Skip to main content

I don't know problem

Comments

70 comments

  • Support
    Hi kenanorhan,



    I start with pasting the content of DDS.txt here, since it then will be a lot easier for me to go trough it. I'll post again when I have gone through the log.



    .

    DDS (Ver_2011-08-26.01) - NTFSAMD64

    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1

    Run by Kenan ve Deniz at 1:18:57 on 2012-07-30

    .

    ============== Running Processes ===============

    .

    .

    ============== Pseudo HJT Report ===============

    .

    uSearch Page = hxxp://www.google.com

    uSearch Bar = Preserve

    uStart Page = hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=HP_ss&mntrId=5611f8ee000000000000000000000030

    uInternet Settings,ProxyOverride = *.local

    uSearchAssistant = hxxp://www.google.com/ie

    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

    mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll

    mURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll

    mWinlogon: Userinit=userinit.exe

    uWindows: Load=C:\Users\Kenan ve Deniz\gpevfww.exe

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll

    BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll

    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

    BHO: Windows Live ID Oturum Açma Yardým Aracý: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

    TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll

    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

    TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll

    TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll

    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

    TB: {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File

    {555d4d79-4bd2-4094-a395-cfc534424a05}

    uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

    uRun: [OscarEditor] "C:\Program Files (x86)\G9 16-in-1\\G9_16-in-1.exe" Minimum

    uRun: [Google Update] "C:\Users\Kenan ve Deniz\AppData\Local\Google\Update\GoogleUpdate.exe" /c

    uRun: [HKCU] C:\Users\Kenan ve Deniz\AppData\Roaming\install\server.exe

    uRun: [audiodg_TR.exe] C:\Users\Kenan ve Deniz\Documents\audiodg_TR.exe

    uRun: [xllhol.exe] "C:\Users\Kenan ve Deniz\AppData\Roaming\xllhol.exe"

    uRun: [gtcllxcfnibemqjscko] C:\Users\Kenan ve Deniz\AppData\Roaming\gtcllxcfnibemqjscko.exe

    uRun: [Java Runtime] C:\Users\Kenan ve Deniz\AppData\Roaming\install\server.exe

    uRun: [Startup Key] C:\Users\KENANV~1\AppData\Local\Temp\name.exe

    uRun: [java.exe] C:\Users\KENANV~1\AppData\Local\Temp\java.exe

    uRun: [Orrirw] C:\Users\Kenan ve Deniz\AppData\Roaming\Orrirw.exe

    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

    mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

    mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

    mRun: [HomePage] C:\Windows\configs.exe

    mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"

    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    mRun: [NUYwRDIxNUNDRjQxNEE4RU] C:\Users\Kenan ve Deniz\certCredKB.exe

    mRun: [NEI3N0NFMzYxQ0MxNUZEME] C:\Users\Kenan ve Deniz\unimfsm.exe

    mRun: [HKLM] C:\Users\Kenan ve Deniz\AppData\Roaming\install\server.exe

    mRun: [AdobeART] C:\Users\Kenan ve Deniz\AppData\Roaming\AdobeART.exe

    mRun: [xllhol.exe] "C:\Users\Kenan ve Deniz\AppData\Roaming\xllhol.exe"

    mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run

    uExplorerRun: [Google] C:\Users\Kenan ve Deniz\AppData\Roaming\4DB1BA.exe

    mExplorerRun: [63726] C:\PROGRA~3\LOCALS~1\Temp\mswartzai.cmd

    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

    uPolicies-system: DisableRegistryTools = 1 (0x1)

    mPolicies-explorer: NoActiveDesktop = 1 (0x1)

    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

    mPolicies-system: EnableLUA = 0 (0x0)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

    DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} - hxxps://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv29.CAB

    TCP: DhcpNameServer = 192.168.1.1

    TCP: Interfaces\{66E038D8-3659-42FE-8B79-20B4A5026A87} : DhcpNameServer = 212.65.128.2 212.65.140.142

    TCP: Interfaces\{6D32B774-FBB3-42D0-9F84-11DD7E168A15} : NameServer = 8.8.8.8,8.8.4.4

    TCP: Interfaces\{6D32B774-FBB3-42D0-9F84-11DD7E168A15} : DhcpNameServer = 192.168.1.1

    TCP: Interfaces\{6E5B96E3-5364-4179-972A-90BA9B474A7F} : DhcpNameServer = 13.35.0.1 13.35.0.2

    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    AppInit_DLLs:

    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

    mASetup: {3GP75X5P-71DT-P72P-8LY7-4074O3MBN7BL} - C:\Users\Kenan ve Deniz\AppData\Roaming\install\server.exe

    Hosts: 88.208.16.168 xhamster.com

    Hosts: 88.208.16.168 www.xhamster.com

    Hosts: 88.208.16.168 static.xhamster.com

    Hosts: 88.208.16.168 premium.xhamster.com

    Hosts: 88.208.16.169 xhamster.com

    .

    Note: multiple HOSTS entries found. Please refer to Attach.txt

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath - C:\Users\Kenan ve Deniz\AppData\Roaming\Mozilla\Firefox\Profiles\me9vxh6d.default\

    FF - prefs.js: browser.search.selectedEngine - Google

    FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=HP_ss&mntrId=5611f8ee000000000000000000000030

    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=KW_ss&mntrId=5611f8ee000000000000000000000030&q=

    FF - prefs.js: network.proxy.type - 0

    FF - component: C:\Users\Kenan ve Deniz\AppData\Roaming\Mozilla\Firefox\Profiles\me9vxh6d.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\components\dtTransparency.dll

    FF - component: C:\Users\Kenan ve Deniz\AppData\Roaming\Mozilla\Firefox\Profiles\me9vxh6d.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

    FF - plugin: C:\Users\Kenan ve Deniz\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll

    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

    .

    ---- FIREFOX POLICIES ----

    FF - user.js: network.cookie.cookieBehavior - 0

    FF - user.js: privacy.clearOnShutdown.cookies - false

    FF - user.js: security.warn_viewing_mixed - false

    FF - user.js: security.warn_viewing_mixed.show_once - false

    FF - user.js: security.warn_submit_insecure - false

    FF - user.js: security.warn_submit_insecure.show_once - false

    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112543&tt=3012_3

    FF - user.js: extensions.BabylonToolbar_i.babExt -

    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=

    FF - user.js: extensions.BabylonToolbar.id - 5611f8ee000000000000000000000030

    FF - user.js: extensions.BabylonToolbar.instlDay - 15549

    FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1

    FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1

    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.14:24:30

    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

    FF - user.js: extensions.BabylonToolbar.aflt - babsst

    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

    FF - user.js: extensions.BabylonToolbar.tlbrId - base

    FF - user.js: extensions.BabylonToolbar.instlRef - sst

    FF - user.js: extensions.BabylonToolbar.dfltLng - en

    FF - user.js: extensions.BabylonToolbar.excTlbr - false

    FF - user.js: extensions.BabylonToolbar.admin - false

    .

    ============= SERVICES / DRIVERS ===============

    .

    .

    =============== Created Last 30 ================

    .

    2012-07-29 22:07:09 79360 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\Orrirw.exe

    2012-07-29 19:33:29 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\{F7105408-CB7A-409A-BC9C-D049858133E1}

    2012-07-29 19:33:17 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\{4A8F921E-5FFD-4BA1-BB73-6F0690923D9C}

    2012-07-29 13:19:28 275968 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\pewpxq.exe

    2012-07-29 12:57:47 245760 --sh--w- C:\Users\Kenan ve Deniz\AppData\Roaming\dkotyu.exe

    2012-07-29 12:26:31 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\adaware

    2012-07-29 12:26:19 60536 ----a-w- C:\Windows\System32\drivers\sbhips.sys

    2012-07-29 12:26:06 119416 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys

    2012-07-29 12:26:05 256632 ----a-w- C:\Windows\System32\drivers\SbFw.sys

    2012-07-29 12:25:21 57976 ----a-w- C:\Windows\System32\drivers\sbredrv.sys

    2012-07-29 12:25:21 45936 ----a-w- C:\Windows\System32\sbbd.exe

    2012-07-29 11:54:04 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Downloaded Installations

    2012-07-29 11:52:44 781824 --sh--w- C:\Users\Kenan ve Deniz\AppData\Roaming\allwnj.exe

    2012-07-29 11:41:05 781824 --sh--w- C:\Users\Kenan ve Deniz\AppData\Roaming\xjeamo.exe

    2012-07-29 00:31:31 32072 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\gtcllxcfnibemqjscko.exe

    2012-07-29 00:31:17 1098240 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\jvcldk.exe

    2012-07-28 15:27:27 96256 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\wpjeqw.exe

    2012-07-28 14:07:05 217600 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\brwcfj.exe

    2012-07-28 06:47:45 94208 ---h--r- C:\Users\Kenan ve Deniz\AppData\Roaming\xllhol.exe

    2012-07-28 06:21:29 874496 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\windowsand.zgy

    2012-07-28 06:21:26 702976 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\proclean.zgy

    2012-07-28 06:21:26 288768 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\vbccvbgfb.zgy

    2012-07-28 05:10:13 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Roaming\install

    2012-07-28 04:27:58 874496 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\rqxkrl.exe

    2012-07-28 04:17:15 123904 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\Microsoft\pdt__wpr_ridwsymbxnopd_kcoc_bsa.exe

    2012-07-28 04:13:49 24064 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\yfybln.exe

    2012-07-28 04:03:31 702976 ------w- C:\Users\Kenan ve Deniz\AppData\Roaming\proclean.exe

    2012-07-28 04:01:37 24064 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\smayfj.exe

    2012-07-28 03:43:54 4879 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\tlyfga.exe

    2012-07-28 03:36:10 4888 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\osbbpq.exe

    2012-07-28 02:53:54 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Roaming\R-TT

    2012-07-28 02:26:06 13330 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\trphnu.exe

    2012-07-28 02:02:42 1132740 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\rnbkwi.exe

    2012-07-28 01:24:44 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Roaming\eType

    2012-07-28 01:14:00 1918320 ----a-w- C:\Windows\System32\drivers\tcpipreset

    2012-07-28 01:13:40 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Opera

    2012-07-28 01:13:40 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Comodo

    2012-07-28 01:13:40 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Bromium

    2012-07-28 01:13:39 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Chromium

    2012-07-28 01:13:37 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Nichrome

    2012-07-28 01:13:33 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Xpom

    2012-07-28 01:04:50 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Roaming\dclogs

    2012-07-28 00:59:39 -------- d-----w- C:\Windows\SysWow64\install

    2012-07-28 00:59:32 573440 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\wxgzab.exe

    2012-07-27 23:27:49 636416 ---h--w- C:\Users\Kenan ve Deniz\AppData\Roaming\sccdlc.exe

    2012-07-27 23:13:24 217600 -c-h--w- C:\Rundll32.exe

    2012-07-26 13:25:36 -------- d-----w- C:\Program Files (x86)\adawaretb

    2012-07-26 13:25:31 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys

    2012-07-26 00:14:28 -------- d-----w- C:\Program Files (x86)\Oracle

    2012-07-11 11:07:46 3148800 ----a-w- C:\Windows\System32\win32k.sys

    2012-07-03 03:12:07 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Geekcorp

    2012-07-01 12:09:26 -------- d-sh--w- C:\Windows\ftpcache

    .

    ==================== Find3M ====================

    .

    2012-07-27 23:49:51 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

    2012-07-27 23:49:51 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

    2012-07-05 19:06:30 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

    2012-07-05 19:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll

    2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

    2012-06-02 12:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

    2012-06-02 12:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

    2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll

    2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

    2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

    .

    ============= FINISH: 1:19:24,24 ===============
    0
  • Support
    Hi again,



    It is really a severe infection. A lot of information is missing from the logs so we need to try some other programs. If a program can't run in normal mode, please restart the computer in safe mode and try again. If still not possible, skip that program and continue with the next one.



    1.

    Save TDSSKiller on the Desktop:

    http://support.kaspersky.com/downloads/utils/tdsskiller.exe



    Turn off all programs.

    Run the program TDSSKiller.



    Click on [b]Start Scan[/b].



    If any [u]malicious[/u] objects are found select [b]Cure [/b]and click [b]Continue[/b]. If [b]Cure [/b]isn't available select [b]Skip[/b]. If any [u]suspicious [/u] objects are found select [b]Skip [/b]Do NOT select Quarantine or Delete.

    The computer might need a restart.



    Paste the content of the TDSSKiller log, which is located in the folder C:\ with the name TDSSKiller followed by version and time, into your answer.



    2.

    Restart the computer.

    Please, download aswMBR to your desktop. http://public.avast.com/~gmerek/aswMBR.exe



    Double click it to start the program.

    Allow it to download extra definitions.

    Click the [b]Scan[/b] button to start the scan.

    When the scan has finished click the [b]Save log[/b] button and save it to your desktop.

    Paste that log too.



    3.

    Restart the computer.

    Please, follow the instructions on http://www.bleepingcomputer.com/combofix/how-to-use-combofix for installing and running ComboFix.



    Read carefully and note the "Disclaimer of warranty"!



    Paste the content of the log into your answer.

    If ComboFix displays a message, for example that a rootkit was found, write it down as detailed as possible.
    0
  • Customer
    02:25:53.0079 2228 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

    02:25:53.0307 2228 ============================================================

    02:25:53.0307 2228 Current date / time: 2012/07/30 02:25:53.0307

    02:25:53.0307 2228 SystemInfo:

    02:25:53.0307 2228

    02:25:53.0307 2228 OS Version: 6.1.7601 ServicePack: 1.0

    02:25:53.0307 2228 Product type: Workstation

    02:25:53.0307 2228 ComputerName: KENANVEDENIZ

    02:25:53.0308 2228 UserName: Kenan ve Deniz

    02:25:53.0308 2228 Windows directory: C:\Windows

    02:25:53.0308 2228 System windows directory: C:\Windows

    02:25:53.0308 2228 Running under WOW64

    02:25:53.0308 2228 Processor architecture: Intel x64

    02:25:53.0308 2228 Number of processors: 4

    02:25:53.0308 2228 Page size: 0x1000

    02:25:53.0308 2228 Boot type: Normal boot

    02:25:53.0308 2228 ============================================================

    02:25:54.0868 2228 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

    02:25:54.0873 2228 ============================================================

    02:25:54.0873 2228 \Device\Harddisk0\DR0:

    02:25:54.0873 2228 MBR partitions:

    02:25:54.0873 2228 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1388000

    02:25:54.0873 2228 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x13BA800, BlocksNum 0x7530000

    02:25:54.0887 2228 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x88EB000, BlocksNum 0x31A9A800

    02:25:54.0887 2228 ============================================================

    02:25:55.0022 2228 C: <-> \Device\Harddisk0\DR0\Partition1

    02:25:55.0192 2228 D: <-> \Device\Harddisk0\DR0\Partition2

    02:25:55.0192 2228 ============================================================

    02:25:55.0192 2228 Initialize success

    02:25:55.0192 2228 ============================================================

    02:25:57.0447 3976 ============================================================

    02:25:57.0447 3976 Scan started

    02:25:57.0447 3976 Mode: Manual;

    02:25:57.0447 3976 ============================================================

    02:26:00.0004 3976 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

    02:26:00.0025 3976 1394ohci - ok

    02:26:00.0096 3976 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

    02:26:00.0124 3976 ACPI - ok

    02:26:00.0170 3976 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

    02:26:00.0215 3976 AcpiPmi - ok

    02:26:00.0379 3976 Ad-Aware Service (09e61047b0cef21559cfcedf4f14d216) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe

    02:26:00.0389 3976 Ad-Aware Service - ok

    02:26:00.0545 3976 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    02:26:00.0548 3976 AdobeFlashPlayerUpdateSvc - ok

    02:26:00.0702 3976 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

    02:26:00.0712 3976 adp94xx - ok

    02:26:00.0754 3976 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

    02:26:00.0780 3976 adpahci - ok

    02:26:00.0842 3976 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

    02:26:00.0849 3976 adpu320 - ok

    02:26:00.0873 3976 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

    02:26:00.0875 3976 AeLookupSvc - ok

    02:26:00.0937 3976 AERTFilters (3ac22a3dfa8a050e35f0e3cd99d0cdf2) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

    02:26:00.0941 3976 AERTFilters - ok

    02:26:01.0013 3976 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

    02:26:01.0026 3976 AFD - ok

    02:26:01.0081 3976 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

    02:26:01.0085 3976 agp440 - ok

    02:26:01.0126 3976 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

    02:26:01.0131 3976 ALG - ok

    02:26:01.0179 3976 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

    02:26:01.0182 3976 aliide - ok

    02:26:01.0228 3976 AMD External Events Utility (16d2883ea6296333435df0c8b7d164b8) C:\Windows\system32\atiesrxx.exe

