Jump to content

denizx11

Members
  • Posts

    14
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015 Ran by Deniz- at 2015-03-14 19:42:03 Run:2 Running from C:\Users\Deniz-\Desktop Loaded Profiles: Deniz- & UpdatusUser (Available profiles: Deniz- & UpdatusUser & Guest) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: Task: {31D28C88-166D-4B5E-8C54-7B065A8C22D9} - System32\Tasks\Installer_sense => C:\Users\Deniz-\AppData\Local\Installer\Installsense_5573\ins_postInst.exe Task: {BD15455D-A9D1-421D-8350-A8D5199C04BB} - \Installer_iwebar No Task File <==== ATTENTION Task: {E8A458AD-8F6C-4750-9724-CAD15E7D5FA9} - System32\Tasks\YTAUpdate => C:\PROGRA~2\YOUTUB~1\Updater.exe c:\ProgramData\{2C39C4FA-7CBB-157C-CD3D-65FE1DBFB670}\ C:\Users\Deniz-\AppData\Local\Installer\Installsense_5573 AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 AlternateDataStreams: C:\ProgramData\TEMP:F0D7EE30 AlternateDataStreams: C:\Users\Deniz-\Documents\205736_139809896091821_100001884334835_262608_5073732_n - Kopi (2).jpg:SummaryInformation AlternateDataStreams: C:\Users\Deniz-\Documents\205736_139809896091821_100001884334835_262608_5073732_n - Kopi (2).jpg:Updt_SummaryInformation AlternateDataStreams: C:\Users\Deniz-\Documents\205736_139809896091821_100001884334835_262608_5073732_n - Kopi (2).jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} AlternateDataStreams: C:\Users\Deniz-\Documents\227757_114643998619682_100002222460959_136669_815124_n - Kopi.jpg:SummaryInformation AlternateDataStreams: C:\Users\Deniz-\Documents\227757_114643998619682_100002222460959_136669_815124_n - Kopi.jpg:Updt_SummaryInformation AlternateDataStreams: C:\Users\Deniz-\Documents\227757_114643998619682_100002222460959_136669_815124_n - Kopi.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} AlternateDataStreams: C:\Users\Deniz-\Documents\DSC00105.JPG:SummaryInformation AlternateDataStreams: C:\Users\Deniz-\Documents\DSC00105.JPG:Updt_SummaryInformation AlternateDataStreams: C:\Users\Deniz-\Documents\DSC00105.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} AlternateDataStreams: C:\Users\Deniz-\Documents\IMAG0339.jpg:SummaryInformation AlternateDataStreams: C:\Users\Deniz-\Documents\IMAG0339.jpg:Updt_SummaryInformation AlternateDataStreams: C:\Users\Deniz-\Documents\IMAG0339.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} AppInit_DLLs-x32: c:/progra~4/{2c39c~1/191~1.1/loma.dll => c:\ProgramData\{2C39C4FA-7CBB-157C-CD3D-65FE1DBFB670}\1.9.1.1\loma.dll [964608 2015-02-05] () CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION URLSearchHook: [s-1-5-21-4067808144-3543434019-1444379529-1002] ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4067808144-3543434019-1444379529-1001 -> URL http://search.conduit.com/ SearchScopes: HKU\S-1-5-21-4067808144-3543434019-1444379529-1001 -> SuggestionsURL_JSON http://suggest. SearchScopes: HKU\S-1-5-21-4067808144-3543434019-1444379529-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File CHR DefaultSuggestURL: Profile 3 -> http://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms} CHR Extension: (Ask Search) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaaaahlfahldnilidgnlikdckbfehhca [2015-02-05] CHR Extension: (Vosteran New Tab) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce [2015-02-05] CHR Extension: (Ask Search) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aaaaahlfahldnilidgnlikdckbfehhca [2015-02-05] CHR Extension: (Vosteran New Tab) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce [2015-02-05] S2 SPDRIVER_1493.0.0.0; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1493.0.0.0\jsdrv.sys [X] EmptyTemp: ***************** Processes closed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31D28C88-166D-4B5E-8C54-7B065A8C22D9} => Key not found. C:\Windows\System32\Tasks\Installer_sense not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_sense => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD15455D-A9D1-421D-8350-A8D5199C04BB} => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_iwebar => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8A458AD-8F6C-4750-9724-CAD15E7D5FA9} => Key not found. C:\Windows\System32\Tasks\YTAUpdate not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTAUpdate => Key not found. "c:\ProgramData\{2C39C4FA-7CBB-157C-CD3D-65FE1DBFB670}" => File/Directory not found. "C:\Users\Deniz-\AppData\Local\Installer\Installsense_5573" => File/Directory not found. "C:\ProgramData\TEMP" => ":56E2E879" ADS not found. "C:\ProgramData\TEMP" => ":F0D7EE30" ADS not found. "C:\Users\Deniz-\Documents\205736_139809896091821_100001884334835_262608_5073732_n - Kopi (2).jpg" => ":SummaryInformation" ADS not found. "C:\Users\Deniz-\Documents\205736_139809896091821_100001884334835_262608_5073732_n - Kopi (2).jpg" => ":Updt_SummaryInformation" ADS not found. "C:\Users\Deniz-\Documents\205736_139809896091821_100001884334835_262608_5073732_n - Kopi (2).jpg" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found. "C:\Users\Deniz-\Documents\227757_114643998619682_100002222460959_136669_815124_n - Kopi.jpg" => ":SummaryInformation" ADS not found. "C:\Users\Deniz-\Documents\227757_114643998619682_100002222460959_136669_815124_n - Kopi.jpg" => ":Updt_SummaryInformation" ADS not found. "C:\Users\Deniz-\Documents\227757_114643998619682_100002222460959_136669_815124_n - Kopi.jpg" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found. "C:\Users\Deniz-\Documents\DSC00105.JPG" => ":SummaryInformation" ADS not found. "C:\Users\Deniz-\Documents\DSC00105.JPG" => ":Updt_SummaryInformation" ADS not found. "C:\Users\Deniz-\Documents\DSC00105.JPG" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found. "C:\Users\Deniz-\Documents\IMAG0339.jpg" => ":SummaryInformation" ADS not found. "C:\Users\Deniz-\Documents\IMAG0339.jpg" => ":Updt_SummaryInformation" ADS not found. "C:\Users\Deniz-\Documents\IMAG0339.jpg" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found. "c:/progra~4/{2c39c~1/191~1.1/loma.dll" => Value Data not found. HKLM\SOFTWARE\Policies\Google => Key not found. HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found. HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found. Error setting Default URLSearchHook. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} => Key not found. HKCR\CLSID\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} => Key not found. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => Value not found. HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => Value not found. HKU\S-1-5-21-4067808144-3543434019-1444379529-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Value not found. HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Value not found. HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found. Chrome DefaultSuggestURL not detected. C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaaaahlfahldnilidgnlikdckbfehhca directory not found. C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce directory not found. C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aaaaahlfahldnilidgnlikdckbfehhca directory not found. C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce directory not found. SPDRIVER_1493.0.0.0 => Service not found. EmptyTemp: => Removed 13 MB temporary data. The system needed a reboot. ==== End of Fixlog 19:42:22 ====
  2. https://www.virustotal.com/en/file/65b997508a94382502fb4764c672ca165d34f7d8aed21b05a7cb7665b0963db2/analysis/1426357866/
  3. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015 Ran by Deniz- at 2015-03-14 02:13:02 Running from C:\Users\Deniz-\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) A Valley Without Wind (HKLM-x32\...\Steam App 209330) (Version: - Arcen Games, LLC) A Valley Without Wind 2 (HKLM-x32\...\Steam App 228320) (Version: - Arcen Games, LLC) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Premiere Elements 4.0 (HKLM-x32\...\PremElem40) (Version: 4.0 - Adobe Systems Incorporated) Adobe Premiere Elements 4.0 Templates (HKLM-x32\...\PremElem40Templates) (Version: 4.0.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Assassin's Creed II (HKLM-x32\...\Steam App 33230) (Version: - Ubisoft Montreal) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software) Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts) Battlefield Heroes (HKLM-x32\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version: - EA Digital illusions) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB) CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.) CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.) Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.) Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.) Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.) Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.) Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.) Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform) Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios) Cities in Motion 2 (HKLM-x32\...\Steam App 225420) (Version: - Colossal Order Ltd.) Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft) Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve) Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version: - Valve) Counter-Strike: Condition Zero Deleted Scenes (HKLM-x32\...\Steam App 100) (Version: - Valve) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Defy Gravity (HKLM-x32\...\Steam App 96100) (Version: - Fish Factory Games) Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks) Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version: - BioWare) Dropbox (HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.) EXPERTool v8.5 (HKLM-x32\...\{551D9481-9487-4D0C-9A1D-6BC3E7B6D991}_is1) (Version: 8.5.0.1 - Gainward Co. Ltd.) Fotogalleri (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.) Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.) Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft OneDrive (HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Natural Selection 2 (HKLM-x32\...\Steam App 4920) (Version: - Unknown Worlds Entertainment) NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation) NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation) NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation) NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation) One Finger Death Punch (HKLM-x32\...\Steam App 264200) (Version: - Silver Dollar Games) Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version: - Robot Entertainment) Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.) Plantronics® GameCom 780/788 Software for Dolby® Headphone (HKLM-x32\...\{EB3C9064-9140-4279-9E51-965119402151}) (Version: 3.20.0001 - Plantronics) Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve) Red Orchestra 2: Heroes of Stalingrad - Single Player (HKLM-x32\...\Steam App 236830) (Version: - ) Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version: - Tripwire Interactive) ROBLOX Player for Deniz- (HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd) SafeFinder Smartbar (HKLM-x32\...\{AF37B709-2A7A-467D-8139-C1DE4B2C8924}) (Version: 11.127.72.20713 - Linkury Ltd.) <==== ATTENTION SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.) Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version: - Coffee Stain Studios) Serious Sam 3: BFE (HKLM-x32\...\Steam App 41070) (Version: - Croteam) SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Smart Technology Programming Software 7.0.27.13 (HKLM\...\{BD90BC1C-115D-47E1-B85C-07AE182C3AB8}) (Version: 7.0.27.13 - Mad Catz) Smart Technology Volume Tracker 7.0.23.0 (HKLM\...\{7C2F1B90-E6E6-4ECF-B626-4545CF6EEB2D}) (Version: 7.0.23.0 - Mad Catz) Spotify (HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB) Squishy the Suicidal Pig (HKLM-x32\...\Steam App 318430) (Version: - Tomi Maarela) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Surgeon Simulator 2013 (HKLM-x32\...\Steam App 233720) (Version: - Bossa Studios) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH) Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic) The Elder Scrolls IV: Oblivion (HKLM-x32\...\Steam App 22330) (Version: - Bethesda Game Studios) The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios) The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version: - CD Projekt RED) Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) Unity Web Player (HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\UnityWebPlayer) (Version: 4.5.4f1 - Unity Technologies ApS) Unofficial Oblivion Patch v3.2.0 (HKLM-x32\...\Unofficial Oblivion Patch_is1) (Version: 3.2.0 - Quarn and Kivan) Unofficial Shivering Isles Patch v1.5.0 (HKLM-x32\...