09-03 06:16 - 00001158 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-29 17:30 - 2012-09-03 06:16 - 00001146 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-03-26 13:48 - 2012-05-13 18:38 - 00000856 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2779714701-2045862592-1138290410-1001Core.job
2016-03-25 12:13 - 2013-12-07 13:07 - 00000362 __RSH C:\ProgramData\ntuser.pol
2016-03-25 12:11 - 2015-10-30 02:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-03-24 08:13 - 2012-05-06 05:00 - 00003804 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-03-24 03:09 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\appcompat
2016-03-23 22:58 - 2013-04-16 23:13 - 00002510 _____ C:\WINDOWS\System32\Tasks\{AD6337AB-3306-4702-865E-9889D34C441B}
2016-03-23 22:30 - 2016-01-15 04:07 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-03-23 22:06 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-23 16:04 - 2015-10-30 03:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-03-23 15:56 - 2016-02-13 09:04 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-23 15:56 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-03-23 15:56 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-03-23 15:56 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-23 15:56 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-03-23 15:56 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-23 15:56 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-23 15:56 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-23 15:56 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-23 15:56 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-03-23 15:56 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-03-23 15:32 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2016-03-23 15:32 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-03-23 15:32 - 2015-10-30 03:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2016-03-23 15:32 - 2015-10-30 03:19 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2016-03-23 15:32 - 2015-10-30 03:19 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2016-03-23 15:32 - 2015-10-30 03:19 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2016-03-23 15:32 - 2015-10-30 03:19 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2016-03-23 15:32 - 2015-10-30 03:19 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2016-03-23 15:32 - 2015-10-30 03:19 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2016-03-23 15:32 - 2015-10-30 03:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2016-03-23 15:32 - 2015-10-30 03:19 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2016-03-23 15:32 - 2015-10-30 03:19 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2016-03-23 15:32 - 2015-10-30 03:19 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2016-03-23 15:32 - 2015-10-30 03:19 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2016-03-23 15:32 - 2015-10-30 03:19 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2016-03-23 15:32 - 2015-10-30 03:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2016-03-23 15:32 - 2015-10-30 03:19 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2016-03-23 15:32 - 2015-10-30 03:18 - 01417728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2016-03-23 15:32 - 2015-10-30 03:18 - 00813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2016-03-23 15:32 - 2015-10-30 03:18 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2016-03-23 15:32 - 2015-10-30 03:18 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2016-03-23 15:32 - 2015-10-30 03:18 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2016-03-23 15:32 - 2015-10-30 03:18 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2016-03-23 15:32 - 2015-10-30 03:18 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2016-03-23 15:32 - 2015-10-30 03:18 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2016-03-23 15:32 - 2015-10-30 03:18 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2016-03-23 15:32 - 2015-10-30 03:18 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2016-03-23 15:32 - 2015-10-30 03:18 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2016-03-23 15:32 - 2015-10-30 03:18 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2016-03-23 15:32 - 2015-10-30 03:18 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2016-03-23 15:32 - 2015-10-30 03:18 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2016-03-23 15:32 - 2015-10-30 03:18 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2016-03-23 15:32 - 2015-10-30 03:18 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2016-03-23 15:32 - 2015-10-30 03:18 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2016-03-23 15:32 - 2015-10-30 03:18 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2016-03-23 15:32 - 2015-10-30 03:18 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2016-03-23 15:31 - 2015-10-30 03:19 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2016-03-23 15:31 - 2015-10-30 03:18 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2016-03-23 15:31 - 2015-10-30 03:18 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2016-03-23 14:03 - 2012-05-13 18:42 - 00002499 _____ C:\Users\Sibel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-23 14:03 - 2012-05-13 18:42 - 00002491 _____ C:\Users\Sibel\Desktop\Google Chrome.lnk
