Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32/Sality.nar problem

Started by Withard , Jun 21 2012 06:14 AM

  • Please log in to reply

#1
Withard
Posted 21 June 2012 - 06:14 AM

Withard

    New Member

  • Member
  • Pip
  • 4 posts
Hey, i am new here and i am facing a daredevil enemy, called Sality.nar.

So, first of all let me tell you what i did before i came here. I was getting this error for a while and decided to format my pc. I did, and it seems it didn't work. So then i started to research. People adviced some anti-viruses. And i got Nod32 anti virus and started to scan. I clicked "REMOVE" for everything it detected but then it started to detect my computers' drivers. And there i stopped. Closed Nod32. And started to research again. Then i found here.

http://www.geekstogo...tynar-in-my-pc/

Seemed to be working and i am going to try it. But if there is someone can analysis my logs. I would appreciate that. I am going to start what Essexboy told there and will inform you guys. See you later for now :)

Edited by Withard, 21 June 2012 - 12:16 PM.

  • 0

Advertisements

#2
Withard
Posted 21 June 2012 - 08:34 AM

Withard

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
BTW, first of all, i think i need to say that i couldnt manage to run SafeBootWin7, it gave me an error. And i didn't care, don't know if it is true. You can say me what to do, i'll appreciate. So whatever, here is my log after i did Autoscan.