\Unofficial Shivering Isles Patch_is1) (Version: 1.5.0 - Quarn and Kivan) Viber (HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\Viber) (Version: 3.0.0.134678 - Viber Media Inc) Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-4067808144-3543434019-1444379529-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Deniz-\AppData\Local\Roblox\Versions\version-0aae98b55b324621\RobloxProxy64.dll (ROBLOX Corporation) CustomCLSID: HKU\S-1-5-21-4067808144-3543434019-1444379529-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Deniz-\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4067808144-3543434019-1444379529-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deniz-\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4067808144-3543434019-1444379529-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deniz-\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4067808144-3543434019-1444379529-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deniz-\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4067808144-3543434019-1444379529-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deniz-\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ==================== Restore Points ========================= 21-02-2015 15:12:30 Windows Update 02-03-2015 14:44:05 Windows Update 09-03-2015 14:59:46 Scheduled Checkpoint 12-03-2015 19:33:00 Removed Microsoft Office Professional Plus 2013 12-03-2015 19:33:41 PROPLUSR 14-03-2015 00:20:04 Removed Bonjour ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1D6F1E33-C9D3-4458-89DD-B30450A0F15A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated) Task: {2DDFFB55-3958-4E44-B003-7F09E3399D7C} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-4067808144-3543434019-1444379529-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe Task: {31D28C88-166D-4B5E-8C54-7B065A8C22D9} - System32\Tasks\Installer_sense => C:\Users\Deniz-\AppData\Local\Installer\Installsense_5573\ins_postInst.exe <==== ATTENTION Task: {3D67D678-DF4B-451F-9EDC-07BAF80D8D50} - System32\Tasks\{5249C4BC-85FE-4DDF-AE56-18E4C9B88FC6} => pcalua.exe -a "C:\Users\Deniz-\Downloads\V7_Keyboard_SD7_0_23_0_x64_Drivers (4).exe" -d C:\Users\Deniz-\Downloads Task: {4139B8AB-9D9F-49E1-BA0F-EAD879F7FE2E} - System32\Tasks\{2A31081E-10D7-4E3E-AF7F-9EEA6E575DDC} => pcalua.exe -a "C:\Users\Deniz-\AppData\Roaming\Electronic Arts\Game Face\uninstall.exe" Task: {559AD991-5A61-46B3-999D-F93E68B014A6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-25] (Google Inc.) Task: {7367B984-40FD-4F18-8AF2-397CEF2788D8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-11] (Microsoft Corporation) Task: {B8A4447C-A802-4FE8-B09D-5FC3B0AFBFE9} - System32\Tasks\{16E19CA4-7D79-481F-9498-D7736F86B9D4} => pcalua.exe -a C:\Users\Deniz-\Downloads\V7_Keyboard_SD7_0_23_0_x64_Drivers.exe Task: {B99851B5-8B44-4C6A-9824-C901C65385A5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-25] (Google Inc.) Task: {BD15455D-A9D1-421D-8350-A8D5199C04BB} - \Installer_iwebar No Task File <==== ATTENTION Task: {BDC326B9-E7BA-4E9B-B3CB-269CC938D351} - System32\Tasks\{C3DBF0C5-4763-4D93-90BC-5F93E2B688A4} => pcalua.exe -a D:\setup.exe -d D:\ Task: {E8A458AD-8F6C-4750-9724-CAD15E7D5FA9} - System32\Tasks\YTAUpdate => C:\PROGRA~2\YOUTUB~1\Updater.exe <==== ATTENTION Task: {F1DF84D5-A194-4032-BD64-4EAE70A0BE72} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-12] (AVAST Software) Task: {FDC11186-5AC2-4D6C-B9CF-6B7CD5A567D0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2013-12-13 18:56 - 2013-10-23 09:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-11-14 08:17 - 2013-11-14 08:17 - 00180224 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\ErrorReporting.dll 2014-09-18 08:23 - 2014-09-18 08:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll 2014-10-14 19:51 - 2014-10-14 19:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll 2014-09-18 08:23 - 2014-09-18 08:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll 2014-10-14 19:51 - 2014-10-14 19:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll 2015-02-17 19:43 - 2014-01-21 16:41 - 00817440 ____N () C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe 2015-03-13 19:51 - 2015-03-13 19:51 - 02922496 _____ () C:\Program Files\AVAST Software\Avast\defs\15031302\algo.dll 2015-02-17 19:43 - 2014-01-21 16:41 - 00149792 ____N () C:\Program Files\Plantronics\GameCom 780 & 788\VmixPLGC.dll 2015-03-13 18:48 - 2015-03-13 18:48 - 38714440 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2015-02-05 11:16 - 2015-02-05 11:15 - 00964608 _____ () c:\ProgramData\{2C39C4FA-7CBB-157C-CD3D-65FE1DBFB670}\1.9.1.1\loma.dll 2015-02-02 14:29 - 2015-01-27 04:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll 2015-02-02 14:29 - 2015-01-27 04:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll 2015-02-02 14:29 - 2015-01-27 04:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 AlternateDataStreams: C:\ProgramData\TEMP:F0D7EE30 AlternateDataStreams: C:\Users\Deniz-\SkyDrive:ms-properties AlternateDataStreams: C:\Users\Deniz-\SkyDrive.old:ms-properties AlternateDataStreams: C:\Users\Deniz-\Documents\205736_139809896091821_100001884334835_262608_5073732_n - Kopi (2).jpg:SummaryInformation AlternateDataStreams: C:\Users\Deniz-\Documents\205736_139809896091821_100001884334835_262608_5073732_n - Kopi (2).jpg:Updt_SummaryInformation AlternateDataStreams: C:\Users\Deniz-\Documents\205736_139809896091821_100001884334835_262608_5073732_n - Kopi (2).jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} AlternateDataStreams: C:\Users\Deniz-\Documents\227757_114643998619682_100002222460959_136669_815124_n - Kopi.jpg:SummaryInformation AlternateDataStreams: C:\Users\Deniz-\Documents\227757_114643998619682_100002222460959_136669_815124_n - Kopi.jpg:Updt_SummaryInformation AlternateDataStreams: C:\Users\Deniz-\Documents\227757_114643998619682_100002222460959_136669_815124_n - Kopi.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} AlternateDataStreams: C:\Users\Deniz-\Documents\DSC00105.JPG:SummaryInformation AlternateDataStreams: C:\Users\Deniz-\Documents\DSC00105.JPG:Updt_SummaryInformation AlternateDataStreams: C:\Users\Deniz-\Documents\DSC00105.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} AlternateDataStreams: C:\Users\Deniz-\Documents\IMAG0339.jpg:SummaryInformation AlternateDataStreams: C:\Users\Deniz-\Documents\IMAG0339.jpg:Updt_SummaryInformation AlternateDataStreams: C:\Users\Deniz-\Documents\IMAG0339.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Deniz-\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper HKU\S-1-5-21-4067808144-3543434019-1444379529-1002\Control Panel\Desktop\\Wallpaper -> DNS Servers: 84.208.20.110 - 84.208.20.111 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "ApnTBMon" HKLM\...\StartupApproved\Run32: => "SPDriver" HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\StartupApproved\Run: => "Spotify Web Helper" HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\StartupApproved\Run: => "LiveSupport" HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\StartupApproved\Run: => "Viber" HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\StartupApproved\Run: => "GoobzoYouTubeAccelerator" HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\StartupApproved\Run: => "SPDriver" HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\StartupApproved\Run: => "msnmsgr" HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\StartupApproved\Run: => "DAEMON Tools Lite" ==================== Accounts: ============================= Administrator (S-1-5-21-4067808144-3543434019-1444379529-500 - Administrator - Disabled) Deniz- (S-1-5-21-4067808144-3543434019-1444379529-1001 - Administrator - Enabled) => C:\Users\Deniz- Guest (S-1-5-21-4067808144-3543434019-1444379529-501 - Limited - Disabled) => C:\Users\Guest UpdatusUser (S-1-5-21-4067808144-3543434019-1444379529-1002 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= Name: Programmable Root Enumerator Description: Programming Support Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a} Manufacturer: Mad Catz Service: SaiNtBus Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: XPS MiniView Description: XPS MiniView Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (03/14/2015 01:51:36 AM) (Source: ESENT) (EventID: 215) (User: ) Description: WinMail (632) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed. Error: (03/14/2015 01:34:46 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AdwCleaner.exe, version: 4.1.1.2, time stamp: 0x54fddf5e Faulting module name: AdwCleaner.exe, version: 4.1.1.2, time stamp: 0x54fddf5e Exception code: 0xc0000005 Fault offset: 0x0001f3f6 Faulting process id: 0x177c Faulting application start time: 0xAdwCleaner.exe0 Faulting application path: AdwCleaner.exe1 Faulting module path: AdwCleaner.exe2 Report Id: AdwCleaner.exe3 Faulting package full name: AdwCleaner.exe4 Faulting package-relative application ID: AdwCleaner.exe5 Error: (03/12/2015 04:30:16 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program wwahost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 814 Start Time: 01d05cd8b394ccac Termination Time: 4294967295 Application Path: C:\WINDOWS\syswow64\wwahost.exe Report Id: a8a4660b-c8cc-11e4-bf86-001e4ce6f590 Faulting package full name: Microsoft.SkypeApp_2.0.0.5011_x86__kzf8qxf38zg5c Faulting package-relative application ID: App Error: (03/12/2015 04:28:58 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (03/12/2015 02:58:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0x00000000 Fault offset: 0x00007ffa26710565 Faulting process id: 0x7c4 Faulting application start time: 0xService_KMS.exe0 Faulting application path: Service_KMS.exe1 Faulting module path: Service_KMS.exe2 Report Id: Service_KMS.exe3 Faulting package full name: Service_KMS.exe4 Faulting package-relative application ID: Service_KMS.exe5 Error: (03/12/2015 02:48:27 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (03/12/2015 02:05:49 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0x00000000 Fault offset: 0x00007ffa241a0565 Faulting process id: 0x7d4 Faulting application start time: 0xService_KMS.exe0 Faulting application path: Service_KMS.exe1 Faulting module path: Service_KMS.exe2 Report Id: Service_KMS.exe3 Faulting package full name: Service_KMS.exe4 Faulting package-relative application ID: Service_KMS.exe5 Error: (03/12/2015 02:01:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0x00000000 Fault offset: 0x00007ff8a7aa0565 Faulting process id: 0x764 Faulting application start time: 0xService_KMS.exe0 Faulting application path: Service_KMS.exe1 Faulting module path: Service_KMS.exe2 Report Id: Service_KMS.exe3 Faulting package full name: Service_KMS.exe4 Faulting package-relative application ID: Service_KMS.exe5 Error: (03/12/2015 02:00:57 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider ProtectionManagement attempted to register query "select * from MSFT_MpEvent" whose target class "MSFT_MpEvent" in //./root/microsoft/protectionManagement namespace does not exist. The query will be ignored. Error: (03/12/2015 02:00:56 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider attempted to register query "select * from MSFT_MpEvent" whose target class "MSFT_MpEvent" in //./root/microsoft/protectionManagement namespace does not exist. The query will be ignored. System errors: ============= Error: (03/14/2015 02:03:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The SPDRIVER_1493.0.0.0 service failed to start due to the following error: %%3 Error: (03/14/2015 01:49:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The SPDRIVER_1493.0.0.0 service failed to start due to the following error: %%3 Error: (03/13/2015 07:58:17 AM) (Source: DCOM) (EventID: 10010) (User: Deniz) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (03/13/2015 07:57:47 AM) (Source: DCOM) (EventID: 10010) (User: Deniz) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (03/13/2015 07:56:25 AM) (Source: DCOM) (EventID: 10010) (User: Deniz) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (03/13/2015 07:55:55 AM) (Source: DCOM) (EventID: 10010) (User: Deniz) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (03/13/2015 07:46:29 AM) (Source: DCOM) (EventID: 10010) (User: Deniz) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (03/13/2015 07:45:59 AM) (Source: DCOM) (EventID: 10010) (User: Deniz) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (03/13/2015 07:25:31 AM) (Source: DCOM) (EventID: 10010) (User: Deniz) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (03/13/2015 07:25:01 AM) (Source: DCOM) (EventID: 10010) (User: Deniz) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Microsoft Office Sessions: ========================= Error: (03/14/2015 01:51:36 AM) (Source: ESENT) (EventID: 215) (User: ) Description: WinMail632WindowsMail0: Error: (03/14/2015 01:34:46 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: AdwCleaner.exe4.1.1.254fddf5eAdwCleaner.exe4.1.1.254fddf5ec00000050001f3f6177c01d05de34a090b69C:\Users\Deniz-\Desktop\AdwCleaner.exeC:\Users\Deniz-\Desktop\AdwCleaner.exee9cc02a8-c9e1-11e4-bf87-001e4ce6f590 Error: (03/12/2015 04:30:16 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: wwahost.exe6.3.9600.1703181401d05cd8b394ccac4294967295C:\WINDOWS\syswow64\wwahost.exea8a4660b-c8cc-11e4-bf86-001e4ce6f590Microsoft.SkypeApp_2.0.0.5011_x86__kzf8qxf38zg5cApp Error: (03/12/2015 04:28:58 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"c:\program files (x86)\microsoft office\Office15\lync.exe.Manifestc:\program files (x86)\microsoft office\Office15\UccApi.DLL1 Error: (03/12/2015 02:58:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.0000000000000000000007ffa267105657c401d05ccc9092fcdaC:\Program Files\KMSpico\Service_KMS.exeunknowne2b33847-c8bf-11e4-bf86-001e4ce6f590 Error: (03/12/2015 02:48:27 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"c:\program files (x86)\microsoft office\Office15\lync.exe.Manifestc:\program files (x86)\microsoft office\Office15\UccApi.DLL1 Error: (03/12/2015 02:05:49 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.0000000000000000000007ffa241a05657d401d05cc52cf1cf3aC:\Program Files\KMSpico\Service_KMS.exeunknown80b345ff-c8b8-11e4-bf85-001e4ce6f590 Error: (03/12/2015 02:01:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.0000000000000000000007ff8a7aa056576401d05cc485a45384C:\Program Files\KMSpico\Service_KMS.exeunknownddb80e09-c8b7-11e4-bf84-001e4ce6f590 Error: (03/12/2015 02:00:57 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: ProtectionManagementselect * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement Error: (03/12/2015 02:00:56 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: select * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement CodeIntegrity Errors: =================================== Date: 2014-12-12 16:36:50.982 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-12 16:31:10.479 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-12 16:31:03.234 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-12 16:31:01.363 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-12 16:31:00.768 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-12 16:29:20.061 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-12 16:29:17.294 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-12 16:29:13.112 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-12 16:29:11.544 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-12 16:29:11.287 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU E8400 @ 3.00GHz Percentage of memory in use: 39% Total physical RAM: 4029.92 MB Available physical RAM: 2419.4 MB Total Pagefile: 4733.92 MB Available Pagefile: 2931.09 MB Total Virtual: 131072 MB Available Virtual: 131071.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.76 GB) (Free:21.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F6A76254) Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  4. i need to attach the FRST file because it is too long to post.