2016-03-23 13:57 - 2016-02-13 09:22 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-23 13:09 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Registration
2016-03-23 13:00 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-03-23 12:58 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-03-23 12:56 - 2015-03-08 17:49 - 00004140 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2016-03-23 12:56 - 2015-03-08 17:49 - 00003594 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2016-03-23 12:56 - 2013-06-29 22:28 - 00003404 _____ C:\WINDOWS\System32\Tasks\Motorola Device Manager Initial Update
2016-03-23 12:56 - 2013-05-11 15:39 - 00003280 _____ C:\WINDOWS\System32\Tasks\{13AA541A-4FDD-4A25-BF08-2B7EFA8C1EDD}
2016-03-23 12:56 - 2013-04-16 23:04 - 00003480 _____ C:\WINDOWS\System32\Tasks\{1D3D2C02-B969-4C41-9FB4-0E934EA15165}
2016-03-23 12:56 - 2012-08-11 19:34 - 00003418 _____ C:\WINDOWS\System32\Tasks\{07E31BC4-0C73-49A1-B255-A9D9D11F229D}
2016-03-23 12:56 - 2012-08-06 03:54 - 00003160 _____ C:\WINDOWS\System32\Tasks\{0E7B500D-D4B3-4F96-84B2-28F5DE1B154B}
2016-03-23 12:56 - 2012-05-06 05:00 - 00004004 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-03-23 12:55 - 2015-07-14 16:19 - 00003628 _____ C:\WINDOWS\System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8
2016-03-23 12:55 - 2015-03-08 17:49 - 00003328 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2016-03-23 12:55 - 2013-06-29 22:28 - 00003596 _____ C:\WINDOWS\System32\Tasks\Motorola Device Manager Update
2016-03-23 12:55 - 2013-06-29 22:28 - 00003578 _____ C:\WINDOWS\System32\Tasks\Motorola Device Manager Engine
2016-03-23 12:55 - 2013-06-29 21:22 - 00003560 _____ C:\WINDOWS\System32\Tasks\MotoCast Update
2016-03-23 12:55 - 2013-04-16 23:24 - 00003276 _____ C:\WINDOWS\System32\Tasks\{A0AB1371-C3E3-4A9A-BA30-C1D027B47CF8}
2016-03-23 12:55 - 2012-08-06 03:54 - 00003160 _____ C:\WINDOWS\System32\Tasks\{188484E4-BD49-4F3B-85CC-C73543A7C9BE}
2016-03-23 12:55 - 2012-05-13 18:38 - 00003988 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2779714701-2045862592-1138290410-1001UA
2016-03-23 12:55 - 2012-05-13 18:38 - 00003592 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2779714701-2045862592-1138290410-1001Core
2016-03-23 12:55 - 2012-05-10 21:52 - 00004014 _____ C:\WINDOWS\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2779714701-2045862592-1138290410-1001UA
2016-03-23 12:55 - 2012-05-10 21:52 - 00003646 _____ C:\WINDOWS\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2779714701-2045862592-1138290410-1001Core
2016-03-23 12:55 - 2012-05-06 05:00 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-03-23 12:54 - 2015-10-30 03:24 - 00000000 __RSD C:\WINDOWS\Media
2016-03-23 12:53 - 2015-10-30 03:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-03-23 12:44 - 2012-08-11 22:13 - 00000000 ___RD C:\Users\Sibel\Desktop\super
2016-03-23 12:38 - 2016-02-13 09:12 - 00343328 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-23 12:37 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-03-23 12:37 - 2011-08-14 22:57 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-Hant
2016-03-23 12:37 - 2011-08-14 22:57 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-Hans
2016-03-23 12:37 - 2011-08-14 22:57 - 00000000 ____D C:\WINDOWS\SysWOW64\tr
2016-03-23 12:37 - 2011-08-14 22:57 - 00000000 ____D C:\WINDOWS\SysWOW64\sv
2016-03-23 12:37 - 2011-08-14 22:57 - 00000000 ____D C:\WINDOWS\SysWOW64\ru
2016-03-23 12:37 - 2011-08-14 22:57 - 00000000 ____D C:\WINDOWS\SysWOW64\no
2016-03-23 12:37 - 2011-08-14 22:57 - 00000000 ____D C:\WINDOWS\SysWOW64\nl
2016-03-23 12:37 - 2011-08-14 22:57 - 00000000 ____D C:\WINDOWS\SysWOW64\ko
2016-03-23 12:37 - 2011-08-14 22:57 - 00000000 ____D C:\WINDOWS\SysWOW64\ja
2016-03-23 12:37 - 2011-08-14 22:57 - 00000000 ____D C:\WINDOWS\SysWOW64\it
2016-03-23 12:37 - 2011-08-14 22:57 - 00000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2016-03-23 12:37 - 2011-08-14 22:57 - 00000000 ____D C:\WINDOWS\SysWOW64\fr
2016-03-23 12:37 - 2011-08-14 22:57 - 00000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2016-03-23 12:37 - 2011-08-14 22:57 - 00000000 ____D C:\WINDOWS\SysWOW64\es
2016-03-23 12:37 - 2011-08-14 22:57 - 00000000 ____D C:\WINDOWS\SysWOW64\de
2016-03-23 12:37 - 2011-08-14 22:57 - 00000000 ____D C:\WINDOWS\SysWOW64\da
2016-03-23 12:37 - 2011-08-14 22:57 - 00000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2016-03-23 12:37 - 2011-08-14 22:57 - 00000000 ____D C:\WINDOWS\system32\zh-Hant
2016-03-23 12:37 - 2011-08-14 22:57 - 00000000 ____D C:\WINDOWS\system32\zh-Hans