ComboFix 12-06-20.02 - Withard 21.06.2012 17:15:08.1.4 - x86
Microsoft Windows 7 Home Basic 6.1.7601.1.1254.90.1055.18.2732.1937 [GMT 3:00]
Running from: c:\users\Withard\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Intel\Bluetooth\btmshell.dll
c:\programdata\Roaming
c:\windows\lwydluy.log
c:\windows\msxml4-KB954430-enu.LOG
c:\windows\system32\odbcad32.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))
.
.
2012-06-21 14:23 . 2012-06-21 14:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-21 14:22 . 2012-06-21 14:22 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C7E5D408-0005-4B13-8A72-2653DFAB26C9}\offreg.dll
2012-06-21 13:04 . 2012-06-21 13:12 -------- d-----w- c:\program files\Common Files\Nero
2012-06-21 13:03 . 2012-06-21 13:12 -------- d-----w- c:\programdata\Nero
2012-06-21 12:49 . 2011-12-01 08:40 12464 ----a-w- c:\windows\system32\drivers\NBVolUp.sys
2012-06-21 12:49 . 2012-06-21 12:49 -------- dc----w- c:\windows\system32\DRVSTORE
2012-06-21 12:49 . 2011-12-01 08:40 56496 ----a-w- c:\windows\system32\drivers\NBVol.sys
2012-06-21 12:49 . 2012-06-21 13:11 -------- d-----w- c:\program files\Nero
2012-06-21 11:20 . 2012-06-21 11:20 -------- d-----w- c:\program files\ESET
2012-06-20 17:22 . 2012-06-20 17:22 -------- d-----w- c:\windows\system32\SPReview
2012-06-20 17:21 . 2012-06-20 17:21 -------- d-----w- c:\windows\system32\EventProviders
2012-06-20 16:41 . 2012-06-20 16:41 -------- d-----w- c:\program files\MSXML 4.0
2012-06-20 16:00 . 2012-06-20 16:00 -------- d-----w- c:\windows\PCHEALTH
2012-06-20 15:59 . 2012-06-20 16:03 -------- d-----w- c:\program files\Windows Live
2012-06-20 15:59 . 2012-06-21 13:46 -------- d-----w- c:\program files\Microsoft Silverlight
2012-06-20 15:56 . 2012-06-20 15:56 -------- d-----w- c:\program files\Common Files\Windows Live
2012-06-20 14:27 . 2012-06-20 14:27 -------- d-----w- c:\program files\Conduit
2012-06-20 14:26 . 2012-06-20 14:26 -------- d-----w- c:\program files\uTorrent
2012-06-20 11:52 . 2012-06-20 11:52 -------- d-----w- c:\program files\EA GAMES
2012-06-20 09:42 . 2012-06-21 13:20 -------- d-----w- c:\program files\Elantech
2012-06-20 09:42 . 2012-05-08 20:19 243536 ----a-w- c:\windows\system32\drivers\ETD.sys
2012-06-19 22:23 . 2012-06-19 22:23 -------- d-----w- c:\program files\Samsung
2012-06-19 21:36 . 2011-02-18 05:04 355352 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-06-19 21:34 . 2011-04-21 23:17 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-06-19 21:34 . 2011-04-21 23:17 381032 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2012-06-19 21:34 . 2011-04-21 23:17 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2012-06-19 21:26 . 2012-06-19 21:26 -------- d--h--w- c:\windows\system32\WLANProfiles
2012-06-19 21:26 . 2012-06-19 21:26 -------- d-----w- c:\users\Public\Roaming
2012-06-19 21:26 . 2012-06-19 21:26 -------- d-----w- c:\users\Default\Roaming
2012-06-19 21:25 . 2012-06-19 21:25 -------- d-----w- c:\windows\system32\nn-NO
2012-06-19 21:25 . 2011-12-26 01:17 64672 ----a-w- c:\windows\system32\athihvui.dll
2012-06-19 21:25 . 2011-12-26 01:17 400544 ----a-w- c:\windows\system32\athihvs.dll
2012-06-19 21:24 . 2012-06-19 21:24 -------- d-----w- c:\programdata\Intel
2012-06-19 21:24 . 2012-06-19 21:24 -------- d-----w- c:\program files\Cisco
2012-06-19 21:22 . 2012-06-21 13:04 -------- d-----w- c:\program files\Atheros
2012-06-19 21:22 . 2011-12-12 16:32 2228224 ----a-w- c:\windows\system32\athr.sys
2012-06-19 21:22 . 2012-06-19 21:22 -------- d-----w- c:\programdata\Atheros
2012-06-19 21:01 . 2011-05-05 01:25 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2012-06-19 21:01 . 2012-06-19 21:01 -------- d-----w- c:\program files\Common Files\postureAgent
2012-06-19 20:48 . 2012-06-19 21:09 -------- d-----w- c:\windows\system32\NV
2012-06-19 20:45 . 2012-06-21 14:15 -------- d-----w- c:\users\UpdatusUser
2012-06-19 20:45 . 2012-05-15 09:28 2561344 ----a-w- c:\windows\system32\nvsvcr.dll
2012-06-19 20:45 . 2012-05-15 09:28 719168 ----a-w- c:\windows\system32\nv3dappshext.dll
2012-06-19 20:45 . 2012-05-15 09:28 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-06-19 20:45 . 2012-05-15 09:28 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-06-19 20:45 . 2012-05-15 09:28 55104 ----a-w- c:\windows\system32\nv3dappshextr.dll
2012-06-19 20:45 . 2012-05-15 09:28 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-06-19 20:45 . 2012-05-15 09:28 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-06-19 20:45 . 2012-05-15 09:28 3931456 ----a-w- c:\windows\system32\nvcpl.dll
2012-06-19 20:45 . 2012-05-15 09:27 2759488 ----a-w- c:\windows\system32\nvsvc.dll
2012-06-19 20:45 . 2012-05-15 10:26 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-06-19 20:43 . 2012-06-19 20:46 -------- d-----w- c:\program files\NVIDIA Corporation
2012-06-19 17:15 . 2012-06-19 17:15 -------- d-----w- c:\program files\Common Files\Adobe
2012-06-19 12:01 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-06-19 12:01 . 2010-11-20 12:21 11776 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-06-19 12:01 . 2010-11-20 12:19 3215872 ----a-w- c:\windows\system32\mstscax.dll
2012-06-19 12:01 . 2010-11-20 10:24 52224 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2012-06-19 11:59 . 2010-11-20 12:21 233472 ----a-w- c:\windows\system32\taskbarcpl.dll
2012-06-19 11:58 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2012-06-19 11:58 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2012-06-19 11:58 . 2010-11-20 12:21 189952 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-06-19 11:58 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2012-06-19 11:58 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\sqmapi.dll
2012-06-19 11:29 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C7E5D408-0005-4B13-8A72-2653DFAB26C9}\mpengine.dll
2012-06-19 11:26 . 2012-06-18 17:42 8279312 ----a-w- c:\program files\Microsoft Games\Age of Mythology\aom10to110.exe
2012-06-19 11:08 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 11:08 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 11:08 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 11:08 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 11:08 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-19 11:08 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 11:08 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 11:08 . 2012-06-02 12:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 11:08 . 2012-06-02 12:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 10:43 . 2012-06-19 21:24 -------- d-----w- c:\program files\Common Files\Intel
2012-06-19 10:41 . 2011-08-23 13:11 270336 ----a-w- c:\windows\system32\drivers\IntcDAud.sys
2012-06-19 10:41 . 2011-08-23 13:11 12288 ----a-w- c:\windows\system32\IntcDAuC.dll
2012-06-19 10:41 . 2011-10-21 17:34 81920 ----a-w- c:\windows\system32\igfxCoIn_v2559.dll
2012-06-19 10:41 . 2011-10-21 16:49 98304 ----a-w- c:\windows\system32\iglhcp32.dll
2012-06-19 10:41 . 2011-10-21 16:49 376832 ----a-w- c:\windows\system32\iglhsip32.dll
2012-06-19 10:41 . 2011-10-21 16:49 171520 ----a-w- c:\windows\system32\igfxcmrt32.dll
2012-06-19 10:41 . 2011-10-21 16:49 1663488 ----a-w- c:\windows\system32\igfxcmjit32.dll
2012-06-19 09:37 . 2009-02-16 21:05 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
2012-06-18 21:06 . 2012-06-18 21:06 -------- d-----w- c:\program files\Microsoft.NET