    02:26:01.0230 3976 AMD External Events Utility - ok

    02:26:01.0235 3976 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

    02:26:01.0238 3976 amdide - ok

    02:26:01.0270 3976 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

    02:26:01.0274 3976 AmdK8 - ok

    02:26:01.0299 3976 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

    02:26:01.0317 3976 AmdPPM - ok

    02:26:01.0371 3976 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

    02:26:01.0377 3976 amdsata - ok

    02:26:01.0410 3976 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

    02:26:01.0416 3976 amdsbs - ok

    02:26:01.0442 3976 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

    02:26:01.0463 3976 amdxata - ok

    02:26:01.0515 3976 ApfiltrService (8b522286c8d6a20133d12225b7759596) C:\Windows\system32\DRIVERS\Apfiltr.sys

    02:26:01.0523 3976 ApfiltrService - ok

    02:26:01.0591 3976 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

    02:26:01.0609 3976 AppID - ok

    02:26:01.0648 3976 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

    02:26:01.0651 3976 AppIDSvc - ok

    02:26:01.0724 3976 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

    02:26:01.0725 3976 Appinfo - ok

    02:26:01.0829 3976 Apple Mobile Device - ok

    02:26:01.0870 3976 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

    02:26:01.0875 3976 arc - ok

    02:26:01.0898 3976 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

    02:26:01.0903 3976 arcsas - ok

    02:26:01.0937 3976 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

    02:26:01.0941 3976 AsyncMac - ok

    02:26:01.0975 3976 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

    02:26:01.0976 3976 atapi - ok

    02:26:02.0024 3976 AtiHdmiService (506934df94e3197f4a1bbe8fbeab0ccd) C:\Windows\system32\drivers\AtiHdmi.sys

    02:26:02.0028 3976 AtiHdmiService - ok

    02:26:02.0357 3976 atikmdag (c9f90fee4fdc829382b9130a92fb744c) C:\Windows\system32\DRIVERS\atikmdag.sys

    02:26:02.0516 3976 atikmdag - ok

    02:26:02.0709 3976 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

    02:26:02.0717 3976 AudioEndpointBuilder - ok

    02:26:02.0727 3976 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

    02:26:02.0733 3976 AudioSrv - ok

    02:26:02.0798 3976 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

    02:26:02.0816 3976 AxInstSV - ok

    02:26:02.0901 3976 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

    02:26:02.0912 3976 b06bdrv - ok

    02:26:02.0967 3976 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

    02:26:02.0986 3976 b57nd60a - ok

    02:26:03.0134 3976 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

    02:26:03.0162 3976 BBSvc - ok

    02:26:03.0197 3976 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys

    02:26:03.0201 3976 BCM42RLY - ok

    02:26:03.0399 3976 BCM43XX (f4cd5f52850bf2c978de178f256ba372) C:\Windows\system32\DRIVERS\bcmwl664.sys

    02:26:03.0416 3976 BCM43XX - ok

    02:26:03.0549 3976 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

    02:26:03.0571 3976 BDESVC - ok

    02:26:03.0636 3976 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

    02:26:03.0639 3976 Beep - ok

    02:26:03.0729 3976 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

    02:26:03.0738 3976 BITS - ok

    02:26:03.0767 3976 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

    02:26:03.0770 3976 blbdrive - ok

    02:26:03.0887 3976 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

    02:26:03.0892 3976 Bonjour Service - ok

    02:26:03.0938 3976 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

    02:26:03.0946 3976 bowser - ok

    02:26:03.0978 3976 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

    02:26:03.0981 3976 BrFiltLo - ok

    02:26:03.0995 3976 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

    02:26:03.0998 3976 BrFiltUp - ok

    02:26:04.0057 3976 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

    02:26:04.0060 3976 Browser - ok

    02:26:04.0100 3976 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

    02:26:04.0107 3976 Brserid - ok

    02:26:04.0123 3976 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

    02:26:04.0139 3976 BrSerWdm - ok

    02:26:04.0178 3976 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

    02:26:04.0181 3976 BrUsbMdm - ok

    02:26:04.0191 3976 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

    02:26:04.0212 3976 BrUsbSer - ok

    02:26:04.0276 3976 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

    02:26:04.0295 3976 BthEnum - ok

    02:26:04.0356 3976 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

    02:26:04.0360 3976 BTHMODEM - ok

    02:26:04.0400 3976 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

    02:26:04.0406 3976 BthPan - ok

    02:26:04.0473 3976 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys

    02:26:04.0485 3976 BTHPORT - ok

    02:26:04.0519 3976 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

    02:26:04.0524 3976 bthserv - ok

    02:26:04.0566 3976 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys

    02:26:04.0570 3976 BTHUSB - ok

    02:26:04.0638 3976 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys

    02:26:04.0643 3976 btwaudio - ok

    02:26:04.0668 3976 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys

    02:26:04.0673 3976 btwavdt - ok

    02:26:04.0798 3976 btwdins (d65aa164acd0f6706dbcfbbcc9731584) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

    02:26:04.0807 3976 btwdins - ok

    02:26:04.0856 3976 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys

    02:26:04.0860 3976 btwl2cap - ok

    02:26:04.0885 3976 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys

    02:26:04.0888 3976 btwrchid - ok

    02:26:04.0911 3976 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

    02:26:04.0930 3976 cdfs - ok

    02:26:04.0991 3976 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

    02:26:05.0039 3976 cdrom - ok

    02:26:05.0118 3976 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

    02:26:05.0121 3976 CertPropSvc - ok

    02:26:05.0173 3976 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

    02:26:05.0177 3976 circlass - ok

    02:26:05.0216 3976 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

    02:26:05.0220 3976 CLFS - ok

    02:26:05.0305 3976 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

    02:26:05.0308 3976 clr_optimization_v2.0.50727_32 - ok

    02:26:05.0352 3976 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

    02:26:05.0355 3976 clr_optimization_v2.0.50727_64 - ok

    02:26:05.0466 3976 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    02:26:05.0487 3976 clr_optimization_v4.0.30319_32 - ok

    02:26:05.0577 3976 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

    02:26:05.0582 3976 clr_optimization_v4.0.30319_64 - ok

    02:26:05.0609 3976 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

    02:26:05.0628 3976 CmBatt - ok

    02:26:05.0657 3976 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

    02:26:05.0660 3976 cmdide - ok

    02:26:05.0719 3976 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

    02:26:05.0724 3976 CNG - ok

    02:26:05.0755 3976 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

    02:26:05.0759 3976 Compbatt - ok

    02:26:05.0797 3976 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

    02:26:05.0801 3976 CompositeBus - ok

    02:26:05.0819 3976 COMSysApp - ok

    02:26:05.0852 3976 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

    02:26:05.0872 3976 crcdisk - ok

    02:26:05.0945 3976 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

    02:26:05.0949 3976 CryptSvc - ok

    02:26:06.0007 3976 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys

    02:26:06.0013 3976 CtClsFlt - ok

    02:26:06.0103 3976 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

    02:26:06.0111 3976 DcomLaunch - ok

    02:26:06.0154 3976 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

    02:26:06.0163 3976 defragsvc - ok

    02:26:06.0223 3976 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

    02:26:06.0228 3976 DfsC - ok

    02:26:06.0295 3976 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

    02:26:06.0298 3976 Dhcp - ok

    02:26:06.0330 3976 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

    02:26:06.0333 3976 discache - ok

    02:26:06.0366 3976 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

    02:26:06.0371 3976 Disk - ok

    02:26:06.0424 3976 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

    02:26:06.0428 3976 Dnscache - ok

    02:26:06.0495 3976 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

    02:26:06.0503 3976 dot3svc - ok

    02:26:06.0567 3976 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

    02:26:06.0573 3976 Dot4 - ok

    02:26:06.0615 3976 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys

    02:26:06.0618 3976 Dot4Print - ok

    02:26:06.0650 3976 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

    02:26:06.0676 3976 dot4usb - ok

    02:26:06.0706 3976 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

    02:26:06.0708 3976 DPS - ok

    02:26:06.0757 3976 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

    02:26:06.0761 3976 drmkaud - ok

    02:26:06.0893 3976 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

    02:26:06.0915 3976 DXGKrnl - ok

    02:26:06.0953 3976 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

    02:26:06.0955 3976 EapHost - ok

    02:26:07.0141 3976 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

    02:26:07.0217 3976 ebdrv - ok

    02:26:07.0325 3976 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

    02:26:07.0327 3976 EFS - ok

    02:26:07.0451 3976 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

    02:26:07.0466 3976 ehRecvr - ok

    02:26:07.0513 3976 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

    02:26:07.0534 3976 ehSched - ok

    02:26:07.0638 3976 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

    02:26:07.0651 3976 elxstor - ok

    02:26:07.0690 3976 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

    02:26:07.0692 3976 ErrDev - ok

    02:26:07.0747 3976 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

    02:26:07.0750 3976 EventSystem - ok

    02:26:07.0781 3976 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

    02:26:07.0808 3976 exfat - ok

    02:26:07.0833 3976 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

    02:26:07.0851 3976 fastfat - ok

    02:26:07.0946 3976 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

    02:26:07.0953 3976 Fax - ok

    02:26:07.0996 3976 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

    02:26:07.0999 3976 fdc - ok

    02:26:08.0030 3976 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

    02:26:08.0032 3976 fdPHost - ok

    02:26:08.0047 3976 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

    02:26:08.0049 3976 FDResPub - ok

    02:26:08.0070 3976 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

    02:26:08.0074 3976 FileInfo - ok

    02:26:08.0100 3976 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

    02:26:08.0104 3976 Filetrace - ok

    02:26:08.0113 3976 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

    02:26:08.0135 3976 flpydisk - ok

    02:26:08.0211 3976 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

    02:26:08.0219 3976 FltMgr - ok

    02:26:08.0310 3976 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

    02:26:08.0325 3976 FontCache - ok

    02:26:08.0405 3976 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

    02:26:08.0408 3976 FontCache3.0.0.0 - ok

    02:26:08.0451 3976 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

    02:26:08.0455 3976 FsDepends - ok

    02:26:08.0509 3976 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys

    02:26:08.0526 3976 fssfltr - ok

    02:26:08.0703 3976 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

    02:26:08.0757 3976 fsssvc - ok

    02:26:08.0888 3976 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

    02:26:08.0911 3976 Fs_Rec - ok

    02:26:08.0992 3976 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

    02:26:09.0000 3976 fvevol - ok

    02:26:09.0041 3976 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

    02:26:09.0045 3976 gagp30kx - ok

    02:26:09.0099 3976 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

    02:26:09.0103 3976 GEARAspiWDM - ok

    02:26:09.0193 3976 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

    02:26:09.0204 3976 gpsvc - ok

    02:26:09.0282 3976 gupdate - ok

    02:26:09.0313 3976 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

    02:26:09.0317 3976 hcw85cir - ok

    02:26:09.0370 3976 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

    02:26:09.0374 3976 HDAudBus - ok

    02:26:09.0428 3976 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

    02:26:09.0432 3976 HECIx64 - ok

    02:26:09.0458 3976 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

    02:26:09.0461 3976 HidBatt - ok

    02:26:09.0479 3976 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

    02:26:09.0483 3976 HidBth - ok

    02:26:09.0532 3976 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

    02:26:09.0535 3976 HidIr - ok

    02:26:09.0565 3976 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

    02:26:09.0567 3976 hidserv - ok

    02:26:09.0622 3976 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

    02:26:09.0625 3976 HidUsb - ok

    02:26:09.0674 3976 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

    02:26:09.0677 3976 hkmsvc - ok

    02:26:09.0739 3976 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

    02:26:09.0741 3976 HomeGroupListener - ok

    02:26:09.0812 3976 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

    02:26:09.0817 3976 HomeGroupProvider - ok

    02:26:09.0867 3976 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

    02:26:09.0899 3976 HpSAMD - ok

    02:26:10.0009 3976 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

    02:26:10.0024 3976 HTTP - ok

    02:26:10.0100 3976 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

    02:26:10.0104 3976 hwpolicy - ok

    02:26:10.0166 3976 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

    02:26:10.0171 3976 i8042prt - ok

    02:26:10.0223 3976 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

    02:26:10.0233 3976 iaStorV - ok

    02:26:10.0352 3976 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

    02:26:10.0382 3976 idsvc - ok

    02:26:10.0438 3976 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

    02:26:10.0442 3976 iirsp - ok

    02:26:10.0579 3976 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

    02:26:10.0588 3976 IKEEXT - ok

    02:26:10.0617 3976 Impcd (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\DRIVERS\Impcd.sys

    02:26:10.0622 3976 Impcd - ok

    02:26:10.0755 3976 IntcAzAudAddService (2a7cf87be453241fe0baa1c8651e7aa4) C:\Windows\system32\drivers\RTKVHD64.sys

    02:26:10.0787 3976 IntcAzAudAddService - ok

    02:26:10.0921 3976 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

    02:26:10.0925 3976 intelide - ok

    02:26:10.0960 3976 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

    02:26:10.0964 3976 intelppm - ok

    02:26:10.0993 3976 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

    02:26:11.0039 3976 IPBusEnum - ok

    02:26:11.0067 3976 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

    02:26:11.0071 3976 IpFilterDriver - ok

    02:26:11.0112 3976 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

    02:26:11.0142 3976 IPMIDRV - ok

    02:26:11.0191 3976 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

    02:26:11.0196 3976 IPNAT - ok

    02:26:11.0372 3976 iPod Service (d38469601b72d2da4f847fc642174e21) C:\Program Files\iPod\bin\iPodService.exe