2016-03-23 12:37 - 2011-08-14 22:57 - 00000000 ____D C:\WINDOWS\system32\tr
2016-03-23 12:37 - 2011-08-14 22:57 - 00000000 ____D C:\WINDOWS\system32\sv
2016-03-23 12:37 - 2011-08-14 22:57 - 00000000 ____D C:\WINDOWS\system32\ru
2016-03-23 12:37 - 2011-08-14 22:57 - 00000000 ____D C:\WINDOWS\system32\no
2016-03-23 12:37 - 2011-08-14 22:57 - 00000000 ____D C:\WINDOWS\system32\nl
2016-03-23 12:37 - 2011-08-14 22:57 - 00000000 ____D C:\WINDOWS\system32\ko
2016-03-23 12:37 - 2011-08-14 22:57 - 00000000 ____D C:\WINDOWS\system32\ja
2016-03-23 12:37 - 2011-08-14 22:57 - 00000000 ____D C:\WINDOWS\system32\it
2016-03-23 12:37 - 2011-08-14 22:57 - 00000000 ____D C:\WINDOWS\system32\gl-ES
2016-03-23 12:37 - 2011-08-14 22:57 - 00000000 ____D C:\WINDOWS\system32\fr
2016-03-23 12:37 - 2011-08-14 22:57 - 00000000 ____D C:\WINDOWS\system32\eu-ES
2016-03-23 12:37 - 2011-08-14 22:57 - 00000000 ____D C:\WINDOWS\system32\es
2016-03-23 12:37 - 2011-08-14 22:57 - 00000000 ____D C:\WINDOWS\system32\de
2016-03-23 12:37 - 2011-08-14 22:57 - 00000000 ____D C:\WINDOWS\system32\da
2016-03-23 12:37 - 2011-08-14 22:57 - 00000000 ____D C:\WINDOWS\system32\ca-ES
2016-03-23 12:36 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-03-23 12:36 - 2015-10-30 02:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-03-23 12:36 - 2015-07-14 15:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asunsoft Android Phone Geeker
2016-03-23 12:36 - 2015-05-09 13:32 - 00000000 ____D C:\Users\Sibel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wizards of the Coast
2016-03-23 12:36 - 2014-12-21 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Command and Conquer 3 Tiberium Wars and Kane's Wrath
2016-03-23 12:36 - 2014-12-21 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Westwood Chat
2016-03-23 12:36 - 2014-12-21 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Command and Conquer Red Alert
2016-03-23 12:36 - 2014-12-21 12:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Command and Conquer Generals and Zero Hour
2016-03-23 12:36 - 2014-12-21 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Command and Conquer Red Alert 3 and Uprising
2016-03-23 12:36 - 2014-12-21 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Westwood Online
2016-03-23 12:36 - 2014-12-21 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Command and Conquer Red Alert 2
2016-03-23 12:36 - 2014-12-21 10:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2016-03-23 12:36 - 2014-09-13 22:51 - 00000000 ____D C:\Users\Sibel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon
2016-03-23 12:36 - 2013-04-23 01:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-03-23 12:36 - 2013-04-16 23:20 - 00000000 ____D C:\Users\Sibel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-03-23 12:36 - 2013-04-16 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II Shareware
2016-03-23 12:36 - 2013-04-16 23:04 - 00000000 ____D C:\Users\Sibel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZeroHour Reborn V4.0 The Rise To Power
2016-03-23 12:36 - 2013-03-15 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-03-23 12:36 - 2012-11-25 18:30 - 00000000 ____D C:\Users\Sibel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2016-03-23 12:36 - 2012-09-23 08:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClockworkMod
2016-03-23 12:36 - 2012-09-22 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapFrog Connect
2016-03-23 12:36 - 2012-09-03 16:01 - 00000000 ____D C:\Users\Sibel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
2016-03-23 12:36 - 2012-06-03 04:17 - 00000000 ____D C:\Users\Sibel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
2016-03-23 12:36 - 2012-04-26 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Explosion
2016-03-23 12:36 - 2012-04-03 19:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series User Registration
2016-03-23 12:36 - 2012-04-03 19:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series Manual
2016-03-23 12:36 - 2012-04-03 19:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series
2016-03-23 12:36 - 2011-08-14 23:06 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2016-03-23 12:36 - 2011-08-14 22:54 - 00000000 ____D C:\WINDOWS\en
2016-03-23 12:36 - 2011-08-14 22:53 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2016-03-23 12:36 - 2011-08-14 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator Starter
2016-03-23 12:36 - 2011-08-14 22:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam
2016-03-23 12:36 - 2011-08-14 22:19 - 00000000 ____D C:\ProgramData\Intel
2016-03-23 12:36 - 2011-08-14 22:14 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-03-23 12:36 - 2011-08-14 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-03-23 12:36 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-23 12:34 - 2009-07-13 23:20 - 00000000 ____D C:\Users\Default.migrated