2012-06-18 20:37 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-18 20:37 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-06-18 20:37 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-18 20:37 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-18 20:33 . 2012-06-18 20:33 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-18 20:26 . 2012-06-21 13:46 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-06-18 20:20 . 2012-06-19 22:22 -------- d-----w- c:\program files\Intel
2012-06-18 20:20 . 2012-06-19 10:42 -------- d-----w- C:\Intel
2012-06-18 17:49 . 2012-06-19 09:57 -------- d-----w- C:\NVIDIA
2012-06-18 17:32 . 2012-06-19 20:48 -------- d-----w- c:\programdata\NVIDIA
2012-06-18 17:32 . 2012-06-18 17:32 -------- d-----w- c:\windows\Sun
2012-06-18 17:32 . 2012-06-18 17:32 -------- d-----w- c:\program files\Common Files\Java
2012-06-18 17:31 . 2012-06-18 17:31 -------- d-----w- c:\program files\Oracle
2012-06-18 17:30 . 2012-05-04 16:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-18 17:30 . 2012-05-04 16:29 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-18 17:30 . 2012-06-18 17:30 -------- d-----w- c:\program files\Java
2012-06-18 16:37 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2012-06-18 16:37 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-06-18 16:37 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-06-18 16:37 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-06-18 16:37 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-06-18 16:37 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-06-18 16:37 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2012-06-18 16:37 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2012-06-18 16:35 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll
2012-06-18 16:33 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-18 16:20 . 2012-02-23 07:18 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-06-18 16:17 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-06-18 16:17 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-06-18 16:17 . 2010-11-20 10:21 18432 ----a-w- c:\windows\system32\drivers\tdpipe.sys
2012-06-18 16:14 . 2012-06-18 16:52 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-18 16:14 . 2012-06-18 16:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-18 15:49 . 2012-06-18 15:49 -------- d-----w- c:\program files\Conexant
2012-06-18 15:49 . 2007-10-15 15:10 173494 ----a-w- c:\windows\system32\drivers\mon_ac_w.bin
2012-06-18 15:49 . 2007-10-15 15:10 158592 ----a-w- c:\windows\system32\drivers\gwausb.sys
2012-06-18 15:49 . 2007-10-15 15:10 25600 ----a-w- c:\windows\system32\CoInst.dll
2012-06-17 13:56 . 2012-06-17 13:56 -------- d-----w- c:\users\Public\CyberLink
2012-06-17 13:47 . 2012-06-21 13:29 -------- d-----w- c:\programdata\CyberLink
2012-06-17 13:45 . 2001-03-08 15:30 24064 ------w- c:\windows\system32\msxml3a.dll
2012-06-17 13:45 . 2003-03-18 17:14 499712 ------w- c:\windows\system32\msvcp71.dll
2012-06-17 13:45 . 2003-02-21 01:42 348160 ------w- c:\windows\system32\msvcr71.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-20 17:30 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-06-20 15:59 . 2011-03-28 15:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-26 19:08 . 2012-06-19 20:34 2298993 ----a-w- C:\HTC Home 1.10.zip
2012-03-26 21:45 . 2012-03-26 21:45 37376 ----a-w- c:\windows\system32\drivers\hssdrv.sys
2012-06-13 03:19 . 2012-06-18 20:26 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BisonHK"="c:\windows\BisonCam\BisonHK.exe" [2008-03-25 77824]
"DeLay"="c:\windows\BisonCam\DeLay.exe" [2008-03-11 53248]
"BisonInst0402"="c:\windows\BisonCam\InitDriverx86.exe" [2008-01-02 65536]
"CLMLServer"="d:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2008-01-15 103720]
"DSLSTATEXE"="c:\program files\Conexant\Adsl\dslstat.exe" [2012-06-21 376832]
"DSLAGENTEXE"="c:\program files\Conexant\Adsl\dslagent.exe" [2007-10-15 90112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-07-12 10754664]
"PWRISOVM.EXE"="d:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-02 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-02 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-02 177944]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2012-05-08 2192720]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Intel\Bluetooth\obexsrv.exe [2011-11-14 995392]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-18 257224]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokolü;c:\windows\system32\DRIVERS\amppal.sys [2011-12-05 141312]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Intel\Bluetooth\mediasrv.exe [2011-11-14 1355840]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\system32\IntelCpHeciSvc.exe [2012-03-19 276248]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\users\Withard\AppData\Local\Temp\Rar$EXa0.586\kerneld.wnt [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-13 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-08 241936]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 56496]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 12464]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-05-15 24896]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-18 242240]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-05 509440]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files\Intel\Bluetooth\devmonsrv.exe [2011-11-14 921664]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-12-05 104208]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-02-18 13336]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-05-05 2656536]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-08 722704]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Sanal Bağdaştırıcısı;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-12-05 141312]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-11-14 67072]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-14 263680]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-05-08 243536]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 47616]
S3 IntcDAud;Intel® Ekran İçin Ses;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 270336]
S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-19 41088]
S3 NETwNs32;___ Windows 7 32 Bit için Intel® Wireless WiFi Link Bağdaştırıcı Sürücüsü ;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-12-01 10299904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-04-21 381032]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-18 16:52]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Withard\AppData\Roaming\Mozilla\Firefox\Profiles\hhav6dkt.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
HKCU-Run-DAEMON Tools Lite - d:\program files (x86)\DAEMON Tools Lite\DTLite.exe
HKLM-Run-P2Go_Menu - d:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
HKLM-Run-BTMTrayAgent - c:\program files\Intel\Bluetooth\btmshell.dll
AddRemove-{40BF1E83-20EB-11D8-97C5-0009C5020658} - c:\program files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\users\Withard\AppData\Local\Temp\Rar$EXa0.586\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-21 17:24:40
ComboFix-quarantined-files.txt 2012-06-21 14:24
.
Pre-Run: 146.170.568.704 bayt boş
Post-Run: 149.654.081.536 bayt boş
.
- - End Of File - - A0DF68D6AC2C50B102F808C33DDB2FBE
  • 0