  5. # AdwCleaner v4.112 - Logfile created 14/03/2015 at 01:37:54 # Updated 09/03/2015 by Xplode # Database : 2015-03-05.1 [Local] # Operating system : Windows 8.1 Pro (x64) # Username : Deniz- - DENIZ # Running from : C:\Users\Deniz-\Desktop\AdwCleaner.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions Key Deleted : [x64] HKLM\SOFTWARE\ShopperPro Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Google Chrome v40.0.2214.94 -\\ Chrome Canary v ************************* AdwCleaner[R0].txt - [16225 bytes] - [14/03/2015 01:24:01] AdwCleaner[R1].txt - [3278 bytes] - [14/03/2015 01:35:09] AdwCleaner[s0].txt - [12933 bytes] - [14/03/2015 01:34:34] AdwCleaner[s1].txt - [3235 bytes] - [14/03/2015 01:37:54] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [3294 bytes] ##########
  6. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 14.03.2015 Scan Time: 00:25:46 Logfile: Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.03.13.09 Rootkit Database: v2015.02.25.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Deniz- Scan Type: Threat Scan Result: Completed Objects Scanned: 463525 Time Elapsed: 20 min, 14 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  7. and the addition.txt: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015Ran by Deniz- at 2015-03-12 19:47:10Running from C:\Users\Deniz-\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) A Valley Without Wind (HKLM-x32\...\Steam App 209330) (Version: - Arcen Games, LLC)A Valley Without Wind 2 (HKLM-x32\...\Steam App 228320) (Version: - Arcen Games, LLC)Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)Adobe Premiere Elements 4.0 (HKLM-x32\...\PremElem40) (Version: 4.0 - Adobe Systems Incorporated)Adobe Premiere Elements 4.0 Templates (HKLM-x32\...\PremElem40Templates) (Version: 4.0.0 - Adobe Systems Incorporated)Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)Assassin's Creed II (HKLM-x32\...\Steam App 33230) (Version: - Ubisoft Montreal)Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)Battlefield Heroes (HKLM-x32\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version: - EA Digital illusions)Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios)Cities in Motion 2 (HKLM-x32\...\Steam App 225420) (Version: - Colossal Order Ltd.)Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version: - Valve)Counter-Strike: Condition Zero Deleted Scenes (HKLM-x32\...\Steam App 100) (Version: - Valve)Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDefy Gravity (HKLM-x32\...\Steam App 96100) (Version: - Fish Factory Games)Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version: - BioWare)Dropbox (HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)EXPERTool v8.5 (HKLM-x32\...\{551D9481-9487-4D0C-9A1D-6BC3E7B6D991}_is1) (Version: 8.5.0.1 - Gainward Co. Ltd.)Fotogalleri (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenGarry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenJava 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenLeft 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios)Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Microsoft OneDrive (HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenNatural Selection 2 (HKLM-x32\...\Steam App 4920) (Version: - Unknown Worlds Entertainment)NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)One Finger Death Punch (HKLM-x32\...\Steam App 264200) (Version: - Silver Dollar Games)Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version: - Robot Entertainment)Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)Plantronics® GameCom 780/788 Software for Dolby® Headphone (HKLM-x32\...\{EB3C9064-9140-4279-9E51-965119402151}) (Version: 3.20.0001 - Plantronics)Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)Red Orchestra 2: Heroes of Stalingrad - Single Player (HKLM-x32\...\Steam App 236830) (Version: - )Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version: - Tripwire Interactive)ROBLOX Player for Deniz- (HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)SafeFinder Smartbar (HKLM-x32\...\{AF37B709-2A7A-467D-8139-C1DE4B2C8924}) (Version: 11.127.72.20713 - Linkury Ltd.) <==== ATTENTIONSAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version: - Coffee Stain Studios)Serious Sam 3: BFE (HKLM-x32\...\Steam App 41070) (Version: - Croteam)SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)Smart Technology Programming Software 7.0.27.13 (HKLM\...\{BD90BC1C-115D-47E1-B85C-07AE182C3AB8}) (Version: 7.0.27.13 - Mad Catz)Smart Technology Volume Tracker 7.0.23.0 (HKLM\...\{7C2F1B90-E6E6-4ECF-B626-4545CF6EEB2D}) (Version: 7.0.23.0 - Mad Catz)Spotify (HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)Squishy the Suicidal Pig (HKLM-x32\...\Steam App 318430) (Version: - Tomi Maarela)Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)Surgeon Simulator 2013 (HKLM-x32\...\Steam App 233720) (Version: - Bossa Studios)TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)The Elder Scrolls IV: Oblivion (HKLM-x32\...\Steam App 22330) (Version: - Bethesda Game Studios)The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version: - CD Projekt RED)Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)Unity Web Player (HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\UnityWebPlayer) (Version: 4.5.4f1 - Unity Technologies ApS)Unofficial Oblivion Patch v3.2.0 (HKLM-x32\...\Unofficial Oblivion Patch_is1) (Version: 3.2.0 - Quarn and Kivan)Unofficial Shivering Isles Patch v1.5.0 (HKLM-x32\...\Unofficial Shivering Isles Patch_is1) (Version: 1.5.0 - Quarn and Kivan)Viber (HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\Viber) (Version: 3.0.0.134678 - Viber Media Inc)Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-4067808144-3543434019-1444379529-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Deniz-\AppData\Local\Roblox\Versions\version-0aae98b55b324621\RobloxProxy64.dll (ROBLOX Corporation)CustomCLSID: HKU\S-1-5-21-4067808144-3543434019-1444379529-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Deniz-\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4067808144-3543434019-1444379529-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deniz-\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4067808144-3543434019-1444379529-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deniz-\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4067808144-3543434019-1444379529-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deniz-\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4067808144-3543434019-1444379529-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deniz-\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ==================== Restore Points ========================= 21-02-2015 15:12:30 Windows Update02-03-2015 14:44:05 Windows Update09-03-2015 14:59:46 Scheduled Checkpoint12-03-2015 19:33:00 Removed Microsoft Office Professional Plus 201312-03-2015 19:33:41 PROPLUSR ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {190A3FB5-FAEF-41F0-A639-FE2480402059} - System32\Tasks\YTAUpdate_logon => C:\PROGRA~2\YOUTUB~1\Updater.exe <==== ATTENTIONTask: {1BA718F2-3B96-4F15-B8D2-C4E71165D5AF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-11] (Microsoft Corporation)Task: {1D6F1E33-C9D3-4458-89DD-B30450A0F15A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)Task: {2DDFFB55-3958-4E44-B003-7F09E3399D7C} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-4067808144-3543434019-1444379529-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exeTask: {31D28C88-166D-4B5E-8C54-7B065A8C22D9} - System32\Tasks\Installer_sense => C:\Users\Deniz-\AppData\Local\Installer\Installsense_5573\ins_postInst.exe <==== ATTENTIONTask: {3D67D678-DF4B-451F-9EDC-07BAF80D8D50} - System32\Tasks\{5249C4BC-85FE-4DDF-AE56-18E4C9B88FC6} => pcalua.exe -a "C:\Users\Deniz-\Downloads\V7_Keyboard_SD7_0_23_0_x64_Drivers (4).exe" -d C:\Users\Deniz-\DownloadsTask: {4139B8AB-9D9F-49E1-BA0F-EAD879F7FE2E} - System32\Tasks\{2A31081E-10D7-4E3E-AF7F-9EEA6E575DDC} => pcalua.exe -a "C:\Users\Deniz-\AppData\Roaming\Electronic Arts\Game Face\uninstall.exe"Task: {559AD991-5A61-46B3-999D-F93E68B014A6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-25] (Google Inc.)Task: {A7E603C9-6E2C-4816-B08E-D9B9C622B51C} - \SPDriver No Task File <==== ATTENTIONTask: {B6DC5902-6B81-4380-AD64-32A2090F3895} - \ShopperPro No Task File <==== ATTENTIONTask: {B8A4447C-A802-4FE8-B09D-5FC3B0AFBFE9} - System32\Tasks\{16E19CA4-7D79-481F-9498-D7736F86B9D4} => pcalua.exe -a C:\Users\Deniz-\Downloads\V7_Keyboard_SD7_0_23_0_x64_Drivers.exeTask: {B9455565-010A-4C02-932D-D4B6E8B69FFB} - System32\Tasks\YTAHelper => C:\Program Files (x86)\YTAHelper\YTAHelper.exe <==== ATTENTIONTask: {B99851B5-8B44-4C6A-9824-C901C65385A5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-25] (Google Inc.)Task: {BB8239C5-D150-4881-ACD9-205377C36E34} - \ShopperProJSUpd No Task File <==== ATTENTIONTask: {BD15455D-A9D1-421D-8350-A8D5199C04BB} - \Installer_iwebar No Task File <==== ATTENTIONTask: {BDC326B9-E7BA-4E9B-B3CB-269CC938D351} - System32\Tasks\{C3DBF0C5-4763-4D93-90BC-5F93E2B688A4} => pcalua.exe -a D:\setup.exe -d D:\Task: {E8A458AD-8F6C-4750-9724-CAD15E7D5FA9} - System32\Tasks\YTAUpdate => C:\PROGRA~2\YOUTUB~1\Updater.exe <==== ATTENTIONTask: {F1DF84D5-A194-4032-BD64-4EAE70A0BE72} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-12] (AVAST Software)Task: {FDC11186-5AC2-4D6C-B9CF-6B7CD5A567D0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2013-12-13 18:56 - 2013-10-23 09:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2013-11-14 08:17 - 2013-11-14 08:17 - 00180224 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\ErrorReporting.dll2014-09-18 08:23 - 2014-09-18 08:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll2014-10-14 19:51 - 2014-10-14 19:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll2014-09-18 08:23 - 2014-09-18 08:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll2014-10-14 19:51 - 2014-10-14 19:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll2015-02-17 19:43 - 2014-01-21 16:41 - 00817440 ____N () C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe2015-03-12 14:58 - 2015-03-12 14:58 - 02922496 _____ () C:\Program Files\AVAST Software\Avast\defs\15031201\algo.dll2015-02-17 19:43 - 2014-01-21 16:41 - 00149792 ____N () C:\Program Files\Plantronics\GameCom 780 & 788\VmixPLGC.dll2014-12-12 14:03 - 2014-12-12 14:03 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:56E2E879AlternateDataStreams: C:\ProgramData\TEMP:F0D7EE30AlternateDataStreams: C:\Users\Deniz-\SkyDrive:ms-propertiesAlternateDataStreams: C:\Users\Deniz-\SkyDrive.old:ms-propertiesAlternateDataStreams: C:\Users\Deniz-\Documents\205736_139809896091821_100001884334835_262608_5073732_n - Kopi (2).jpg:SummaryInformationAlternateDataStreams: C:\Users\Deniz-\Documents\205736_139809896091821_100001884334835_262608_5073732_n - Kopi (2).jpg:Updt_SummaryInformationAlternateDataStreams: C:\Users\Deniz-\Documents\205736_139809896091821_100001884334835_262608_5073732_n - Kopi (2).jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Deniz-\Documents\227757_114643998619682_100002222460959_136669_815124_n - Kopi.jpg:SummaryInformationAlternateDataStreams: C:\Users\Deniz-\Documents\227757_114643998619682_100002222460959_136669_815124_n - Kopi.jpg:Updt_SummaryInformationAlternateDataStreams: C:\Users\Deniz-\Documents\227757_114643998619682_100002222460959_136669_815124_n - Kopi.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Deniz-\Documents\DSC00105.JPG:SummaryInformationAlternateDataStreams: C:\Users\Deniz-\Documents\DSC00105.JPG:Updt_SummaryInformationAlternateDataStreams: C:\Users\Deniz-\Documents\DSC00105.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Deniz-\Documents\IMAG0339.jpg:SummaryInformationAlternateDataStreams: C:\Users\Deniz-\Documents\IMAG0339.jpg:Updt_SummaryInformationAlternateDataStreams: C:\Users\Deniz-\Documents\IMAG0339.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Deniz-\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaperHKU\S-1-5-21-4067808144-3543434019-1444379529-1002\Control Panel\Desktop\\Wallpaper -> DNS Servers: 84.208.20.110 - 84.208.20.111 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "Adobe ARM"HKLM\...\StartupApproved\Run32: => "ApnTBMon"HKLM\...\StartupApproved\Run32: => "SPDriver"HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\StartupApproved\Run: => "Skype"HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\StartupApproved\Run: => "Spotify"HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\StartupApproved\Run: => "Spotify Web Helper"HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\StartupApproved\Run: => "LiveSupport"HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\StartupApproved\Run: => "Viber"HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\StartupApproved\Run: => "GoobzoYouTubeAccelerator"HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\StartupApproved\Run: => "SPDriver"HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\StartupApproved\Run: => "msnmsgr"HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\StartupApproved\Run: => "DAEMON Tools Lite" ==================== Accounts: ============================= Administrator (S-1-5-21-4067808144-3543434019-1444379529-500 - Administrator - Disabled)Deniz- (S-1-5-21-4067808144-3543434019-1444379529-1001 - Administrator - Enabled) => C:\Users\Deniz-Guest (S-1-5-21-4067808144-3543434019-1444379529-501 - Limited - Disabled) => C:\Users\GuestUpdatusUser (S-1-5-21-4067808144-3543434019-1444379529-1002 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= Name: Programmable Root EnumeratorDescription: Programming SupportClass Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}Manufacturer: Mad CatzService: SaiNtBusProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver Name: XPS MiniViewDescription: XPS MiniViewClass Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors:==================Error: (03/12/2015 04:30:16 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program wwahost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 814 Start Time: 01d05cd8b394ccac Termination Time: 4294967295 Application Path: C:\WINDOWS\syswow64\wwahost.exe Report Id: a8a4660b-c8cc-11e4-bf86-001e4ce6f590 Faulting package full name: Microsoft.SkypeApp_2.0.0.5011_x86__kzf8qxf38zg5c Faulting package-relative application ID: App Error: (03/12/2015 04:28:58 PM) (Source: SideBySide) (EventID: 35) (User: )Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.Component identity found in manifest does not match the identity of the component requested.Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".Please use sxstrace.exe for detailed diagnosis. Error: (03/12/2015 02:58:40 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15dFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0x00000000Fault offset: 0x00007ffa26710565Faulting process id: 0x7c4Faulting application start time: 0xService_KMS.exe0Faulting application path: Service_KMS.exe1Faulting module path: Service_KMS.exe2Report Id: Service_KMS.exe3Faulting package full name: Service_KMS.exe4Faulting package-relative application ID: Service_KMS.exe5 Error: (03/12/2015 02:48:27 PM) (Source: SideBySide) (EventID: 35) (User: )Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.Component identity found in manifest does not match the identity of the component requested.Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".Please use sxstrace.exe for detailed diagnosis. Error: (03/12/2015 02:05:49 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15dFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0x00000000Fault offset: 0x00007ffa241a0565Faulting process id: 0x7d4Faulting application start time: 0xService_KMS.exe0Faulting application path: Service_KMS.exe1Faulting module path: Service_KMS.exe2Report Id: Service_KMS.exe3Faulting package full name: Service_KMS.exe4Faulting package-relative application ID: Service_KMS.exe5 Error: (03/12/2015 02:01:16 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15dFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0x00000000Fault offset: 0x00007ff8a7aa0565Faulting process id: 0x764Faulting application start time: 0xService_KMS.exe0Faulting application path: Service_KMS.exe1Faulting module path: Service_KMS.exe2Report Id: Service_KMS.exe3Faulting package full name: Service_KMS.exe4Faulting package-relative application ID: Service_KMS.exe5 Error: (03/12/2015 02:00:57 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)Description: Event provider ProtectionManagement attempted to register query "select * from MSFT_MpEvent" whose target class "MSFT_MpEvent" in //./root/microsoft/protectionManagement namespace does not exist. The query will be ignored. Error: (03/12/2015 02:00:56 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)Description: Event provider attempted to register query "select * from MSFT_MpEvent" whose target class "MSFT_MpEvent" in //./root/microsoft/protectionManagement namespace does not exist. The query will be ignored. Error: (03/11/2015 11:57:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Deniz)Description: Activation of app Microsoft.BingSports_8wekyb3d8bbwe!AppexSports failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (03/11/2015 11:57:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Deniz)Description: Activation of app Microsoft.BingFoodAndDrink_8wekyb3d8bbwe!AppexFoodAndDrink failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors:=============Error: (03/12/2015 07:41:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The YouTubeAcceleratorService service failed to start due to the following error: %%2 Error: (03/12/2015 07:41:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The SPDRIVER_1493.0.0.0 service failed to start due to the following error: %%3 Error: (03/12/2015 07:41:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The ShopperPro Update service failed to start due to the following error: %%2 Error: (03/12/2015 04:25:32 PM) (Source: DCOM) (EventID: 10010) (User: Deniz)Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (03/12/2015 03:31:34 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105. Error: (03/12/2015 02:58:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s). Error: (03/12/2015 02:58:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The YouTubeAcceleratorService service failed to start due to the following error: %%2 Error: (03/12/2015 02:58:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The SPDRIVER_1493.0.0.0 service failed to start due to the following error: %%3 Error: (03/12/2015 02:58:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The ShopperPro Update service failed to start due to the following error: %%2 Error: (03/12/2015 02:06:21 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)Description: Installation Failure: Windows failed to install the following update with error 0x800f0841: Security Update for Windows 8.1 for x64-based Systems (KB3033889). Microsoft Office Sessions:=========================Error: (03/12/2015 04:30:16 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: wwahost.exe6.3.9600.1703181401d05cd8b394ccac4294967295C:\WINDOWS\syswow64\wwahost.exea8a4660b-c8cc-11e4-bf86-001e4ce6f590Microsoft.SkypeApp_2.0.0.5011_x86__kzf8qxf38zg5cApp Error: (03/12/2015 04:28:58 PM) (Source: SideBySide) (EventID: 35) (User: )Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"c:\program files (x86)\microsoft office\Office15\lync.exe.Manifestc:\program files (x86)\microsoft office\Office15\UccApi.DLL1 Error: (03/12/2015 02:58:40 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.0000000000000000000007ffa267105657c401d05ccc9092fcdaC:\Program Files\KMSpico\Service_KMS.exeunknowne2b33847-c8bf-11e4-bf86-001e4ce6f590 Error: (03/12/2015 02:48:27 PM) (Source: SideBySide) (EventID: 35) (User: )Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"c:\program files (x86)\microsoft office\Office15\lync.exe.Manifestc:\program files (x86)\microsoft office\Office15\UccApi.DLL1 Error: (03/12/2015 02:05:49 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.0000000000000000000007ffa241a05657d401d05cc52cf1cf3aC:\Program Files\KMSpico\Service_KMS.exeunknown80b345ff-c8b8-11e4-bf85-001e4ce6f590 Error: (03/12/2015 02:01:16 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.0000000000000000000007ff8a7aa056576401d05cc485a45384C:\Program Files\KMSpico\Service_KMS.exeunknownddb80e09-c8b7-11e4-bf84-001e4ce6f590 Error: (03/12/2015 02:00:57 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)Description: ProtectionManagementselect * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement Error: (03/12/2015 02:00:56 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)Description: select * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement Error: (03/11/2015 11:57:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Deniz)Description: Microsoft.BingSports_8wekyb3d8bbwe!AppexSports-2144927142 Error: (03/11/2015 11:57:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Deniz)Description: Microsoft.BingFoodAndDrink_8wekyb3d8bbwe!AppexFoodAndDrink-2144927142 CodeIntegrity Errors:=================================== Date: 2014-12-12 16:36:50.982 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-12 16:31:10.479 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-12 16:31:03.234 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-12 16:31:01.363 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-12 16:31:00.768 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-12 16:29:20.061 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-12 16:29:17.294 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-12 16:29:13.112 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-12 16:29:11.544 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-12 16:29:11.287 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU E8400 @ 3.00GHzPercentage of memory in use: 30%Total physical RAM: 4029.92 MBAvailable physical RAM: 2795.76 MBTotal Pagefile: 4733.92 MBAvailable Pagefile: 3480.47 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.76 GB) (Free:38.75 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F6A76254)Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  8. sorry for the inconvenience. I have removed the programs. here is the new FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015Ran by Deniz- (administrator) on DENIZ on 12-03-2015 19:45:06Running from C:\Users\Deniz-\DesktopLoaded Profiles: Deniz- & UpdatusUser (Available profiles: Deniz- & UpdatusUser & Guest)Platform: Windows 8.1 Pro (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\livecomm.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Saitek) C:\Program Files\Saitek\VolumeTracker\SaiVolume.exe(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe() C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe(Gainward Co. Ltd.) C:\Program Files (x86)\EXPERTool\TBPanel.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe(Microsoft Corporation) C:\Windows\System32\msfeedssync.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [saiVolume] => C:\Program Files\Saitek\VolumeTracker\SaiVolume.exe [152064 2012-10-15] (Saitek)HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)HKLM\...\Run: [saiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)HKLM\...\Run: [GamecomSound] => C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe [817440 2014-01-21] ()HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-05] (AVAST Software)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\Run: [TBPanel] => C:\Program Files (x86)\EXPERTool\TBPanel.exe [2048368 2012-07-18] (Gainward Co. Ltd.)HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\Run: [spotify Web Helper] => C:\Users\Deniz-\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-12] (Spotify Ltd)HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\Run: [spotify] => C:\Users\Deniz-\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-12] (Spotify Ltd)HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\Run: [Viber] => C:\Users\Deniz-\AppData\Local\Viber\Viber.exe [936656 2014-09-02] ()HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgroundHKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\Run: [GoobzoYouTubeAccelerator] => "C:\Program Files (x86)\YouTube Accelerator\YouTubeAccelerator.exe" /startupHKU\S-1-5-21-4067808144-3543434019-1444379529-1002\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)AppInit_DLLs-x32: c:/progra~4/{2c39c~1/191~1.1/loma.dll => c:\ProgramData\{2C39C4FA-7CBB-157C-CD3D-65FE1DBFB670}\1.9.1.1\loma.dll [964608 2015-02-05] ()IFEO\bitguard.exe: [Debugger] tasklist.exeIFEO\bprotect.exe: [Debugger] tasklist.exeIFEO\bpsvc.exe: [Debugger] tasklist.exeIFEO\browserdefender.exe: [Debugger] tasklist.exeIFEO\browserprotect.exe: [Debugger] tasklist.exeIFEO\browsersafeguard.exe: [Debugger] tasklist.exeIFEO\dprotectsvc.exe: [Debugger] tasklist.exeIFEO\jumpflip: [Debugger] tasklist.exeIFEO\protectedsearch.exe: [Debugger] tasklist.exeIFEO\searchinstaller.exe: [Debugger] tasklist.exeIFEO\searchprotection.exe: [Debugger] tasklist.exeIFEO\searchprotector.exe: [Debugger] tasklist.exeIFEO\searchsettings.exe: [Debugger] tasklist.exeIFEO\searchsettings64.exe: [Debugger] tasklist.exeIFEO\snapdo.exe: [Debugger] tasklist.exeIFEO\stinst32.exe: [Debugger] tasklist.exeIFEO\stinst64.exe: [Debugger] tasklist.exeIFEO\umbrella.exe: [Debugger] tasklist.exeIFEO\utiljumpflip.exe: [Debugger] tasklist.exeIFEO\volaro: [Debugger] tasklist.exeIFEO\vonteera: [Debugger] tasklist.exeIFEO\websteroids.exe: [Debugger] tasklist.exeIFEO\websteroidsservice.exe: [Debugger] tasklist.exeShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)ShellIconOverlayIdentifiers: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)ShellIconOverlayIdentifiers-x32: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-4067808144-3543434019-1444379529-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.no.msn.com/?rd=1&ucc=NO&dcc=NO&opt=0URLSearchHook: [s-1-5-21-4067808144-3543434019-1444379529-1002] ATTENTION ==> Default URLSearchHook is missing.SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ir_14_52_other&cd=2XzuyEtN2Y1L1QzutDtDtBtAyE0D0C0BtAyD0DtByB0BtAyBtN0D0Tzu0StCtDzzyCtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2SyCtCyC0CyEyC0C0AtGzytA0E0BtG0FzyyB0AtGyE0F0B0FtGyBzyzyyC0FtC0EzztCyB0E0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtB0Bzy0C0FyEtAtG0FtDtCtAtGyEtB0C0DtGzz0D0AtAtG0AzyzytDyBzz0E0AtAzzyC0D2Q&cr=2099755856&ir=SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://no.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}SearchScopes: HKU\S-1-5-21-4067808144-3543434019-1444379529-1001 -> URL http://search.conduit.com/Results.aspx?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP3B4CC5B0-9785-4CBC-AA0C-C391C426EDAC&q={searchTerms}&SSPV=SearchScopes: HKU\S-1-5-21-4067808144-3543434019-1444379529-1001 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)BHO: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> No FileBHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-31] (Oracle Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-31] (Oracle Corporation)BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)BHO-x32: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> No FileToolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No FileToolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileToolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No FileHandler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No FileHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)Winsock: Catalog9 01 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll [177512] (GOOBZO)Winsock: Catalog9 02 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll [177512] (GOOBZO)Winsock: Catalog9 03 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll [177512] (GOOBZO)Winsock: Catalog9 04 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll [177512] (GOOBZO)Winsock: Catalog9 05 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll [177512] (GOOBZO)Winsock: Catalog9 06 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll [177512] (GOOBZO)Winsock: Catalog9 07 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll [177512] (GOOBZO)Winsock: Catalog9 08 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll [177512] (GOOBZO)Winsock: Catalog9 20 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll [177512] (GOOBZO)Tcpip\Parameters: [DhcpNameServer] 84.208.20.110 84.208.20.111StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-31] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-31] (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-16] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-16] (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-4067808144-3543434019-1444379529-1001: @nsroblox.roblox.com/launcher -> C:\Users\Deniz-\AppData\Local\Roblox\Versions\version-0aae98b55b324621\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)FF Plugin HKU\S-1-5-21-4067808144-3543434019-1444379529-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Deniz-\AppData\Local\Roblox\Versions\version-0aae98b55b324621\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)FF Plugin HKU\S-1-5-21-4067808144-3543434019-1444379529-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Deniz-\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-05] (Unity Technologies ApS)FF Plugin HKU\S-1-5-21-4067808144-3543434019-1444379529-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-12-25] () Chrome: =======CHR DefaultSuggestURL: Profile 3 -> http://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}CHR Profile: C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]CHR Extension: (AdBlock) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-30]CHR Extension: (Google Wallet) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-29]CHR Profile: C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 1CHR Extension: (Ask Search) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaaaahlfahldnilidgnlikdckbfehhca [2015-02-05]CHR Extension: (Google Slides) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]CHR Extension: (Google Docs) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]CHR Extension: (Google Drive) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-05]CHR Extension: (YouTube) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-05]CHR Extension: (Google Search) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-05]CHR Extension: (avast! SafePrice) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-02-05]CHR Extension: (Google Sheets) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]CHR Extension: (Avast Online Security) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-05]CHR Extension: (Google Wallet) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-05]CHR Extension: (Vosteran New Tab) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce [2015-02-05]CHR Extension: (Gmail) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-05]CHR Profile: C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 2CHR Extension: (Ask Search) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aaaaahlfahldnilidgnlikdckbfehhca [2015-02-05]CHR Extension: (Google Slides) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]CHR Extension: (Google Docs) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]CHR Extension: (Google Drive) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-05]CHR Extension: (YouTube) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-05]CHR Extension: (Google Search) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-05]CHR Extension: (avast! SafePrice) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-02-05]CHR Extension: (Google Sheets) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]CHR Extension: (Avast Online Security) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-05]CHR Extension: (Google Wallet) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-05]CHR Extension: (Vosteran New Tab) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce [2015-02-05]CHR Extension: (Gmail) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-05]CHR Profile: C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 3CHR Extension: (Google Docs) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]CHR Extension: (Google Drive) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-05]CHR Extension: (YouTube) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-05]CHR Extension: (Google Search) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-05]CHR Extension: (AdBlock) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-17]CHR Extension: (Google Wallet) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-05]CHR Extension: (Gmail) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-05]CHR Profile: C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 4StartMenuInternet: Google Chrome - chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-12] (AVAST Software)S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-12] (Avast Software)R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-02-02] (Macrovision Europe Ltd.) [File not signed]S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-28] (Electronic Arts)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)S2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe /service [X]S2 YouTubeAcceleratorService; C:\PROGRA~2\YOUTUB~1\YouTubeAcceleratorService.exe -start -scm [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-12] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-12] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-12] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-12] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-05] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-12] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-12] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-12] ()R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63al.sys [5170176 2013-07-01] (Broadcom Corporation)S3 dc3d; C:\Windows\System32\drivers\dc3d.sys [47616 2011-05-18] (Microsoft Corporation) [File not signed]S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)S3 LcUvcUpper; C:\Windows\system32\DRIVERS\LcUvcUpper.sys [34408 2013-09-27] (Microsoft Corporation)R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)R3 PlantronicsGC; C:\Windows\system32\drivers\PLTGC.sys [1327104 2013-10-08] (C-Media Electronics Inc)S3 SaiK0728; C:\Windows\system32\DRIVERS\SaiK0728.sys [180584 2012-12-05] (Saitek)R3 SaiMini; C:\Windows\System32\drivers\SaiMini.sys [25120 2013-04-30] (Saitek)R3 SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-12] (Avast Software)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)S3 SPBIUpdd; \??