2016-03-23 12:24 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2016-03-23 12:24 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-03-23 12:24 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-03-23 12:24 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-03-23 12:24 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\IME
2016-03-23 12:24 - 2013-08-01 15:25 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-23 12:22 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\schemas
2016-03-23 12:22 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Resources
2016-03-23 12:22 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-03-23 12:22 - 2013-07-18 01:10 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-03-23 12:22 - 2013-06-29 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Mobility
2016-03-23 12:22 - 2012-08-06 05:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Stream
2016-03-23 12:22 - 2012-04-03 19:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
2016-03-23 12:22 - 2012-04-03 19:04 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2016-03-23 12:22 - 2011-08-14 23:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-03-23 12:22 - 2010-11-21 03:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-03-23 12:21 - 2015-12-22 15:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
2016-03-23 12:21 - 2015-10-30 03:24 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-03-23 12:21 - 2015-10-30 03:24 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-03-23 12:21 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-03-23 12:21 - 2012-04-03 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2016-03-23 12:21 - 2011-08-14 22:32 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2016-03-23 12:21 - 2011-08-14 22:23 - 00000000 ____D C:\Program Files (x86)\Intel Corporation
2016-03-23 12:21 - 2011-08-14 22:19 - 00000000 ____D C:\Program Files\Intel
2016-03-23 12:21 - 2011-08-14 22:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-23 12:21 - 2011-08-14 22:14 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-03-23 12:21 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-03-23 12:20 - 2009-07-13 23:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-03-23 12:19 - 2012-05-07 07:55 - 00000000 ____D C:\Users\Sibel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClockworkMod
2016-03-23 12:14 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-03-23 12:11 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Help
2016-03-23 10:53 - 2009-07-14 00:45 - 00031312 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-23 10:53 - 2009-07-14 00:45 - 00031312 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-23 10:51 - 2016-02-13 10:21 - 00000000 ___HD C:\$WINDOWS.~BT
2016-03-23 04:38 - 2011-08-14 22:33 - 00000032 _____ C:\tmuninst.ini
2016-03-22 13:06 - 2012-08-11 20:30 - 00000000 ____D C:\Users\Sibel\AppData\Local\ElevatedDiagnostics
2016-03-22 11:18 - 2013-03-15 20:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-03-22 11:18 - 2013-03-15 20:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-03-22 11:18 - 2012-11-25 18:36 - 00000000 ____D C:\Users\Sibel\AppData\Local\Akamai
2016-03-22 11:18 - 2011-08-14 22:56 - 00000000 ____D C:\ProgramData\Downloaded Installations
2016-03-22 11:17 - 2015-05-10 14:49 - 00000000 ____D C:\ProgramData\Bitdefender
2016-03-22 11:02 - 2015-05-10 15:00 - 00000000 ____D C:\Program Files\Bitdefender
2016-03-22 11:02 - 2015-05-10 14:45 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-03-22 11:02 - 2011-08-14 22:24 - 00000000 ____D C:\Program Files\Dell
2016-03-22 11:01 - 2013-04-23 01:30 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-03-22 10:34 - 2013-10-20 04:05 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-22 10:28 - 2011-08-14 22:42 - 00000000 ____D C:\ProgramData\Sonic
2016-03-22 10:24 - 2013-04-22 14:56 - 03402154 _____ C:\WINDOWS\ntbtlog.txt
2016-03-22 10:24 - 2012-09-02 21:35 - 998376261 _____ C:\WINDOWS\MEMORY.DMP
2016-03-22 07:48 - 2012-03-30 23:52 - 00120432 _____ C:\Users\Sibel\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-22 05:21 - 2015-06-03 16:57 - 00038270 _____ C:\bdlog.txt
2016-03-20 18:14 - 2013-05-16 01:00 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-13 21:07 - 2012-09-22 18:15 - 00000000 ____D C:\WINDOWS\58B194D2ABD74D86BBA4FD27D4ED1BCE.TMP
2016-03-13 16:28 - 2012-08-20 00:20 - 00000000 ___HD C:\ProgramData\CanonIJEGV
2016-03-13 16:14 - 2016-01-15 04:00 - 00000000 ____D C:\Users\Sibel\Desktop\Tor Browser
2016-03-13 16:13 - 2012-04-03 19:06 - 00000000 ____D C:\Program Files\Canon
2016-03-13 16:13 - 2012-04-03 19:03 - 00000000 ___HD C:\Program Files\CanonBJ
2016-03-13 16:12 - 2012-04-03 19:02 - 00000000 ____D C:\Program Files (x86)\Canon
2016-03-12 19:26 - 2009-07-14 01:09 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2016-03-08 03:12 - 2015-10-30 03:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-08 03:12 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-01 21:42 - 2016-01-15 02:36 - 00000000 ____D C:\ProgramData\CanonIJPLM
 
==================== Files in the root of some directories =======
 
2015-03-29 19:33 - 2015-03-29 19:33 - 0008680 _____ () C:\Users\Sibel\AppData\Roaming\HELP_DECRYPT.HTML
2015-03-29 19:33 - 2015-03-29 19:33 - 0045925 _____ () C:\Users\Sibel\AppData\Roaming\HELP_DECRYPT.PNG
2015-03-29 19:33 - 2015-03-29 19:33 - 0004280 _____ () C:\Users\Sibel\AppData\Roaming\HELP_DECRYPT.TXT
2015-03-29 19:33 - 2015-03-29 19:33 - 0000300 _____ () C:\Users\Sibel\AppData\Roaming\HELP_DECRYPT.URL
2013-09-25 00:36 - 2013-10-14 13:00 - 0000004 _____ () C:\Users\Sibel\AppData\Roaming\settings.ini
2015-03-29 19:32 - 2015-03-29 19:32 - 0008680 _____ () C:\Users\Sibel\AppData\Roaming\Microsoft\HELP_DECRYPT.HTML
2015-03-29 19:32 - 2015-03-29 19:32 - 0045925 _____ () C:\Users\Sibel\AppData\Roaming\Microsoft\HELP_DECRYPT.PNG
2015-03-29 19:32 - 2015-03-29 19:32 - 0004280 _____ () C:\Users\Sibel\AppData\Roaming\Microsoft\HELP_DECRYPT.TXT
2015-03-29 19:32 - 2015-03-29 19:32 - 0000300 _____ () C:\Users\Sibel\AppData\Roaming\Microsoft\HELP_DECRYPT.URL
2012-08-01 20:09 - 2012-08-19 22:41 - 0011264 _____ () C:\Users\Sibel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-29 19:32 - 2015-03-29 19:32 - 0008680 _____ () C:\Users\Sibel\AppData\Local\HELP_DECRYPT.HTML
2015-03-29 19:32 - 2015-03-29 19:32 - 0045925 _____ () C:\Users\Sibel\AppData\Local\HELP_DECRYPT.PNG
2015-03-29 19:32 - 2015-03-29 19:32 - 0004280 _____ () C:\Users\Sibel\AppData\Local\HELP_DECRYPT.TXT
2015-03-29 19:32 - 2015-03-29 19:32 - 0000300 _____ () C:\Users\Sibel\AppData\Local\HELP_DECRYPT.URL
2012-04-01 01:11 - 2012-04-01 01:11 - 0001808 _____ () C:\Users\Sibel\AppData\Local\PDLSetup.20120401.001153.txt
2012-04-08 09:47 - 2012-04-08 09:48 - 0001824 _____ () C:\Users\Sibel\AppData\Local\PDLSetup.20120408.084757.txt
2012-08-19 21:06 - 2012-08-19 21:06 - 0001824 _____ () C:\Users\Sibel\AppData\Local\PDLSetup.20120819.200609.txt
2012-08-20 00:20 - 2012-08-20 00:20 - 0001824 _____ () C:\Users\Sibel\AppData\Local\PDLSetup.20120819.232015.txt
2012-11-01 14:39 - 2013-09-25 00:41 - 0000600 _____ () C:\Users\Sibel\AppData\Local\PUTTY.RND
2012-09-23 13:42 - 2012-09-24 03:26 - 0007605 _____ () C:\Users\Sibel\AppData\Local\resmon.resmoncfg
2015-03-29 19:02 - 2015-03-29 19:02 - 0008680 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-03-29 19:02 - 2015-03-29 19:02 - 0045925 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-03-29 19:02 - 2015-03-29 19:02 - 0004280 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-03-29 19:02 - 2015-03-29 19:02 - 0000300 _____ () C:\ProgramData\HELP_DECRYPT.URL
2014-12-21 11:55 - 2014-12-21 11:55 - 0000040 _____ () C:\ProgramData\ra3.ini
 
Files to move or delete:
====================
C:\Users\Sibel\AppData\Roaming\settings.ini
 
 
Some files in TEMP:
====================
C:\Users\Sibel\AppData\Local\Temp\jna17784133507103298.dll
C:\Users\Sibel\AppData\Local\Temp\jna2047949917723873596.dll
C:\Users\Sibel\AppData\Local\Temp\jna3485783915574429899.dll
C:\Users\Sibel\AppData\Local\Temp\jna5098304455967735626.dll
C:\Users\Sibel\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-23 12:05
 
==================== End of FRST.txt ============================


#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:37 PM

Posted 30 March 2016 - 08:12 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
ShortcutTarget: w32tm.lnk -> C:\Users\Sibel\AppData\Roaming\Microsoft\Windows\IEUpdate\w32tm.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
Toolbar: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001 -> No Name - {CCE665DD-F6DD-4808-968E-EAEC971F70EF} -  No File
Toolbar: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
FF user.js: detected! => C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\user.js [2013-04-16]
FF Extension: No Name - C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [not found]
FF Extension: No Name - C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2016-03-23] [not signed]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-25]
CHR Extension: (No Name) - C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd [2013-04-16]
U3 idsvc; no ImagePath
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
S1 tmlwf; \SystemRoot\system32\DRIVERS\tmlwf.sys [X]
U3 wpcsvc; no ImagePath
C:\Users\Sibel\AppData\Local\Temp\jna17784133507103298.dll
C:\Users\Sibel\AppData\Local\Temp\jna2047949917723873596.dll
C:\Users\Sibel\AppData\Local\Temp\jna3485783915574429899.dll
C:\Users\Sibel\AppData\Local\Temp\jna5098304455967735626.dll
C:\Users\Sibel\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll
C:\Users\Sibel\AppData\Roaming\HELP_DECRYPT.HTML
C:\Users\Sibel\AppData\Roaming\HELP_DECRYPT.PNG
C:\Users\Sibel\AppData\Roaming\HELP_DECRYPT.TXT
C:\Users\Sibel\AppData\Roaming\HELP_DECRYPT.URL
C:\Users\Sibel\AppData\Roaming\Microsoft\HELP_DECRYPT.HTML
C:\Users\Sibel\AppData\Roaming\Microsoft\HELP_DECRYPT.PNG
C:\Users\Sibel\AppData\Roaming\Microsoft\HELP_DECRYPT.TXT
C:\Users\Sibel\AppData\Roaming\Microsoft\HELP_DECRYPT.URL
C:\Users\Sibel\AppData\Local\HELP_DECRYPT.HTML
C:\Users\Sibel\AppData\Local\HELP_DECRYPT.PNG
C:\Users\Sibel\AppData\Local\HELP_DECRYPT.TXT
C:\Users\Sibel\AppData\Local\HELP_DECRYPT.URL
C:\ProgramData\HELP_DECRYPT.HTML
C:\ProgramData\HELP_DECRYPT.PNG
C:\ProgramData\HELP_DECRYPT.TXT
C:\ProgramData\HELP_DECRYPT.URL
C:\WINDOWS\MEMORY.DMP
C:\Windows\Minidump\032216-36270-01.dmp
C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack 
C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#12 psybull12

psybull12
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 30 March 2016 - 08:58 AM

it froze halfway through and my computer reset here is the log let me know if i should run again. thank you 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Sibel (2016-03-30 09:51:14) Run:1
Running from C:\Users\Sibel\Downloads\New folder
Loaded Profiles: UpdatusUser & Sibel (Available Profiles: UpdatusUser & Sibel & Mcx1-SIBEL-PC)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
ShortcutTarget: w32tm.lnk -> C:\Users\Sibel\AppData\Roaming\Microsoft\Windows\IEUpdate\w32tm.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
Toolbar: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001 -> No Name - {CCE665DD-F6DD-4808-968E-EAEC971F70EF} -  No File
Toolbar: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
FF user.js: detected! => C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\user.js [2013-04-16]
FF Extension: No Name - C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [not found]
FF Extension: No Name - C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2016-03-23] [not signed]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-25]
CHR Extension: (No Name) - C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd [2013-04-16]
U3 idsvc; no ImagePath
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
S1 tmlwf; \SystemRoot\system32\DRIVERS\tmlwf.sys [X]
U3 wpcsvc; no ImagePath
C:\Users\Sibel\AppData\Local\Temp\jna17784133507103298.dll
C:\Users\Sibel\AppData\Local\Temp\jna2047949917723873596.dll
C:\Users\Sibel\AppData\Local\Temp\jna3485783915574429899.dll
C:\Users\Sibel\AppData\Local\Temp\jna5098304455967735626.dll
C:\Users\Sibel\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll
C:\Users\Sibel\AppData\Roaming\HELP_DECRYPT.HTML
C:\Users\Sibel\AppData\Roaming\HELP_DECRYPT.PNG
C:\Users\Sibel\AppData\Roaming\HELP_DECRYPT.TXT
C:\Users\Sibel\AppData\Roaming\HELP_DECRYPT.URL
C:\Users\Sibel\AppData\Roaming\Microsoft\HELP_DECRYPT.HTML
C:\Users\Sibel\AppData\Roaming\Microsoft\HELP_DECRYPT.PNG
C:\Users\Sibel\AppData\Roaming\Microsoft\HELP_DECRYPT.TXT
C:\Users\Sibel\AppData\Roaming\Microsoft\HELP_DECRYPT.URL
C:\Users\Sibel\AppData\Local\HELP_DECRYPT.HTML
C:\Users\Sibel\AppData\Local\HELP_DECRYPT.PNG
C:\Users\Sibel\AppData\Local\HELP_DECRYPT.TXT
C:\Users\Sibel\AppData\Local\HELP_DECRYPT.URL
C:\ProgramData\HELP_DECRYPT.HTML
C:\ProgramData\HELP_DECRYPT.PNG
C:\ProgramData\HELP_DECRYPT.TXT
C:\ProgramData\HELP_DECRYPT.URL
C:\WINDOWS\MEMORY.DMP
C:\Windows\Minidump\032216-36270-01.dmp
C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack 
C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
 
End
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
C:\Users\Sibel\AppData\Roaming\Microsoft\Windows\IEUpdate\w32tm.exe => not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\SOFTWARE\Policies\Google" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCE665DD-F6DD-4808-968E-EAEC971F70EF} => value removed successfully
HKCR\CLSID\{CCE665DD-F6DD-4808-968E-EAEC971F70EF} => key not found. 
HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => value removed successfully
HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => key not found. 
HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => value removed successfully
HKCR\CLSID\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => key not found. 
"HKCR\PROTOCOLS\Handler\skype4com" => key removed successfully
HKCR\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => key not found. 
C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\user.js => moved successfully
FF user.js: detected! => C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\user.js [2013-04-16] => not found
C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} => path removed successfully
FF Extension: No Name - C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [not found] => not found
C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack => moved successfully
FF Extension: No Name - C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2016-03-23] [not signed] => not found
C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd => moved successfully
idsvc => service removed successfully
PCDSRVC{3B54B31B-D06B6431-06020200}_0 => service removed successfully
tmlwf => service removed successfully
wpcsvc => service removed successfully
C:\Users\Sibel\AppData\Local\Temp\jna17784133507103298.dll => moved successfully
C:\Users\Sibel\AppData\Local\Temp\jna2047949917723873596.dll => moved successfully
C:\Users\Sibel\AppData\Local\Temp\jna3485783915574429899.dll => moved successfully
C:\Users\Sibel\AppData\Local\Temp\jna5098304455967735626.dll => moved successfully
C:\Users\Sibel\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll => moved successfully
C:\Users\Sibel\AppData\Roaming\HELP_DECRYPT.HTML => moved successfully
C:\Users\Sibel\AppData\Roaming\HELP_DECRYPT.PNG => moved successfully
C:\Users\Sibel\AppData\Roaming\HELP_DECRYPT.TXT => moved successfully
C:\Users\Sibel\AppData\Roaming\HELP_DECRYPT.URL => moved successfully
C:\Users\Sibel\AppData\Roaming\Microsoft\HELP_DECRYPT.HTML => moved successfully
C:\Users\Sibel\AppData\Roaming\Microsoft\HELP_DECRYPT.PNG => moved successfully
C:\Users\Sibel\AppData\Roaming\Microsoft\HELP_DECRYPT.TXT => moved successfully
C:\Users\Sibel\AppData\Roaming\Microsoft\HELP_DECRYPT.URL => moved successfully
C:\Users\Sibel\AppData\Local\HELP_DECRYPT.HTML => moved successfully
C:\Users\Sibel\AppData\Local\HELP_DECRYPT.PNG => moved successfully
C:\Users\Sibel\AppData\Local\HELP_DECRYPT.TXT => moved successfully
C:\Users\Sibel\AppData\Local\HELP_DECRYPT.URL => moved successfully
C:\ProgramData\HELP_DECRYPT.HTML => moved successfully
C:\ProgramData\HELP_DECRYPT.PNG => moved successfully
C:\ProgramData\HELP_DECRYPT.TXT => moved successfully
C:\ProgramData\HELP_DECRYPT.URL => moved successfully
C:\WINDOWS\MEMORY.DMP => moved successfully
"C:\Windows\Minidump\032216-36270-01.dmp" => not found.
"C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack" => not found.
"C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
"C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd" => not found.

Edited by psybull12, 30 March 2016 - 09:12 AM.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:37 PM

Posted 30 March 2016 - 12:52 PM

If you have any problems run the Farbar tool one more time and post a fresh FRST log for my review.

Let me know what the problem is.

#14 psybull12

psybull12
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 30 March 2016 - 01:22 PM

it ran all the way through and restarted on its own here is the results
 
Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Sibel (2016-03-30 14:13:17) Run:2
Running from C:\Users\Sibel\Downloads\New folder
Loaded Profiles: UpdatusUser & Sibel (Available Profiles: UpdatusUser & Sibel & Mcx1-SIBEL-PC)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
ShortcutTarget: w32tm.lnk -> C:\Users\Sibel\AppData\Roaming\Microsoft\Windows\IEUpdate\w32tm.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
Toolbar: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001 -> No Name - {CCE665DD-F6DD-4808-968E-EAEC971F70EF} -  No File
Toolbar: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKU\S-1-5-21-2779714701-2045862592-1138290410-1001 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
FF user.js: detected! => C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\user.js [2013-04-16]
FF Extension: No Name - C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [not found]
FF Extension: No Name - C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2016-03-23] [not signed]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-25]
CHR Extension: (No Name) - C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd [2013-04-16]
U3 idsvc; no ImagePath
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
S1 tmlwf; \SystemRoot\system32\DRIVERS\tmlwf.sys [X]
U3 wpcsvc; no ImagePath
C:\Users\Sibel\AppData\Local\Temp\jna17784133507103298.dll
C:\Users\Sibel\AppData\Local\Temp\jna2047949917723873596.dll
C:\Users\Sibel\AppData\Local\Temp\jna3485783915574429899.dll
C:\Users\Sibel\AppData\Local\Temp\jna5098304455967735626.dll
C:\Users\Sibel\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll
C:\Users\Sibel\AppData\Roaming\HELP_DECRYPT.HTML
C:\Users\Sibel\AppData\Roaming\HELP_DECRYPT.PNG
C:\Users\Sibel\AppData\Roaming\HELP_DECRYPT.TXT
C:\Users\Sibel\AppData\Roaming\HELP_DECRYPT.URL
C:\Users\Sibel\AppData\Roaming\Microsoft\HELP_DECRYPT.HTML
C:\Users\Sibel\AppData\Roaming\Microsoft\HELP_DECRYPT.PNG
C:\Users\Sibel\AppData\Roaming\Microsoft\HELP_DECRYPT.TXT
C:\Users\Sibel\AppData\Roaming\Microsoft\HELP_DECRYPT.URL
C:\Users\Sibel\AppData\Local\HELP_DECRYPT.HTML
C:\Users\Sibel\AppData\Local\HELP_DECRYPT.PNG
C:\Users\Sibel\AppData\Local\HELP_DECRYPT.TXT
C:\Users\Sibel\AppData\Local\HELP_DECRYPT.URL
C:\ProgramData\HELP_DECRYPT.HTML
C:\ProgramData\HELP_DECRYPT.PNG
C:\ProgramData\HELP_DECRYPT.TXT
C:\ProgramData\HELP_DECRYPT.URL
C:\WINDOWS\MEMORY.DMP
C:\Windows\Minidump\032216-36270-01.dmp
C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack 
C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
 
End
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
C:\Users\Sibel\AppData\Roaming\Microsoft\Windows\IEUpdate\w32tm.exe => not found.
HKLM\SOFTWARE\Policies\Google => key not found. 
HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\SOFTWARE\Policies\Google => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCE665DD-F6DD-4808-968E-EAEC971F70EF} => value not found.
HKCR\CLSID\{CCE665DD-F6DD-4808-968E-EAEC971F70EF} => key not found. 
HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => value not found.
HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => key not found. 
HKU\S-1-5-21-2779714701-2045862592-1138290410-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => value not found.
HKCR\CLSID\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => key not found. 
HKCR\PROTOCOLS\Handler\skype4com => key not found. 
HKCR\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => key not found. 
C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\user.js => not found.
FF user.js: detected! => C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\user.js [2013-04-16] => not found
C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} => not found.
FF Extension: No Name - C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [not found] => not found
C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack => not found.
FF Extension: No Name - C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2016-03-23] [not signed] => not found
C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => not found
C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd => not found
idsvc => service not found.
PCDSRVC{3B54B31B-D06B6431-06020200}_0 => service not found.
tmlwf => service not found.
wpcsvc => service not found.
"C:\Users\Sibel\AppData\Local\Temp\jna17784133507103298.dll" => not found.
"C:\Users\Sibel\AppData\Local\Temp\jna2047949917723873596.dll" => not found.
"C:\Users\Sibel\AppData\Local\Temp\jna3485783915574429899.dll" => not found.
"C:\Users\Sibel\AppData\Local\Temp\jna5098304455967735626.dll" => not found.
C:\Users\Sibel\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll => moved successfully
"C:\Users\Sibel\AppData\Roaming\HELP_DECRYPT.HTML" => not found.
"C:\Users\Sibel\AppData\Roaming\HELP_DECRYPT.PNG" => not found.
"C:\Users\Sibel\AppData\Roaming\HELP_DECRYPT.TXT" => not found.
"C:\Users\Sibel\AppData\Roaming\HELP_DECRYPT.URL" => not found.
"C:\Users\Sibel\AppData\Roaming\Microsoft\HELP_DECRYPT.HTML" => not found.
"C:\Users\Sibel\AppData\Roaming\Microsoft\HELP_DECRYPT.PNG" => not found.
"C:\Users\Sibel\AppData\Roaming\Microsoft\HELP_DECRYPT.TXT" => not found.
"C:\Users\Sibel\AppData\Roaming\Microsoft\HELP_DECRYPT.URL" => not found.
"C:\Users\Sibel\AppData\Local\HELP_DECRYPT.HTML" => not found.
"C:\Users\Sibel\AppData\Local\HELP_DECRYPT.PNG" => not found.
"C:\Users\Sibel\AppData\Local\HELP_DECRYPT.TXT" => not found.
"C:\Users\Sibel\AppData\Local\HELP_DECRYPT.URL" => not found.
"C:\ProgramData\HELP_DECRYPT.HTML" => not found.
"C:\ProgramData\HELP_DECRYPT.PNG" => not found.
"C:\ProgramData\HELP_DECRYPT.TXT" => not found.
"C:\ProgramData\HELP_DECRYPT.URL" => not found.
"C:\WINDOWS\MEMORY.DMP" => not found.
"C:\Windows\Minidump\032216-36270-01.dmp" => not found.
"C:\Users\Sibel\AppData\Roaming\Mozilla\Firefox\Profiles\0qa67rfl.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack" => not found.
"C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
"C:\Users\Sibel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd" => not found.
EmptyTemp: => 489.8 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 14:14:31 ====


#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:37 PM

Posted 31 March 2016 - 07:23 AM


The items listed in my fix were deleted.

However we have to look at this.
Error: (0) Failed to create a restore point.

Turn System Restore ON - Windows Help
http://windows.microsoft.com/en-ca/windows/turn-system-restore-on-off#1TC=windows-7

Then create a restore point. Windows 7.
http://windows.microsoft.com/en-ca/windows7/create-a-restore-point
===

If unable to create a restore point execute this scan

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

==

How is the computer running now?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users