#3
Withard
Posted 21 June 2012 - 08:34 AM

Withard

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
And i did the OTL Scan too, so in OTL File it says;

OTL logfile created on: 21.06.2012 17:29:16 - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Withard\Desktop
Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041f | Country: Türkiye | Language: TRK | Date Format: dd.MM.yyyy

2,67 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 52,99% Memory free
5,33 Gb Paging File | 4,11 Gb Available in Paging File | 77,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 179,00 Gb Total Space | 139,51 Gb Free Space | 77,94% Space Free | Partition Type: NTFS
Drive D: | 266,64 Gb Total Space | 238,84 Gb Free Space | 89,57% Space Free | Partition Type: NTFS

Computer Name: TERRA | User Name: Withard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.06.21 16:30:24 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Withard\Desktop\OTL.exe
PRC - [2012.06.21 15:29:57 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.06.21 15:29:52 | 000,376,832 | ---- | M] (Conexant Systems, Inc.) -- C:\Program Files\Conexant\Adsl\dslstat.exe
PRC - [2012.05.15 13:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.05.15 12:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.05.15 12:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.04.04 08:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.08 10:44:04 | 000,722,704 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
PRC - [2011.12.08 10:43:42 | 000,653,584 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2011.12.08 10:43:40 | 000,107,792 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2011.12.05 09:30:26 | 000,509,440 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
PRC - [2011.12.05 08:55:36 | 000,104,208 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
PRC - [2011.11.14 17:04:48 | 000,921,664 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Bluetooth\devmonsrv.exe
PRC - [2011.06.24 07:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.05.05 04:44:54 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011.05.05 04:44:52 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011.02.25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.18 08:20:54 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.02.18 08:20:50 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.11.20 15:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.04.12 11:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- D:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2008.03.25 15:46:32 | 000,077,824 | ---- | M] (mychat) -- C:\Windows\BisonCam\BisonHK.exe
PRC - [2008.03.11 17:08:50 | 000,053,248 | ---- | M] (Bison Inc.) -- C:\Windows\BisonCam\DeLay.exe
PRC - [2008.01.15 17:20:50 | 000,103,720 | ---- | M] (CyberLink) -- D:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008.01.03 01:57:34 | 000,065,536 | ---- | M] (Bison Inc.) -- C:\Windows\BisonCam\InitDriverx86.exe


========== Modules (No Company Name) ==========

MOD - [2012.06.21 15:23:59 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\14bb825e2a52a8f9d68ee72b93e2c111\IAStorUtil.ni.dll
MOD - [2012.06.21 15:23:59 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\9bd83ea9e0fa4657c61886443e1cc9ad\IAStorCommon.ni.dll
MOD - [2012.06.20 21:34:17 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\da5da08245467818759aa44c4eb948e1\System.Web.ni.dll
MOD - [2012.06.20 21:34:11 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
MOD - [2012.06.20 21:33:38 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2012.06.20 21:33:30 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2012.06.20 21:33:06 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll
MOD - [2012.06.20 21:32:58 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2012.06.20 21:32:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2012.06.20 21:32:52 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2012.06.20 21:32:19 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
MOD - [2012.06.13 06:18:39 | 002,000,352 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.03.19 22:09:08 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2011.02.19 13:47:14 | 000,129,192 | ---- | M] () -- D:\Program Files (x86)\Mumble\mumble_ol.dll
MOD - [2009.07.14 11:09:33 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_tr_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009.07.14 11:09:23 | 000,299,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_tr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.03.25 15:44:08 | 000,028,672 | ---- | M] () -- C:\Windows\BisonCam\KBHookDLL.dll
MOD - [2008.01.15 17:20:50 | 000,013,096 | ---- | M] () -- D:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2008.01.15 17:20:46 | 000,648,488 | ---- | M] () -- D:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2007.10.15 18:10:02 | 000,331,776 | ---- | M] () -- C:\Program Files\Conexant\Adsl\DbgMode.dll