\C:\Program Files\Common Files\ShopperPro\spbiw.sys [X]S2 SPDRIVER_1493.0.0.0; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1493.0.0.0\jsdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-12 19:45 - 2015-03-12 19:45 - 00026182 _____ () C:\Users\Deniz-\Desktop\FRST.txt2015-03-12 19:43 - 2015-03-12 19:43 - 00000000 ____D () C:\Users\Deniz-\Desktop\FRST-OlderVersion2015-03-12 15:05 - 2015-03-12 15:05 - 00000000 ____D () C:\Users\Deniz-\AppData\Local\VirtualStore2015-03-12 14:01 - 2015-03-04 22:24 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2015-03-12 14:01 - 2015-03-04 22:24 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2015-03-11 10:30 - 2015-02-04 00:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys2015-03-11 10:30 - 2015-02-04 00:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys2015-03-11 10:30 - 2015-02-04 00:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys2015-03-11 10:30 - 2015-02-03 00:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll2015-03-11 10:30 - 2015-02-03 00:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll2015-03-11 10:30 - 2015-01-27 04:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe2015-03-11 10:30 - 2015-01-24 02:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe2015-03-11 10:29 - 2015-02-07 00:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml2015-03-11 10:29 - 2015-01-23 08:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll2015-03-11 10:29 - 2015-01-23 06:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll2015-03-11 10:28 - 2015-03-06 03:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll2015-03-11 10:28 - 2015-03-06 03:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll2015-03-11 10:23 - 2015-02-26 00:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys2015-03-11 10:23 - 2015-01-31 00:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll2015-03-11 10:23 - 2015-01-31 00:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll2015-03-11 10:23 - 2015-01-29 02:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll2015-03-11 10:23 - 2015-01-29 02:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll2015-03-11 10:22 - 2015-02-20 04:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll2015-03-11 10:22 - 2015-02-20 03:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll2015-03-11 10:22 - 2015-02-20 03:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll2015-03-11 10:22 - 2015-02-20 03:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll2015-03-11 10:22 - 2015-02-06 02:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll2015-03-11 10:22 - 2015-02-06 02:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll2015-03-11 10:22 - 2015-02-05 21:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys2015-03-11 10:22 - 2015-02-03 01:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll2015-03-11 10:22 - 2015-02-03 01:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll2015-03-11 10:22 - 2015-01-30 04:01 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys2015-03-11 10:22 - 2015-01-30 04:00 - 00167424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys2015-03-11 10:22 - 2015-01-30 03:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll2015-03-11 10:22 - 2015-01-30 03:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll2015-03-11 10:22 - 2015-01-30 02:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll2015-03-11 10:22 - 2015-01-30 02:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll2015-03-11 10:22 - 2015-01-30 02:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll2015-03-11 10:22 - 2015-01-29 02:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll2015-03-11 10:22 - 2015-01-29 02:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll2015-03-11 10:22 - 2014-10-29 03:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll2015-03-11 10:22 - 2014-10-29 03:46 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS2015-03-11 10:22 - 2014-10-29 03:46 - 00053248 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys2015-03-11 10:22 - 2014-10-29 03:45 - 01198080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys2015-03-11 10:22 - 2014-10-29 03:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll2015-03-11 10:22 - 2014-10-29 03:44 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll2015-03-11 10:22 - 2014-10-29 03:43 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.exe2015-03-11 10:22 - 2014-10-29 03:34 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll2015-03-11 10:22 - 2014-10-29 03:04 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\findnetprinters.dll2015-03-11 10:22 - 2014-10-29 03:04 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll2015-03-11 10:22 - 2014-10-29 03:03 - 00241152 ____C (Microsoft Corporation) C:\WINDOWS\system32\fsquirt.exe2015-03-11 10:22 - 2014-10-29 03:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll2015-03-11 10:22 - 2014-10-29 03:00 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll2015-03-11 10:22 - 2014-10-29 02:58 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.exe2015-03-11 10:22 - 2014-10-29 02:52 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll2015-03-11 10:22 - 2014-10-29 02:51 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll2015-03-11 10:22 - 2014-10-29 02:48 - 00825856 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmcsnap.dll2015-03-11 10:22 - 2014-10-29 02:45 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ppcsnap.dll2015-03-11 10:22 - 2014-10-29 02:45 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll2015-03-11 10:22 - 2014-10-29 02:28 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll2015-03-11 10:22 - 2014-10-29 02:28 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\atlthunk.dll2015-03-11 10:22 - 2014-10-29 02:20 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll2015-03-11 10:22 - 2014-10-29 02:15 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll2015-03-11 10:22 - 2014-10-29 01:55 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll2015-03-11 10:22 - 2014-10-29 01:44 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll2015-03-11 10:22 - 2014-10-29 01:41 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll2015-03-11 10:22 - 2014-10-29 01:35 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll2015-03-11 10:16 - 2015-01-29 02:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll2015-03-11 10:16 - 2015-01-29 02:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2015-03-11 10:16 - 2015-01-29 01:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll2015-03-11 10:16 - 2015-01-29 01:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll2015-03-11 10:16 - 2015-01-29 01:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll2015-03-11 10:16 - 2015-01-29 01:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll2015-03-11 10:16 - 2015-01-28 03:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll2015-03-11 10:16 - 2015-01-28 02:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll2015-03-11 10:16 - 2014-10-29 03:34 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe2015-03-11 10:16 - 2014-10-29 03:34 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe2015-03-11 10:16 - 2014-10-29 02:13 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll2015-03-11 10:16 - 2014-10-29 01:55 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll2015-03-11 10:06 - 2015-01-28 16:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe2015-03-11 10:06 - 2015-01-28 16:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll2015-03-11 10:06 - 2015-01-28 16:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll2015-03-11 10:05 - 2015-01-31 00:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll2015-03-11 10:05 - 2015-01-30 03:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll2015-03-11 10:05 - 2015-01-30 02:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll2015-03-11 10:05 - 2015-01-30 02:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll2015-03-11 10:05 - 2015-01-30 02:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll2015-03-11 10:05 - 2015-01-30 02:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll2015-03-11 10:05 - 2015-01-30 02:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll2015-03-11 10:05 - 2015-01-30 02:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll2015-03-11 10:05 - 2015-01-30 02:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll2015-03-11 10:05 - 2015-01-27 05:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll2015-03-11 10:05 - 2015-01-27 03:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll2015-03-11 10:05 - 2014-10-29 04:56 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys2015-03-11 10:05 - 2014-10-29 03:37 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll2015-03-11 10:05 - 2014-10-29 02:19 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll2015-03-11 10:05 - 2014-10-29 01:59 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappprxy.dll2015-03-11 10:03 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2015-03-11 10:03 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2015-03-11 10:03 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll2015-03-11 10:03 - 2015-02-21 01:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll2015-03-11 10:03 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2015-03-11 10:03 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll2015-03-11 10:03 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll2015-03-11 10:03 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll2015-03-11 10:03 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2015-03-11 10:03 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll2015-03-11 10:03 - 2015-02-20 03:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll2015-03-11 10:03 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll2015-03-11 10:03 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2015-03-11 10:03 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll2015-03-11 10:03 - 2015-02-20 03:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll2015-03-11 10:03 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll2015-03-11 10:03 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll2015-03-11 10:03 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2015-03-11 10:03 - 2015-02-20 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll2015-03-11 10:03 - 2015-02-20 02:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll2015-03-11 10:03 - 2015-02-20 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll2015-03-11 10:03 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2015-03-11 10:03 - 2015-02-20 02:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll2015-03-11 10:03 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl2015-03-11 10:03 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2015-03-11 10:03 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2015-03-11 10:03 - 2015-02-20 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll2015-03-11 10:03 - 2015-02-20 02:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll2015-03-11 10:03 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2015-03-11 10:03 - 2015-02-20 02:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll2015-03-11 10:03 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl2015-03-11 10:03 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2015-03-11 10:03 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2015-03-11 10:03 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2015-03-11 10:03 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2015-03-11 10:03 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2015-03-11 10:03 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2015-03-11 10:02 - 2015-02-12 18:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll2015-03-11 10:02 - 2015-02-12 18:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll2015-03-11 10:02 - 2015-01-29 19:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll2015-03-11 10:02 - 2015-01-29 19:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll2015-03-11 10:02 - 2014-12-11 06:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe2015-03-11 09:53 - 2015-02-08 00:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll2015-03-11 09:53 - 2015-02-08 00:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll2015-03-11 09:53 - 2015-01-28 02:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll2015-03-11 09:53 - 2015-01-28 02:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll2015-03-11 09:53 - 2015-01-28 00:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe2015-03-11 09:53 - 2015-01-28 00:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe2015-03-11 09:43 - 2015-01-21 06:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll2015-03-11 09:43 - 2015-01-21 06:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll2015-03-10 23:57 - 2015-03-12 19:45 - 00000000 ____D () C:\FRST2015-03-10 23:55 - 2015-03-12 19:43 - 02095616 _____ (Farbar) C:\Users\Deniz-\Desktop\FRST64.exe2015-03-10 23:51 - 2015-03-10 23:51 - 00000000 ____D () C:\Users\Deniz-\AppData\Roaming\ZoomBrowser EX2015-03-07 09:16 - 2015-03-07 09:49 - 00000000 ____D () C:\Users\Deniz-\Downloads\World.War.Z.2013.Unrated.Cut.720p.BluRay.x264.DTS-WiKi2015-03-07 00:45 - 2015-03-07 01:02 - 00000000 ____D () C:\Users\Deniz-\Downloads\Fight.Club.1999.720p.BRRip.x264-x0r2015-03-07 00:45 - 2015-03-07 00:45 - 00024922 _____ () C:\Users\Deniz-\Downloads\Fight.Club.1999.720p.BRRip.x264-x0r [iPT].torrent2015-03-07 00:44 - 2015-03-08 01:42 - 00000000 ____D () C:\Users\Deniz-\Downloads\Need.For.Speed.2014.1080p.BluRay.x264-SPARKS2015-03-07 00:44 - 2015-03-07 00:44 - 00031644 _____ () C:\Users\Deniz-\Downloads\Need.For.Speed.2014.1080p.BluRay.x264-SPARKS [iPT].torrent2015-03-07 00:42 - 2015-03-07 09:47 - 3742368193 ____R () C:\Users\Deniz-\Downloads\Captain.America.The.Winter.Soldier.2014.BluRay.1080p.DTS.x264-CHD.mkv2015-03-07 00:42 - 2015-03-07 00:42 - 00029664 _____ () C:\Users\Deniz-\Downloads\Captain.America.The.Winter.Soldier.2014.BluRay.1080p.DTS.x264-CHD.mkv [iPT].torrent2015-03-07 00:40 - 2015-03-08 01:51 - 00000000 ____D () C:\Users\Deniz-\Downloads\National.Geographic.Inside.the.Milky.Way.1080p.Bluray.x264-DiVERGE2015-03-07 00:40 - 2015-03-07 00:40 - 00209664 _____ () C:\Users\Deniz-\Downloads\National.Geographic.Inside.the.Milky.Way.1080p.Bluray.x264-DiVERGE [iPT].torrent2015-03-07 00:40 - 2015-03-07 00:40 - 00000000 ____D () C:\Users\Deniz-\Downloads\Horrible.Bosses.2.2014.1080p.BluRay.DTS.x264-HDA2015-03-07 00:39 - 2015-03-07 00:39 - 00024457 _____ () C:\Users\Deniz-\Downloads\Horrible.Bosses.2.2014.1080p.BluRay.DTS.x264-HDA [iPT].torrent2015-03-05 19:31 - 2015-03-05 19:31 - 00048026 _____ () C:\Users\Deniz-\Downloads\American.Heist.2014.1080p.Bluray.x264.DTS-EVO [iPT].torrent2015-03-04 16:51 - 2015-03-04 16:51 - 10157817 _____ () C:\Users\Deniz-\Downloads\Obligatory+_043561b28c14b0c445ba9ff4cf902e83.webm2015-03-04 16:41 - 2015-03-04 16:41 - 14284127 _____ () C:\Users\Deniz-\Downloads\jet fuel can't melt steel beams.mp42015-03-03 17:01 - 2015-03-03 17:28 - 00000000 ____D () C:\Users\Deniz-\AppData\Local\squishy2015-03-03 16:56 - 2015-03-03 16:56 - 00000222 _____ () C:\Users\Deniz-\Desktop\Squishy the Suicidal Pig.url2015-03-02 20:50 - 2015-03-02 20:50 - 00113341 _____ () C:\Users\Deniz-\Downloads\World.War.Z.2013.Unrated.Cut.720p.BluRay.x264.DTS-WiKi [iPT].torrent2015-03-02 20:49 - 2015-03-02 20:49 - 00075441 _____ () C:\Users\Deniz-\Downloads\World.War.Z.2013.UNRATED.1080p.BluRay.x264.DTS-iFT [iPT].torrent2015-03-01 20:11 - 2015-03-01 20:11 - 00000000 ____D () C:\Users\Deniz-\AppData\Local\Steam2015-02-28 14:32 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls2015-02-28 14:32 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls2015-02-28 14:32 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll2015-02-28 14:32 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll2015-02-28 14:32 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll2015-02-28 14:32 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll2015-02-17 19:44 - 2015-02-17 19:44 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2015-02-17 19:43 - 2015-02-17 19:43 - 00000714 _____ () C:\WINDOWS\PLTGC.ini.imi2015-02-17 19:43 - 2015-02-17 19:43 - 00000612 _____ () C:\WINDOWS\system\PLTGC.ini2015-02-17 19:43 - 2015-02-17 19:43 - 00000415 _____ () C:\WINDOWS\PLTGC.ini.cfl2015-02-17 19:43 - 2015-02-17 19:43 - 00000124 _____ () C:\WINDOWS\system\Dlap.pfx2015-02-17 19:43 - 2015-02-17 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plantronics2015-02-17 19:43 - 2015-02-17 19:43 - 00000000 ____D () C:\Program Files\Plantronics2015-02-17 19:43 - 2014-01-21 16:41 - 00833312 ____N () C:\WINDOWS\system32\PLTGC.exe2015-02-17 19:43 - 2014-01-21 16:41 - 00524064 _____ (Microsoft Corporation) C:\WINDOWS\difxapi.dll2015-02-17 19:43 - 2014-01-21 16:41 - 00365856 ____N () C:\WINDOWS\system32\CmiInstallResAll64.dll2015-02-17 19:43 - 2013-12-10 15:21 - 00000498 ____N () C:\WINDOWS\PLTGC.ini2015-02-17 19:43 - 2013-12-09 18:15 - 00004024 ____N () C:\WINDOWS\PLTGC.ini.cfg2015-02-17 19:42 - 2015-02-17 19:42 - 00000000 ____D () C:\Program Files (x86)\Plantronics2015-02-17 19:42 - 2014-01-21 16:41 - 00321824 _____ (C-Media Electronics Inc.) C:\WINDOWS\system\fltrPLTGC.dll2015-02-17 19:42 - 2013-10-08 14:43 - 01327104 _____ (C-Media Electronics Inc) C:\WINDOWS\system32\Drivers\PLTGC.sys2015-02-17 19:41 - 2015-02-17 19:42 - 42118520 _____ () C:\Users\Deniz-\Downloads\Plantronics_GC780_Installer_Release_5.exe2015-02-17 15:29 - 2015-02-17 15:29 - 01247912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FM20.DLL2015-02-16 00:27 - 2015-02-16 00:27 - 00615424 _____ () C:\Users\Deniz-\Documents\ahmad km 15.02.2015.xls2015-02-11 17:05 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll2015-02-11 17:05 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll2015-02-11 17:05 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll2015-02-11 17:05 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll2015-02-11 17:05 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll2015-02-11 17:05 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll2015-02-11 17:05 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll2015-02-11 17:05 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe2015-02-11 17:05 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe2015-02-11 17:05 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe2015-02-11 17:04 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys2015-02-11 17:04 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys2015-02-11 17:04 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll2015-02-11 17:04 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll2015-02-11 17:04 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll2015-02-11 17:04 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2015-02-11 17:04 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll2015-02-11 17:04 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll2015-02-11 