    02:26:11.0384 3976 iPod Service - ok

    02:26:11.0414 3976 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

    02:26:11.0416 3976 IRENUM - ok

    02:26:11.0449 3976 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

    02:26:11.0452 3976 isapnp - ok

    02:26:11.0497 3976 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

    02:26:11.0503 3976 iScsiPrt - ok

    02:26:11.0530 3976 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

    02:26:11.0534 3976 kbdclass - ok

    02:26:11.0595 3976 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

    02:26:11.0597 3976 kbdhid - ok

    02:26:11.0637 3976 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

    02:26:11.0639 3976 KeyIso - ok

    02:26:11.0682 3976 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

    02:26:11.0682 3976 KSecDD - ok

    02:26:11.0725 3976 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

    02:26:11.0726 3976 KSecPkg - ok

    02:26:11.0763 3976 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

    02:26:11.0804 3976 ksthunk - ok

    02:26:11.0862 3976 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

    02:26:11.0884 3976 KtmRm - ok

    02:26:11.0961 3976 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

    02:26:11.0966 3976 LanmanServer - ok

    02:26:12.0024 3976 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

    02:26:12.0028 3976 LanmanWorkstation - ok

    02:26:12.0094 3976 Lavasoft Kernexplorer - ok

    02:26:12.0132 3976 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys

    02:26:12.0136 3976 Lbd - ok

    02:26:12.0175 3976 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

    02:26:12.0195 3976 lltdio - ok

    02:26:12.0272 3976 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

    02:26:12.0277 3976 lltdsvc - ok

    02:26:12.0295 3976 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

    02:26:12.0297 3976 lmhosts - ok

    02:26:12.0323 3976 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

    02:26:12.0358 3976 LSI_FC - ok

    02:26:12.0388 3976 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

    02:26:12.0393 3976 LSI_SAS - ok

    02:26:12.0408 3976 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

    02:26:12.0412 3976 LSI_SAS2 - ok

    02:26:12.0450 3976 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

    02:26:12.0491 3976 LSI_SCSI - ok

    02:26:12.0521 3976 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

    02:26:12.0526 3976 luafv - ok

    02:26:12.0580 3976 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

    02:26:12.0585 3976 Mcx2Svc - ok

    02:26:12.0636 3976 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

    02:26:12.0639 3976 megasas - ok

    02:26:12.0683 3976 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

    02:26:12.0691 3976 MegaSR - ok

    02:26:12.0813 3976 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe

    02:26:12.0818 3976 Microsoft Office Groove Audit Service - ok

    02:26:12.0867 3976 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

    02:26:12.0870 3976 MMCSS - ok

    02:26:12.0901 3976 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

    02:26:12.0904 3976 Modem - ok

    02:26:12.0935 3976 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

    02:26:12.0938 3976 monitor - ok

    02:26:12.0978 3976 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

    02:26:12.0983 3976 mouclass - ok

    02:26:13.0016 3976 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

    02:26:13.0020 3976 mouhid - ok

    02:26:13.0083 3976 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

    02:26:13.0088 3976 mountmgr - ok

    02:26:13.0150 3976 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

    02:26:13.0155 3976 MozillaMaintenance - ok

    02:26:13.0195 3976 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

    02:26:13.0217 3976 mpio - ok

    02:26:13.0254 3976 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

    02:26:13.0258 3976 mpsdrv - ok

    02:26:13.0309 3976 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

    02:26:13.0314 3976 MRxDAV - ok

    02:26:13.0359 3976 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

    02:26:13.0365 3976 mrxsmb - ok

    02:26:13.0417 3976 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

    02:26:13.0425 3976 mrxsmb10 - ok

    02:26:13.0468 3976 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

    02:26:13.0473 3976 mrxsmb20 - ok

    02:26:13.0500 3976 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

    02:26:13.0514 3976 msahci - ok

    02:26:13.0551 3976 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

    02:26:13.0567 3976 msdsm - ok

    02:26:13.0603 3976 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

    02:26:13.0610 3976 MSDTC - ok

    02:26:13.0649 3976 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

    02:26:13.0653 3976 Msfs - ok

    02:26:13.0672 3976 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

    02:26:13.0676 3976 mshidkmdf - ok

    02:26:13.0719 3976 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

    02:26:13.0722 3976 msisadrv - ok

    02:26:13.0763 3976 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

    02:26:13.0783 3976 MSiSCSI - ok

    02:26:13.0788 3976 msiserver - ok

    02:26:13.0827 3976 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

    02:26:13.0830 3976 MSKSSRV - ok

    02:26:13.0872 3976 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

    02:26:13.0874 3976 MSPCLOCK - ok

    02:26:13.0890 3976 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

    02:26:13.0912 3976 MSPQM - ok

    02:26:13.0989 3976 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

    02:26:13.0999 3976 MsRPC - ok

    02:26:14.0035 3976 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

    02:26:14.0038 3976 mssmbios - ok

    02:26:14.0077 3976 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

    02:26:14.0081 3976 MSTEE - ok

    02:26:14.0118 3976 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

    02:26:14.0121 3976 MTConfig - ok

    02:26:14.0145 3976 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

    02:26:14.0160 3976 Mup - ok

    02:26:14.0247 3976 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

    02:26:14.0255 3976 napagent - ok

    02:26:14.0316 3976 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

    02:26:14.0326 3976 NativeWifiP - ok

    02:26:14.0442 3976 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

    02:26:14.0478 3976 NDIS - ok

    02:26:14.0515 3976 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

    02:26:14.0519 3976 NdisCap - ok

    02:26:14.0550 3976 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

    02:26:14.0554 3976 NdisTapi - ok

    02:26:14.0620 3976 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

    02:26:14.0624 3976 Ndisuio - ok

    02:26:14.0672 3976 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

    02:26:14.0677 3976 NdisWan - ok

    02:26:14.0722 3976 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

    02:26:14.0726 3976 NDProxy - ok

    02:26:14.0803 3976 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll

    02:26:14.0806 3976 Net Driver HPZ12 - ok

    02:26:14.0841 3976 Netaapl (307bc83250fc8e3b2878d81e7d760299) C:\Windows\system32\DRIVERS\netaapl64.sys

    02:26:14.0844 3976 Netaapl - ok

    02:26:14.0875 3976 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

    02:26:14.0879 3976 NetBIOS - ok

    02:26:14.0952 3976 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

    02:26:14.0973 3976 NetBT - ok

    02:26:14.0993 3976 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

    02:26:14.0995 3976 Netlogon - ok

    02:26:15.0043 3976 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

    02:26:15.0047 3976 Netman - ok

    02:26:15.0113 3976 NetMsmqActivator (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

    02:26:15.0127 3976 NetMsmqActivator - ok

    02:26:15.0147 3976 NetPipeActivator (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

    02:26:15.0149 3976 NetPipeActivator - ok

    02:26:15.0199 3976 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

    02:26:15.0204 3976 netprofm - ok

    02:26:15.0209 3976 NetTcpActivator (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

    02:26:15.0211 3976 NetTcpActivator - ok

    02:26:15.0217 3976 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

    02:26:15.0218 3976 NetTcpPortSharing - ok

    02:26:15.0270 3976 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

    02:26:15.0274 3976 nfrd960 - ok

    02:26:15.0379 3976 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

    02:26:15.0384 3976 NlaSvc - ok

    02:26:15.0397 3976 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

    02:26:15.0401 3976 Npfs - ok

    02:26:15.0428 3976 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

    02:26:15.0429 3976 nsi - ok

    02:26:15.0453 3976 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

    02:26:15.0456 3976 nsiproxy - ok

    02:26:15.0576 3976 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

    02:26:15.0603 3976 Ntfs - ok

    02:26:15.0737 3976 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

    02:26:15.0741 3976 Null - ok

    02:26:15.0789 3976 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

    02:26:15.0794 3976 nvraid - ok

    02:26:15.0826 3976 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

    02:26:15.0831 3976 nvstor - ok

    02:26:16.0163 3976 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

    02:26:16.0168 3976 nv_agp - ok

    02:26:16.0301 3976 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

    02:26:16.0311 3976 odserv - ok

    02:26:16.0343 3976 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

    02:26:16.0380 3976 ohci1394 - ok

    02:26:16.0455 3976 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

    02:26:16.0460 3976 ose - ok

    02:26:16.0540 3976 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

    02:26:16.0550 3976 p2pimsvc - ok

    02:26:16.0581 3976 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

    02:26:16.0629 3976 p2psvc - ok

    02:26:16.0683 3976 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

    02:26:16.0701 3976 Parport - ok

    02:26:16.0753 3976 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

    02:26:16.0777 3976 partmgr - ok

    02:26:16.0812 3976 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

    02:26:16.0816 3976 PcaSvc - ok

    02:26:16.0859 3976 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

    02:26:16.0865 3976 pci - ok

    02:26:16.0886 3976 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

    02:26:16.0888 3976 pciide - ok

    02:26:16.0947 3976 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

    02:26:16.0972 3976 pcmcia - ok

    02:26:16.0993 3976 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

    02:26:16.0997 3976 pcw - ok

    02:26:17.0048 3976 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

    02:26:17.0063 3976 PEAUTH - ok

    02:26:17.0135 3976 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

    02:26:17.0139 3976 PerfHost - ok

    02:26:17.0269 3976 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

    02:26:17.0310 3976 pla - ok

    02:26:17.0373 3976 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

    02:26:17.0381 3976 PlugPlay - ok

    02:26:17.0456 3976 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll

    02:26:17.0461 3976 Pml Driver HPZ12 - ok

    02:26:17.0492 3976 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

    02:26:17.0497 3976 PNRPAutoReg - ok

    02:26:17.0539 3976 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

    02:26:17.0544 3976 PNRPsvc - ok

    02:26:17.0622 3976 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

    02:26:17.0635 3976 PolicyAgent - ok

    02:26:17.0686 3976 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

    02:26:17.0691 3976 Power - ok

    02:26:17.0780 3976 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

    02:26:17.0785 3976 PptpMiniport - ok

    02:26:17.0821 3976 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

    02:26:17.0825 3976 Processor - ok

    02:26:17.0885 3976 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

    02:26:17.0888 3976 ProfSvc - ok

    02:26:17.0926 3976 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

    02:26:17.0928 3976 ProtectedStorage - ok

    02:26:17.0986 3976 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

    02:26:18.0003 3976 Psched - ok

    02:26:18.0045 3976 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

    02:26:18.0049 3976 PxHlpa64 - ok

    02:26:18.0133 3976 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

    02:26:18.0179 3976 ql2300 - ok

    02:26:18.0306 3976 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

    02:26:18.0311 3976 ql40xx - ok

    02:26:18.0355 3976 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

    02:26:18.0364 3976 QWAVE - ok

    02:26:18.0383 3976 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

    02:26:18.0395 3976 QWAVEdrv - ok

    02:26:18.0429 3976 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

    02:26:18.0432 3976 RasAcd - ok

    02:26:18.0477 3976 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

    02:26:18.0499 3976 RasAgileVpn - ok

    02:26:18.0542 3976 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

    02:26:18.0548 3976 RasAuto - ok

    02:26:18.0622 3976 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

    02:26:18.0627 3976 Rasl2tp - ok

    02:26:18.0700 3976 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

    02:26:18.0711 3976 RasMan - ok

    02:26:18.0751 3976 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

    02:26:18.0757 3976 RasPppoe - ok

    02:26:18.0765 3976 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

    02:26:18.0769 3976 RasSstp - ok

    02:26:18.0832 3976 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

    02:26:18.0840 3976 rdbss - ok

    02:26:18.0867 3976 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

    02:26:18.0870 3976 rdpbus - ok

    02:26:18.0889 3976 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

    02:26:18.0892 3976 RDPCDD - ok

    02:26:18.0917 3976 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

    02:26:18.0920 3976 RDPENCDD - ok

    02:26:18.0936 3976 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

    02:26:18.0938 3976 RDPREFMP - ok

    02:26:18.0979 3976 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

    02:26:18.0986 3976 RDPWD - ok

    02:26:19.0070 3976 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

    02:26:19.0090 3976 rdyboost - ok

    02:26:19.0148 3976 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

    02:26:19.0195 3976 RemoteAccess - ok

    02:26:19.0242 3976 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

    02:26:19.0250 3976 RemoteRegistry - ok

    02:26:19.0303 3976 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

    02:26:19.0327 3976 RFCOMM - ok

    02:26:19.0373 3976 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

    02:26:19.0377 3976 RpcEptMapper - ok

    02:26:19.0411 3976 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

    02:26:19.0414 3976 RpcLocator - ok

    02:26:19.0504 3976 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

    02:26:19.0510 3976 RpcSs - ok

    02:26:19.0549 3976 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

    02:26:19.0554 3976 rspndr - ok

    02:26:19.0608 3976 RSUSBSTOR (502b316947ea887cddd325d4745eb7d0) C:\Windows\system32\Drivers\RtsUStor.sys

    02:26:19.0615 3976 RSUSBSTOR - ok

    02:26:19.0658 3976 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys

    02:26:19.0665 3976 RTL8167 - ok

    02:26:19.0694 3976 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

    02:26:19.0696 3976 SamSs - ok

    02:26:20.0038 3976 SBAMSvc (bce943896289a91ad75cc5652620b1c6) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe

    02:26:20.0087 3976 SBAMSvc - ok

    02:26:20.0255 3976 sbapifs (6e342316e72f4b6fa39c99e06373a1a3) C:\Windows\system32\DRIVERS\sbapifs.sys

    02:26:20.0259 3976 sbapifs - ok

    02:26:20.0338 3976 SbFw (19954328dda3d656f8a879b3a46ffed6) C:\Windows\system32\drivers\SbFw.sys

    02:26:20.0347 3976 SbFw - ok

    02:26:20.0391 3976 SBFWIMCL (513b3bfcd3c465b9820c2d05fa94e630) C:\Windows\system32\DRIVERS\sbfwim.sys

    02:26:20.0397 3976 SBFWIMCL - ok

    02:26:20.0412 3976 SBFWIMCLMP (513b3bfcd3c465b9820c2d05fa94e630) C:\Windows\system32\DRIVERS\SBFWIM.sys

    02:26:20.0414 3976 SBFWIMCLMP - ok

    02:26:20.0466 3976 sbhips (b671eef468d13016b9286f5835a06ae1) C:\Windows\system32\drivers\sbhips.sys

    02:26:20.0475 3976 sbhips - ok

    02:26:20.0519 3976 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

    02:26:20.0524 3976 sbp2port - ok

    02:26:20.0602 3976 SBRE (9aceb2a2362fc87a3825963e61ba9076) C:\Windows\system32\drivers\SBREdrv.sys

    02:26:20.0607 3976 SBRE - ok

    02:26:20.0672 3976 sbwtis (eab54adcceca64b2f38cd859fb494895) C:\Windows\system32\DRIVERS\sbwtis.sys

    02:26:20.0677 3976 sbwtis - ok

    02:26:20.0716 3976 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

    02:26:20.0734 3976 SCardSvr - ok

    02:26:20.0760 3976 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

    02:26:20.0763 3976 scfilter - ok

    02:26:20.0864 3976 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

    02:26:20.0872 3976 Schedule - ok

    02:26:20.0942 3976 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

    02:26:20.0943 3976 SCPolicySvc - ok

    02:26:20.0966 3976 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

    02:26:20.0969 3976 SDRSVC - ok

    02:26:21.0127 3976 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

    02:26:21.0129 3976 SeaPort - ok

    02:26:21.0230 3976 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

    02:26:21.0234 3976 secdrv - ok

    02:26:21.0279 3976 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

    02:26:21.0314 3976 seclogon - ok

    02:26:21.0353 3976 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

    02:26:21.0356 3976 SENS - ok

    02:26:21.0393 3976 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

    02:26:21.0414 3976 SensrSvc - ok

    02:26:21.0445 3976 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

    02:26:21.0448 3976 Serenum - ok

    02:26:21.0491 3976 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

    02:26:21.0495 3976 Serial - ok

    02:26:21.0530 3976 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

    02:26:21.0534 3976 sermouse - ok

    02:26:21.0601 3976 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

    02:26:21.0605 3976 SessionEnv - ok

    02:26:21.0643 3976 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

    02:26:21.0645 3976 sffdisk - ok

    02:26:21.0658 3976 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

    02:26:21.0673 3976 sffp_mmc - ok

    02:26:21.0690 3976 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

    02:26:21.0729 3976 sffp_sd - ok

    02:26:21.0779 3976 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

    02:26:21.0797 3976 sfloppy - ok

    02:26:21.0852 3976 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

    02:26:21.0855 3976 ShellHWDetection - ok

    02:26:21.0892 3976 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

    02:26:21.0894 3976 SiSRaid2 - ok

    02:26:21.0911 3976 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

    02:26:21.0915 3976 SiSRaid4 - ok

    02:26:21.0928 3976 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

    02:26:21.0932 3976 Smb - ok

    02:26:21.0978 3976 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

    02:26:21.0981 3976 SNMPTRAP - ok

    02:26:22.0006 3976 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

    02:26:22.0040 3976 spldr - ok

    02:26:22.0085 3976 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

    02:26:22.0090 3976 Spooler - ok

    02:26:22.0266 3976 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

    02:26:22.0286 3976 sppsvc - ok

    02:26:22.0376 3976 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

    02:26:22.0380 3976 sppuinotify - ok

    02:26:22.0452 3976 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

    02:26:22.0460 3976 srv - ok

    02:26:22.0493 3976 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

    02:26:22.0501 3976 srv2 - ok

    02:26:22.0542 3976 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

    02:26:22.0585 3976 srvnet - ok

    02:26:22.0656 3976 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

    02:26:22.0659 3976 SSDPSRV - ok

    02:26:22.0684 3976 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

    02:26:22.0688 3976 SstpSvc - ok

    02:26:22.0743 3976 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

    02:26:22.0748 3976 stexstor - ok

    02:26:22.0807 3976 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

    02:26:22.0812 3976 stisvc - ok

    02:26:22.0842 3976 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

    02:26:22.0845 3976 swenum - ok

    02:26:22.0883 3976 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

    02:26:22.0893 3976 swprv - ok

    02:26:23.0008 3976 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

    02:26:23.0026 3976 SysMain - ok

    02:26:23.0151 3976 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

    02:26:23.0157 3976 TabletInputService - ok

    02:26:23.0202 3976 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

    02:26:23.0216 3976 TapiSrv - ok

    02:26:23.0248 3976 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

    02:26:23.0252 3976 TBS - ok

    02:26:23.0415 3976 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

    02:26:23.0448 3976 Tcpip - ok

    02:26:23.0683 3976 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

    02:26:23.0694 3976 TCPIP6 - ok

    02:26:23.0820 3976 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

    02:26:23.0824 3976 tcpipreg - ok

    02:26:23.0852 3976 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

    02:26:23.0868 3976 TDPIPE - ok

    02:26:23.0892 3976 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

    02:26:23.0896 3976 TDTCP - ok

    02:26:23.0994 3976 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

    02:26:24.0000 3976 tdx - ok

    02:26:24.0039 3976 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

    02:26:24.0043 3976 TermDD - ok

    02:26:24.0133 3976 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

    02:26:24.0140 3976 TermService - ok

    02:26:24.0171 3976 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

    02:26:24.0173 3976 Themes - ok

    02:26:24.0199 3976 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

    02:26:24.0200 3976 THREADORDER - ok

    02:26:24.0237 3976 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

    02:26:24.0239 3976 TrkWks - ok

    02:26:24.0309 3976 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

    02:26:24.0311 3976 TrustedInstaller - ok

    02:26:24.0364 3976 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

    02:26:24.0368 3976 tssecsrv - ok

    02:26:24.0458 3976 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

    02:26:24.0462 3976 TsUsbFlt - ok

    02:26:24.0520 3976 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

    02:26:24.0525 3976 tunnel - ok

    02:26:24.0555 3976 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

    02:26:24.0560 3976 uagp35 - ok

    02:26:24.0614 3976 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

    02:26:24.0631 3976 udfs - ok

    02:26:24.0673 3976 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

    02:26:24.0679 3976 UI0Detect - ok

    02:26:24.0725 3976 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

    02:26:24.0729 3976 uliagpkx - ok

    02:26:24.0777 3976 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

    02:26:24.0782 3976 umbus - ok

    02:26:24.0807 3976 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

    02:26:24.0811 3976 UmPass - ok

    02:26:24.0865 3976 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

    02:26:24.0877 3976 upnphost - ok

    02:26:24.0918 3976 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

    02:26:24.0923 3976 USBAAPL64 - ok

    02:26:24.0982 3976 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

    02:26:24.0987 3976 usbaudio - ok

    02:26:25.0020 3976 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

    02:26:25.0024 3976 usbccgp - ok

    02:26:25.0083 3976 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

    02:26:25.0088 3976 usbcir - ok

    02:26:25.0111 3976 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

    02:26:25.0134 3976 usbehci - ok

    02:26:25.0196 3976 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

    02:26:25.0223 3976 usbhub - ok

    02:26:25.0254 3976 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

    02:26:25.0257 3976 usbohci - ok

    02:26:25.0303 3976 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

    02:26:25.0306 3976 usbprint - ok

    02:26:25.0340 3976 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

    02:26:25.0344 3976 usbscan - ok

    02:26:25.0420 3976 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys

    02:26:25.0423 3976 usbser - ok

    02:26:25.0451 3976 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

    02:26:25.0455 3976 USBSTOR - ok

    02:26:25.0470 3976 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

    02:26:25.0473 3976 usbuhci - ok

    02:26:25.0533 3976 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

    02:26:25.0550 3976 usbvideo - ok

    02:26:25.0582 3976 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

    02:26:25.0585 3976 UxSms - ok

    02:26:25.0627 3976 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

    02:26:25.0629 3976 VaultSvc - ok

    02:26:25.0682 3976 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

    02:26:25.0686 3976 vdrvroot - ok

    02:26:25.0756 3976 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

    02:26:25.0779 3976 vds - ok

    02:26:25.0839 3976 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

    02:26:25.0842 3976 vga - ok

    02:26:25.0866 3976 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

    02:26:25.0869 3976 VgaSave - ok

    02:26:25.0925 3976 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

    02:26:25.0932 3976 vhdmp - ok

    02:26:25.0946 3976 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

    02:26:25.0949 3976 viaide - ok

    02:26:25.0974 3976 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

    02:26:25.0977 3976 volmgr - ok

    02:26:26.0042 3976 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

    02:26:26.0052 3976 volmgrx - ok

    02:26:26.0105 3976 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

    02:26:26.0113 3976 volsnap - ok

    02:26:26.0153 3976 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

    02:26:26.0159 3976 vsmraid - ok

    02:26:26.0302 3976 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

    02:26:26.0331 3976 VSS - ok

    02:26:26.0458 3976 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

    02:26:26.0462 3976 vwifibus - ok

    02:26:26.0485 3976 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

    02:26:26.0488 3976 vwififlt - ok

    02:26:26.0529 3976 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

    02:26:26.0534 3976 W32Time - ok

    02:26:26.0573 3976 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

    02:26:26.0601 3976 WacomPen - ok

    02:26:26.0662 3976 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

    02:26:26.0675 3976 WANARP - ok

    02:26:26.0693 3976 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

    02:26:26.0695 3976 Wanarpv6 - ok

    02:26:26.0794 3976 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

    02:26:26.0819 3976 WatAdminSvc - ok

    02:26:26.0961 3976 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

    02:26:26.0989 3976 wbengine - ok

    02:26:27.0106 3976 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

    02:26:27.0115 3976 WbioSrvc - ok

    02:26:27.0166 3976 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

    02:26:27.0178 3976 wcncsvc - ok

    02:26:27.0205 3976 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

    02:26:27.0209 3976 WcsPlugInService - ok

    02:26:27.0265 3976 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

    02:26:27.0269 3976 Wd - ok

    02:26:27.0324 3976 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

    02:26:27.0339 3976 Wdf01000 - ok

    02:26:27.0364 3976 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

    02:26:27.0366 3976 WdiServiceHost - ok

    02:26:27.0371 3976 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

    02:26:27.0373 3976 WdiSystemHost - ok

    02:26:27.0430 3976 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

    02:26:27.0441 3976 WebClient - ok

    02:26:27.0497 3976 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

    02:26:27.0504 3976 Wecsvc - ok

    02:26:27.0528 3976 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

    02:26:27.0530 3976 wercplsupport - ok

    02:26:27.0568 3976 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

    02:26:27.0570 3976 WerSvc - ok

    02:26:27.0639 3976 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

    02:26:27.0643 3976 WfpLwf - ok

    02:26:27.0665 3976 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

    02:26:27.0668 3976 WIMMount - ok

    02:26:27.0678 3976 WinHttpAutoProxySvc - ok

    02:26:27.0756 3976 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

    02:26:27.0759 3976 Winmgmt - ok

    02:26:27.0912 3976 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

    02:26:27.0970 3976 WinRM - ok

    02:26:28.0144 3976 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

    02:26:28.0158 3976 WinUsb - ok

    02:26:28.0230 3976 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

    02:26:28.0240 3976 Wlansvc - ok

    02:26:28.0345 3976 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

    02:26:28.0350 3976 wlcrasvc - ok

    02:26:28.0559 3976 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    02:26:28.0574 3976 wlidsvc - ok

    02:26:28.0623 3976 wltrysvc (13b0a570e1ae451c92da550085d72cf3) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

    02:26:28.0624 3976 wltrysvc - ok

    02:26:28.0759 3976 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

    02:26:28.0762 3976 WmiAcpi - ok

    02:26:28.0817 3976 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

    02:26:28.0824 3976 wmiApSrv - ok

    02:26:28.0880 3976 WMPNetworkSvc - ok

    02:26:28.0911 3976 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

    02:26:28.0916 3976 WPCSvc - ok

    02:26:28.0979 3976 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

    02:26:28.0989 3976 WPDBusEnum - ok

    02:26:29.0010 3976 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

    02:26:29.0013 3976 ws2ifsl - ok

    02:26:29.0020 3976 WSearch - ok

    02:26:29.0188 3976 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

    02:26:29.0211 3976 wuauserv - ok

    02:26:29.0352 3976 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

    02:26:29.0357 3976 WudfPf - ok

    02:26:29.0404 3976 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

    02:26:29.0410 3976 WUDFRd - ok

    02:26:29.0461 3976 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

    02:26:29.0466 3976 wudfsvc - ok

    02:26:29.0526 3976 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

    02:26:29.0536 3976 WwanSvc - ok

    02:26:29.0593 3976 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

    02:26:29.0812 3976 \Device\Harddisk0\DR0 - ok

    02:26:29.0816 3976 Boot (0x1200) (fbb2f977ea70918718692072bd926ceb) \Device\Harddisk0\DR0\Partition0

    02:26:29.0817 3976 \Device\Harddisk0\DR0\Partition0 - ok

    02:26:29.0832 3976 Boot (0x1200) (5fbeec304255b89f9f44bfbc42ea0a09) \Device\Harddisk0\DR0\Partition1

    02:26:29.0834 3976 \Device\Harddisk0\DR0\Partition1 - ok

    02:26:29.0914 3976 Boot (0x1200) (074b17f64ec59072bd6c041aa1f1cd63) \Device\Harddisk0\DR0\Partition2

    02:26:29.0916 3976 \Device\Harddisk0\DR0\Partition2 - ok

    02:26:29.0917 3976 ============================================================

    02:26:29.0917 3976 Scan finished

    02:26:29.0917 3976 ============================================================

    02:26:29.0931 5284 Detected object count: 0

    02:26:29.0931 5284 Actual detected object count: 0

    02:27:29.0575 4972 Deinitialize success
    0
  • Support
    Please, don't edit your posts, since I might miss it. Reply instead.
    0
  • Support
    Have you access to another computer where you can download the files and then transfer them to the infected computer, for example with a CD or flash drive (don't have anything important one them in case the infection erases them)?

    I can also upload the tools for you, but now it is too late so that will be tomorrow.
    0
  • Customer
    [color=#282828][font=helvetica, arial, sans-serif]when i restart the computer a 'black dos table was shown on the screen and gone' and shut the computer once after that computer was opened.[/font][/color]

    [color=#282828][font=helvetica, arial, sans-serif]Later couple run time error seemed on the screen. I wrote them to you.[/font][/color]



    [color=#282828][font=helvetica, arial, sans-serif]msvcr100.dll[/font][/color]

    [color=#282828][font=helvetica, arial, sans-serif]nspr4.dll[/font][/color]

    [color=#282828][font=helvetica, arial, sans-serif]plc4.dll[/font][/color]

    [color=#282828][font=helvetica, arial, sans-serif]mozsglite3.dll[/font][/color]

    [color=#282828][font=helvetica, arial, sans-serif]nssutil3.dll[/font][/color]



    [color=#282828][font=helvetica, arial, sans-serif]and [/font][/color]



    [color=#282828][font=helvetica, arial, sans-serif]run time error 216 at 00012b8c[/font][/color]



    [color=#282828][font=helvetica, arial, sans-serif]your answer I don't have another computer.... my external disc was harmed too cause this virus and I lost my every file in it... very very important reseacrh report thousand of music most important is my pictures...[/font][/color]
    0
  • Customer
    when i restart the computer a 'black dos table was shown on the screen and gone' and shut the computer once after that computer was opened.

    Later couple run time error seemed on the screen. I wrote them to you.



    msvcr100.dll

    nspr4.dll

    plc4.dll

    mozsglite3.dll

    nssutil3.dll



    and



    run time error 216 at 00012b8c



    your answer I don't have another computer.... my external disc was harmed too cause this virus and I lost my every file in it... very very important reseacrh report thousand of music most important is my pictures...
    0
  • Customer
    meanwhile "hostmyexe" virus is seemed after 3-4 hours my last fullscan /smile.png' class='bbc_emoticon' alt=':)' />))
    0
  • Support
    Even if you don't notice it any more, there may still be several malicious files and registry entries in the computer. Please, continue with item 2 and 3 in post #3.
    0
  • Customer
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

    Run date: 2012-07-30 17:08:17

    -----------------------------

    17:08:17.339 OS Version: Windows x64 6.1.7601 Service Pack 1

    17:08:17.339 Number of processors: 4 586 0x2502

    17:08:17.340 ComputerName: KENANVEDENIZ UserName:

    17:08:18.214 Initialize success

    17:08:24.720 AVAST engine defs: 12073000

    17:08:27.606 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

    17:08:27.609 Disk 0 Vendor: TOSHIBA_MK5055GSX FG000D Size: 476940MB BusType: 11

    17:08:27.659 Disk 0 MBR read successfully

    17:08:27.662 Disk 0 MBR scan

    17:08:27.667 Disk 0 Windows 7 default MBR code

    17:08:27.672 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048

    17:08:27.689 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10000 MB offset 206848

    17:08:27.710 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 60000 MB offset 20686848

    17:08:27.716 Disk 0 Partition - 00 0F Extended LBA 406838 MB offset 143566848

    17:08:27.747 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 406837 MB offset 143568896

    17:08:27.790 Disk 0 scanning C:\Windows\system32\drivers

    17:08:41.665 Service scanning

    17:09:26.952 Modules scanning

    17:09:27.290 Disk 0 trace - called modules:

    17:09:27.307 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys

    17:09:27.313 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bb1060]

    17:09:27.319 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003b77680]

    17:09:27.919 AVAST engine scan C:\Windows

    17:09:30.064 AVAST engine scan C:\Windows\system32

    17:14:40.420 AVAST engine scan C:\Windows\system32\drivers

    17:14:59.823 AVAST engine scan C:\Users\Kenan ve Deniz

    17:20:36.336 File: C:\Users\Kenan ve Deniz\AppData\Local\Temp\257A.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]

    17:20:47.007 File: C:\Users\Kenan ve Deniz\AppData\Local\Temp\47EA.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]

    17:20:51.772 File: C:\Users\Kenan ve Deniz\AppData\Local\Temp\70B1.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]

    17:22:31.303 File: C:\Users\Kenan ve Deniz\AppData\Local\Temp\8BD1.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]

    17:22:31.401 File: C:\Users\Kenan ve Deniz\AppData\Local\Temp\8FA4.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]

    17:22:32.869 File: C:\Users\Kenan ve Deniz\AppData\Local\Temp\97D8.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]

    17:22:37.767 File: C:\Users\Kenan ve Deniz\AppData\Local\Temp\AEFC.tmp **INFECTED** Win32:Malware-gen

    17:22:39.938 File: C:\Users\Kenan ve Deniz\AppData\Local\Temp\B5E5.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]

    17:22:40.035 File: C:\Users\Kenan ve Deniz\AppData\Local\Temp\B5FE.tmp **INFECTED** Win32:Malware-gen

    17:22:40.101 File: C:\Users\Kenan ve Deniz\AppData\Local\Temp\B8AB.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]

    17:22:40.275 File: C:\Users\Kenan ve Deniz\AppData\Local\Temp\BEA2.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]

    17:22:40.651 File: C:\Users\Kenan ve Deniz\AppData\Local\Temp\CF2C.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]

    17:23:08.341 File: C:\Users\Kenan ve Deniz\AppData\Local\Temp\DC32.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]

    17:24:33.533 File: C:\Users\Kenan ve Deniz\AppData\Local\Temp\F2B6.tmp **INFECTED** Win32:VBCrypt-BCM [Trj]

    17:26:23.497 File: C:\Users\Kenan ve Deniz\AppData\Local\Temp\msitcm.cpl **INFECTED** Win32:MalOb-ER [Cryp]

    17:26:27.582 File: C:\Users\Kenan ve Deniz\AppData\Local\Temp\plugins\svchost.exe **INFECTED** Win32:Malware-gen

    17:27:52.496 File: C:\Users\Kenan ve Deniz\AppData\Roaming\brwcfj.exe **INFECTED** Win32:Rootkit-gen [Rtk]

    17:28:43.858 File: C:\Users\Kenan ve Deniz\AppData\Roaming\sccdlc.exe **INFECTED** Win32:Malware-gen

    17:28:47.738 File: C:\Users\Kenan ve Deniz\AppData\Roaming\wpjeqw.exe **INFECTED** Win32:Ruskill-EG [Trj]

    17:29:09.114 AVAST engine scan C:\ProgramData

    17:31:43.785 Scan finished successfully

    17:31:54.806 Disk 0 MBR has been saved successfully to "C:\Users\Kenan ve Deniz\Desktop\MBR.dat"

    17:31:54.812 The log file has been saved successfully to "C:\Users\Kenan ve Deniz\Desktop\aswMBR.txt"
    0
  • Customer
    ComboFix 12-07-30.01 - Kenan ve Deniz 30.07.2012 17:41:41.1.4 - x64

    Running from: c:\users\Kenan ve Deniz\Desktop\ComboFix.exe

    * Created a new restore point

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    C:\autorun.inf

    C:\Rundll32.exe

    c:\users\Kenan ve Deniz\AppData\Roaming\8T5A0C240222OWfrancesco_updatedbin.exe

    c:\users\Kenan ve Deniz\AppData\Roaming\allwnj.exe

    c:\users\Kenan ve Deniz\AppData\Roaming\brwcfj.exe

    c:\users\Kenan ve Deniz\AppData\Roaming\dkotyu.exe

    c:\users\Kenan ve Deniz\AppData\Roaming\jvcldk.exe

    c:\users\Kenan ve Deniz\AppData\Roaming\Kenan ve Denizlog.dat

    c:\users\Kenan ve Deniz\AppData\Roaming\Microsoft\pdt__wpr_ridwsymbxnopd_kcoc_bsa.exe

    c:\users\Kenan ve Deniz\AppData\Roaming\Orrirw.exe

    c:\users\Kenan ve Deniz\AppData\Roaming\osbbpq.exe

    c:\users\Kenan ve Deniz\AppData\Roaming\pewpxq.exe

    c:\users\Kenan ve Deniz\AppData\Roaming\proclean.exe

    c:\users\Kenan ve Deniz\AppData\Roaming\proclean.zgy

    c:\users\Kenan ve Deniz\AppData\Roaming\rnbkwi.exe

    c:\users\Kenan ve Deniz\AppData\Roaming\rqxkrl.exe

    c:\users\Kenan ve Deniz\AppData\Roaming\sccdlc.exe

    c:\users\Kenan ve Deniz\AppData\Roaming\smayfj.exe

    c:\users\Kenan ve Deniz\AppData\Roaming\tlyfga.exe

    c:\users\Kenan ve Deniz\AppData\Roaming\trphnu.exe

    c:\users\Kenan ve Deniz\AppData\Roaming\vbccvbgfb.zgy

    c:\users\Kenan ve Deniz\AppData\Roaming\windowsand.zgy

    c:\users\Kenan ve Deniz\AppData\Roaming\wpjeqw.exe

    c:\users\Kenan ve Deniz\AppData\Roaming\xjeamo.exe

    c:\users\Kenan ve Deniz\AppData\Roaming\xllhol.exe

    c:\users\Kenan ve Deniz\AppData\Roaming\yfybln.exe

    c:\users\Kenan ve Deniz\AppData\Roaming\ZH5T6Q5Q2Jfrancesco_updatedbin.exe

    c:\windows\security\Database\tmp.edb

    c:\windows\SysWow64\install

    D:\autorun.inf

    D:\Rundll32.exe

    .

    .

    ((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))

    .

    .

    2012-07-29 12:26 . 2012-07-29 12:26 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\adaware

    2012-07-29 12:26 . 2011-12-19 09:44 60536 ----a-w- c:\windows\system32\drivers\sbhips.sys

    2012-07-29 12:26 . 2011-09-29 09:16 119416 ----a-w- c:\windows\system32\drivers\SbFwIm.sys

    2012-07-29 12:26 . 2011-12-19 09:44 256632 ----a-w- c:\windows\system32\drivers\SbFw.sys

    2012-07-29 12:25 . 2011-12-19 10:21 45936 ----a-w- c:\windows\system32\sbbd.exe

    2012-07-29 12:25 . 2011-10-26 11:23 57976 ----a-w- c:\windows\system32\drivers\sbredrv.sys

    2012-07-29 11:54 . 2012-07-29 11:54 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Downloaded Installations

    2012-07-29 00:31 . 2010-11-05 01:57 32072 ----a-w- c:\users\Kenan ve Deniz\AppData\Roaming\gtcllxcfnibemqjscko.exe

    2012-07-28 05:10 . 2012-07-30 14:43 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\install

    2012-07-28 02:53 . 2012-07-28 02:53 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\R-TT

    2012-07-28 01:24 . 2012-07-28 01:25 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\eType

    2012-07-28 01:24 . 2012-07-28 01:24 304 -c--a-w- C:\user.js

    2012-07-28 01:14 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpipreset

    2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Opera

    2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Comodo

    2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Bromium

    2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Chromium

    2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Nichrome

    2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Xpom

    2012-07-28 01:04 . 2012-07-28 01:11 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\dclogs

    2012-07-26 13:25 . 2012-07-26 13:25 -------- d-----w- c:\program files (x86)\adawaretb

    2012-07-26 13:25 . 2011-10-26 13:19 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys

    2012-07-26 00:14 . 2012-07-26 00:14 -------- d-----w- c:\program files (x86)\Oracle

    2012-07-25 21:57 . 2012-07-25 21:57 -------- d-----w- c:\programdata\Local Settings

    2012-07-11 11:07 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

    2012-07-03 03:12 . 2012-07-03 03:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Geekcorp

    2012-07-01 12:09 . 2012-07-01 12:09 -------- d-sh--w- c:\windows\ftpcache

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-07-27 23:49 . 2012-04-10 17:44 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

    2012-07-27 23:49 . 2011-05-19 13:50 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2012-07-11 11:04 . 2010-06-04 19:30 59701280 ----a-w- c:\windows\system32\MRT.exe

    2012-07-05 19:06 . 2012-05-28 11:05 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

    2012-07-05 19:06 . 2012-05-28 11:05 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll

    2012-06-05 10:18 . 2011-03-28 15:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

    2012-06-02 22:19 . 2012-06-21 07:01 38424 ----a-w- c:\windows\system32\wups.dll

    2012-06-02 22:19 . 2012-06-21 07:01 2428952 ----a-w- c:\windows\system32\wuaueng.dll

    2012-06-02 22:19 . 2012-06-21 07:01 57880 ----a-w- c:\windows\system32\wuauclt.exe

    2012-06-02 22:19 . 2012-06-21 07:01 44056 ----a-w- c:\windows\system32\wups2.dll

    2012-06-02 22:19 . 2012-06-21 07:01 701976 ----a-w- c:\windows\system32\wuapi.dll

    2012-06-02 22:15 . 2012-06-21 07:01 2622464 ----a-w- c:\windows\system32\wucltux.dll

    2012-06-02 22:15 . 2012-06-21 07:01 99840 ----a-w- c:\windows\system32\wudriver.dll

    2012-06-02 12:19 . 2012-06-21 07:00 186752 ----a-w- c:\windows\system32\wuwebv.dll

    2012-06-02 12:15 . 2012-06-21 07:00 36864 ----a-w- c:\windows\system32\wuapp.exe

    2012-05-15 04:01 . 2012-06-15 16:35 1188864 ----a-w- c:\windows\system32\wininet.dll

    2012-05-15 03:59 . 2012-06-15 16:35 64512 ----a-w- c:\windows\system32\jsproxy.dll

    2012-05-15 03:03 . 2012-06-15 16:35 981504 ----a-w- c:\windows\SysWow64\wininet.dll

    2012-05-04 11:06 . 2012-06-15 16:34 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

    2012-05-04 10:03 . 2012-06-15 16:34 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

    2012-05-04 10:03 . 2012-06-15 16:34 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

    2011-10-21 09:10 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

    "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2011-10-21 87440]

    .

    [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]

    "audiodg_TR.exe"="c:\users\Kenan ve Deniz\Documents\audiodg_TR.exe" [2012-07-28 24064]

    "gtcllxcfnibemqjscko"="c:\users\Kenan ve Deniz\AppData\Roaming\gtcllxcfnibemqjscko.exe" [2010-11-05 32072]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]

    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-09 98304]

    "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]

    "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]

    "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752]

    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]

    "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]

    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

    .

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 0 (0x0)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableLUA"= 0 (0x0)

    "EnableUIADesktopToggle"= 0 (0x0)

    "PromptOnSecureDesktop"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

    "aux2"=wdmaud.drv

    .

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

    @="Ad-Aware Service"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

    @="Service"

    .

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

    R2 gupdate;Google Güncelleme Hizmeti (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]

    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]

    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]

    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-01 35104]

    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]

    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]

    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2010-04-19 22528]

    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 220672]

    R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 119416]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]

    R3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-02 1255736]

    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-10-26 69376]

    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

    S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-12-19 256632]

    S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]

    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

    S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-05-03 1226096]

    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-09 92160]

    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-08 202752]

    S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]

    S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]

    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]

    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-12 151040]

    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]

    S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 119416]

    S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]

    S3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2011-12-19 84600]

    .

    .

    --- Other Services/Drivers In Memory ---

    .

    *NewlyCreated* - IPNAT

    *NewlyCreated* - SBWTIS

    *NewlyCreated* - WS2IFSL

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2012-07-30 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job

    - c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-05-03 15:37]

    .

    2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 23:49]

    .

    2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3972443797-2272916507-3105240164-1001Core.job

    - c:\users\Kenan ve Deniz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-05 12:49]

    .

    2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3972443797-2272916507-3105240164-1001UA.job

    - c:\users\Kenan ve Deniz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-05 12:49]

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-09 8158240]

    "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-10-01 3189016]

    "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

    "LoadAppInit_DLLs"=0x1

    .

    ------- Supplementary Scan -------

    .

    uLocal Page = c:\windows\system32\blank.htm

    uStart Page = hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=HP_ss&mntrId=5611f8ee000000000000000000000030

    mLocal Page = c:\windows\system32\blank.htm

    uInternet Settings,ProxyOverride = *.local

    uSearchAssistant = hxxp://www.google.com/ie

    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

    TCP: DhcpNameServer = 192.168.1.1

    TCP: Interfaces\{6D32B774-FBB3-42D0-9F84-11DD7E168A15}: NameServer = 8.8.8.8,8.8.4.4

    DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} - hxxps://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv29.CAB

    FF - ProfilePath - c:\users\Kenan ve Deniz\AppData\Roaming\Mozilla\Firefox\Profiles\me9vxh6d.default\

    FF - prefs.js: browser.search.selectedEngine - Google

    FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=HP_ss&mntrId=5611f8ee000000000000000000000030

    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=KW_ss&mntrId=5611f8ee000000000000000000000030&q=

    FF - prefs.js: network.proxy.type - 0

    FF - user.js: network.cookie.cookieBehavior - 0

    FF - user.js: privacy.clearOnShutdown.cookies - false

    FF - user.js: security.warn_viewing_mixed - false

    FF - user.js: security.warn_viewing_mixed.show_once - false

    FF - user.js: security.warn_submit_insecure - false

    FF - user.js: security.warn_submit_insecure.show_once - false

    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112543&tt=3012_3

    FF - user.js: extensions.BabylonToolbar_i.babExt -

    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=

    FF - user.js: extensions.BabylonToolbar.id - 5611f8ee000000000000000000000030

    FF - user.js: extensions.BabylonToolbar.instlDay - 15549

    FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1

    FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1

    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.14:24

    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

    FF - user.js: extensions.BabylonToolbar.aflt - babsst

    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

    FF - user.js: extensions.BabylonToolbar.tlbrId - base

    FF - user.js: extensions.BabylonToolbar.instlRef - sst

    FF - user.js: extensions.BabylonToolbar.dfltLng - en

    FF - user.js: extensions.BabylonToolbar.excTlbr - false

    FF - user.js: extensions.BabylonToolbar.admin - false

    .

    - - - - ORPHANS REMOVED - - - -

    .

    Toolbar-Locked - (no file)

    Wow6432Node-HKCU-Run-OscarEditor - c:\program files (x86)\G9 16-in-1\\G9_16-in-1.exe

    Wow6432Node-HKCU-Run-xllhol.exe - c:\users\Kenan ve Deniz\AppData\Roaming\xllhol.exe

    Wow6432Node-HKCU-Run-Orrirw - c:\users\Kenan ve Deniz\AppData\Roaming\Orrirw.exe

    Wow6432Node-HKCU-Run-Java Runtime - c:\users\Kenan ve Deniz\AppData\Roaming\install\server.exe

    Wow6432Node-HKLM-Run-NUYwRDIxNUNDRjQxNEE4RU - c:\users\Kenan ve Deniz\certCredKB.exe

    Wow6432Node-HKLM-Run-NEI3N0NFMzYxQ0MxNUZEME - c:\users\Kenan ve Deniz\unimfsm.exe

    Wow6432Node-HKLM-Run-AdobeART - c:\users\Kenan ve Deniz\AppData\Roaming\AdobeART.exe

    Wow6432Node-HKLM-Run-xllhol.exe - c:\users\Kenan ve Deniz\AppData\Roaming\xllhol.exe

    Wow6432Node-HKLM-Explorer_Run-63726 - c:\progra~3\LOCALS~1\Temp\mswartzai.cmd

    SafeBoot-Wdf01000.sys

    SafeBoot-Lavasoft Ad-Aware Service

    Toolbar-Locked - (no file)

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

    WebBrowser-{91397D20-1446-11D4-8AF4-0040CA1127B6} - (no file)

    .

    .

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.11"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker4"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\program files (x86)\Bonjour\mDNSResponder.exe

    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

    .

    **************************************************************************

    .

    Completion time: 2012-07-30 18:02:36 - machine was rebooted

    ComboFix-quarantined-files.txt 2012-07-30 15:02

    .

    Pre-Run: 16.577.212.416 bayt boş

    Post-Run: 20.154.937.344 bayt boş

    .

    - - End Of File - - C58D04D8DA1933A0364F754F119280BE
    0
  • Support
    Good, ComboFix removed many files, but there are more.



    1.

    Upload this file to http://www.virustotal.com/ using the "Choose file" function (select reanalyze if asked) and post back the link to the scan report:

    c:\users\Kenan ve Deniz\AppData\Roaming\gtcllxcfnibemqjscko.exe



    2.

    Copy all lines in the box:

    [code]

    Killall::

    DirLook::

    c:\users\Kenan ve Deniz\AppData\Roaming\install

    [/code]

    and paste into Notepad.

    Save the file on the desktop with the name CFScript.



    Prepare the computer according to the instructions for running ComboFix.

    Drag CFScript with the mouse and drop it on top of the ComboFix icon on the Desktop, the program will start in a special way.

    Paste the new ComboFix log into your answer.



    3.

    Please, run aswMBR in the same way as last time and post its log.
    0
  • Customer
    in 1st step which file do I have to choose? I don't understand that point clearly.

    Shall I choose this one and after that scan ??[b][color=#282828][font=helvetica, arial, sans-serif]c:\users\Kenan ve Deniz\AppData\Roaming\gtcllxcfnibemqjscko.exe[/font][/color][/b]
    0
  • Customer
    SHA256: b746362010a101cb5931bc066f0f4d3fc740c02a68c1f37fc3c8e6c87fd7cb1e SHA1: 0f02fc517c7facc4baefde4fe9467fb6488ebabe MD5: ed797d8dc2c92401985d162e42ffa450 File size: 31.3 KB ( 32072 bytes ) File name: gtcllxcfnibemqjscko.exe File type: Win32 EXE Detection ratio: 0 / 40 Analysis date: 2012-07-30 17:00:17 UTC ( 0 dakika ago )
    0
  • Support
    Yes, that is correct.
    0
  • Customer
    ComboFix 12-07-30.01 - Kenan ve Deniz 30.07.2012 20:10:54.2.4 - x64

    Running from: c:\users\Kenan ve Deniz\Desktop\ComboFix.exe

    Command switches used :: c:\users\Kenan ve Deniz\Desktop\CFScript.txt

    * Created a new restore point

    .

    .

    ((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))

    .

    .

    2012-07-30 17:17 . 2012-07-30 17:17 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

    2012-07-30 17:17 . 2012-07-30 17:17 -------- d-----w- c:\users\Default\AppData\Local\temp

    2012-07-29 12:26 . 2012-07-29 12:26 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\adaware

    2012-07-29 12:26 . 2011-12-19 09:44 60536 ----a-w- c:\windows\system32\drivers\sbhips.sys

    2012-07-29 12:26 . 2011-09-29 09:16 119416 ----a-w- c:\windows\system32\drivers\SbFwIm.sys

    2012-07-29 12:26 . 2011-12-19 09:44 256632 ----a-w- c:\windows\system32\drivers\SbFw.sys

    2012-07-29 12:25 . 2011-12-19 10:21 45936 ----a-w- c:\windows\system32\sbbd.exe

    2012-07-29 12:25 . 2011-10-26 11:23 57976 ----a-w- c:\windows\system32\drivers\sbredrv.sys

    2012-07-29 11:54 . 2012-07-29 11:54 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Downloaded Installations

    2012-07-29 00:31 . 2010-11-05 01:57 32072 ----a-w- c:\users\Kenan ve Deniz\AppData\Roaming\gtcllxcfnibemqjscko.exe

    2012-07-28 05:10 . 2012-07-30 14:43 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\install

    2012-07-28 02:53 . 2012-07-28 02:53 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\R-TT

    2012-07-28 01:24 . 2012-07-28 01:25 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\eType

    2012-07-28 01:24 . 2012-07-28 01:24 304 -c--a-w- C:\user.js

    2012-07-28 01:14 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpipreset

    2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Opera

    2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Comodo

    2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Bromium

    2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Chromium

    2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Nichrome

    2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Xpom

    2012-07-28 01:04 . 2012-07-28 01:11 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\dclogs

    2012-07-26 13:25 . 2012-07-26 13:25 -------- d-----w- c:\program files (x86)\adawaretb

    2012-07-26 13:25 . 2011-10-26 13:19 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys

    2012-07-26 00:14 . 2012-07-26 00:14 -------- d-----w- c:\program files (x86)\Oracle

    2012-07-25 21:57 . 2012-07-25 21:57 -------- d-----w- c:\programdata\Local Settings

    2012-07-11 11:07 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

    2012-07-03 03:12 . 2012-07-03 03:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Geekcorp

    2012-07-01 12:09 . 2012-07-01 12:09 -------- d-sh--w- c:\windows\ftpcache

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-07-27 23:49 . 2012-04-10 17:44 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

    2012-07-27 23:49 . 2011-05-19 13:50 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2012-07-11 11:04 . 2010-06-04 19:30 59701280 ----a-w- c:\windows\system32\MRT.exe

    2012-07-05 19:06 . 2012-05-28 11:05 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

    2012-07-05 19:06 . 2012-05-28 11:05 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll

    2012-06-05 10:18 . 2011-03-28 15:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

    2012-06-02 22:19 . 2012-06-21 07:01 38424 ----a-w- c:\windows\system32\wups.dll

    2012-06-02 22:19 . 2012-06-21 07:01 2428952 ----a-w- c:\windows\system32\wuaueng.dll

    2012-06-02 22:19 . 2012-06-21 07:01 57880 ----a-w- c:\windows\system32\wuauclt.exe

    2012-06-02 22:19 . 2012-06-21 07:01 44056 ----a-w- c:\windows\system32\wups2.dll

    2012-06-02 22:19 . 2012-06-21 07:01 701976 ----a-w- c:\windows\system32\wuapi.dll

    2012-06-02 22:15 . 2012-06-21 07:01 2622464 ----a-w- c:\windows\system32\wucltux.dll

    2012-06-02 22:15 . 2012-06-21 07:01 99840 ----a-w- c:\windows\system32\wudriver.dll

    2012-06-02 12:19 . 2012-06-21 07:00 186752 ----a-w- c:\windows\system32\wuwebv.dll

    2012-06-02 12:15 . 2012-06-21 07:00 36864 ----a-w- c:\windows\system32\wuapp.exe

    2012-05-15 04:01 . 2012-06-15 16:35 1188864 ----a-w- c:\windows\system32\wininet.dll

    2012-05-15 03:59 . 2012-06-15 16:35 64512 ----a-w- c:\windows\system32\jsproxy.dll

    2012-05-15 03:03 . 2012-06-15 16:35 981504 ----a-w- c:\windows\SysWow64\wininet.dll

    2012-05-04 11:06 . 2012-06-15 16:34 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

    2012-05-04 10:03 . 2012-06-15 16:34 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

    2012-05-04 10:03 . 2012-06-15 16:34 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

    .

    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    ---- Directory of c:\users\Kenan ve Deniz\AppData\Roaming\install ----

    .

    .

    .

    ((((((((((((((((((((((((((((( SnapShot@2012-07-30_14.55.54 )))))))))))))))))))))))))))))))))))))))))

    .

    + 2010-01-04 10:51 . 2012-07-30 17:20 60488 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

    + 2009-07-14 05:10 . 2012-07-30 17:20 30194 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

    + 2010-05-30 17:21 . 2012-07-30 17:20 22076 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3972443797-2272916507-3105240164-1001_UserData.bin

    - 2010-05-30 17:21 . 2012-07-30 14:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    + 2010-05-30 17:21 . 2012-07-30 17:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    - 2010-05-30 17:21 . 2012-07-30 14:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    + 2010-05-30 17:21 . 2012-07-30 17:20 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    + 2010-05-30 17:21 . 2012-07-30 17:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    - 2010-05-30 17:21 . 2012-07-30 14:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    - 2010-05-30 17:21 . 2012-07-30 14:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    + 2010-05-30 17:21 . 2012-07-30 17:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    - 2010-05-30 17:21 . 2012-07-30 14:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    + 2010-05-30 17:21 . 2012-07-30 17:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    - 2012-07-30 14:51 . 2012-07-30 14:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

    + 2012-07-30 17:18 . 2012-07-30 17:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

    - 2012-07-30 14:51 . 2012-07-30 14:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

    + 2012-07-30 17:18 . 2012-07-30 17:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

    - 2009-07-14 05:01 . 2012-07-30 14:50 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

    + 2009-07-14 05:01 . 2012-07-30 17:17 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

    2011-10-21 09:10 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

    "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2011-10-21 87440]

    .

    [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]

    "audiodg_TR.exe"="c:\users\Kenan ve Deniz\Documents\audiodg_TR.exe" [2012-07-28 24064]

    "gtcllxcfnibemqjscko"="c:\users\Kenan ve Deniz\AppData\Roaming\gtcllxcfnibemqjscko.exe" [2010-11-05 32072]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]

    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-09 98304]

    "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]

    "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]

    "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752]

    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]

    "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]

    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

    "63726"="c:\progra~3\LOCALS~1\Temp\mswartzai.cmd" [BU]

    .

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 0 (0x0)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableLUA"= 0 (0x0)

    "EnableUIADesktopToggle"= 0 (0x0)

    "PromptOnSecureDesktop"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

    "aux2"=wdmaud.drv

    .

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

    @="Ad-Aware Service"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

    @="Service"

    .

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

    R2 gupdate;Google Güncelleme Hizmeti (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]

    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]

    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]

    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-01 35104]

    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]

    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]

    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2010-04-19 22528]

    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 220672]

    R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 119416]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]

    R3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-02 1255736]

    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-10-26 69376]

    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

    S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-12-19 256632]

    S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]

    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

    S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-05-03 1226096]

    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-09 92160]

    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-08 202752]

    S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]

    S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]

    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]

    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-12 151040]

    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]

    S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 119416]

    S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]

    S3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2011-12-19 84600]

    .

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2012-07-30 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job

    - c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-05-03 15:37]

    .

    2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 23:49]

    .

    2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3972443797-2272916507-3105240164-1001Core.job

    - c:\users\Kenan ve Deniz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-05 12:49]

    .

    2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3972443797-2272916507-3105240164-1001UA.job

    - c:\users\Kenan ve Deniz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-05 12:49]

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-09 8158240]

    "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]

    .

    ------- Supplementary Scan -------

    .

    uLocal Page = c:\windows\system32\blank.htm

    uStart Page = hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=HP_ss&mntrId=5611f8ee000000000000000000000030

    mLocal Page = c:\windows\system32\blank.htm

    uInternet Settings,ProxyOverride = *.local

    uSearchAssistant = hxxp://www.google.com/ie

    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

    TCP: DhcpNameServer = 192.168.1.1

    TCP: Interfaces\{6D32B774-FBB3-42D0-9F84-11DD7E168A15}: NameServer = 8.8.8.8,8.8.4.4

    DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} - hxxps://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv29.CAB

    FF - ProfilePath - c:\users\Kenan ve Deniz\AppData\Roaming\Mozilla\Firefox\Profiles\me9vxh6d.default\

    FF - prefs.js: browser.search.selectedEngine - Google

    FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=HP_ss&mntrId=5611f8ee000000000000000000000030

    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=KW_ss&mntrId=5611f8ee000000000000000000000030&q=

    FF - prefs.js: network.proxy.type - 0

    FF - user.js: network.cookie.cookieBehavior - 0

    FF - user.js: privacy.clearOnShutdown.cookies - false

    FF - user.js: security.warn_viewing_mixed - false

    FF - user.js: security.warn_viewing_mixed.show_once - false

    FF - user.js: security.warn_submit_insecure - false

    FF - user.js: security.warn_submit_insecure.show_once - false

    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112543&tt=3012_3

    FF - user.js: extensions.BabylonToolbar_i.babExt -

    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=

    FF - user.js: extensions.BabylonToolbar.id - 5611f8ee000000000000000000000030

    FF - user.js: extensions.BabylonToolbar.instlDay - 15549

    FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1

    FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1

    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.14:24

    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

    FF - user.js: extensions.BabylonToolbar.aflt - babsst

    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

    FF - user.js: extensions.BabylonToolbar.tlbrId - base

    FF - user.js: extensions.BabylonToolbar.instlRef - sst

    FF - user.js: extensions.BabylonToolbar.dfltLng - en

    FF - user.js: extensions.BabylonToolbar.excTlbr - false

    FF - user.js: extensions.BabylonToolbar.admin - false

    .

    - - - - ORPHANS REMOVED - - - -

    .

    Toolbar-Locked - (no file)

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

    WebBrowser-{91397D20-1446-11D4-8AF4-0040CA1127B6} - (no file)

    .

    .

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.11"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker4"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\program files (x86)\Bonjour\mDNSResponder.exe

    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

    .

    **************************************************************************

    .

    Completion time: 2012-07-30 20:24:51 - machine was rebooted

    ComboFix-quarantined-files.txt 2012-07-30 17:24

    ComboFix2.txt 2012-07-30 15:02

    .

    Pre-Run: 22.001.483.776 bayt boş

    Post-Run: 22.001.799.168 bayt boş

    .

    - - End Of File - - 67748F8BAA8520C469D623DABA4C4735
    0
  • Support
    1.

    Save SystemLook on the desktop from one of these linkes:

    http://jpshortstuff.247fixes.com/SystemLook.exe

    http://images.malwareremoval.com/jpshortstuff/SystemLook.exe



    Double-click on SystemLook file to run it.



    Copy all lines in the box

    [code]

    :dir

    c:\users\Kenan ve Deniz\AppData\Roaming\install

    c:\users\Kenan ve Deniz\AppData\Roaming\R-TT

    c:\users\Kenan ve Deniz\AppData\Roaming\eType

    c:\users\Kenan ve Deniz\AppData\Local\Opera

    c:\users\Kenan ve Deniz\AppData\Local\Comodo

    c:\users\Kenan ve Deniz\AppData\Local\Bromium

    c:\users\Kenan ve Deniz\AppData\Local\Chromium

    c:\users\Kenan ve Deniz\AppData\Local\Nichrome

    c:\users\Kenan ve Deniz\AppData\Local\Xpom

    c:\users\Kenan ve Deniz\AppData\Roaming\dclogs

    :file

    c:\windows\system32\drivers\tcpipreset

    [/code]

    and paste in the big text field in SýstemLook.

    Click on the Look button to start the search.

    When finished Notepad will pop-up with the log. Copy the log and paste into your answer. If Notepad doesn't pop-up you can find the log as SystemLook.txt on the Desktop.



    2.

    Please, uninstall Java(TM) 6 Update 16 in Control Panel - Programs and Features.

    In Firefox - Tools - Add-Ons, look for Babylon on the different tabs and uninstall it when found.

    Restart the computer.



    3.

    Please, run DDS and paste DDS.txt into your answer and attach Attach.txt.
    0
  • Customer
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

    Run date: 2012-07-30 20:28:30

    -----------------------------

    20:28:30.446 OS Version: Windows x64 6.1.7601 Service Pack 1

    20:28:30.446 Number of processors: 4 586 0x2502

    20:28:30.446 ComputerName: KENANVEDENIZ UserName:

    20:28:30.914 Initialize success

    20:28:40.732 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

    20:28:40.732 Disk 0 Vendor: TOSHIBA_MK5055GSX FG000D Size: 476940MB BusType: 11

    20:28:40.748 Disk 0 MBR read successfully

    20:28:40.748 Disk 0 MBR scan

    20:28:40.748 Disk 0 Windows 7 default MBR code

    20:28:40.763 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048

    20:28:40.779 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10000 MB offset 206848

    20:28:40.795 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 60000 MB offset 20686848

    20:28:40.795 Disk 0 Partition - 00 0F Extended LBA 406838 MB offset 143566848

    20:28:40.826 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 406837 MB offset 143568896

    20:28:40.857 Disk 0 scanning C:\Windows\system32\drivers

    20:28:55.786 Service scanning

    20:29:31.838 Modules scanning

    20:29:31.838 Disk 0 trace - called modules:

    20:29:32.415 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys

    20:29:32.415 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bb3060]

    20:29:32.431 3 CLASSPNP.SYS[fffff8800196c43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80048f6550]

    20:29:32.431 Scan finished successfully

    20:31:34.126 Disk 0 MBR has been saved successfully to "C:\Users\Kenan ve Deniz\Desktop\MBR.dat"

    20:31:34.126 The log file has been saved successfully to "C:\Users\Kenan ve Deniz\Desktop\aswMBR1.txt"
    0
  • Customer
    SystemLook 30.07.11 by jpshortstuff

    Log created at 21:03 on 30/07/2012 by Kenan ve Deniz

    Administrator - Elevation successful

    WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.



    ========== dir ==========



    c:\users\Kenan ve Deniz\AppData\Roaming\install - Parameters: "(none)"



    ---Files---

    None found.



    ---Folders---

    None found.



    c:\users\Kenan ve Deniz\AppData\Roaming\R-TT - Parameters: "(none)"



    ---Files---

    None found.



    ---Folders---

    R-Studio d------ [02:53 28/07/2012]



    c:\users\Kenan ve Deniz\AppData\Roaming\eType - Parameters: "(none)"



    ---Files---

    AdNotFound.htm --a---- 117 bytes [10:02 31/08/2011] [10:02 31/08/2011]

    all.zip --a---- 346691 bytes [01:24 28/07/2012] [01:24 28/07/2012]

    BigAd.htm --a---- 276 bytes [11:53 06/09/2011] [11:53 06/09/2011]

    BigAd2.htm --a---- 354 bytes [07:07 11/09/2011] [07:07 11/09/2011]

    BinariesVersions.xml --a---- 127 bytes [12:22 25/07/2012] [12:22 25/07/2012]

    BinaryFiles_308.zip --a---- 0 bytes [01:24 28/07/2012] [01:24 28/07/2012]

    DefaultPrograms.ini --a---- 1232 bytes [07:43 13/09/2011] [07:43 13/09/2011]

    dicEnUs_TrTr.Lang_37.zip --a---- 1382524 bytes [01:25 28/07/2012] [01:25 28/07/2012]

    dicInfo.txt --a---- 52 bytes [01:25 28/07/2012] [01:25 28/07/2012]

    Dictionaries.xml --a---- 3060 bytes [11:15 15/08/2011] [11:15 15/08/2011]

    dicTrTr_EnUs.Lang_37.zip --a---- 2222751 bytes [01:25 28/07/2012] [01:25 28/07/2012]

    EmptyFacebook.jpg --a---- 390 bytes [14:28 07/03/2011] [14:28 07/03/2011]

    EmptyFacebookL.jpg --a---- 1428 bytes [12:53 30/08/2011] [12:53 30/08/2011]

    eTypeUninstall.exe --a---- 300440 bytes [12:14 25/07/2012] [12:14 25/07/2012]

    eTypeUpdate.exe_52.zip --a---- 0 bytes [01:24 28/07/2012] [01:24 28/07/2012]

    Facebook.htm --a---- 517 bytes [08:17 27/02/2011] [08:17 27/02/2011]

    GoldUpdater.zip --a---- 1407117 bytes [01:25 28/07/2012] [01:25 28/07/2012]

    icon_all_shadow.ico --a---- 15086 bytes [12:49 24/05/2010] [12:49 24/05/2010]

    Install.bin --a---- 0 bytes [01:24 28/07/2012] [01:24 28/07/2012]

    Launchx64.exe --a---- 17776 bytes [15:18 16/02/2012] [15:18 16/02/2012]

    Loading.htm -ra---- 343 bytes [13:02 16/06/2010] [13:02 16/06/2010]

    Loading_icon_circles_blue.gif -ra---- 2215 bytes [13:02 16/06/2010] [13:02 16/06/2010]

    lzma.exe --a---- 83968 bytes [11:13 19/09/2010] [11:13 19/09/2010]

    lzma.zip --a---- 43995 bytes [01:24 28/07/2012] [01:24 28/07/2012]

    MessengerPromotion.txt --a---- 150 bytes [12:45 29/12/2010] [12:45 29/12/2010]

    MyZip.dll --a---- 109464 bytes [15:45 13/04/2010] [15:45 13/04/2010]

    news_box_facebook.jpg --a---- 23944 bytes [12:59 25/10/2010] [12:59 25/10/2010]

    news_box_internet_connection.jpg --a---- 35413 bytes [06:47 19/08/2010] [06:47 19/08/2010]

    NoConn.htm --a---- 388 bytes [09:08 10/10/2011] [09:08 10/10/2011]

    NoConnection.htm --a---- 364 bytes [08:21 11/08/2010] [08:21 11/08/2010]

    no_internet_connection.jpg --a---- 8232 bytes [09:07 10/10/2011] [09:07 10/10/2011]

    OutlookHtmlPromotion.htm --a---- 407 bytes [09:07 28/12/2010] [09:07 28/12/2010]

    OutlookHtmlPromotion2.htm --a---- 446 bytes [09:07 28/12/2010] [09:07 28/12/2010]

    OutlookPlainPromotion.txt --a---- 145 bytes [09:06 28/12/2010] [09:06 28/12/2010]

    Programs.ini --a---- 1220 bytes [07:43 13/09/2011] [07:43 13/09/2011]

    SmallAd.htm --a---- 274 bytes [11:53 06/09/2011] [11:53 06/09/2011]

    TimeRangeCache.dat --a---- 187 bytes [14:46 28/10/2010] [14:46 28/10/2010]

    UpdaterVersions.xml --a---- 138 bytes [12:23 25/07/2012] [12:23 25/07/2012]

    Url.xml --a---- 298 bytes [13:01 23/02/2010] [13:01 23/02/2010]

    UserDictionaries.xml --a---- 223 bytes [06:25 05/06/2011] [01:24 28/07/2012]

    VistaTool32.dll --a---- 53104 bytes [15:18 16/02/2012] [15:18 16/02/2012]

    VistaTool64.dll --a---- 20848 bytes [15:18 16/02/2012] [15:18 16/02/2012]

    WordNotFound.htm --a---- 1071 bytes [10:17 18/02/2010] [10:17 18/02/2010]



    ---Folders---

    None found.



    c:\users\Kenan ve Deniz\AppData\Local\Opera - Parameters: "(none)"



    ---Files---

    None found.



    ---Folders---

    Opera d------ [01:13 28/07/2012]



    c:\users\Kenan ve Deniz\AppData\Local\Comodo - Parameters: "(none)"



    ---Files---

    None found.



    ---Folders---

    Dragon d------ [01:13 28/07/2012]



    c:\users\Kenan ve Deniz\AppData\Local\Bromium - Parameters: "(none)"



    ---Files---

    None found.



    ---Folders---

    User Data d------ [01:13 28/07/2012]



    c:\users\Kenan ve Deniz\AppData\Local\Chromium - Parameters: "(none)"



    ---Files---

    None found.



    ---Folders---

    Application d------ [01:13 28/07/2012]

    User Data d------ [01:13 28/07/2012]



    c:\users\Kenan ve Deniz\AppData\Local\Nichrome - Parameters: "(none)"



    ---Files---

    None found.



    ---Folders---

    Application d------ [01:13 28/07/2012]

    User Data d------ [01:13 28/07/2012]



    c:\users\Kenan ve Deniz\AppData\Local\Xpom - Parameters: "(none)"



    ---Files---

    None found.



    ---Folders---

    Application d------ [01:13 28/07/2012]

    User Data d------ [01:13 28/07/2012]



    c:\users\Kenan ve Deniz\AppData\Roaming\dclogs - Parameters: "(none)"



    ---Files---

    2012-07-28-7.dc --a---- 33633 bytes [01:11 28/07/2012] [06:44 28/07/2012]



    ---Folders---

    None found.



    ========== file ==========



    c:\windows\system32\drivers\tcpipreset - Unable to find/read file.



    -= EOF =-
    0
  • Customer
    i can't solve from 'babylon' neither firefox nor explorer.



    i deleted but when open again it's still there.



    and according to my opinion this the basic problem for everything that all stuff obstruct run explorer
    0
  • Support
    Are you familiar with these folders/programs?

    2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Opera

    2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Comodo

    2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Bromium

    2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Chromium

    2012-07-28 01:24 . 2012-07-28 01:25 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\eType

    2012-07-28 02:53 . 2012-07-28 02:53 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\R-TT

    2012-07-28 05:10 . 2012-07-30 14:43 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\install

    Did you (try to) install those programs or do you think they are part of the infection?
    0
  • Customer
    .

    DDS (Ver_2011-08-26.01) - NTFSAMD64

    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1

    Run by Kenan ve Deniz at 21:19:28 on 2012-07-30

    Microsoft Windows 7 Home Premium 6.1.7601.1.1254.90.1055.18.3957.2376 [GMT 3:00]

    .

    AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}

    SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    FW: Lavasoft Ad-Aware *Enabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\system32\atiesrxx.exe

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

    C:\Windows\system32\WLANExt.exe

    C:\Windows\system32\conhost.exe

    C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Windows\system32\atieclxx.exe

    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

    C:\Program Files (x86)\Bonjour\mDNSResponder.exe

    C:\Windows\System32\svchost.exe -k HPZ12

    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\Windows\system32\Dwm.exe

    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

    C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE

    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

    C:\Users\Kenan ve Deniz\Documents\audiodg_TR.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\Explorer.exe

    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

    c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

    C:\Program Files (x86)\Winamp\winampa.exe

    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Program Files (x86)\iTunes\iTunesHelper.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

    C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\System32\svchost.exe -k LocalServicePeerNet

    C:\Users\Kenan ve Deniz\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Users\Kenan ve Deniz\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Kenan ve Deniz\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\PROGRA~2\AD-AWA~1\AdAware.exe

    C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    C:\Windows\system32\DllHost.exe

    c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

    C:\Windows\SysWOW64\cmd.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\SysWOW64\cscript.exe

    C:\Windows\system32\sppsvc.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=HP_ss&mntrId=5611f8ee000000000000000000000030

    uInternet Settings,ProxyOverride = *.local

    uSearchAssistant = hxxp://www.google.com/ie

    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

    mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll

    mURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll

    BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll

    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

    BHO: Windows Live ID Oturum Açma Yardım Aracı: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

    TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll

    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

    TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll

    TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll

    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

    TB: {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File

    {555d4d79-4bd2-4094-a395-cfc534424a05}

    uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

    uRun: [audiodg_TR.exe] C:\Users\Kenan ve Deniz\Documents\audiodg_TR.exe

    uRun: [gtcllxcfnibemqjscko] C:\Users\Kenan ve Deniz\AppData\Roaming\gtcllxcfnibemqjscko.exe

    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

    mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

    mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

    mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"

    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run

    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre7\bin\jusched.exe"

    mExplorerRun: [63726] C:\PROGRA~3\LOCALS~1\Temp\mswartzai.cmd

    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

    mPolicies-system: EnableLUA = 0 (0x0)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

    DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

    DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} - hxxps://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv29.CAB

    TCP: DhcpNameServer = 192.168.1.1

    TCP: Interfaces\{66E038D8-3659-42FE-8B79-20B4A5026A87} : DhcpNameServer = 212.65.128.2 212.65.140.142

    TCP: Interfaces\{6D32B774-FBB3-42D0-9F84-11DD7E168A15} : NameServer = 8.8.8.8,8.8.4.4

    TCP: Interfaces\{6D32B774-FBB3-42D0-9F84-11DD7E168A15} : DhcpNameServer = 192.168.1.1

    TCP: Interfaces\{6E5B96E3-5364-4179-972A-90BA9B474A7F} : DhcpNameServer = 13.35.0.1 13.35.0.2

    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

    {18DF081C-E8AD-4283-A596-FA578C2EBDC3}

    {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}

    {6c97a91e-4524-4019-86af-2aa2d567bf5c}

    {72853161-30C5-4D22-B7F9-0BBC1D38A37E}

    {9030D464-4C02-4ABF-8ECC-5164760863C6}

    {9FDDE16B-836F-4806-AB1F-1455CBEFF289}

    {d2ce3e00-f94a-4740-988e-03dc2f38c34f}

    {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}

    {8dcb7100-df86-4384-8842-8fa844297b3f}

    {6c97a91e-4524-4019-86af-2aa2d567bf5c}

    {98889811-442D-49dd-99D7-DC866BE87DBC}

    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

    TB-X64: {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File

    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

    mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

    mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

    mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

    mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

    mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

    mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

    mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"

    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run

    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre7\bin\jusched.exe"

    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

    SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath - C:\Users\Kenan ve Deniz\AppData\Roaming\Mozilla\Firefox\Profiles\me9vxh6d.default\

    FF - prefs.js: browser.search.selectedEngine - Google

    FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=HP_ss&mntrId=5611f8ee000000000000000000000030

    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=KW_ss&mntrId=5611f8ee000000000000000000000030&q=

    FF - prefs.js: network.proxy.type - 0

    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

    FF - plugin: C:\Users\Kenan ve Deniz\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll

    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

    .

    ---- FIREFOX POLICIES ----

    FF - user.js: network.cookie.cookieBehavior - 0

    FF - user.js: privacy.clearOnShutdown.cookies - false

    FF - user.js: security.warn_viewing_mixed - false

    FF - user.js: security.warn_viewing_mixed.show_once - false

    FF - user.js: security.warn_submit_insecure - false

    FF - user.js: security.warn_submit_insecure.show_once - false

    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112543&tt=3012_3

    FF - user.js: extensions.BabylonToolbar_i.babExt -

    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=

    FF - user.js: extensions.BabylonToolbar.id - 5611f8ee000000000000000000000030

    FF - user.js: extensions.BabylonToolbar.instlDay - 15549

    FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1

    FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1

    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.14:24:30

    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

    FF - user.js: extensions.BabylonToolbar.aflt - babsst

    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

    FF - user.js: extensions.BabylonToolbar.tlbrId - base

    FF - user.js: extensions.BabylonToolbar.instlRef - sst

    FF - user.js: extensions.BabylonToolbar.dfltLng - en

    FF - user.js: extensions.BabylonToolbar.excTlbr - false

    FF - user.js: extensions.BabylonToolbar.admin - false

    .

    ============= SERVICES / DRIVERS ===============

    .

    .

    =============== Created Last 30 ================

    .

    2012-07-30 18:17:15 -------- dcsh--w- C:\$RECYCLE.BIN

    2012-07-30 14:39:21 98816 ----a-w- C:\Windows\sed.exe

    2012-07-30 14:39:21 518144 ----a-w- C:\Windows\SWREG.exe

    2012-07-30 14:39:21 256000 ----a-w- C:\Windows\PEV.exe

    2012-07-30 14:39:21 208896 ----a-w- C:\Windows\MBR.exe

    2012-07-29 19:33:29 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\{F7105408-CB7A-409A-BC9C-D049858133E1}

    2012-07-29 19:33:17 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\{4A8F921E-5FFD-4BA1-BB73-6F0690923D9C}

    2012-07-29 12:26:31 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\adaware

    2012-07-29 12:26:19 60536 ----a-w- C:\Windows\System32\drivers\sbhips.sys

    2012-07-29 12:26:06 119416 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys

    2012-07-29 12:26:05 256632 ----a-w- C:\Windows\System32\drivers\SbFw.sys

    2012-07-29 12:25:21 57976 ----a-w- C:\Windows\System32\drivers\sbredrv.sys

    2012-07-29 12:25:21 45936 ----a-w- C:\Windows\System32\sbbd.exe

    2012-07-29 11:54:04 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Downloaded Installations

    2012-07-29 00:31:31 32072 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\gtcllxcfnibemqjscko.exe

    2012-07-28 05:10:13 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Roaming\install

    2012-07-28 02:53:54 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Roaming\R-TT

    2012-07-28 01:24:44 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Roaming\eType

    2012-07-28 01:14:00 1918320 ----a-w- C:\Windows\System32\drivers\tcpipreset

    2012-07-28 01:13:40 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Opera

    2012-07-28 01:13:40 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Comodo

    2012-07-28 01:13:40 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Bromium

    2012-07-28 01:13:39 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Chromium

    2012-07-28 01:13:37 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Nichrome

    2012-07-28 01:13:33 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Xpom

    2012-07-28 01:04:50 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Roaming\dclogs

    2012-07-26 13:25:36 -------- d-----w- C:\Program Files (x86)\adawaretb

    2012-07-26 13:25:31 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys

    2012-07-26 00:14:28 -------- d-----w- C:\Program Files (x86)\Oracle

    2012-07-11 11:07:46 3148800 ----a-w- C:\Windows\System32\win32k.sys

    2012-07-03 03:12:07 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Geekcorp

    2012-07-01 12:09:26 -------- d-sh--w- C:\Windows\ftpcache

    .

    ==================== Find3M ====================

    .

    2012-07-27 23:49:51 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

    2012-07-27 23:49:51 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

    2012-07-05 19:06:30 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

    2012-07-05 19:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll

    2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

    2012-06-02 12:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

    2012-06-02 12:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

    2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll

    2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

    .

    ============= FINISH: 21:23:39,25 ===============
    0
  • Customer
    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2011-08-26.01)

    .

    Microsoft Windows 7 Home Premium

    Boot Device: \Device\HarddiskVolume2

    Install Date: 30.05.2010 20:03:31

    System Uptime: 30.07.2012 21:16:31 (0 hours ago)

    .

    Motherboard: Dell Inc. | |

    Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz | U2E1 | 1314/133mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 59 GiB total, 20,223 GiB free.

    D: is FIXED (NTFS) - 397 GiB total, 397,2 GiB free.

    E: is CDROM ()

    .

    ==== Disabled Device Manager Items =============

    .

    ==== System Restore Points ===================

    .

    RP604: 30.07.2012 21:06:39 - Removed Java(TM) 6 Update 16 (64-bit)

    RP605: 30.07.2012 21:08:31 - Removed Java(TM) 6 Update 16

    .

    ==== Installed Programs ======================

    .

    Update for Microsoft Office 2007 (KB2508958)

    AC3Filter 1.63b

    Ad-Aware Antivirus

    Ad-Aware Browsing Protection

    Ad-Aware Security Toolbar

    Adobe Flash Player 11 ActiveX

    Adobe Flash Player 11 Plugin

    Adobe Reader 9.2

    Advanced Audio FX Engine

    Apple Application Support

    Apple Software Update

    ArtRage 2 Starter Edition

    ATI Catalyst Control Center

    Azureus Vuze

    Bing Bar

    Catalyst Control Center - Branding

    Catalyst Control Center Core Implementation

    Catalyst Control Center Graphics Full Existing

    Catalyst Control Center Graphics Full New

    Catalyst Control Center Graphics Light

    Catalyst Control Center Graphics Previews Common

    Catalyst Control Center Graphics Previews Vista

    Catalyst Control Center InstallProxy

    Catalyst Control Center Localization All

    ccc-core-static

    CCC Help Chinese Standard

    CCC Help Chinese Traditional

    CCC Help Danish

    CCC Help Dutch

    CCC Help English

    CCC Help Finnish

    CCC Help French

    CCC Help German

    CCC Help Italian

    CCC Help Japanese

    CCC Help Korean

    CCC Help Norwegian

    CCC Help Portuguese

    CCC Help Russian

    CCC Help Spanish

    CCC Help Swedish

    Cisco EAP-FAST Module

    Cisco LEAP Module

    Cisco PEAP Module

    D3DX10

    Dell Webcam Central

    GOM Player

    Google Chrome

    Google Update Helper

    HPDiagnosticAlert

    Java Auto Updater

    Java(TM) 7 Update 5

    JavaFX 2.1.1

    Junk Mail filter update

    Live! Cam Avatar Creator

    Mesh Runtime

    Messenger Companion

    Microsoft Office 2007 Service Pack 3 (SP3)

    Microsoft Office Access MUI (Turkish) 2007

    Microsoft Office Enterprise 2007

    Microsoft Office Excel 2007 Help Güncelleştirmesi (KB963678)

    Microsoft Office Excel MUI (Turkish) 2007

    Microsoft Office File Validation Add-In

    Microsoft Office Groove MUI (Turkish) 2007

    Microsoft Office InfoPath MUI (Turkish) 2007

    Microsoft Office OneNote MUI (Turkish) 2007

    Microsoft Office Outlook MUI (Turkish) 2007

    Microsoft Office Powerpoint 2007 Help Güncelleştirmesi (KB963669)

    Microsoft Office PowerPoint MUI (Turkish) 2007

    Microsoft Office Proof (English) 2007

    Microsoft Office Proof (French) 2007

    Microsoft Office Proof (German) 2007

    Microsoft Office Proof (Turkish) 2007

    Microsoft Office Proofing (Turkish) 2007

    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

    Microsoft Office Publisher MUI (Turkish) 2007

    Microsoft Office Shared MUI (Turkish) 2007

    Microsoft Office Word 2007 Help Güncelleştirmesi (KB963665)

    Microsoft Office Word MUI (Turkish) 2007

    Microsoft Silverlight

    Microsoft SQL Server 2005 Compact Edition [ENU]

    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

    Mozilla Firefox 14.0.1 (x86 tr)

    Mozilla Maintenance Service

    MSVCRT

    MSVCRT_amd64

    MSXML 4.0 SP2 (KB954430)

    MSXML 4.0 SP2 (KB973688)

    NVIDIA PhysX

    PowerDVD DX

    QuickTime

    Realtek High Definition Audio Driver

    Roxio Burn

    Security Update for Microsoft .NET Framework 4 İstemci Profili TRK Dil Paketi (KB2518870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

    Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

    Skins

    Spelling Dictionaries Support For Adobe Reader 9

    swMSM

    TomTom HOME 2.8.1.2218

    TomTom HOME Visual Studio Merge Modules

    Update for 2007 Microsoft Office System (KB967642)

    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition

    Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi

    Visual C++ 2008 x86 Runtime - (v9.0.30729)

    Visual C++ 2008 x86 Runtime - v9.0.30729.01

    Winamp

    Winamp Algılayıcı

    Winamp Toolbar

    Windows Live Communications Platform

    Windows Live Fotoğraf Galerisi

    Windows Live Installer

    Windows Live Mail

    Windows Live Mesh

    Windows Live Messenger Companion Core

    Windows Live Movie Maker

    Windows Live Photo Common

    Windows Live Photo Gallery

    Windows Live PIMT Platform

    Windows Live SOXE

    Windows Live SOXE Definitions

    Windows Live Sync

    Windows Live Temel Parçalar

    Windows Live UX Platform

    Windows Live UX Platform Language Pack

    Windows Live Writer

    Windows Live Writer Resources

    Windows Media Player Firefox Plugin

    WinRAR archiver

    Youtube Jacker

    .

    ==== End Of File ===========================
    0
  • Customer
    no ı dont need none of them



    [color=#282828][font=helvetica, arial, sans-serif]2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Opera[/font][/color]

    [color=#282828][font=helvetica, arial, sans-serif]2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Comodo[/font][/color]

    [color=#282828][font=helvetica, arial, sans-serif]2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Bromium[/font][/color]

    [color=#282828][font=helvetica, arial, sans-serif]2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Chromium[/font][/color]

    [color=#282828][font=helvetica, arial, sans-serif]2012-07-28 01:24 . 2012-07-28 01:25 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\eType[/font][/color]

    [color=#282828][font=helvetica, arial, sans-serif]2012-07-28 02:53 . 2012-07-28 02:53 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\R-TT[/font][/color]

    [color=#282828][font=helvetica, arial, sans-serif]2012-07-28 05:10 . 2012-07-30 14:43 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\install[/font][/color]
    0
  • Customer
    if chorimium interests with google chrome yes i prepared it.

    and I established etype when I was trying to restore or recover my deleted pictures....

    that day I established couple programmes and I tried to delete most of them.

    the 'babylon thing' get in my computer that day...
    0
  • Customer
    but i dont need none of them except Google Chrome /smile.png' class='bbc_emoticon' alt=':)' />)
    0
  • Customer
    ?
    0
  • Support
    No need to delete folders that aren't malicious. /smile.png' class='bbc_emoticon' alt=':)' />



    Babylon toolbar usually comes together with another program, it is used as a way of the program developer to get paid for the work.



    1.

    Please, upload the file c:\users\Kenan ve Deniz\AppData\Roaming\dclogs\2012-07-28-7.dc to the virustotal web page and post the link to the result.



    2.

    Copy all lines in the box:

    [code]

    Killall::

    ClearJavaCache::

    DDS::

    uStart Page = hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=HP_ss&mntrId=5611f8ee000000000000000000000030

    mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll

    TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll

    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

    TB: {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File

    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

    TB-X64: {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File

    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

    uRun: [gtcllxcfnibemqjscko] C:\Users\Kenan ve Deniz\AppData\Roaming\gtcllxcfnibemqjscko.exe

    mExplorerRun: [63726] C:\PROGRA~3\LOCALS~1\Temp\mswartzai.cmd

    FF - ProfilePath - C:\Users\Kenan ve Deniz\AppData\Roaming\Mozilla\Firefox\Profiles\me9vxh6d.default\

    FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=HP_ss&mntrId=5611f8ee000000000000000000000030

    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=KW_ss&mntrId=5611f8ee000000000000000000000030&q=

    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112543&tt=3012_3

    FF - user.js: extensions.BabylonToolbar_i.babExt -

    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=

    FF - user.js: extensions.BabylonToolbar.id - 5611f8ee000000000000000000000030

    FF - user.js: extensions.BabylonToolbar.instlDay - 15549

    FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1

    FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1

    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.14:24:30

    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

    FF - user.js: extensions.BabylonToolbar.aflt - babsst

    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

    FF - user.js: extensions.BabylonToolbar.tlbrId - base

    FF - user.js: extensions.BabylonToolbar.instlRef - sst

    FF - user.js: extensions.BabylonToolbar.dfltLng - en

    FF - user.js: extensions.BabylonToolbar.excTlbr - false

    FF - user.js: extensions.BabylonToolbar.admin - false

    2012-07-29 00:31:31 32072 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\gtcllxcfnibemqjscko.exe

    [/code]

    and paste into Notepad.

    Save the file on the desktop with the name CFScript and encoding ANSI (next to the save button).



    Prepare the computer according to the instructions for running ComboFix.

    Drag CFScript with the mouse and drop it on top of the ComboFix icon on the Desktop, the program will start in a special way.

    Paste the new ComboFix log into your answer.
    0
  • Support
    Ok, not necessary to perform step 1. Please, perform step 2.
    0
  • Customer
    ComboFix 12-07-30.01 - Kenan ve Deniz 31.07.2012 2:48.3.4 - x64

    Microsoft Windows 7 Home Premium 6.1.7601.1.1254.90.1055.18.3957.2734 [GMT 3:00]

    Running from: c:\users\Kenan ve Deniz\Desktop\vir³s programlar²\ComboFix.exe

    Command switches used :: c:\users\Kenan ve Deniz\Desktop\CFScript.txt

    AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}

    FW: Lavasoft Ad-Aware *Enabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}

    SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\users\Kenan ve Deniz\AppData\Roaming\data.dat

    c:\users\Kenan ve Deniz\AppData\Roaming\gtcllxcfnibemqjscko.exe

    .

    .

    ((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))

    .

    .

    2012-07-30 23:54 . 2012-07-30 23:54 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

    2012-07-30 23:54 . 2012-07-30 23:54 -------- d-----w- c:\users\Default\AppData\Local\temp

    2012-07-29 12:26 . 2012-07-29 12:26 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\adaware

    2012-07-29 12:26 . 2011-12-19 09:44 60536 ----a-w- c:\windows\system32\drivers\sbhips.sys

    2012-07-29 12:26 . 2011-09-29 09:16 119416 ----a-w- c:\windows\system32\drivers\SbFwIm.sys

    2012-07-29 12:26 . 2011-12-19 09:44 256632 ----a-w- c:\windows\system32\drivers\SbFw.sys

    2012-07-29 12:25 . 2011-12-19 10:21 45936 ----a-w- c:\windows\system32\sbbd.exe

    2012-07-29 12:25 . 2011-10-26 11:23 57976 ----a-w- c:\windows\system32\drivers\sbredrv.sys

    2012-07-29 11:54 . 2012-07-29 11:54 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Downloaded Installations

    2012-07-28 05:10 . 2012-07-30 14:43 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\install

    2012-07-28 02:53 . 2012-07-28 02:53 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\R-TT

    2012-07-28 01:24 . 2012-07-28 01:25 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\eType

    2012-07-28 01:24 . 2012-07-28 01:24 304 -c--a-w- C:\user.js

    2012-07-28 01:14 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpipreset

    2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Opera

    2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Comodo

    2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Bromium

    2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Chromium

    2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Nichrome

    2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Xpom

    2012-07-28 01:04 . 2012-07-28 01:11 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\dclogs

    2012-07-26 13:25 . 2012-07-26 13:25 -------- d-----w- c:\program files (x86)\adawaretb

    2012-07-26 13:25 . 2011-10-26 13:19 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys

    2012-07-26 00:14 . 2012-07-26 00:14 -------- d-----w- c:\program files (x86)\Oracle

    2012-07-25 21:57 . 2012-07-25 21:57 -------- d-----w- c:\programdata\Local Settings

    2012-07-11 11:07 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

    2012-07-03 03:12 . 2012-07-03 03:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Geekcorp

    2012-07-01 12:09 . 2012-07-01 12:09 -------- d-sh--w- c:\windows\ftpcache

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-07-27 23:49 . 2012-04-10 17:44 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

    2012-07-27 23:49 . 2011-05-19 13:50 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2012-07-11 11:04 . 2010-06-04 19:30 59701280 ----a-w- c:\windows\system32\MRT.exe

    2012-07-05 19:06 . 2012-05-28 11:05 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

    2012-07-05 19:06 . 2012-05-28 11:05 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll

    2012-06-05 10:18 . 2011-03-28 15:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

    2012-06-02 22:19 . 2012-06-21 07:01 38424 ----a-w- c:\windows\system32\wups.dll

    2012-06-02 22:19 . 2012-06-21 07:01 2428952 ----a-w- c:\windows\system32\wuaueng.dll

    2012-06-02 22:19 . 2012-06-21 07:01 57880 ----a-w- c:\windows\system32\wuauclt.exe

    2012-06-02 22:19 . 2012-06-21 07:01 44056 ----a-w- c:\windows\system32\wups2.dll

    2012-06-02 22:19 . 2012-06-21 07:01 701976 ----a-w- c:\windows\system32\wuapi.dll

    2012-06-02 22:15 . 2012-06-21 07:01 2622464 ----a-w- c:\windows\system32\wucltux.dll

    2012-06-02 22:15 . 2012-06-21 07:01 99840 ----a-w- c:\windows\system32\wudriver.dll

    2012-06-02 12:19 . 2012-06-21 07:00 186752 ----a-w- c:\windows\system32\wuwebv.dll

    2012-06-02 12:15 . 2012-06-21 07:00 36864 ----a-w- c:\windows\system32\wuapp.exe

    2012-05-15 04:01 . 2012-06-15 16:35 1188864 ----a-w- c:\windows\system32\wininet.dll

    2012-05-15 03:59 . 2012-06-15 16:35 64512 ----a-w- c:\windows\system32\jsproxy.dll

    2012-05-15 03:03 . 2012-06-15 16:35 981504 ----a-w- c:\windows\SysWow64\wininet.dll

    2012-05-04 11:06 . 2012-06-15 16:34 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

    2012-05-04 10:03 . 2012-06-15 16:34 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

    2012-05-04 10:03 . 2012-06-15 16:34 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

    .

    .

    ((((((((((((((((((((((((((((( SnapShot@2012-07-30_14.55.54 )))))))))))))))))))))))))))))))))))))))))

    .

    + 2010-01-04 10:51 . 2012-07-30 23:15 60640 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

    + 2009-07-14 05:10 . 2012-07-30 23:45 30242 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

    + 2010-05-30 17:21 . 2012-07-30 23:45 22116 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3972443797-2272916507-3105240164-1001_UserData.bin

    + 2010-05-30 17:21 . 2012-07-30 23:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    - 2010-05-30 17:21 . 2012-07-30 14:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    - 2010-05-30 17:21 . 2012-07-30 14:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    + 2010-05-30 17:21 . 2012-07-30 23:57 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    + 2010-05-30 17:21 . 2012-07-30 23:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    - 2010-05-30 17:21 . 2012-07-30 14:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    - 2010-05-30 17:21 . 2012-07-30 14:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    + 2010-05-30 17:21 . 2012-07-30 23:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    + 2010-05-30 17:21 . 2012-07-30 23:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    - 2010-05-30 17:21 . 2012-07-30 14:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    + 2010-07-07 17:55 . 2012-07-30 18:15 4194 c:\windows\system32\wdi\ERCQueuedResolutions.dat

    - 2012-07-30 14:51 . 2012-07-30 14:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

    + 2012-07-30 23:55 . 2012-07-30 23:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

    + 2012-07-30 23:55 . 2012-07-30 23:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

    - 2012-07-30 14:51 . 2012-07-30 14:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

    + 2012-07-26 00:14 . 2012-06-26 22:43 227824 c:\windows\SysWOW64\javaws.exe

    - 2009-09-22 20:29 . 2012-06-15 22:13 619554 c:\windows\system32\perfh01F.dat

    + 2009-09-22 20:29 . 2012-07-30 18:23 619554 c:\windows\system32\perfh01F.dat

    - 2009-07-14 02:36 . 2012-06-15 22:13 617064 c:\windows\system32\perfh009.dat

    + 2009-07-14 02:36 . 2012-07-30 18:23 617064 c:\windows\system32\perfh009.dat

    + 2009-09-22 20:29 . 2012-07-30 18:23 121714 c:\windows\system32\perfc01F.dat

    - 2009-09-22 20:29 . 2012-06-15 22:13 121714 c:\windows\system32\perfc01F.dat

    - 2009-07-14 02:36 . 2012-06-15 22:13 106246 c:\windows\system32\perfc009.dat

    + 2009-07-14 02:36 . 2012-07-30 18:23 106246 c:\windows\system32\perfc009.dat

    - 2009-07-14 05:01 . 2012-07-30 14:50 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

    + 2009-07-14 05:01 . 2012-07-30 23:55 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

    - 2012-01-23 01:26 . 2012-07-30 14:32 1411404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3972443797-2272916507-3105240164-1001-12288.dat

    + 2012-01-23 01:26 . 2012-07-30 18:34 1411404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3972443797-2272916507-3105240164-1001-12288.dat

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

    2011-10-21 09:10 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

    "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2011-10-21 87440]

    .

    [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]

    "audiodg_TR.exe"="c:\users\Kenan ve Deniz\Documents\audiodg_TR.exe" [2012-07-28 24064]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]

    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-09 98304]

    "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]

    "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]

    "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752]

    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]

    "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]

    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

    "63726"="c:\progra~3\LOCALS~1\Temp\mswartzai.cmd" [BU]

    .

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 0 (0x0)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableLUA"= 0 (0x0)

    "EnableUIADesktopToggle"= 0 (0x0)

    "PromptOnSecureDesktop"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

    "aux2"=wdmaud.drv

    .

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

    @="Ad-Aware Service"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

    @="Service"

    .

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

    R2 gupdate;Google Güncelleme Hizmeti (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]

    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]

    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]

    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-01 35104]

    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]

    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]

    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2010-04-19 22528]

    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 220672]

    R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 119416]

    R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]

    R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2011-12-19 84600]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]

    R3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-02 1255736]

    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-10-26 69376]

    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

    S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-12-19 256632]

    S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]

    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

    S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-05-03 1226096]

    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-09 92160]

    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-08 202752]

    S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]

    S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]

    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]

    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-12 151040]

    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]

    S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 119416]

    .

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2012-07-30 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job

    - c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-05-03 15:37]

    .

    2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 23:49]

    .

    2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3972443797-2272916507-3105240164-1001Core.job

    - c:\users\Kenan ve Deniz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-05 12:49]

    .

    2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3972443797-2272916507-3105240164-1001UA.job

    - c:\users\Kenan ve Deniz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-05 12:49]

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-09 8158240]

    "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]

    .

    ------- Supplementary Scan -------

    .

    uLocal Page = c:\windows\system32\blank.htm

    mLocal Page = c:\windows\system32\blank.htm

    uInternet Settings,ProxyOverride = *.local

    uSearchAssistant = hxxp://www.google.com/ie

    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

    TCP: DhcpNameServer = 192.168.1.1

    TCP: Interfaces\{6D32B774-FBB3-42D0-9F84-11DD7E168A15}: NameServer = 8.8.8.8,8.8.4.4

    DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} - hxxps://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv29.CAB

    FF - ProfilePath - c:\users\Kenan ve Deniz\AppData\Roaming\Mozilla\Firefox\Profiles\me9vxh6d.default\

    FF - prefs.js: browser.search.selectedEngine - Google

    FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=HP_ss&mntrId=5611f8ee000000000000000000000030

    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=KW_ss&mntrId=5611f8ee000000000000000000000030&q=

    FF - prefs.js: network.proxy.type - 0

    FF - user.js: network.cookie.cookieBehavior - 0

    FF - user.js: privacy.clearOnShutdown.cookies - false

    FF - user.js: security.warn_viewing_mixed - false

    FF - user.js: security.warn_viewing_mixed.show_once - false

    FF - user.js: security.warn_submit_insecure - false

    FF - user.js: security.warn_submit_insecure.show_once - false

    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112543&tt=3012_3

    FF - user.js: extensions.BabylonToolbar_i.babExt -

    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=

    FF - user.js: extensions.BabylonToolbar.id - 5611f8ee000000000000000000000030

    FF - user.js: extensions.BabylonToolbar.instlDay - 15549

    FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1

    FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1

    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.14:24

    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

    FF - user.js: extensions.BabylonToolbar.aflt - babsst

    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

    FF - user.js: extensions.BabylonToolbar.tlbrId - base

    FF - user.js: extensions.BabylonToolbar.instlRef - sst

    FF - user.js: extensions.BabylonToolbar.dfltLng - en

    FF - user.js: extensions.BabylonToolbar.excTlbr - false

    FF - user.js: extensions.BabylonToolbar.admin - false

    .

    - - - - ORPHANS REMOVED - - - -

    .

    Toolbar-Locked - (no file)

    Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre7\bin\jusched.exe

    .

    .

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.11"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker4"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\program files (x86)\Bonjour\mDNSResponder.exe

    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

    .

    **************************************************************************

    .

    Completion time: 2012-07-31 03:01:58 - machine was rebooted

    ComboFix-quarantined-files.txt 2012-07-31 00:01

    ComboFix2.txt 2012-07-30 15:02

    .

    Pre-Run: 21.302.284.288 bayt boş

    Post-Run: 21.183.340.544 bayt boş

    .

    - - End Of File - - EA69DA088A825D11EC2991B536649628
    0

Please sign in to leave a comment.