========== Win32 Services (SafeList) ==========

SRV - [2012.06.18 19:52:40 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.13 06:18:31 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.15 13:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.04.04 08:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.19 23:44:18 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IntelCpHeciSvc.exe -- (cphs) Intel®
SRV - [2011.12.08 10:44:04 | 000,722,704 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) Intel®
SRV - [2011.12.08 10:43:50 | 000,241,936 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2011.12.08 10:43:42 | 000,653,584 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2011.12.08 10:43:40 | 000,107,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2011.12.05 09:30:26 | 000,509,440 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2011.12.05 08:55:36 | 000,104,208 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel® Centrino® Wireless Bluetooth®
SRV - [2011.11.14 17:05:14 | 000,995,392 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011.11.14 17:05:10 | 001,355,840 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011.11.14 17:04:48 | 000,921,664 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011.05.05 04:44:54 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011.05.05 04:44:52 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2011.02.18 08:20:54 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009.07.14 04:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 04:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Withard\AppData\Local\Temp\Rar$EXa0.586\kerneld.wnt -- (EverestDriver)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Withard\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012.06.18 23:33:11 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.05.15 13:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.05.15 13:26:00 | 000,024,896 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvpciflt.sys -- (nvpciflt)
DRV - [2011.12.09 11:45:14 | 000,047,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV - [2011.12.05 09:22:32 | 000,141,312 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmpPal.sys -- (AMPPALP)
DRV - [2011.12.05 09:22:32 | 000,141,312 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmpPal.sys -- (AMPPAL)
DRV - [2011.12.01 22:50:00 | 010,299,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Windows 7 32 Bit için Intel®
DRV - [2011.12.01 11:40:16 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVol.sys -- (NBVol)
DRV - [2011.12.01 11:40:16 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVolUp.sys -- (NBVolUp)
DRV - [2011.11.14 17:04:36 | 000,263,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btmhsf.sys -- (btmhsf)
DRV - [2011.11.14 17:04:32 | 000,067,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btmaux.sys -- (btmaux)
DRV - [2011.08.23 16:11:49 | 000,270,336 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV - [2010.11.20 13:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.10.19 23:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI) Intel®
DRV - [2010.04.12 11:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009.07.14 02:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2007.10.15 18:10:08 | 000,158,592 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gwausb.sys -- (wanusb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3696832748-2073395193-4201535267-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3696832748-2073395193-4201535267-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3696832748-2073395193-4201535267-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3696832748-2073395193-4201535267-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.tr/
IE - HKU\S-1-5-21-3696832748-2073395193-4201535267-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3696832748-2073395193-4201535267-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3696832748-2073395193-4201535267-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 23:26:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2012.06.11 14:51:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Withard\AppData\Roaming\mozilla\Extensions
[2012.06.20 17:27:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Withard\AppData\Roaming\mozilla\Firefox\Profiles\hhav6dkt.default\extensions
[2012.06.20 17:27:27 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Withard\AppData\Roaming\mozilla\Firefox\Profiles\hhav6dkt.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012.06.20 17:28:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.06.18 23:26:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012.06.18 23:28:12 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\WITHARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HHAV6DKT.DEFAULT\EXTENSIONS\[email protected]
[2012.06.13 06:19:53 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.13 09:48:50 | 000,001,182 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-tr.xml
[2012.06.13 09:48:50 | 000,002,489 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yandex-tr.xml