17:04 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll2015-02-11 17:04 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll2015-02-11 17:04 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll2015-02-11 17:04 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll2015-02-11 17:04 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll2015-02-11 17:04 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll2015-02-11 17:04 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll2015-02-11 17:03 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-12 19:46 - 2014-11-07 00:57 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CD7E1A00-78BC-493A-91AF-53DA3CBB1DFD}2015-03-12 19:46 - 2012-07-25 19:41 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4067808144-3543434019-1444379529-10012015-03-12 19:43 - 2013-12-14 19:41 - 00021750 _____ () C:\WINDOWS\system32\lvcoinst.log2015-03-12 19:42 - 2014-07-20 20:58 - 00000000 ____D () C:\Users\Deniz-\AppData\Roaming\ClassicShell2015-03-12 19:41 - 2014-08-31 20:04 - 00013810 _____ () C:\WINDOWS\setupact.log2015-03-12 19:41 - 2013-12-13 18:56 - 00000000 ____D () C:\ProgramData\NVIDIA2015-03-12 19:41 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2015-03-12 19:41 - 2013-08-22 15:44 - 00480016 _____ () C:\WINDOWS\system32\FNTCACHE.DAT2015-03-12 19:41 - 2012-07-25 19:49 - 00001008 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-03-12 19:38 - 2013-12-13 19:45 - 00000000 ____D () C:\ProgramData\Microsoft Help2015-03-12 19:38 - 2013-12-13 19:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office2015-03-12 19:37 - 2013-12-27 16:39 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2015-03-12 19:37 - 2013-12-15 20:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2015-03-12 19:37 - 2013-11-14 08:17 - 00000000 ____D () C:\WINDOWS\ShellNew2015-03-12 19:35 - 2013-08-22 14:25 - 00000178 _____ () C:\WINDOWS\win.ini2015-03-12 19:34 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared2015-03-12 19:32 - 2014-07-20 20:53 - 00000000 ____D () C:\Program Files\KMSpico2015-03-12 19:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru2015-03-12 18:35 - 2014-07-29 12:15 - 02088935 _____ () C:\WINDOWS\WindowsUpdate.log2015-03-12 17:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache2015-03-12 15:31 - 2013-12-13 18:09 - 00000000 ____D () C:\Program Files (x86)\Steam2015-03-12 15:08 - 2015-02-02 21:06 - 00003092 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-4067808144-3543434019-1444379529-10012015-03-12 15:08 - 2015-02-02 21:06 - 00000000 ___RD () C:\Users\Deniz-\OneDrive2015-03-12 15:02 - 2013-11-14 08:29 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2015-03-12 14:46 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2015-03-12 13:57 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI2015-03-12 13:54 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData2015-03-12 13:54 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2015-03-12 13:54 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2015-03-12 13:54 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories2015-03-12 13:54 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore2015-03-12 13:54 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions2015-03-12 13:54 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender2015-03-12 13:54 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender2015-03-12 13:53 - 2014-07-29 12:07 - 00129048 _____ () C:\WINDOWS\PFRO.log2015-03-11 13:17 - 2013-12-01 21:46 - 00000000 ____D () C:\WINDOWS\system32\MRT2015-03-11 13:10 - 2013-12-01 21:46 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2015-03-11 11:36 - 2015-02-05 16:49 - 00000000 ____D () C:\ProgramData\d20d90b300001ada2015-03-11 00:02 - 2013-12-13 17:08 - 00000000 ____D () C:\Users\Deniz-\AppData\Roaming\uTorrent2015-03-10 23:55 - 2014-07-24 16:31 - 00000000 ____D () C:\Users\Deniz-\AppData\Roaming\.minecraft2015-03-10 23:52 - 2014-11-28 17:22 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.42015-03-10 00:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF2015-03-09 20:26 - 2013-12-22 23:32 - 00000000 ____D () C:\Users\Deniz-\AppData\Roaming\vlc2015-03-09 00:15 - 2015-02-05 17:46 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-03-09 00:12 - 2012-07-25 19:56 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update2015-03-08 16:59 - 2013-12-13 19:01 - 00000000 ____D () C:\Users\Deniz-2015-03-08 01:23 - 2013-12-13 18:23 - 00000000 ____D () C:\Users\Deniz-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam2015-03-08 01:22 - 2015-01-01 02:06 - 00000000 ____D () C:\Program Files (x86)\Child of Light2015-03-08 01:13 - 2014-06-07 20:36 - 00000000 ____D () C:\Users\Deniz-\AppData\Roaming\TS3Client2015-03-07 20:21 - 2014-06-12 19:54 - 00000000 ____D () C:\Users\Deniz-\AppData\Local\CrashDumps2015-03-07 09:35 - 2014-07-05 12:57 - 00007598 _____ () C:\Users\Deniz-\AppData\Local\Resmon.ResmonCfg2015-03-05 19:32 - 2015-02-05 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Accelerator2015-02-18 05:15 - 2014-12-10 22:41 - 00000000 ____D () C:\ProgramData\Package Cache2015-02-17 19:43 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\System2015-02-17 19:38 - 2013-12-14 19:41 - 00000000 _____ () C:\WINDOWS\system32\Drivers\lvuvc.hs2015-02-16 00:40 - 2014-03-11 16:35 - 00572416 ___SH () C:\Users\Deniz-\Downloads\Thumbs.db2015-02-16 00:28 - 2013-12-31 00:56 - 03779584 ___SH () C:\Users\Deniz-\Documents\Thumbs.db ==================== Files in the root of some directories ======= 2014-07-02 11:53 - 2014-07-05 12:44 - 0000096 _____ () C:\Users\Deniz-\AppData\Roaming\regsvr32.exe_log.txt2014-12-22 19:24 - 2014-12-22 19:24 - 0000041 _____ () C:\Users\Deniz-\AppData\Roaming\WB.CFG2014-07-05 12:57 - 2015-03-07 09:35 - 0007598 _____ () C:\Users\Deniz-\AppData\Local\Resmon.ResmonCfg Files to move or delete:====================C:\Users\Deniz-\jagex_cl_oldschool_LIVE.datC:\Users\Deniz-\jagex_cl_runescape_LIVE.datC:\Users\Deniz-\jagex_cl_runescape_LIVE1.datC:\Users\Deniz-\random.dat Some content of TEMP:====================C:\Users\Deniz-\AppData\Local\Temp\APNSetup.exeC:\Users\Deniz-\AppData\Local\Temp\BSI.exeC:\Users\Deniz-\AppData\Local\Temp\BuenoSearchTB.exeC:\Users\Deniz-\AppData\Local\Temp\cabex.dllC:\Users\Deniz-\AppData\Local\Temp\DJAPI.dllC:\Users\Deniz-\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7k2dlu.dllC:\Users\Deniz-\AppData\Local\Temp\five-nights-at-freddy-s-2-full-version.exeC:\Users\Deniz-\AppData\Local\Temp\ICReinstall_five-nights-at-freddy-s-2-full-version.exeC:\Users\Deniz-\AppData\Local\Temp\SkypeSetup.exeC:\Users\Deniz-\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exeC:\Users\Deniz-\AppData\Local\Temp\unelevate.exeC:\Users\Deniz-\AppData\Local\Temp\Uninstall.exeC:\Users\Deniz-\AppData\Local\Temp\vlc-2.1.5-win32.exeC:\Users\Deniz-\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe Some zero byte size files/folders:==========================C:\Windows\System32\KBDTZM.DLL ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-12 16:25 ==================== End Of Log ============================
  9. ADDITION.txt: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-03-2015 01Ran by Deniz- at 2015-03-11 00:03:24Running from C:\Users\Deniz-\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) A Valley Without Wind (HKLM-x32\...\Steam App 209330) (Version: - Arcen Games, LLC)A Valley Without Wind 2 (HKLM-x32\...\Steam App 228320) (Version: - Arcen Games, LLC)Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)Adobe Premiere Elements 4.0 (HKLM-x32\...\PremElem40) (Version: 4.0 - Adobe Systems Incorporated)Adobe Premiere Elements 4.0 Templates (HKLM-x32\...\PremElem40Templates) (Version: 4.0.0 - Adobe Systems Incorporated)Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)Assassin's Creed II (HKLM-x32\...\Steam App 33230) (Version: - Ubisoft Montreal)Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)Battlefield Heroes (HKLM-x32\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version: - EA Digital illusions)Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios)Cities in Motion 2 (HKLM-x32\...\Steam App 225420) (Version: - Colossal Order Ltd.)Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version: - Valve)Counter-Strike: Condition Zero Deleted Scenes (HKLM-x32\...\Steam App 100) (Version: - Valve)Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDefy Gravity (HKLM-x32\...\Steam App 96100) (Version: - Fish Factory Games)Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version: - BioWare)Dropbox (HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)EXPERTool v8.5 (HKLM-x32\...\{551D9481-9487-4D0C-9A1D-6BC3E7B6D991}_is1) (Version: 8.5.0.1 - Gainward Co. Ltd.)Fotogalleri (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenGarry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenJava 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenKMSpico v9.1.3 (HKLM\...\KMSpico_is1) (Version: 9.1.3 - )Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios)Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)Microsoft OneDrive (HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\OneDriveSetup.exe) (Version: 17.3.4724.0224 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenNatural Selection 2 (HKLM-x32\...\Steam App 4920) (Version: - Unknown Worlds Entertainment)NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)One Finger Death Punch (HKLM-x32\...\Steam App 264200) (Version: - Silver Dollar Games)Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version: - Robot Entertainment)Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) HiddenPlantronics® GameCom 780/788 Software for Dolby® Headphone (HKLM-x32\...\{EB3C9064-9140-4279-9E51-965119402151}) (Version: 3.20.0001 - Plantronics)Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)Red Orchestra 2: Heroes of Stalingrad - Single Player (HKLM-x32\...\Steam App 236830) (Version: - )Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version: - Tripwire Interactive)ROBLOX Player for Deniz- (HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)SafeFinder Smartbar (HKLM-x32\...\{AF37B709-2A7A-467D-8139-C1DE4B2C8924}) (Version: 11.127.72.20713 - Linkury Ltd.) <==== ATTENTIONSAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version: - Coffee Stain Studios)Serious Sam 3: BFE (HKLM-x32\...\Steam App 41070) (Version: - Croteam)Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)Smart Technology Programming Software 7.0.27.13 (HKLM\...\{BD90BC1C-115D-47E1-B85C-07AE182C3AB8}) (Version: 7.0.27.13 - Mad Catz)Smart Technology Volume Tracker 7.0.23.0 (HKLM\...\{7C2F1B90-E6E6-4ECF-B626-4545CF6EEB2D}) (Version: 7.0.23.0 - Mad Catz)Spotify (HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)Squishy the Suicidal Pig (HKLM-x32\...\Steam App 318430) (Version: - Tomi Maarela)Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)Surgeon Simulator 2013 (HKLM-x32\...\Steam App 233720) (Version: - Bossa Studios)TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)The Elder Scrolls IV: Oblivion (HKLM-x32\...\Steam App 22330) (Version: - Bethesda Game Studios)The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version: - CD Projekt RED)Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)Unity Web Player (HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\UnityWebPlayer) (Version: 4.5.4f1 - Unity Technologies ApS)Unofficial Oblivion Patch v3.2.0 (HKLM-x32\...\Unofficial Oblivion Patch_is1) (Version: 3.2.0 - Quarn and Kivan)Unofficial Shivering Isles Patch v1.5.0 (HKLM-x32\...\Unofficial Shivering Isles Patch_is1) (Version: 1.5.0 - Quarn and Kivan)Viber (HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\Viber) (Version: 3.0.0.134678 - Viber Media Inc)Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-4067808144-3543434019-1444379529-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Deniz-\AppData\Local\Roblox\Versions\version-0aae98b55b324621\RobloxProxy64.dll (ROBLOX Corporation)CustomCLSID: HKU\S-1-5-21-4067808144-3543434019-1444379529-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Deniz-\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncApi64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4067808144-3543434019-1444379529-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deniz-\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4067808144-3543434019-1444379529-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deniz-\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4067808144-3543434019-1444379529-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deniz-\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4067808144-3543434019-1444379529-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deniz-\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ==================== Restore Points ========================= 21-02-2015 15:12:30 Windows Update02-03-2015 14:44:05 Windows Update09-03-2015 14:59:46 Scheduled Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {190A3FB5-FAEF-41F0-A639-FE2480402059} - System32\Tasks\YTAUpdate_logon => C:\PROGRA~2\YOUTUB~1\Updater.exe <==== ATTENTIONTask: {1D6F1E33-C9D3-4458-89DD-B30450A0F15A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)Task: {22C16DF6-D320-4B35-AC97-E678257478AD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)Task: {25D8A3F6-3641-435B-934B-E170833E262D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exeTask: {31D28C88-166D-4B5E-8C54-7B065A8C22D9} - System32\Tasks\Installer_sense => C:\Users\Deniz-\AppData\Local\Installer\Installsense_5573\ins_postInst.exe <==== ATTENTIONTask: {3D67D678-DF4B-451F-9EDC-07BAF80D8D50} - System32\Tasks\{5249C4BC-85FE-4DDF-AE56-18E4C9B88FC6} => pcalua.exe -a "C:\Users\Deniz-\Downloads\V7_Keyboard_SD7_0_23_0_x64_Drivers (4).exe" -d C:\Users\Deniz-\DownloadsTask: {4139B8AB-9D9F-49E1-BA0F-EAD879F7FE2E} - System32\Tasks\{2A31081E-10D7-4E3E-AF7F-9EEA6E575DDC} => pcalua.exe -a "C:\Users\Deniz-\AppData\Roaming\Electronic Arts\Game Face\uninstall.exe"Task: {559AD991-5A61-46B3-999D-F93E68B014A6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-25] (Google Inc.)Task: {687AD848-7D0F-4D64-AD2B-AF3011AEB2E6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-11] (Microsoft Corporation)Task: {7393996A-EFA9-4FA1-9AEA-DF1C34E00E34} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-12-11] ()Task: {A7E603C9-6E2C-4816-B08E-D9B9C622B51C} - \SPDriver No Task File <==== ATTENTIONTask: {B6DC5902-6B81-4380-AD64-32A2090F3895} - \ShopperPro No Task File <==== ATTENTIONTask: {B8A4447C-A802-4FE8-B09D-5FC3B0AFBFE9} - System32\Tasks\{16E19CA4-7D79-481F-9498-D7736F86B9D4} => pcalua.exe -a C:\Users\Deniz-\Downloads\V7_Keyboard_SD7_0_23_0_x64_Drivers.exeTask: {B9455565-010A-4C02-932D-D4B6E8B69FFB} - System32\Tasks\YTAHelper => C:\Program Files (x86)\YTAHelper\YTAHelper.exe <==== ATTENTIONTask: {B99851B5-8B44-4C6A-9824-C901C65385A5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-25] (Google Inc.)Task: {BB8239C5-D150-4881-ACD9-205377C36E34} - \ShopperProJSUpd No Task File <==== ATTENTIONTask: {BD15455D-A9D1-421D-8350-A8D5199C04BB} - \Installer_iwebar No Task File <==== ATTENTIONTask: {BDC326B9-E7BA-4E9B-B3CB-269CC938D351} - System32\Tasks\{C3DBF0C5-4763-4D93-90BC-5F93E2B688A4} => pcalua.exe -a D:\setup.exe -d D:\Task: {C1370151-5A64-473F-8DD1-8A012F7DDA61} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-4067808144-3543434019-1444379529-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exeTask: {E8A458AD-8F6C-4750-9724-CAD15E7D5FA9} - System32\Tasks\YTAUpdate => C:\PROGRA~2\YOUTUB~1\Updater.exe <==== ATTENTIONTask: {EE9B5F9F-2B08-4992-802E-6DC2F9D95747} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)Task: {F1DF84D5-A194-4032-BD64-4EAE70A0BE72} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-12] (AVAST Software)Task: {FDC11186-5AC2-4D6C-B9CF-6B7CD5A567D0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2013-12-13 18:56 - 2013-10-23 09:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2015-01-21 14:59 - 2015-01-21 14:59 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll2014-09-18 08:23 - 2014-09-18 08:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll2014-10-14 19:51 - 2014-10-14 19:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll2014-09-18 08:23 - 2014-09-18 08:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll2014-10-14 19:51 - 2014-10-14 19:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll2015-02-17 19:43 - 2014-01-21 16:41 - 00817440 ____N () C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe2015-03-08 09:35 - 2015-03-08 09:35 - 02919424 _____ () C:\Program Files\AVAST Software\Avast\defs\15030800\algo.dll2015-03-10 19:06 - 2015-03-10 19:06 - 02920960 _____ () C:\Program Files\AVAST Software\Avast\defs\15031001\algo.dll2015-02-17 19:43 - 2014-01-21 16:41 - 00149792 ____N () C:\Program Files\Plantronics\GameCom 780 & 788\VmixPLGC.dll2014-12-12 14:03 - 2014-12-12 14:03 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2015-02-05 11:16 - 2015-02-05 11:15 - 00964608 _____ () c:\ProgramData\{2C39C4FA-7CBB-157C-CD3D-65FE1DBFB670}\1.9.1.1\loma.dll2015-02-02 14:29 - 2015-01-27 04:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll2015-02-02 14:29 - 2015-01-27 04:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll2015-02-02 14:29 - 2015-01-27 04:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:56E2E879AlternateDataStreams: C:\ProgramData\TEMP:F0D7EE30AlternateDataStreams: C:\Users\Deniz-\SkyDrive:ms-propertiesAlternateDataStreams: C:\Users\Deniz-\SkyDrive.old:ms-propertiesAlternateDataStreams: C:\Users\Deniz-\Documents\205736_139809896091821_100001884334835_262608_5073732_n - Kopi (2).jpg:SummaryInformationAlternateDataStreams: C:\Users\Deniz-\Documents\205736_139809896091821_100001884334835_262608_5073732_n - Kopi (2).jpg:Updt_SummaryInformationAlternateDataStreams: C:\Users\Deniz-\Documents\205736_139809896091821_100001884334835_262608_5073732_n - Kopi (2).jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Deniz-\Documents\227757_114643998619682_100002222460959_136669_815124_n - Kopi.jpg:SummaryInformationAlternateDataStreams: C:\Users\Deniz-\Documents\227757_114643998619682_100002222460959_136669_815124_n - Kopi.jpg:Updt_SummaryInformationAlternateDataStreams: C:\Users\Deniz-\Documents\227757_114643998619682_100002222460959_136669_815124_n - Kopi.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Deniz-\Documents\DSC00105.JPG:SummaryInformationAlternateDataStreams: C:\Users\Deniz-\Documents\DSC00105.JPG:Updt_SummaryInformationAlternateDataStreams: C:\Users\Deniz-\Documents\DSC00105.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Deniz-\Documents\IMAG0339.jpg:SummaryInformationAlternateDataStreams: C:\Users\Deniz-\Documents\IMAG0339.jpg:Updt_SummaryInformationAlternateDataStreams: C:\Users\Deniz-\Documents\IMAG0339.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Deniz-\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaperHKU\S-1-5-21-4067808144-3543434019-1444379529-1002\Control Panel\Desktop\\Wallpaper -> DNS Servers: 84.208.20.110 - 84.208.20.111 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "Adobe ARM"HKLM\...\StartupApproved\Run32: => "ApnTBMon"HKLM\...\StartupApproved\Run32: => "SPDriver"HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\StartupApproved\Run: => "Skype"HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\StartupApproved\Run: => "Spotify"HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\StartupApproved\Run: => "Spotify Web Helper"HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\StartupApproved\Run: => "LiveSupport"HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\StartupApproved\Run: => "Viber"HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\StartupApproved\Run: => "GoobzoYouTubeAccelerator"HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\StartupApproved\Run: => "SPDriver"HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\StartupApproved\Run: => "msnmsgr"HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\StartupApproved\Run: => "DAEMON Tools Lite" ==================== Accounts: ============================= Administrator (S-1-5-21-4067808144-3543434019-1444379529-500 - Administrator - Disabled)Deniz- (S-1-5-21-4067808144-3543434019-1444379529-1001 - Administrator - Enabled) => C:\Users\Deniz-Guest (S-1-5-21-4067808144-3543434019-1444379529-501 - Limited - Disabled) => C:\Users\GuestUpdatusUser (S-1-5-21-4067808144-3543434019-1444379529-1002 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= Name: Programmable Root EnumeratorDescription: Programming SupportClass Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}Manufacturer: Mad CatzService: SaiNtBusProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver Name: XPS MiniViewDescription: XPS MiniViewClass Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors:==================Error: (03/10/2015 10:12:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Deniz)Description: Activation of app Microsoft.BingSports_8wekyb3d8bbwe!AppexSports failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (03/10/2015 10:12:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Deniz)Description: Activation of app Microsoft.BingFoodAndDrink_8wekyb3d8bbwe!AppexFoodAndDrink failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (03/10/2015 00:33:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 12000 Error: (03/10/2015 00:33:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 12000 Error: (03/10/2015 00:33:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (03/10/2015 00:33:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 10000 Error: (03/10/2015 00:33:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 10000 Error: (03/10/2015 00:33:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (03/10/2015 00:33:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 8000 Error: (03/10/2015 00:33:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 8000 System errors:=============Error: (03/09/2015 07:43:31 PM) (Source: DCOM) (EventID: 10010) (User: Deniz)Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (03/09/2015 07:43:01 PM) (Source: DCOM) (EventID: 10010) (User: Deniz)Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (03/09/2015 00:13:02 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105. Error: (03/09/2015 00:11:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s). Error: (03/09/2015 00:10:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The YouTubeAcceleratorService service failed to start due to the following error: %%2 Error: (03/09/2015 00:10:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The SPDRIVER_1493.0.0.0 service failed to start due to the following error: %%3 Error: (03/09/2015 00:10:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The ShopperPro Update service failed to start due to the following error: %%2 Error: (03/09/2015 00:10:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The JO Service component service failed to start due to the following error: %%2 Error: (03/09/2015 00:09:38 AM) (Source: DCOM) (EventID: 10005) (User: Deniz)Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030} Error: (03/09/2015 00:09:38 AM) (Source: DCOM) (EventID: 10005) (User: Deniz)Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Microsoft Office Sessions:=========================Error: (03/10/2015 10:12:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Deniz)Description: Microsoft.BingSports_8wekyb3d8bbwe!AppexSports-2144927142 Error: (03/10/2015 10:12:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Deniz)Description: Microsoft.BingFoodAndDrink_8wekyb3d8bbwe!AppexFoodAndDrink-2144927142 Error: (03/10/2015 00:33:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 12000 Error: (03/10/2015 00:33:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 12000 Error: (03/10/2015 00:33:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (03/10/2015 00:33:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 10000 Error: (03/10/2015 00:33:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 10000 Error: (03/10/2015 00:33:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (03/10/2015 00:33:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 8000 Error: (03/10/2015 00:33:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 8000 CodeIntegrity Errors:=================================== Date: 2014-12-12 16:36:50.982 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-12 16:31:10.479 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-12 16:31:03.234 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-12 16:31:01.363 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-12 16:31:00.768 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-12 16:29:20.061 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-12 16:29:17.294 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-12 16:29:13.112 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-12 16:29:11.544 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-12 16:29:11.287 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU E8400 @ 3.00GHzPercentage of memory in use: 41%Total physical RAM: 4029.92 MBAvailable physical RAM: 2353.32 MBTotal Pagefile: 4733.92 MBAvailable Pagefile: 2729.6 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.76 GB) (Free:24.27 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F6A76254)Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  10. FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-03-2015 01Ran by Deniz- (administrator) on DENIZ on 11-03-2015 00:02:49Running from C:\Users\Deniz-\DesktopLoaded Profiles: Deniz- & UpdatusUser (Available profiles: Deniz- & UpdatusUser & Guest)Platform: Windows 8.1 Pro (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Saitek) C:\Program Files\Saitek\VolumeTracker\SaiVolume.exe(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe() C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe(Gainward Co. Ltd.) C:\Program Files (x86)\EXPERTool\TBPanel.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [saiVolume] => C:\Program Files\Saitek\VolumeTracker\SaiVolume.exe [152064 2012-10-15] (Saitek)HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)HKLM\...\Run: [saiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)HKLM\...\Run: [GamecomSound] => C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe [817440 2014-01-21] ()HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-05] (AVAST Software)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\Run: [TBPanel] => C:\Program Files (x86)\EXPERTool\TBPanel.exe [2048368 2012-07-18] (Gainward Co. Ltd.)HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\Run: [spotify Web Helper] => C:\Users\Deniz-\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-12] (Spotify Ltd)HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\Run: [spotify] => C:\Users\Deniz-\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-12] (Spotify Ltd)HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\Run: [Viber] => C:\Users\Deniz-\AppData\Local\Viber\Viber.exe [936656 2014-09-02] ()HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgroundHKU\S-1-5-21-4067808144-3543434019-1444379529-1001\...\Run: [GoobzoYouTubeAccelerator] => "C:\Program Files (x86)\YouTube Accelerator\YouTubeAccelerator.exe" /startupHKU\S-1-5-21-4067808144-3543434019-1444379529-1002\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)AppInit_DLLs-x32: c:/progra~4/{2c39c~1/191~1.1/loma.dll => c:\ProgramData\{2C39C4FA-7CBB-157C-CD3D-65FE1DBFB670}\1.9.1.1\loma.dll [964608 2015-02-05] ()IFEO\bitguard.exe: [Debugger] tasklist.exeIFEO\bprotect.exe: [Debugger] tasklist.exeIFEO\bpsvc.exe: [Debugger] tasklist.exeIFEO\browserdefender.exe: [Debugger] tasklist.exeIFEO\browserprotect.exe: [Debugger] tasklist.exeIFEO\browsersafeguard.exe: [Debugger] tasklist.exeIFEO\dprotectsvc.exe: [Debugger] tasklist.exeIFEO\jumpflip: [Debugger] tasklist.exeIFEO\protectedsearch.exe: [Debugger] tasklist.exeIFEO\searchinstaller.exe: [Debugger] tasklist.exeIFEO\searchprotection.exe: [Debugger] tasklist.exeIFEO\searchprotector.exe: [Debugger] tasklist.exeIFEO\searchsettings.exe: [Debugger] tasklist.exeIFEO\searchsettings64.exe: [Debugger] tasklist.exeIFEO\snapdo.exe: [Debugger] tasklist.exeIFEO\stinst32.exe: [Debugger] tasklist.exeIFEO\stinst64.exe: [Debugger] tasklist.exeIFEO\umbrella.exe: [Debugger] tasklist.exeIFEO\utiljumpflip.exe: [Debugger] tasklist.exeIFEO\volaro: [Debugger] tasklist.exeIFEO\vonteera: [Debugger] tasklist.exeIFEO\websteroids.exe: [Debugger] tasklist.exeIFEO\websteroidsservice.exe: [Debugger] tasklist.exeShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)ShellIconOverlayIdentifiers: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)ShellIconOverlayIdentifiers-x32: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-4067808144-3543434019-1444379529-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}HKU\S-1-5-21-4067808144-3543434019-1444379529-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.no.msn.com/?rd=1&ucc=NO&dcc=NO&opt=0URLSearchHook: [s-1-5-21-4067808144-3543434019-1444379529-1002] ATTENTION ==> Default URLSearchHook is missing.SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ir_14_52_other&cd=2XzuyEtN2Y1L1QzutDtDtBtAyE0D0C0BtAyD0DtByB0BtAyBtN0D0Tzu0StCtDzzyCtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2SyCtCyC0CyEyC0C0AtGzytA0E0BtG0FzyyB0AtGyE0F0B0FtGyBzyzyyC0FtC0EzztCyB0E0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtB0Bzy0C0FyEtAtG0FtDtCtAtGyEtB0C0DtGzz0D0AtAtG0AzyzytDyBzz0E0AtAzzyC0D2Q&cr=2099755856&ir=SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://no.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}SearchScopes: HKU\S-1-5-21-4067808144-3543434019-1444379529-1001 -> URL http://search.conduit.com/Results.aspx?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP3B4CC5B0-9785-4CBC-AA0C-C391C426EDAC&q={searchTerms}&SSPV=SearchScopes: HKU\S-1-5-21-4067808144-3543434019-1444379529-1001 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-01-21] (Microsoft Corporation)BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)BHO: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> No FileBHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-10-22] (Microsoft Corporation)BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-31] (Oracle Corporation)BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-31] (Oracle Corporation)BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)BHO-x32: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> No FileToolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No FileToolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileToolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No FileHandler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No FileHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)Winsock: Catalog9 01 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll [177512] (GOOBZO)Winsock: Catalog9 02 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll [177512] (GOOBZO)Winsock: Catalog9 03 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll [177512] (GOOBZO)Winsock: Catalog9 04 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll [177512] (GOOBZO)Winsock: Catalog9 05 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll [177512] (GOOBZO)Winsock: Catalog9 06 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll [177512] (GOOBZO)Winsock: Catalog9 07 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll [177512] (GOOBZO)Winsock: Catalog9 08 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll [177512] (GOOBZO)Winsock: Catalog9 20 C:\Program Files (x86)\YouTube Accelerator\ytalsp.dll [177512] (GOOBZO)Tcpip\Parameters: [DhcpNameServer] 84.208.20.110 84.208.20.111StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-31] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-31] (Oracle Corporation)FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-11-15] (Microsoft Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-16] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-16] (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-4067808144-3543434019-1444379529-1001: @nsroblox.roblox.com/launcher -> C:\Users\Deniz-\AppData\Local\Roblox\Versions\version-0aae98b55b324621\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)FF Plugin HKU\S-1-5-21-4067808144-3543434019-1444379529-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Deniz-\AppData\Local\Roblox\Versions\version-0aae98b55b324621\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)FF Plugin HKU\S-1-5-21-4067808144-3543434019-1444379529-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Deniz-\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-05] (Unity Technologies ApS)FF Plugin HKU\S-1-5-21-4067808144-3543434019-1444379529-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-12-25] ()FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-11-15] (Microsoft Corporation) Chrome: =======CHR DefaultSuggestURL: Profile 3 -> http://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}CHR Profile: C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]CHR Extension: (AdBlock) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-30]CHR Extension: (Google Wallet) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-29]CHR Profile: C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 1CHR Extension: (Ask Search) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaaaahlfahldnilidgnlikdckbfehhca [2015-02-05]CHR Extension: (Google Slides) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]CHR Extension: (Google Docs) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]CHR Extension: (Google Drive) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-05]CHR Extension: (YouTube) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-05]CHR Extension: (Google Search) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-05]CHR Extension: (avast! SafePrice) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-02-05]CHR Extension: (Google Sheets) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]CHR Extension: (Avast Online Security) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-05]CHR Extension: (Google Wallet) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-05]CHR Extension: (Vosteran New Tab) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce [2015-02-05]CHR Extension: (Gmail) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-05]CHR Profile: C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 2CHR Extension: (Ask Search) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aaaaahlfahldnilidgnlikdckbfehhca [2015-02-05]CHR Extension: (Google Slides) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]CHR Extension: (Google Docs) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]CHR Extension: (Google Drive) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-05]CHR Extension: (YouTube) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-05]CHR Extension: (Google Search) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-05]CHR Extension: (avast! SafePrice) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-02-05]CHR Extension: (Google Sheets) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]CHR Extension: (Avast Online Security) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-05]CHR Extension: (Google Wallet) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-05]CHR Extension: (Vosteran New Tab) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce [2015-02-05]CHR Extension: (Gmail) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-05]CHR Profile: C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 3CHR Extension: (Google Docs) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]CHR Extension: (Google Drive) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-05]CHR Extension: (YouTube) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-05]CHR Extension: (Google Search) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-05]CHR Extension: (AdBlock) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-17]CHR Extension: (Google Wallet) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-05]CHR Extension: (Gmail) - C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-05]CHR Profile: C:\Users\Deniz-\AppData\Local\Google\Chrome\User Data\Profile 4StartMenuInternet: Google Chrome - chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-12] (AVAST Software)S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-12] (Avast Software)R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-02-02] (Macrovision Europe Ltd.) [File not signed]S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-28] (Electronic Arts)S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)S2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe /service [X]S2 YouTubeAcceleratorService; C:\PROGRA~2\YOUTUB~1\YouTubeAcceleratorService.exe -start -scm [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-12] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-12] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-12] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-12] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-05] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-12] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-12] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-12] ()R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63al.sys [5170176 2013-07-01] (Broadcom Corporation)S3 dc3d; C:\Windows\System32\drivers\dc3d.sys [47616 2011-05-18] (Microsoft Corporation) [File not signed]S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)S3 LcUvcUpper; C:\Windows\system32\DRIVERS\LcUvcUpper.sys [34408 2013-09-27] (Microsoft Corporation)R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)R3 PlantronicsGC; C:\Windows\system32\drivers\PLTGC.sys [1327104 2013-10-08] (C-Media Electronics Inc)S3 SaiK0728; C:\Windows\system32\DRIVERS\SaiK0728.sys [180584 2012-12-05] (Saitek)R3 SaiMini; C:\Windows\System32\drivers\SaiMini.sys [25120 2013-04-30] (Saitek)R3 SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-12] (Avast Software)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)S3 SPBIUpdd; \??\C:\Program Files\Common Files\ShopperPro\spbiw.sys [X]S2 SPDRIVER_1493.0.0.0; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1493.0.0.0\jsdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-11 00:02 - 2015-03-11 00:02 - 00027665 _____ () C:\Users\Deniz-\Desktop\FRST.txt2015-03-10 23:57 - 2015-03-11 00:02 - 00000000 ____D () C:\FRST2015-03-10 23:55 - 2015-03-10 23:56 - 02095104 _____ (Farbar) C:\Users\Deniz-\Desktop\FRST64.exe2015-03-10 23:51 - 2015-03-10 23:51 - 00000000 ____D () C:\Users\Deniz-\AppData\Roaming\ZoomBrowser EX2015-03-07 09:16 - 2015-03-07 09:49 - 00000000 ____D () C:\Users\Deniz-\Downloads\World.War.Z.2013.Unrated.Cut.720p.BluRay.x264.DTS-WiKi2015-03-07 00:45 - 2015-03-07 01:02 - 00000000 ____D () C:\Users\Deniz-\Downloads\Fight.Club.1999.720p.BRRip.x264-x0r2015-03-07 00:45 - 2015-03-07 00:45 - 00024922 _____ () C:\Users\Deniz-\Downloads\Fight.Club.1999.720p.BRRip.x264-x0r [iPT].torrent2015-03-07 00:44 - 2015-03-08 01:42 - 00000000 ____D () C:\Users\Deniz-\Downloads\Need.For.Speed.2014.1080p.BluRay.x264-SPARKS2015-03-07 00:44 - 2015-03-07 00:44 - 00031644 _____ () C:\Users\Deniz-\Downloads\Need.For.Speed.2014.1080p.BluRay.x264-SPARKS [iPT].torrent2015-03-07 00:42 - 2015-03-07 09:47 - 3742368193 ____R () C:\Users\Deniz-\Downloads\Captain.America.The.Winter.Soldier.2014.BluRay.1080p.DTS.x264-CHD.mkv2015-03-07 00:42 - 2015-03-07 00:42 - 00029664 _____ () C:\Users\Deniz-\Downloads\Captain.America.The.Winter.Soldier.2014.BluRay.1080p.DTS.x264-CHD.mkv [iPT].torrent2015-03-07 00:40 - 2015-03-08 01:51 - 00000000 ____D () C:\Users\Deniz-\Downloads\National.Geographic.Inside.the.Milky.Way.1080p.Bluray.x264-DiVERGE2015-03-07 00:40 - 2015-03-07 00:40 - 00209664 _____ () C:\Users\Deniz-\Downloads\National.Geographic.Inside.the.Milky.Way.1080p.Bluray.x264-DiVERGE [iPT].torrent2015-03-07 00:40 - 2015-03-07 00:40 - 00000000 ____D () C:\Users\Deniz-\Downloads\Horrible.Bosses.2.2014.1080p.BluRay.DTS.x264-HDA2015-03-07 00:39 - 2015-03-07 00:39 - 00024457 _____ () C:\Users\Deniz-\Downloads\Horrible.Bosses.2.2014.1080p.BluRay.DTS.x264-HDA [iPT].torrent2015-03-05 19:31 - 2015-03-05 19:31 - 00048026 _____ () C:\Users\Deniz-\Downloads\American.Heist.2014.1080p.Bluray.x264.DTS-EVO [iPT].torrent2015-03-04 16:51 - 2015-03-04 16:51 - 10157817 _____ () C:\Users\Deniz-\Downloads\Obligatory+_043561b28c14b0c445ba9ff4cf902e83.webm2015-03-04 16:41 - 2015-03-04 16:41 - 14284127 _____ () C:\Users\Deniz-\Downloads\jet fuel can't melt steel beams.mp42015-03-03 17:01 - 2015-03-03 17:28 - 00000000 ____D () C:\Users\Deniz-\AppData\Local\squishy2015-03-03 16:56 - 2015-03-03 16:56 - 00000222 _____ () C:\Users\Deniz-\Desktop\Squishy the Suicidal Pig.url2015-03-02 20:50 - 2015-03-02 20:50 - 00113341 _____ () C:\Users\Deniz-\Downloads\World.War.Z.2013.Unrated.Cut.720p.BluRay.x264.DTS-WiKi [iPT].torrent2015-03-02 20:49 - 2015-03-02 20:49 - 00075441 _____ () C:\Users\Deniz-\Downloads\World.War.Z.2013.UNRATED.1080p.BluRay.x264.DTS-iFT [iPT].torrent2015-03-01 20:11 - 2015-03-01 20:11 - 00000000 ____D () C:\Users\Deniz-\AppData\Local\Steam2015-02-28 14:32 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls2015-02-28 14:32 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls2015-02-28 14:32 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll2015-02-28 14:32 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll2015-02-28 14:32 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll2015-02-28 14:32 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll2015-02-17 19:44 - 2015-02-17 19:44 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2015-02-17 19:43 - 2015-02-17 19:43 - 00000714 _____ () C:\WINDOWS\PLTGC.ini.imi2015-02-17 19:43 - 2015-02-17 19:43 - 00000612 _____ () C:\WINDOWS\system\PLTGC.ini2015-02-17 19:43 - 2015-02-17 19:43 - 00000415 _____ () C:\WINDOWS\PLTGC.ini.cfl2015-02-17 19:43 - 2015-02-17 19:43 - 00000124 _____ () C:\WINDOWS\system\Dlap.pfx2015-02-17 19:43 - 2015-02-17 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plantronics2015-02-17 19:43 - 2015-02-17 19:43 - 00000000 ____D () C:\Program Files\Plantronics2015-02-17 19:43 - 2014-01-21 16:41 - 00833312 ____N () C:\WINDOWS\system32\PLTGC.exe2015-02-17 19:43 - 2014-01-21 16:41 - 00524064 _____ (Microsoft Corporation) C:\WINDOWS\difxapi.dll2015-02-17 19:43 - 2014-01-21 16:41 - 00365856 ____N () C:\WINDOWS\system32\CmiInstallResAll64.dll2015-02-17 19:43 - 2013-12-10 15:21 - 00000498 ____N () C:\WINDOWS\PLTGC.ini2015-02-17 19:43 - 2013-12-09 18:15 - 00004024 ____N () C:\WINDOWS\PLTGC.ini.cfg2015-02-17 19:42 - 2015-02-17 19:42 - 00000000 ____D () C:\Program Files (x86)\Plantronics2015-02-17 19:42 - 2014-01-21 16:41 - 00321824 _____ (C-Media Electronics Inc.) C:\WINDOWS\system\fltrPLTGC.dll2015-02-17 19:42 - 2013-10-08 14:43 - 01327104 _____ (C-Media Electronics Inc) C:\WINDOWS\system32\Drivers\PLTGC.sys2015-02-17 19:41 - 2015-02-17 19:42 - 42118520 _____ () C:\Users\Deniz-\Downloads\Plantronics_GC780_Installer_Release_5.exe2015-02-16 00:27 - 2015-02-16 00:27 - 00615424 _____ () C:\Users\Deniz-\Documents\ahmad km 15.02.2015.xls2015-02-15 01:44 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2015-02-15 01:44 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2015-02-11 17:05 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll2015-02-11 17:05 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll2015-02-11 17:05 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe2015-02-11 17:05 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll2015-02-11 17:05 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll2015-02-11 17:05 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll2015-02-11 17:05 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll2015-02-11 17:05 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll2015-02-11 17:05 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll2015-02-11 17:05 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll2015-02-11 17:05 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll2015-02-11 17:05 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll2015-02-11 17:05 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe2015-02-11 17:05 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe2015-02-11 17:05 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe2015-02-11 17:04 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys2015-02-11 17:04 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys2015-02-11 17:04 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll2015-02-11 17:04 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll2015-02-11 17:04 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2015-02-11 17:04 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2015-02-11 17:04 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll2015-02-11 17:04 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll2015-02-11 17:04 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll2015-02-11 17:04 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2015-02-11 17:04 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll2015-02-11 17:04 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll2015-02-11 17:04 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll2015-02-11 17:04 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll2015-02-11 17:04 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2015-02-11 17:04 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll2015-02-11 17:04 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll2015-02-11 17:04 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll2015-02-11 17:04 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2015-02-11 17:04 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2015-02-11 17:04 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll2015-02-11 17:04 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl2015-02-11 17:04 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll2015-02-11 17:04 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2015-02-11 17:04 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll2015-02-11 17:04 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll2015-02-11 17:04 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll2015-02-11 17:04 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2015-02-11 17:04 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll2015-02-11 17:04 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl2015-02-11 17:04 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2015-02-11 17:04 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll2015-02-11 17:04 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2015-02-11 17:04 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2015-02-11 17:04 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2015-02-11 17:04 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2015-02-11 17:04 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2015-02-11 17:04 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2015-02-11 17:04 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll2015-02-11 17:04 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll2015-02-11 17:04 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll2015-02-11 17:04 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll2015-02-11 17:04 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml2015-02-11 17:04 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll2015-02-11 17:04 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll2015-02-11 17:04 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll2015-02-11 17:04 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll2015-02-11 17:04 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll2015-02-11 17:03 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll2015-02-11 17:03 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-11 00:02 - 2014-11-07 00:57 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CD7E1A00-78BC-493A-91AF-53DA3CBB1DFD}2015-03-11 00:02 - 2013-12-13 17:08 - 00000000 ____D () C:\Users\Deniz-\AppData\Roaming\uTorrent2015-03-11 00:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru2015-03-11 00:01 - 2014-07-20 20:58 - 00000000 ____D () C:\Users\Deniz-\AppData\Roaming\ClassicShell2015-03-10 23:57 - 2012-07-25 19:41 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4067808144-3543434019-1444379529-10012015-03-10 23:55 - 2014-07-24 16:31 - 00000000 ____D () C:\Users\Deniz-\AppData\Roaming\.minecraft2015-03-10 23:52 - 2014-11-28 17:22 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.42015-03-10 23:37 - 2014-07-29 12:15 - 01883609 _____ () C:\WINDOWS\WindowsUpdate.log2015-03-10 23:37 - 2013-12-27 16:39 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2015-03-10 14:23 - 2012-07-25 19:49 - 00001008 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-03-10 11:40 - 2013-12-14 19:41 - 00009804 _____ () C:\WINDOWS\system32\lvcoinst.log2015-03-10 00:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF2015-03-09 23:26 - 2013-12-13 18:09 - 00000000 ____D () C:\Program Files (x86)\Steam2015-03-09 20:26 - 2013-12-22 23:32 - 00000000 ____D () C:\Users\Deniz-\AppData\Roaming\vlc2015-03-09 19:57 - 2014-08-31 20:04 - 00012962 _____ () C:\WINDOWS\setupact.log2015-03-09 00:15 - 2015-02-05 17:46 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-03-09 00:12 - 2012-07-25 19:56 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update2015-03-09 00:10 - 2013-12-13 18:56 - 00000000 ____D () C:\ProgramData\NVIDIA2015-03-09 00:10 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2015-03-08 16:59 - 2013-12-13 19:01 - 00000000 ____D () C:\Users\Deniz-2015-03-08 01:23 - 2013-12-13 18:23 - 00000000 ____D () C:\Users\Deniz-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam2015-03-08 01:22 - 2015-01-01 02:06 - 00000000 ____D () C:\Program Files (x86)\Child of Light2015-03-08 01:13 - 2014-06-07 20:36 - 00000000 ____D () C:\Users\Deniz-\AppData\Roaming\TS3Client2015-03-07 20:21 - 2014-06-12 19:54 - 00000000 ____D () C:\Users\Deniz-\AppData\Local\CrashDumps2015-03-07 10:28 - 2015-02-02 21:06 - 00003092 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-4067808144-3543434019-1444379529-10012015-03-07 10:27 - 2015-02-02 21:06 - 00000000 ___RD () C:\Users\Deniz-\OneDrive2015-03-07 09:35 - 2014-07-05 12:57 - 00007598 _____ () C:\Users\Deniz-\AppData\Local\Resmon.ResmonCfg2015-03-05 19:32 - 2015-02-05 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Accelerator2015-03-02 14:46 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2015-02-21 15:17 - 2013-12-13 19:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 20132015-02-21 15:15 - 2013-12-13 19:45 - 00000000 ____D () C:\ProgramData\Microsoft Help2015-02-18 05:15 - 2014-12-10 22:41 - 00000000 ____D () C:\ProgramData\Package Cache2015-02-17 19:43 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\System2015-02-17 19:38 - 2013-12-14 19:41 - 00000000 _____ () C:\WINDOWS\system32\Drivers\lvuvc.hs2015-02-16 00:40 - 2014-03-11 16:35 - 00572416 ___SH () C:\Users\Deniz-\Downloads\Thumbs.db2015-02-16 00:28 - 2013-12-31 00:56 - 03779584 ___SH () C:\Users\Deniz-\Documents\Thumbs.db2015-02-15 22:20 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache2015-02-15 01:33 - 2013-08-22 15:44 - 00484488 _____ () C:\WINDOWS\system32\FNTCACHE.DAT2015-02-15 01:30 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI2015-02-15 01:25 - 2014-07-29 12:07 - 00126496 _____ () C:\WINDOWS\PFRO.log2015-02-11 19:11 - 2013-08-22 14:25 - 00000269 _____ () C:\WINDOWS\win.ini2015-02-11 19:04 - 2013-12-01 21:46 - 00000000 ____D () C:\WINDOWS\system32\MRT2015-02-11 18:49 - 2013-12-01 21:46 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe ==================== Files in the root of some directories ======= 2014-07-02 11:53 - 2014-07-05 12:44 - 0000096 _____ () C:\Users\Deniz-\AppData\Roaming\regsvr32.exe_log.txt2014-12-22 19:24 - 2014-12-22 19:24 - 0000041 _____ () C:\Users\Deniz-\AppData\Roaming\WB.CFG2014-07-05 12:57 - 2015-03-07 09:35 - 0007598 _____ () C:\Users\Deniz-\AppData\Local\Resmon.ResmonCfg Files to move or delete:====================C:\Users\Deniz-\jagex_cl_oldschool_LIVE.datC:\Users\Deniz-\jagex_cl_runescape_LIVE.datC:\Users\Deniz-\jagex_cl_runescape_LIVE1.datC:\Users\Deniz-\random.dat Some content of TEMP:====================C:\Users\Deniz-\AppData\Local\Temp\APNSetup.exeC:\Users\Deniz-\AppData\Local\Temp\BSI.exeC:\Users\Deniz-\AppData\Local\Temp\BuenoSearchTB.exeC:\Users\Deniz-\AppData\Local\Temp\cabex.dllC:\Users\Deniz-\AppData\Local\Temp\DJAPI.dllC:\Users\Deniz-\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7k2dlu.dllC:\Users\Deniz-\AppData\Local\Temp\five-nights-at-freddy-s-2-full-version.exeC:\Users\Deniz-\AppData\Local\Temp\ICReinstall_five-nights-at-freddy-s-2-full-version.exeC:\Users\Deniz-\AppData\Local\Temp\SkypeSetup.exeC:\Users\Deniz-\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exeC:\Users\Deniz-\AppData\Local\Temp\unelevate.exeC:\Users\Deniz-\AppData\Local\Temp\Uninstall.exeC:\Users\Deniz-\AppData\Local\Temp\vlc-2.1.5-win32.exeC:\Users\Deniz-\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe Some zero byte size files/folders:==========================C:\Windows\System32\KBDTZM.DLL ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-09 14:35 ==================== End Of Log ============================
  11. Hi. let's get right to it. whenever i connect to any internet source i get many messages from avast saying that they have blocked an infection coming from epictory.com (see picture below). the url seems to sometimes be randomly generated. can you help me remove this? -Deniz I'm running windows 8.1
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.