O1 HOSTS File: ([2012.06.21 17:23:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [BisonHK] C:\Windows\BisonCam\BisonHK.exe (mychat)
O4 - HKLM..\Run: [BisonInst0402] C:\Windows\BisonCam\InitDriverx86.exe (Bison Inc.)
O4 - HKLM..\Run: [CLMLServer] D:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DeLay] C:\Windows\BisonCam\DeLay.exe (Bison Inc.)
O4 - HKLM..\Run: [DSLAGENTEXE] C:\Program Files\Conexant\Adsl\dslagent.exe ()
O4 - HKLM..\Run: [DSLSTATEXE] C:\Program Files\Conexant\Adsl\dslstat.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] D:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKU\S-1-5-21-3696832748-2073395193-4201535267-1001..\Run: [DAEMON Tools Lite] "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun File not found
O4 - HKU\S-1-5-21-3696832748-2073395193-4201535267-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun: NoDriveTypeAutoRun = 177
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3696832748-2073395193-4201535267-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3696832748-2073395193-4201535267-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O7 - HKU\S-1-5-21-3696832748-2073395193-4201535267-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3696832748-2073395193-4201535267-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3696832748-2073395193-4201535267-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35A50B4E-410F-46CC-A486-D6EA7F50D5DF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A17086B0-9FDA-4B83-B761-F7B2A4B4C3C9}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\Windows\System32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012.06.21 17:24:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.06.21 17:24:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.06.21 17:24:42 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Local\temp
[2012.06.21 17:09:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.06.21 17:09:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.06.21 17:09:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.06.21 17:09:10 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.06.21 17:08:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.06.21 17:07:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.06.21 16:43:50 | 000,000,000 | ---D | C] -- C:\Users\Withard\Desktop\Sality_RegKeys
[2012.06.21 16:43:28 | 000,171,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Withard\Desktop\SalityKiller.exe
[2012.06.21 16:30:04 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Withard\Desktop\OTL.exe
[2012.06.21 16:29:46 | 004,563,905 | R--- | C] (Swearware) -- C:\Users\Withard\Desktop\ComboFix.exe
[2012.06.21 16:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
[2012.06.21 16:18:14 | 000,000,000 | ---D | C] -- C:\Users\Withard\Desktop\SWTOR Yedek exe
[2012.06.21 16:09:07 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Roaming\Nero
[2012.06.21 16:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2012.06.21 16:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012.06.21 15:49:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012.06.21 15:49:43 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2012.06.21 14:21:38 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Local\ESET
[2012.06.21 14:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012.06.21 14:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.21 13:37:44 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Local\{4F755A54-826C-4470-9329-76BEDF28ABAC}
[2012.06.20 20:22:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012.06.20 20:21:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012.06.20 19:41:30 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012.06.20 19:11:17 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Local\{4D3E8CF4-2958-49E1-967C-461A8FEF74CB}
[2012.06.20 19:11:06 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Local\{4CCBD7A4-ADC5-48AC-A98E-515318929730}
[2012.06.20 19:10:48 | 000,000,000 | ---D | C] -- C:\Users\Withard\Tracing
[2012.06.20 19:00:49 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.06.20 18:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012.06.20 18:59:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.06.20 18:59:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.06.20 18:56:51 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Local\Windows Live
[2012.06.20 18:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2012.06.20 17:27:28 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Local\Google
[2012.06.20 17:27:28 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Local\CRE
[2012.06.20 17:27:26 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012.06.20 17:27:25 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Local\Conduit
[2012.06.20 17:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012.06.20 17:26:11 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Roaming\uTorrent
[2012.06.20 15:06:34 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Roaming\My Battle for Middle-earth Files
[2012.06.20 15:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2012.06.20 14:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\EA GAMES
[2012.06.20 12:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech
[2012.06.20 01:25:19 | 001,725,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll
[2012.06.20 01:25:19 | 000,214,368 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFNHK.dll
[2012.06.20 01:25:18 | 000,074,080 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFCOM.dll
[2012.06.20 01:25:18 | 000,068,960 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFAPO.dll
[2012.06.20 01:25:15 | 003,296,600 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll
[2012.06.20 01:25:15 | 000,345,944 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll
[2012.06.20 01:25:15 | 000,252,760 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll
[2012.06.20 01:25:15 | 000,103,256 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll
[2012.06.20 01:25:15 | 000,088,408 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll
[2012.06.20 01:25:15 | 000,061,272 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll
[2012.06.20 01:25:14 | 003,327,320 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll
[2012.06.20 01:25:14 | 001,938,704 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2012.06.20 01:25:11 | 000,357,712 | ---- | C] (Knowles Acoustics ) -- C:\Windows\System32\KAAPORT.dll
[2012.06.20 01:25:10 | 001,740,352 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2012.06.20 01:23:40 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2012.06.20 00:39:12 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Roaming\Intel Corporation
[2012.06.20 00:37:16 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2012.06.20 00:26:38 | 000,000,000 | -H-D | C] -- C:\Windows\System32\WLANProfiles
[2012.06.20 00:26:26 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Roaming\Intel
[2012.06.20 00:26:16 | 000,000,000 | ---D | C] -- C:\Users\Withard\Roaming
[2012.06.20 00:25:44 | 000,064,672 | ---- | C] (Atheros) -- C:\Windows\System32\athihvui.dll
[2012.06.20 00:25:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\nn-NO
[2012.06.20 00:25:43 | 000,400,544 | ---- | C] (Atheros) -- C:\Windows\System32\athihvs.dll
[2012.06.20 00:25:10 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Kablosuz
[2012.06.20 00:24:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2012.06.20 00:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2012.06.20 00:22:57 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2012.06.20 00:22:48 | 002,228,224 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athr.sys
[2012.06.20 00:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2012.06.20 00:02:07 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2012.06.20 00:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\postureAgent
[2012.06.19 23:48:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\NV
[2012.06.19 23:45:12 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012.06.19 23:44:58 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.06.19 23:43:16 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012.06.19 23:03:31 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Roaming\TeamViewer
[2012.06.19 23:02:51 | 004,589,912 | ---- | C] (TeamViewer GmbH) -- C:\Users\Withard\Desktop\teamviewer_setup.exe
[2012.06.19 20:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.06.19 20:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.06.19 14:59:56 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2012.06.19 14:25:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2012.06.19 13:43:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2012.06.19 12:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2012.06.19 12:46:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2012.06.19 12:46:22 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2012.06.19 12:46:22 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2012.06.19 12:46:22 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2012.06.19 12:46:22 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2012.06.19 12:46:22 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2012.06.19 12:46:21 | 000,709,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPOShell.dll
[2012.06.19 12:46:21 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2012.06.19 12:46:21 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2012.06.19 12:46:21 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2012.06.19 12:46:21 | 000,259,928 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll
[2012.06.19 12:46:21 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2012.06.19 12:46:21 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2012.06.19 12:46:21 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2012.06.19 12:46:21 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2012.06.19 12:46:21 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2012.06.19 12:46:20 | 000,601,704 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll
[2012.06.19 12:46:19 | 001,509,480 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll
[2012.06.19 12:46:19 | 001,292,904 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll
[2012.06.19 12:46:19 | 001,220,200 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll
[2012.06.19 12:46:19 | 000,654,952 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll
[2012.06.19 12:46:19 | 000,631,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll
[2012.06.19 12:46:19 | 000,458,344 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll
[2012.06.19 12:46:19 | 000,389,736 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll
[2012.06.19 12:46:19 | 000,375,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll
[2012.06.19 12:46:19 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll
[2012.06.19 12:46:19 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
[2012.06.19 12:46:19 | 000,218,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
[2012.06.19 12:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.06.19 00:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012.06.18 23:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.06.18 23:33:11 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012.06.18 23:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.06.18 23:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.06.18 23:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.06.18 23:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012.06.18 23:20:00 | 000,000,000 | ---D | C] -- C:\Intel
[2012.06.18 20:51:04 | 000,000,000 | ---D | C] -- C:\Users\Withard\Desktop\BFME
[2012.06.18 20:49:44 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012.06.18 20:39:45 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Local\SWTOR
[2012.06.18 20:39:44 | 000,000,000 | ---D | C] -- C:\Users\Withard\Documents\HeroBlade Logs
[2012.06.18 20:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.06.18 20:32:05 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.06.18 20:32:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.06.18 20:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.06.18 20:31:40 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.06.18 20:30:32 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.06.18 20:22:38 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Roaming\GameRanger
[2012.06.18 19:59:00 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Roaming\WinRAR
[2012.06.18 19:59:00 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.06.18 19:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.06.18 19:53:17 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Local\Macromedia
[2012.06.18 19:52:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2012.06.18 19:44:22 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Roaming\Mumble
[2012.06.18 19:42:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
[2012.06.18 19:34:38 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2012.06.18 19:14:17 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Roaming\Macromedia
[2012.06.18 18:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conexant DSL Modem
[2012.06.18 18:49:31 | 000,000,000 | ---D | C] -- C:\Program Files\Conexant
[2012.06.18 18:32:01 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.06.17 16:48:23 | 000,000,000 | ---D | C] -- C:\Users\Withard\Documents\CyberLink
[2012.06.17 16:48:20 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Roaming\CyberLink
[2012.06.17 16:47:30 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Local\Power2Go
[2012.06.17 16:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012.06.17 16:45:53 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
[2012.06.17 16:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2012.06.17 15:36:12 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2012.06.17 15:36:11 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012.06.17 15:36:11 | 000,000,000 | ---D | C] -- C:\Windows\BisonCam
[2012.06.17 15:36:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BisonCam
[2012.06.17 15:35:52 | 000,000,000 | ---D | C] -- C:\Users\Withard\Desktop\Ivır Zıvır
[2012.06.17 15:34:24 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Roaming\InstallShield
[2012.06.17 15:31:44 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Roaming\Adobe
[2012.06.17 15:31:11 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Local\Adobe
[2012.06.17 15:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.06.17 15:30:07 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012.06.17 15:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EasyInfo
[2012.06.15 14:59:49 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Roaming\My Battle for Middle-earth™ II Files
[2012.06.15 14:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2012.06.14 20:21:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012.06.14 20:02:54 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Roaming\Screaming Bee
[2012.06.14 20:02:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Screaming Bee
[2012.06.14 20:02:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2012.06.11 14:51:01 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Roaming\Mozilla
[2012.06.11 14:51:01 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Local\Mozilla
[2012.06.11 14:48:18 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012.06.11 14:46:40 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Roaming\DAEMON Tools Lite
[2012.06.11 14:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012.06.11 13:29:04 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012.06.11 13:29:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\OEM
[2012.06.11 13:04:35 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Local\ElevatedDiagnostics
[2012.06.11 12:58:03 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Local\Diagnostics
[2012.06.11 12:36:55 | 000,000,000 | R--D | C] -- C:\Users\Withard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.06.11 12:36:55 | 000,000,000 | R--D | C] -- C:\Users\Withard\Searches
[2012.06.11 12:36:55 | 000,000,000 | R--D | C] -- C:\Users\Withard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.06.11 12:36:55 | 000,000,000 | -H-D | C] -- C:\Users\Withard\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012.06.11 12:36:44 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Roaming\Identities
[2012.06.11 12:36:40 | 000,000,000 | R--D | C] -- C:\Users\Withard\Contacts
[2012.06.11 12:36:06 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Local\VirtualStore
[2012.06.11 12:36:03 | 000,000,000 | --SD | C] -- C:\Users\Withard\AppData\Roaming\Microsoft
[2012.06.11 12:36:03 | 000,000,000 | R--D | C] -- C:\Users\Withard\Videos
[2012.06.11 12:36:03 | 000,000,000 | R--D | C] -- C:\Users\Withard\Saved Games
[2012.06.11 12:36:03 | 000,000,000 | R--D | C] -- C:\Users\Withard\Pictures
[2012.06.11 12:36:03 | 000,000,000 | R--D | C] -- C:\Users\Withard\Music
[2012.06.11 12:36:03 | 000,000,000 | R--D | C] -- C:\Users\Withard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.06.11 12:36:03 | 000,000,000 | R--D | C] -- C:\Users\Withard\Links
[2012.06.11 12:36:03 | 000,000,000 | R--D | C] -- C:\Users\Withard\Favorites
[2012.06.11 12:36:03 | 000,000,000 | R--D | C] -- C:\Users\Withard\Downloads
[2012.06.11 12:36:03 | 000,000,000 | R--D | C] -- C:\Users\Withard\Documents
[2012.06.11 12:36:03 | 000,000,000 | R--D | C] -- C:\Users\Withard\Desktop
[2012.06.11 12:36:03 | 000,000,000 | R--D | C] -- C:\Users\Withard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.06.11 12:36:03 | 000,000,000 | -HSD | C] -- C:\Users\Withard\Documents\Videolarım
[2012.06.11 12:36:03 | 000,000,000 | -HSD | C] -- C:\Users\Withard\AppData\Local\Temporary Internet Files
[2012.06.11 12:36:03 | 000,000,000 | -HSD | C] -- C:\Users\Withard\Templates
[2012.06.11 12:36:03 | 000,000,000 | -HSD | C] -- C:\Users\Withard\Start Menu
[2012.06.11 12:36:03 | 000,000,000 | -HSD | C] -- C:\Users\Withard\SendTo
[2012.06.11 12:36:03 | 000,000,000 | -HSD | C] -- C:\Users\Withard\Documents\Resimlerim
[2012.06.11 12:36:03 | 000,000,000 | -HSD | C] -- C:\Users\Withard\Recent
[2012.06.11 12:36:03 | 000,000,000 | -HSD | C] -- C:\Users\Withard\PrintHood
[2012.06.11 12:36:03 | 000,000,000 | -HSD | C] -- C:\Users\Withard\NetHood
[2012.06.11 12:36:03 | 000,000,000 | -HSD | C] -- C:\Users\Withard\Documents\Müziğim
[2012.06.11 12:36:03 | 000,000,000 | -HSD | C] -- C:\Users\Withard\Local Settings
[2012.06.11 12:36:03 | 000,000,000 | -HSD | C] -- C:\Users\Withard\AppData\Local\History
[2012.06.11 12:36:03 | 000,000,000 | -HSD | C] -- C:\Users\Withard\Cookies
[2012.06.11 12:36:03 | 000,000,000 | -HSD | C] -- C:\Users\Withard\Belgelerim
[2012.06.11 12:36:03 | 000,000,000 | -HSD | C] -- C:\Users\Withard\Application Data
[2012.06.11 12:36:03 | 000,000,000 | -HSD | C] -- C:\Users\Withard\AppData\Local\Application Data
[2012.06.11 12:36:03 | 000,000,000 | -H-D | C] -- C:\Users\Withard\AppData
[2012.06.11 12:36:03 | 000,000,000 | ---D | C] -- C:\Users\Withard\AppData\Local\Microsoft
[2012.06.11 12:35:53 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Videolarım
[2012.06.11 12:35:53 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Resimlerim
[2012.06.11 12:35:53 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Müziğim
[2012.06.11 12:35:53 | 000,000,000 | ---D | C] -- C:\Recovery
[2012.06.11 12:35:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\Sık Kullanılanlar
[2012.06.11 12:35:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\Belgeler
[2012.06.11 12:33:09 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.06.11 12:30:59 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012.06.11 12:30:00 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2012.06.21 17:29:06 | 000,024,624 | ---- | M] () -- C:\Users\Withard\Desktop\Yeni Zengin Metin Belgesi (2).rtf
[2012.06.21 17:23:36 | 000,018,592 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.21 17:23:36 | 000,018,592 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.21 17:23:04 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.06.21 17:19:36 | 000,618,332 | ---- | M] () -- C:\Windows\System32\perfh01F.dat
[2012.06.21 17:19:36 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.21 17:19:36 | 000,121,670 | ---- | M] () -- C:\Windows\System32\perfc01F.dat
[2012.06.21 17:19:36 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.21 17:11:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.21 17:11:32 | 2148,175,872 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.21 16:52:06 | 000,000,814 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.21 16:30:34 | 004,563,905 | R--- | M] (Swearware) -- C:\Users\Withard\Desktop\ComboFix.exe
[2012.06.21 16:30:24 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Withard\Desktop\OTL.exe
[2012.06.21 15:32:38 | 000,000,750 | ---- | M] () -- C:\Users\Withard\Desktop\Yeni Zengin Metin Belgesi.rtf
[2012.06.21 15:30:24 | 000,001,269 | ---- | M] () -- C:\Users\Withard\Desktop\SWTOR.lnk
[2012.06.21 14:58:35 | 000,008,050 | ---- | M] () -- C:\Users\Withard\Desktop\sality_regkeys.zip
[2012.06.21 14:58:28 | 000,164,134 | ---- | M] () -- C:\Users\Withard\Desktop\salitykiller.zip
[2012.06.21 14:52:53 | 000,000,771 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk
[2012.06.21 14:24:20 | 000,000,000 | ---- | M] () -- C:\Windows\17177
[2012.06.21 13:36:07 | 000,273,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.20 17:26:41 | 000,000,941 | ---- | M] () -- C:\Users\Withard\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012.06.20 17:26:41 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012.06.20 17:23:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\cd.dat
[2012.06.20 17:21:54 | 000,021,325 | ---- | M] () -- C:\Users\Withard\Desktop\Lord.of.the.Rings.War.in.the.North-RELOADED.torrent
[2012.06.20 15:09:05 | 000,002,200 | ---- | M] () -- C:\Users\Public\Desktop\The Battle for Middle-earth ™.lnk
[2012.06.20 14:28:17 | 000,002,078 | ---- | M] () -- C:\Users\Public\Desktop\Age of Mythology.lnk
[2012.06.20 01:23:17 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_btmaux_01009.Wdf
[2012.06.20 01:22:52 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
[2012.06.20 00:27:31 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_AMPPAL_01009.Wdf
[2012.06.20 00:09:45 | 000,015,476 | ---- | M] () -- C:\Windows\System32\results.xml
[2012.06.19 23:03:17 | 004,589,912 | ---- | M] (TeamViewer GmbH) -- C:\Users\Withard\Desktop\teamviewer_setup.exe
[2012.06.19 00:19:49 | 205,763,230 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.06.18 23:56:07 | 000,001,395 | ---- | M] () -- C:\Users\Withard\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012.06.18 23:47:58 | 000,002,642 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2012.06.18 23:36:33 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.06.18 23:33:11 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012.06.18 23:28:50 | 000,001,034 | ---- | M] () -- C:\Users\Withard\Desktop\GameRanger.lnk
[2012.06.18 23:26:44 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.18 19:44:35 | 000,002,377 | ---- | M] () -- C:\Users\Withard\Documents\MumbleAutomaticCertificateBackup.p12
[2012.06.17 15:29:14 | 000,003,543 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012.06.17 15:29:14 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2012.06.14 20:08:15 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.06.14 19:57:32 | 000,000,124 | ---- | M] () -- C:\Users\Withard\AppData\Roaming\Options.ini
[2012.06.11 12:34:02 | 000,055,995 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012.05.26 22:08:02 | 002,298,993 | ---- | M] () -- C:\HTC Home 1.10.zip

========== Files Created - No Company Name ==========

[2012.06.21 17:28:58 | 000,024,624 | ---- | C] () -- C:\Users\Withard\Desktop\Yeni Zengin Metin Belgesi (2).rtf
[2012.06.21 17:09:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.06.21 17:09:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.06.21 17:09:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.06.21 17:09:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.06.21 17:09:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.06.21 14:58:34 | 000,008,050 | ---- | C] () -- C:\Users\Withard\Desktop\sality_regkeys.zip
[2012.06.21 14:58:23 | 000,164,134 | ---- | C] () -- C:\Users\Withard\Desktop\salitykiller.zip
[2012.06.21 14:24:20 | 000,000,000 | ---- | C] () -- C:\Windows\17177
[2012.06.20 21:14:18 | 000,001,269 | ---- | C] () -- C:\Users\Withard\Desktop\SWTOR.lnk
[2012.06.20 19:03:53 | 000,002,432 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012.06.20 17:26:41 | 000,000,941 | ---- | C] () -- C:\Users\Withard\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012.06.20 17:26:41 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012.06.20 17:23:13 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2012.06.20 17:21:53 | 000,021,325 | ---- | C] () -- C:\Users\Withard\Desktop\Lord.of.the.Rings.War.in.the.North-RELOADED.torrent
[2012.06.20 15:06:17 | 000,002,200 | ---- | C] () -- C:\Users\Public\Desktop\The Battle for Middle-earth ™.lnk
[2012.06.20 01:23:17 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_btmaux_01009.Wdf
[2012.06.20 01:22:52 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
[2012.06.20 00:34:19 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012.06.20 00:27:31 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_AMPPAL_01009.Wdf
[2012.06.20 00:22:48 | 000,468,928 | ---- | C] () -- C:\Windows\System32\netathr.inf
[2012.06.20 00:22:48 | 000,071,811 | ---- | C] () -- C:\Windows\System32\athrext.cat
[2012.06.20 00:09:45 | 000,015,476 | ---- | C] () -- C:\Windows\System32\results.xml
[2012.06.20 00:02:13 | 000,963,884 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
[2012.06.20 00:02:13 | 000,076,488 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp
[2012.06.20 00:02:12 | 000,221,264 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2012.06.20 00:02:12 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.06.20 00:02:11 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012.06.20 00:02:11 | 000,056,832 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2012.06.20 00:01:36 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2012.06.19 23:45:40 | 002,621,723 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012.06.19 23:44:26 | 000,011,190 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2012.06.19 23:34:18 | 002,298,993 | ---- | C] () -- C:\HTC Home 1.10.zip
[2012.06.19 23:34:11 | 000,115,158 | ---- | C] () -- C:\GPUObserver37.gadget
[2012.06.19 20:16:04 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.06.19 15:00:42 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2012.06.19 14:59:34 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2012.06.19 14:59:12 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2012.06.19 14:25:18 | 000,002,078 | ---- | C] () -- C:\Users\Public\Desktop\Age of Mythology.lnk
[2012.06.19 13:41:55 | 000,059,244 | ---- | C] () -- C:\Windows\System32\iglhxc32.vp
[2012.06.19 13:41:55 | 000,059,020 | ---- | C] () -- C:\Windows\System32\iglhxg32.vp
[2012.06.19 13:41:55 | 000,058,683 | ---- | C] () -- C:\Windows\System32\iglhxo32.vp
[2012.06.19 13:41:53 | 000,211,303 | ---- | C] () -- C:\Windows\System32\Gfxres.th-TH.resources
[2012.06.19 13:41:53 | 000,198,139 | ---- | C] () -- C:\Windows\System32\Gfxres.el-GR.resources
[2012.06.19 13:41:53 | 000,182,706 | ---- | C] () -- C:\Windows\System32\Gfxres.ru-RU.resources
[2012.06.19 13:41:53 | 000,156,233 | ---- | C] () -- C:\Windows\System32\Gfxres.ar-SA.resources
[2012.06.19 13:41:53 | 000,153,167 | ---- | C] () -- C:\Windows\System32\Gfxres.ja-JP.resources
[2012.06.19 13:41:53 | 000,149,009 | ---- | C] () -- C:\Windows\System32\Gfxres.he-IL.resources
[2012.06.19 13:41:53 | 000,140,216 | ---- | C] () -- C:\Windows\System32\Gfxres.it-IT.resources
[2012.06.19 13:41:53 | 000,138,727 | ---- | C] () -- C:\Windows\System32\Gfxres.ko-KR.resources
[2012.06.19 13:41:53 | 000,137,846 | ---- | C] () -- C:\Windows\System32\Gfxres.de-DE.resources
[2012.06.19 13:41:53 | 000,137,668 | ---- | C] () -- C:\Windows\System32\Gfxres.es-ES.resources
[2012.06.19 13:41:53 | 000,136,603 | ---- | C] () -- C:\Windows\System32\Gfxres.ro-RO.resources
[2012.06.19 13:41:53 | 000,135,628 | ---- | C] () -- C:\Windows\System32\Gfxres.fr-FR.resources
[2012.06.19 13:41:53 | 000,135,370 | ---- | C] () -- C:\Windows\System32\Gfxres.tr-TR.resources
[2012.06.19 13:41:53 | 000,134,836 | ---- | C] () -- C:\Windows\System32\Gfxres.pt-BR.resources
[2012.06.19 13:41:53 | 000,134,412 | ---- | C] () -- C:\Windows\System32\Gfxres.nl-NL.resources
[2012.06.19 13:41:53 | 000,134,384 | ---- | C] () -- C:\Windows\System32\Gfxres.hu-HU.resources
[2012.06.19 13:41:53 | 000,133,846 | ---- | C] () -- C:\Windows\System32\Gfxres.sv-SE.resources
[2012.06.19 13:41:53 | 000,133,709 | ---- | C] () -- C:\Windows\System32\Gfxres.pt-PT.resources
[2012.06.19 13:41:53 | 000,133,404 | ---- | C] () -- C:\Windows\System32\Gfxres.cs-CZ.resources
[2012.06.19 13:41:53 | 000,133,178 | ---- | C] () -- C:\Windows\System32\Gfxres.pl-PL.resources
[2012.06.19 13:41:53 | 000,132,889 | ---- | C] () -- C:\Windows\System32\Gfxres.fi-FI.resources
[2012.06.19 13:41:53 | 000,132,788 | ---- | C] () -- C:\Windows\System32\Gfxres.sk-SK.resources
[2012.06.19 13:41:53 | 000,131,839 | ---- | C] () -- C:\Windows\System32\Gfxres.hr-HR.resources
[2012.06.19 13:41:53 | 000,128,996 | ---- | C] () -- C:\Windows\System32\Gfxres.sl-SI.resources
[2012.06.19 13:41:53 | 000,128,831 | ---- | C] () -- C:\Windows\System32\Gfxres.nb-NO.resources
[2012.06.19 13:41:53 | 000,128,535 | ---- | C] () -- C:\Windows\System32\Gfxres.da-DK.resources
[2012.06.19 13:41:53 | 000,124,056 | ---- | C] () -- C:\Windows\System32\Gfxres.en-US.resources
[2012.06.19 13:41:53 | 000,117,636 | ---- | C] () -- C:\Windows\System32\Gfxres.zh-TW.resources
[2012.06.19 13:41:53 | 000,116,348 | ---- | C] () -- C:\Windows\System32\Gfxres.zh-CN.resources
[2012.06.19 13:41:53 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012.06.19 12:46:21 | 000,275,965 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.06.18 23:47:58 | 000,002,642 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012.06.18 23:36:33 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.06.18 23:28:50 | 000,001,034 | ---- | C] () -- C:\Users\Withard\Desktop\GameRanger.lnk
[2012.06.18 23:26:44 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.06.18 23:26:44 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.18 20:22:55 | 000,001,020 | ---- | C] () -- C:\Users\Withard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
[2012.06.18 19:44:35 | 000,002,377 | ---- | C] () -- C:\Users\Withard\Documents\MumbleAutomaticCertificateBackup.p12
[2012.06.18 19:42:47 | 000,000,771 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk
[2012.06.18 19:14:12 | 000,000,814 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.18 18:49:31 | 000,173,494 | ---- | C] () -- C:\Windows\System32\drivers\mon_ac_w.bin
[2012.06.18 18:49:31 | 000,017,432 | ---- | C] () -- C:\Windows\wwdslcfg.ini
[2012.06.18 18:31:51 | 205,763,230 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.06.17 15:36:13 | 000,000,189 | R--- | C] () -- C:\Windows\OEM.ini
[2012.06.16 15:15:42 | 000,000,750 | ---- | C] () -- C:\Users\Withard\Desktop\Yeni Zengin Metin Belgesi.rtf
[2012.06.14 20:08:15 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.06.14 19:57:30 | 000,000,124 | ---- | C] () -- C:\Users\Withard\AppData\Roaming\Options.ini
[2012.06.11 18:21:12 | 000,003,543 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012.06.11 18:21:12 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2012.06.11 12:41:55 | 000,001,395 | ---- | C] () -- C:\Users\Withard\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012.06.11 12:36:57 | 000,001,401 | ---- | C] () -- C:\Users\Withard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.06.11 12:36:03 | 000,000,290 | ---- | C] () -- C:\Users\Withard\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012.06.11 12:36:03 | 000,000,272 | ---- | C] () -- C:\Users\Withard\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012.06.11 12:30:00 | 2148,175,872 | -HS- | C] () -- C:\hiberfil.sys
[2012.03.19 23:26:08 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2012.03.19 22:09:08 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll

========== LOP Check ==========

[2012.06.18 23:59:13 | 000,000,000 | ---D | M] -- C:\Users\Withard\AppData\Roaming\DAEMON Tools Lite
[2012.06.18 20:22:55 | 000,000,000 | ---D | M] -- C:\Users\Withard\AppData\Roaming\GameRanger
[2012.06.21 17:28:18 | 000,000,000 | ---D | M] -- C:\Users\Withard\AppData\Roaming\Mumble
[2012.06.20 15:08:19 | 000,000,000 | ---D | M] -- C:\Users\Withard\AppData\Roaming\My Battle for Middle-earth Files
[2012.06.15 14:59:49 | 000,000,000 | ---D | M] -- C:\Users\Withard\AppData\Roaming\My Battle for Middle-earth™ II Files
[2012.06.14 20:02:58 | 000,000,000 | ---D | M] -- C:\Users\Withard\AppData\Roaming\Screaming Bee
[2012.06.19 23:03:31 | 000,000,000 | ---D | M] -- C:\Users\Withard\AppData\Roaming\TeamViewer
[2012.06.21 15:53:47 | 000,000,000 | ---D | M] -- C:\Users\Withard\AppData\Roaming\uTorrent
[2009.07.14 07:53:46 | 000,013,118 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011.02.26 08:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 04:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 08:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 08:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 08:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 15:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011.02.25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 08:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 08:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 09:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: WINLOGON.EXE >
[2009.10.28 09:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 08:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 15:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010.11.20 15:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 15:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 04:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< %systemroot%\*. /mp /s >

< End of report >
  • 0

#4
Withard
Posted 21 June 2012 - 08:35 AM

Withard

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I don't know if i did something wrong. I still keep getting Microsoft Visual C++ Runtime Library error. Can someone save me, please :(?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP