Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

delta search is a pain and i cannot get rid? [Solved]


  • This topic is locked This topic is locked

#1
aliboy66

aliboy66

    Member

  • Member
  • PipPipPip
  • 104 posts
Hi I've got a toshiba laptop Os windows 7 (64 bit) there are 4 of us using the computer and we each have are own site. One of my children have downloaded delta search by mistake. We are not very good with computers. I have downloaded ADWcleaner it says that I have removed delta but I am still getting all the pop ups that tell me delta is still on my laptop. I'm not sure how to get it off my laptop. I think it's in my registry but not sure what to do next. Any tip?


Thank you and sorry to be a pain.

P.s

my security is MSE.
  • 0

Advertisements


#2
Teima

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hello aliboy66,

My name is Teima and I'll be happy to assist you with this issue. Before we commence I'd like to ask that you take into careful thought of the points which I've listed below as they will beneficial to the guidance as to which I'll present yourself with here on Geekstogo. :)

Notes before we commence:

  • It's important that you reply within four days. If you haven't replied within that time, the thread will be closed.
  • As the process of malware removal is often challenging at times I'd like you to take into consideration that it may take multiple replies in order to resolve the issue/issues present.
  • If you are uncertain about any of the steps as to which I present yourself with. Please feel free to ask myself for further clarification.
  • It's important that you don't use tools which have been recommended for other users of the forum, failure to follow these guidelines will most likely result in an unbootable machine.
  • These steps only apply for the user "aliboy66". If you're reading this thread and you're requiring assistance, then read this thread and follow the listed steps carefully.
  • The absence of symptoms does not necessarily mean that your system is clean. Please stick with me until I state that your system is clean.
  • If It's been a total of three days and you've yet to receive a response from myself. Please send myself a reminder by clicking here and attaching the appropriate thread link where I can respond.
Extra

Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have two people examining your issue. Thanks for your consideration. :thumbsup:
  • 0

#3
aliboy66

aliboy66

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
Hi Teima thanks for taking your time to help me.Where do I start when I go to the page you tell me do I go for google redirect or the malware removal. I want to be sure before I start
Thank you
  • 0

#4
aliboy66

aliboy66

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
Hi Teima I think this what you need?

OTL logfile created on: 10/10/2013 7:25:34 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Niyazi Mustafa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 44.70% Memory free
5.74 Gb Paging File | 3.40 Gb Available in Paging File | 59.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.41 Gb Total Space | 41.14 Gb Free Space | 27.54% Space Free | Partition Type: NTFS
Drive D: | 148.28 Gb Total Space | 141.13 Gb Free Space | 95.18% Space Free | Partition Type: NTFS

Computer Name: NIYAZIMUSTAFA | User Name: Niyazi Mustafa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/10 07:17:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Niyazi Mustafa\Desktop\OTL.exe
PRC - [2013/09/17 21:29:24 | 004,153,344 | ---- | M] (webmakerplus LTD) -- C:\Program Files (x86)\webmakerplus\webmakerplus.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/05/15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/05/10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/27 16:18:02 | 001,098,072 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
PRC - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2013/03/15 15:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2013/01/15 13:07:42 | 002,750,840 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
PRC - [2013/01/15 13:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/07/26 16:36:51 | 000,133,944 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2011/02/18 12:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/03/09 01:23:22 | 001,086,760 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
PRC - [2010/02/22 13:23:50 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
PRC - [2010/01/15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/07/28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/09 19:06:05 | 013,584,776 | ---- | M] () -- C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\PepperFlash\11.9.900.117\pepflashplayer.dll
MOD - [2013/10/03 07:03:05 | 000,415,184 | ---- | M] () -- C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppgooglenaclpluginchrome.dll
MOD - [2013/10/03 07:03:03 | 004,055,504 | ---- | M] () -- C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
MOD - [2013/10/03 07:02:12 | 000,698,832 | ---- | M] () -- C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
MOD - [2013/10/03 07:02:11 | 000,099,792 | ---- | M] () -- C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\Application\30.0.1599.69\libegl.dll
MOD - [2013/10/03 07:02:09 | 001,604,560 | ---- | M] () -- C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
MOD - [2013/08/09 10:44:57 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\3a5eadca5d17af2aa06a4b5f40b588a6\System.ServiceModel.Routing.ni.dll
MOD - [2013/08/09 10:44:56 | 001,141,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b7ed4fb85e3e4d8b012dfd3a7c0435eb\System.ServiceModel.Discovery.ni.dll
MOD - [2013/08/09 10:44:53 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\1a335f477a925de13d86b720392a2b2e\System.ServiceModel.Channels.ni.dll
MOD - [2013/08/09 10:44:52 | 001,394,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d301978a7b9dbe3f69c166bf00d5b858\System.ServiceModel.Activities.ni.dll
MOD - [2013/08/09 10:44:49 | 018,101,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\8e155e090e2990b5afc341a2b068835b\System.ServiceModel.ni.dll
MOD - [2013/08/09 10:44:10 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\d562a607bb4973993b59456d35f6307f\System.IdentityModel.ni.dll
MOD - [2013/08/09 08:49:18 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\44d87641535e186f4a7fc9c469bc73dd\System.Xaml.ni.dll
MOD - [2013/08/09 08:49:10 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\e77f989b5dae0c6d2367d534c73a31f9\System.Xml.Linq.ni.dll
MOD - [2013/08/09 08:49:09 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\0442e1dc48d826e9b795d1e67d552791\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/08/09 08:49:07 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\12d171dd78ad02e8561a46bf266c5394\SMDiagnostics.ni.dll
MOD - [2013/08/09 08:49:06 | 002,647,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\0a3d8f846e42d481c0cc2200b7859858\System.Runtime.Serialization.ni.dll
MOD - [2013/08/09 05:08:15 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a342a61dd88db0c26a11470ce6a4f167\PresentationFramework.ni.dll
MOD - [2013/08/09 05:08:05 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\4f02f7d34c4fd0dc58ce1dffb5b424f9\PresentationFramework.Aero.ni.dll
MOD - [2013/08/09 05:08:03 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6da40f01a719972f3242d3c374e499c5\System.Windows.Forms.ni.dll
MOD - [2013/08/09 05:07:54 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\0835155203a99b6a9bb540629920da0d\System.Xml.ni.dll
MOD - [2013/08/09 05:07:53 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\7e3570a0cc71998e14e7adb8e4ea0cbb\System.Drawing.ni.dll
MOD - [2013/08/09 05:07:51 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\da18beba41f700dd4c71a3f5464c4342\System.Configuration.ni.dll
MOD - [2013/08/09 05:07:46 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\42c02d5f442dea943fc7def7b864bb90\PresentationCore.ni.dll
MOD - [2013/08/09 05:07:41 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\5c4f1eb1b2efdd138d137c5069a8bdf5\System.Core.ni.dll
MOD - [2013/08/09 05:07:35 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6a1d260372cda12056515b30b2bcf715\WindowsBase.ni.dll
MOD - [2013/08/09 05:07:32 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\fc16a5cafc433e6d942e9bd5b14fbeaf\System.ni.dll
MOD - [2013/07/09 07:05:23 | 014,418,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c799474a067f07ef3a167d75029fa012\mscorlib.ni.dll
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\Soluto\SolutoRemoteService.exe -- (SolutoRemoteService)
SRV:64bit: - [2013/07/18 20:33:12 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/07/18 20:33:12 | 000,023,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/23 21:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/02/05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/05 22:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 14:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2013/10/08 22:28:14 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/17 21:29:24 | 004,153,344 | ---- | M] (webmakerplus LTD) [On_Demand | Running] -- C:\Program Files (x86)\webmakerplus\webmakerplus.exe -- (webmakerplus)
SRV - [2013/05/10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/03/15 15:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2013/01/15 13:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/07/26 16:36:51 | 000,133,944 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/02/10 09:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2010/01/15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/18 16:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/04/20 10:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 19:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/03/10 18:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/20 09:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/01 10:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/18 17:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/11/06 12:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/07 05:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/07 08:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{1E462554-E56E-4740-A4E8-77E29C9E195B}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A5 E0 FB 4C 1B C5 CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Niyazi Mustafa\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Niyazi Mustafa\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{904EC61F-1109-43BD-9745-8D257C197720}: C:\Program Files (x86)\Lyrics-Show\126.xpi [2013/10/07 11:58:03 | 000,009,310 | ---- | M] ()

[2013/10/07 11:57:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\Application\30.0.1599.69\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Mixesoft Click&Clean Plug-In (Enabled) = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin/npccch32.dll
CHR - plugin: Bitdefender QuickScan (Enabled) = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin/npqscan.dll
CHR - plugin: Chrome IE Tab (Enabled) = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.6.30.1_0\plugin/blackfishietab.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll
CHR - plugin: RIM Handheld Application Loader (Disabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0\
CHR - Extension: Apture = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cppaadhnncohnjgallikmjdonfliciek\2.3.0_0\
CHR - Extension: Read Later Fast = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji\1.6.0_0\
CHR - Extension: Google News = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc\3.0_0\
CHR - Extension: Chelsea FC = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\eanaknlfmaafbcpmaoencjmlmfaflkck\1.4_0\
CHR - Extension: Google Finance = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp\1.1_0\
CHR - Extension: Click&Clean = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.3_0\
CHR - Extension: AT_Porsche = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg\3_0\
CHR - Extension: 365Scores = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gocaejggjgdmkhmbinicknpbhagkblop\0.65_0\
CHR - Extension: FastestFox for Chrome = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\8.0.4_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Hover Zoom = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.21_0\
CHR - Extension: Todo.ly = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhefmbclkekanpjjpkbciloojcmpkap\2_0\
CHR - Extension: ChromeAdvisor = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcakbgpomchcbeddcdpbccmhlmmhgcej\1.2_0\
CHR - Extension: iCloud = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjfjiepcafjlmaopmmdfcmdjldjfhlki\1.0.0_0\
CHR - Extension: Google Reader = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (GreatArcadeHits Add-on) - {D0C21091-FF8E-432C-9006-0540E81BA9D7} - C:\Users\Emine\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll (GreatArcadeHits)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKCU..\Run: [Itibiti.exe] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe File not found
O4 - HKCU..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent File not found
O4 - Startup: C:\Users\Niyazi Mustafa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\webmakerplus64.dll (Sweesh LTD)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\webmakerplus64.dll (Sweesh LTD)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\webmakerplus64.dll (Sweesh LTD)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\webmakerplus64.dll (Sweesh LTD)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\webmakerplus64.dll (Sweesh LTD)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\webmakerplus.dll (Sweesh LTD)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\webmakerplus.dll (Sweesh LTD)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\webmakerplus.dll (Sweesh LTD)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\webmakerplus.dll (Sweesh LTD)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\webmakerplus.dll (Sweesh LTD)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74DA2666-6620-4CE8-B554-B9D4F790DB02}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A22D127C-938C-4DC7-8264-DF55CA381631}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20 - AppInit_DLLs: (c:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/10 07:16:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Niyazi Mustafa\Desktop\OTL.exe
[2013/10/07 12:11:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013/10/07 12:11:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013/10/07 11:58:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lyrics-Show
[2013/10/07 11:58:03 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Local\avgchrome
[2013/10/07 11:57:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/10/07 11:53:31 | 000,430,080 | ---- | C] (Sweesh LTD) -- C:\Windows\SysNative\webmakerplus64.dll
[2013/10/07 11:53:27 | 000,364,544 | ---- | C] (Sweesh LTD) -- C:\Windows\SysWow64\webmakerplus.dll
[2013/10/07 11:53:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\webmakerplus
[2013/10/07 11:52:17 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Roaming\Media Plugin Update
[2013/10/07 11:52:13 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Roaming\5253e249160ba001730009de
[2013/10/07 06:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/10/07 06:14:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/10/07 06:14:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/10/07 06:14:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/10/07 06:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/10/05 17:14:49 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Roaming\SUPERAntiSpyware.com
[2013/10/05 17:13:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/10/05 17:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/09/27 08:38:59 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013/09/27 08:38:35 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sports Interactive
[2013/09/26 23:28:33 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/26 23:28:12 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Local\{5C970D52-F8E7-496E-8D75-81E3333E0313}
[2013/09/26 08:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/09/26 08:11:18 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/09/26 08:10:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/09/25 22:45:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/09/25 22:45:02 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/09/25 22:16:25 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Local\{EC78CF2C-12DD-4A8C-8883-A8B16B6307E6}
[2013/09/25 22:16:23 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Local\{80FD7189-B85D-4B1C-A674-4A650DFD2E81}
[2013/09/24 14:19:26 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Local\{4A269946-16A9-46C3-9A02-258C60D549FE}
[2013/09/24 07:18:25 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Local\{5A892FC6-8AD0-4F56-BD31-1CF133E4B88B}
[2013/09/23 08:15:01 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Local\{BD6751D9-92AC-497C-BC79-6056E94872F0}
[2013/09/23 08:05:21 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Local\{29EA668B-8438-4CFC-92FD-C6417B3F521D}
[2013/09/23 06:27:25 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Local\{334B09E1-519D-4E22-8B12-E9112B878332}
[2013/09/21 13:03:44 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Local\{96235868-E058-4D6D-A3EE-E1137C0FA884}
[2013/09/21 09:59:20 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Local\{B484CECF-5735-424E-85FE-FCF6132F1E80}
[2013/09/19 10:26:48 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Local\{348BCD48-3793-4BA4-9235-85C35F6BED91}
[2013/09/17 15:28:15 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Local\{BC533474-4BD5-48EC-B654-66D19004A3CF}
[2013/09/17 15:18:44 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Local\{9524841A-4A71-47BE-ACA3-94E8BDC3087C}
[2013/09/16 23:24:12 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Local\{1A2C01FA-7DD7-4A09-96B7-C0AF37A884F6}
[2013/09/14 20:42:47 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Local\{C652BE28-BF37-4FAD-8132-624DB8C4F9B7}
[2013/09/13 16:27:38 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Local\{0DF74B07-1245-4B15-97B5-EBB57347D138}
[2013/09/13 15:08:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/09/13 15:08:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/09/13 14:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/09/13 14:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[46 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/15 01:28:09 | 000,020,480 | ---- | M] () -- C:\msg.db
[2013/10/15 00:38:20 | 000,732,638 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/15 00:38:20 | 000,633,016 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/15 00:38:20 | 000,112,970 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/10 07:37:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-353934349-3502004749-830363461-1005UA.job
[2013/10/10 07:35:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-353934349-3502004749-830363461-1004UA.job
[2013/10/10 07:27:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/10 07:17:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Niyazi Mustafa\Desktop\OTL.exe
[2013/10/10 07:16:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-353934349-3502004749-830363461-1000UA.job
[2013/10/10 07:15:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/10 07:15:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-353934349-3502004749-830363461-1003UA.job
[2013/10/10 07:02:38 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/10 07:02:38 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/10 06:59:21 | 000,002,453 | ---- | M] () -- C:\Users\Niyazi Mustafa\Desktop\Google Chrome.lnk
[2013/10/10 06:55:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/10 06:54:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/10 06:54:38 | 2312,085,504 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/09 19:15:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-353934349-3502004749-830363461-1003Core.job
[2013/10/09 18:31:57 | 001,048,960 | ---- | M] () -- C:\Users\Niyazi Mustafa\Desktop\AdwCleaner.exe
[2013/10/07 12:11:00 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-353934349-3502004749-830363461-1005UA.job
[2013/10/07 11:50:00 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\GreatArcadeHits.job
[2013/10/07 06:16:00 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/07 06:11:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-353934349-3502004749-830363461-1005Core.job
[2013/10/07 06:03:11 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-353934349-3502004749-830363461-1000Core.job
[2013/10/07 06:03:11 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-353934349-3502004749-830363461-1005Core.job
[2013/10/05 17:13:56 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/09/27 12:35:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-353934349-3502004749-830363461-1004Core.job
[2013/09/26 08:11:26 | 000,001,346 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/09/25 22:45:11 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/09/17 21:43:50 | 000,430,080 | ---- | M] (Sweesh LTD) -- C:\Windows\SysNative\webmakerplus64.dll
[2013/09/17 21:41:42 | 000,364,544 | ---- | M] (Sweesh LTD) -- C:\Windows\SysWow64\webmakerplus.dll
[2013/09/13 15:12:15 | 000,002,176 | ---- | M] () -- C:\Windows\wininit.ini
[2013/09/13 15:08:58 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/09/13 15:02:40 | 000,001,420 | ---- | M] () -- C:\Users\Niyazi Mustafa\Desktop\Internet Explorer.lnk
[2013/09/13 07:03:52 | 000,310,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[46 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/10 06:59:21 | 000,002,453 | ---- | C] () -- C:\Users\Niyazi Mustafa\Desktop\Google Chrome.lnk
[2013/10/09 18:31:40 | 001,048,960 | ---- | C] () -- C:\Users\Niyazi Mustafa\Desktop\AdwCleaner.exe
[2013/10/07 12:16:57 | 000,020,480 | ---- | C] () -- C:\msg.db
[2013/10/07 11:58:41 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\GreatArcadeHits.job
[2013/10/07 06:16:00 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/05 17:13:56 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/09/26 08:11:26 | 000,001,358 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/09/26 08:11:26 | 000,001,346 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/09/26 07:46:20 | 000,001,071 | ---- | C] () -- C:\Users\Niyazi Mustafa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/09/25 22:45:11 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/09/13 15:12:08 | 000,002,176 | ---- | C] () -- C:\Windows\wininit.ini
[2013/09/13 15:08:58 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/09/13 15:08:40 | 000,002,124 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/09/13 15:02:40 | 000,001,420 | ---- | C] () -- C:\Users\Niyazi Mustafa\Desktop\Internet Explorer.lnk
[2012/06/22 23:11:08 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2012/06/22 23:11:08 | 000,107,064 | ---- | C] () -- C:\Windows\unins000.dat
[2012/06/03 16:11:09 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/05/30 18:34:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/29 21:02:50 | 000,002,455 | ---- | C] () -- C:\Users\Niyazi Mustafa\Google Chrome.lnk

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/10/09 19:17:03 | 000,000,000 | ---D | M] -- C:\Users\Niyazi Mustafa\AppData\Roaming\5253e249160ba001730009de
[2012/06/07 18:43:35 | 000,000,000 | ---D | M] -- C:\Users\Niyazi Mustafa\AppData\Roaming\Auslogics
[2012/03/31 09:38:00 | 000,000,000 | ---D | M] -- C:\Users\Niyazi Mustafa\AppData\Roaming\ChessBase
[2012/07/29 15:17:02 | 000,000,000 | ---D | M] -- C:\Users\Niyazi Mustafa\AppData\Roaming\Dropbox
[2012/06/25 19:42:09 | 000,000,000 | ---D | M] -- C:\Users\Niyazi Mustafa\AppData\Roaming\Easy MP3 Recorder
[2013/03/17 13:50:36 | 000,000,000 | ---D | M] -- C:\Users\Niyazi Mustafa\AppData\Roaming\Garmin
[2013/10/07 11:52:17 | 000,000,000 | ---D | M] -- C:\Users\Niyazi Mustafa\AppData\Roaming\Media Plugin Update
[2011/11/19 21:34:49 | 000,000,000 | ---D | M] -- C:\Users\Niyazi Mustafa\AppData\Roaming\MusicNet
[2013/09/24 14:54:02 | 000,000,000 | ---D | M] -- C:\Users\Niyazi Mustafa\AppData\Roaming\QuickScan
[2011/10/23 22:58:30 | 000,000,000 | ---D | M] -- C:\Users\Niyazi Mustafa\AppData\Roaming\Research In Motion
[2012/03/12 13:28:21 | 000,000,000 | ---D | M] -- C:\Users\Niyazi Mustafa\AppData\Roaming\Sports Interactive
[2012/07/05 17:41:58 | 000,000,000 | ---D | M] -- C:\Users\Niyazi Mustafa\AppData\Roaming\Temp
[2011/08/15 17:19:58 | 000,000,000 | ---D | M] -- C:\Users\Niyazi Mustafa\AppData\Roaming\Toshiba
[2013/08/30 12:20:53 | 000,000,000 | ---D | M] -- C:\Users\Niyazi Mustafa\AppData\Roaming\uTorrent
[2012/05/24 22:32:25 | 000,000,000 | ---D | M] -- C:\Users\Niyazi Mustafa\AppData\Roaming\WinBatch
[2012/04/02 22:43:01 | 000,000,000 | ---D | M] -- C:\Users\Niyazi Mustafa\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

#5
Teima

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts

Hi Teima thanks for taking your time to help me.

You're welcome!

Where do I start when I go to the page you tell me do I go for google redirect or the malware removal. I want to be sure before I start

The instructions which were listed under the malware removal topic are sufficient. Thanks for following them as it makes my work easier. :)

Step One

I'd highly recommend that you uninstall uTorrent as this has been identified as additional P2P program.

Please note that even if you are using a safe P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected.

References for the risk of this program can be found at these links below.

To remove uTorrent please navigate to Control Panel > Programs and Features and select the uninstall option.

Step Two

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following.
:Commands
[CREATERESTOREPOINT]

:OTL
O2 - BHO: (GreatArcadeHits Add-on) - {D0C21091-FF8E-432C-9006-0540E81BA9D7} - C:\Users\Emine\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll (GreatArcadeHits)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

:Commands
[EMPTYTEMP]
[RESETHOSTS]
  • Click run fix.
  • OTL may ask to reboot the machine. Please click the OK button if prompted.
  • Once done a report will be displayed. Copy and paste the contents of that report within your next response.
Step Three

Download AdwCleaner from here to your desktop.

Click on the Scan tab >> once the scan is complete click on the Clean tab and follow the prompts.

Posted Image

Once done it will ask to reboot, allow this.

On reboot a log will be produced please attach that for me to review.

Step Four

Would you be able to see if the Extras.txt logfile can be located on your computer desktop. If so. Would you mind uploading it here for me to review? :)
  • 0

#6
aliboy66

aliboy66

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
Hi Teima I have looked for utorrent on add and remove it is not there where would it be,my daughter uses it to download music or something,but I can't find it.Done step 2 and 3 but step 4 I cannot find on my desktop just can't see extras txt logfile.


ps sorry on step 2 I did not copy and paste the OTL report is this a problem?



# AdwCleaner v3.007 - Report created 11/10/2013 at 17:41:00
# Updated 09/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Niyazi Mustafa - NIYAZIMUSTAFA
# Running from : C:\Users\Niyazi Mustafa\Desktop\adwcleaner.exe





# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Google Chrome v

[ File : C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Ayse\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Ozay\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Emine\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6963 octets] - [26/09/2013 22:47:16]
AdwCleaner[R1].txt - [1527 octets] - [27/09/2013 08:38:17]
AdwCleaner[R2].txt - [1287 octets] - [27/09/2013 12:00:32]
AdwCleaner[R3].txt - [8196 octets] - [07/10/2013 11:32:52]
AdwCleaner[R4].txt - [1781 octets] - [09/10/2013 18:32:40]
AdwCleaner[R5].txt - [1647 octets] - [09/10/2013 19:15:21]
AdwCleaner[R6].txt - [1767 octets] - [11/10/2013 17:39:02]
AdwCleaner[S0].txt - [7068 octets] - [26/09/2013 22:49:46]
AdwCleaner[S1].txt - [1596 octets] - [27/09/2013 08:41:00]
AdwCleaner[S2].txt - [1348 octets] - [27/09/2013 12:02:30]
AdwCleaner[S3].txt - [7244 octets] - [07/10/2013 11:35:27]
AdwCleaner[S4].txt - [1852 octets] - [09/10/2013 18:34:44]
AdwCleaner[S5].txt - [1708 octets] - [09/10/2013 19:17:09]
AdwCleaner[S6].txt - [1688 octets] - [11/10/2013 17:41:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [1748 octets] ##########

Edited by aliboy66, 11 October 2013 - 04:29 PM.

  • 0

#7
aliboy66

aliboy66

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
Hi Teima the utorrent was on my daughters desktop I deleted it from her desktop. I have notices
most mornings when I turn my laptop on my M S E security has been turned off.
  • 0

#8
Teima

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hello aliboy66,

ps sorry on step 2 I did not copy and paste the OTL report is this a problem?

No worries at all. Would you be able to see if the OTL.txt logfile can be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created. If so. Would you mind uploading it here for me to review? :)

The utorrent was on my daughters desktop I deleted it from her desktop. I have notices most mornings when I turn my laptop on my M S E security has been turned off.

Ok. Thanks for keeping me informed. I'll look into this possible issue with MSE once these other logs have been returned. :)
  • 0

#9
aliboy66

aliboy66

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
Hi Teima,

I am trying to send you the file but it is not letting me because it is to big, not sure what to do?

Edited by aliboy66, 12 October 2013 - 09:42 AM.

  • 0

#10
aliboy66

aliboy66

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
Hi Teima not sure what I'm doing?

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0C21091-FF8E-432C-9006-0540E81BA9D7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0C21091-FF8E-432C-9006-0540E81BA9D7}\ deleted successfully.
C:\Users\Emine\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{30CEEEA2-3742-40e4-85DD-812BF1CBB83D} deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{30CEEEA2-3742-40e4-85DD-812BF1CBB83D} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Ayse
->Temp folder emptied: 7836574 bytes
->Temporary Internet Files folder emptied: 36312835 bytes
->Java cache emptied: 853031 bytes
->Google Chrome cache emptied: 68099919 bytes
->Flash cache emptied: 47872 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Emine
->Temp folder emptied: 66524 bytes
->Temporary Internet Files folder emptied: 1699675 bytes
->Java cache emptied: 952772 bytes
->Google Chrome cache emptied: 7648880 bytes
->Flash cache emptied: 42117 bytes

User: Niyazi Mustafa
->Temp folder emptied: 890804 bytes
->Temporary Internet Files folder emptied: 129 bytes
->Java cache emptied: 812249 bytes
->Google Chrome cache emptied: 86414234 bytes
->Flash cache emptied: 42264 bytes

User: Ozay
->Temp folder emptied: 6079534 bytes
->Temporary Internet Files folder emptied: 232383 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 58634608 bytes
->Flash cache emptied: 42292 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10581480 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 65447277 bytes
RecycleBin emptied: 1302564 bytes

Total Files Cleaned = 338.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 10112013_173508

Files\Folders moved on Reboot...
C:\Users\Niyazi Mustafa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Niyazi Mustafa\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\wbxtra_10112013_043157.wbt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Edited by Dakeyras, 14 October 2013 - 05:46 AM.
Removed unnecessary zip file and posted otl fix log

  • 0

Advertisements


#11
Teima

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hello aliboy66,

Hi Teima not sure what I'm doing?

No worries. What you did was correct and there wasn't any issues with the upload from my side. I'll present some further instructions below mate. Also. How is everything running from your side? :)

Also. Sorry about the delay. I've had a few things come up within real life. :thumbsup:

Step One

Malwarebytes Anti-Malware

Please download Malwarebytes Anti-Malware from here.

  • Double click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click scan.
  • When the scan is complete, click OK, then show results to view the scan results.
  • If anything is found make sure that everything is checked, and then click remove selected.
  • Once the scan has completed, a log will open in Notepad and you may be prompted to restart.
  • Please note the log is automatically saved and can be viewed by clicking the logs tab within Malwarebytes.
  • Copy and paste the entire content of that report within your next response.
Step Two

I would assume you still have OTL on your machine. Right-click on OTL.exe and select Run As Administrator to start the program. If prompted by UAC, please allow it.

  • Please check the box next to Scan All Users.
  • Make sure Use SafeList is selected under Extra Registry.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir C:\ /S /A:L /C
CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your reply. If both log won't fit in the same post, you may post them in two separate posts.

  • 0

#12
aliboy66

aliboy66

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
Hi Teima the computer seams a lot better today yesterday it was running slow but I did Malwarebytes it's got better? still get the odd pop up?

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.15.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Niyazi Mustafa :: NIYAZIMUSTAFA [administrator]

14/10/2013 23:37:39
mbam-log-2013-10-14 (23-37-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 278406
Time elapsed: 10 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\Typelib\{5530C971-3D8F-471B-AC49-4CC23FA955E2} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
HKCR\Interface\{7FBC7ADD-4D75-4685-9BD4-30D3FBDD3AB4} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 5
C:\Users\Emine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Emine\AppData\Local\GreatArcadeHits (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Emine\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Emine\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Emine\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome\content (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

Files Detected: 18
C:\Users\Emine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits\Play Games online on GreatArcadeHits.com.url (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Emine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits\Uninstall GreatArcadeHits.lnk (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\GreatArcadeHits.job (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Emine\AppData\Local\GreatArcadeHits\application.ico (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Emine\AppData\Local\GreatArcadeHits\cookies.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Emine\AppData\Local\GreatArcadeHits\gahff.xpi (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Emine\AppData\Local\GreatArcadeHits\GAHUninstaller.exe (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Emine\AppData\Local\GreatArcadeHits\GAHUpdate.exe (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Emine\AppData\Local\GreatArcadeHits\Play Games online on GreatArcadeHits.com.url (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Emine\AppData\Local\GreatArcadeHits\premium.pem (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Emine\AppData\Local\GreatArcadeHits\static.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Emine\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome.manifest (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Emine\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\icon.png (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Emine\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\install.rdf (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Emine\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome\content\application.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Emine\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome\content\overlay.xul (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Emine\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome\content\page.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\Emine\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome\content\static.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

(end)
  • 0

#13
aliboy66

aliboy66

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
Hi Teima here goes


OTL logfile created on: 10/15/2013 4:12:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Niyazi Mustafa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 62.67% Memory free
5.74 Gb Paging File | 3.95 Gb Available in Paging File | 68.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.41 Gb Total Space | 44.85 Gb Free Space | 30.01% Space Free | Partition Type: NTFS
Drive D: | 148.28 Gb Total Space | 141.13 Gb Free Space | 95.18% Space Free | Partition Type: NTFS

Computer Name: NIYAZIMUSTAFA | User Name: Niyazi Mustafa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/11 17:38:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Niyazi Mustafa\Desktop\OTL.exe
PRC - [2013/09/17 21:29:24 | 004,153,344 | ---- | M] (webmakerplus LTD) -- C:\Program Files (x86)\webmakerplus\webmakerplus.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/05/15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/05/10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/27 16:18:02 | 001,098,072 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
PRC - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2013/03/15 15:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2013/01/15 13:07:42 | 002,750,840 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
PRC - [2013/01/15 13:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/07/26 16:36:51 | 000,133,944 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2011/02/18 12:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/03/09 01:23:22 | 001,086,760 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
PRC - [2010/02/22 13:23:50 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
PRC - [2010/01/15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/07/28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/09 10:44:57 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\3a5eadca5d17af2aa06a4b5f40b588a6\System.ServiceModel.Routing.ni.dll
MOD - [2013/08/09 10:44:56 | 001,141,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b7ed4fb85e3e4d8b012dfd3a7c0435eb\System.ServiceModel.Discovery.ni.dll
MOD - [2013/08/09 10:44:53 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\1a335f477a925de13d86b720392a2b2e\System.ServiceModel.Channels.ni.dll
MOD - [2013/08/09 10:44:52 | 001,394,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d301978a7b9dbe3f69c166bf00d5b858\System.ServiceModel.Activities.ni.dll
MOD - [2013/08/09 10:44:49 | 018,101,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\8e155e090e2990b5afc341a2b068835b\System.ServiceModel.ni.dll
MOD - [2013/08/09 10:44:10 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\d562a607bb4973993b59456d35f6307f\System.IdentityModel.ni.dll
MOD - [2013/08/09 08:49:18 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\44d87641535e186f4a7fc9c469bc73dd\System.Xaml.ni.dll
MOD - [2013/08/09 08:49:10 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\e77f989b5dae0c6d2367d534c73a31f9\System.Xml.Linq.ni.dll
MOD - [2013/08/09 08:49:09 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\0442e1dc48d826e9b795d1e67d552791\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/08/09 08:49:07 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\12d171dd78ad02e8561a46bf266c5394\SMDiagnostics.ni.dll
MOD - [2013/08/09 08:49:06 | 002,647,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\0a3d8f846e42d481c0cc2200b7859858\System.Runtime.Serialization.ni.dll
MOD - [2013/08/09 05:08:15 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a342a61dd88db0c26a11470ce6a4f167\PresentationFramework.ni.dll
MOD - [2013/08/09 05:08:05 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\4f02f7d34c4fd0dc58ce1dffb5b424f9\PresentationFramework.Aero.ni.dll
MOD - [2013/08/09 05:08:03 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6da40f01a719972f3242d3c374e499c5\System.Windows.Forms.ni.dll
MOD - [2013/08/09 05:07:54 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\0835155203a99b6a9bb540629920da0d\System.Xml.ni.dll
MOD - [2013/08/09 05:07:53 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\7e3570a0cc71998e14e7adb8e4ea0cbb\System.Drawing.ni.dll
MOD - [2013/08/09 05:07:51 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\da18beba41f700dd4c71a3f5464c4342\System.Configuration.ni.dll
MOD - [2013/08/09 05:07:46 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\42c02d5f442dea943fc7def7b864bb90\PresentationCore.ni.dll
MOD - [2013/08/09 05:07:41 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\5c4f1eb1b2efdd138d137c5069a8bdf5\System.Core.ni.dll
MOD - [2013/08/09 05:07:35 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6a1d260372cda12056515b30b2bcf715\WindowsBase.ni.dll
MOD - [2013/08/09 05:07:32 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\fc16a5cafc433e6d942e9bd5b14fbeaf\System.ni.dll
MOD - [2013/07/09 07:05:23 | 014,418,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c799474a067f07ef3a167d75029fa012\mscorlib.ni.dll
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\Soluto\SolutoRemoteService.exe -- (SolutoRemoteService)
SRV:64bit: - [2013/07/18 20:33:12 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/07/18 20:33:12 | 000,023,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/23 21:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/02/05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/05 22:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 14:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2013/10/08 22:28:14 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/17 21:29:24 | 004,153,344 | ---- | M] (webmakerplus LTD) [On_Demand | Running] -- C:\Program Files (x86)\webmakerplus\webmakerplus.exe -- (webmakerplus)
SRV - [2013/05/10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/03/15 15:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2013/01/15 13:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/07/26 16:36:51 | 000,133,944 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/02/10 09:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2010/01/15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/18 16:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/04/20 10:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 19:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/03/10 18:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/20 09:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/01 10:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/18 17:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/11/06 12:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/07 05:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/07 08:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{1E462554-E56E-4740-A4E8-77E29C9E195B}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-353934349-3502004749-830363461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-353934349-3502004749-830363461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-353934349-3502004749-830363461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
IE - HKU\S-1-5-21-353934349-3502004749-830363461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-353934349-3502004749-830363461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A5 E0 FB 4C 1B C5 CE 01 [binary data]
IE - HKU\S-1-5-21-353934349-3502004749-830363461-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-353934349-3502004749-830363461-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-353934349-3502004749-830363461-1000\..\SearchScopes,DefaultScope = {1E462554-E56E-4740-A4E8-77E29C9E195B}
IE - HKU\S-1-5-21-353934349-3502004749-830363461-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-353934349-3502004749-830363461-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Niyazi Mustafa\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Niyazi Mustafa\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{904EC61F-1109-43BD-9745-8D257C197720}: C:\Program Files (x86)\Lyrics-Show\126.xpi [2013/10/07 11:58:03 | 000,009,310 | ---- | M] ()

[2013/10/07 11:57:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\Application\30.0.1599.69\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Mixesoft Click&Clean Plug-In (Enabled) = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin/npccch32.dll
CHR - plugin: Bitdefender QuickScan (Enabled) = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin/npqscan.dll
CHR - plugin: Chrome IE Tab (Enabled) = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.6.30.1_0\plugin/blackfishietab.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll
CHR - plugin: RIM Handheld Application Loader (Disabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6_0\
CHR - Extension: Apture = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cppaadhnncohnjgallikmjdonfliciek\2.3.0_0\
CHR - Extension: Read Later Fast = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji\1.6.0_0\
CHR - Extension: Google News = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc\3.0_0\
CHR - Extension: Chelsea FC = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\eanaknlfmaafbcpmaoencjmlmfaflkck\1.4_0\
CHR - Extension: Google Finance = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp\1.1_0\
CHR - Extension: Click&Clean = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.3_0\
CHR - Extension: AT_Porsche = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg\3_0\
CHR - Extension: 365Scores = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gocaejggjgdmkhmbinicknpbhagkblop\0.65_0\
CHR - Extension: FastestFox for Chrome = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\8.0.4_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Hover Zoom = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.21_0\
CHR - Extension: Todo.ly = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhefmbclkekanpjjpkbciloojcmpkap\2_0\
CHR - Extension: ChromeAdvisor = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcakbgpomchcbeddcdpbccmhlmmhgcej\1.2_0\
CHR - Extension: iCloud = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjfjiepcafjlmaopmmdfcmdjldjfhlki\1.0.0_0\
CHR - Extension: Google Reader = C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\

O1 HOSTS File: ([2013/10/11 17:37:28 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-353934349-3502004749-830363461-1000..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKU\S-1-5-21-353934349-3502004749-830363461-1000..\Run: [Itibiti.exe] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe File not found
O4 - HKU\S-1-5-21-353934349-3502004749-830363461-1000..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent File not found
O4 - HKU\S-1-5-21-353934349-3502004749-830363461-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Niyazi Mustafa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\webmakerplus64.dll (Sweesh LTD)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\webmakerplus64.dll (Sweesh LTD)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\webmakerplus64.dll (Sweesh LTD)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\webmakerplus64.dll (Sweesh LTD)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\webmakerplus64.dll (Sweesh LTD)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\webmakerplus.dll (Sweesh LTD)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\webmakerplus.dll (Sweesh LTD)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\webmakerplus.dll (Sweesh LTD)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\webmakerplus.dll (Sweesh LTD)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\webmakerplus.dll (Sweesh LTD)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74DA2666-6620-4CE8-B554-B9D4F790DB02}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A22D127C-938C-4DC7-8264-DF55CA381631}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20 - AppInit_DLLs: (c:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/10/12 07:40:31 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\Documents\_OTL
[2013/10/11 17:38:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Niyazi Mustafa\Desktop\OTL.exe
[2013/10/11 17:35:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/08 21:27:17 | 017,813,896 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/10/07 12:11:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013/10/07 12:11:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013/10/07 11:58:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lyrics-Show
[2013/10/07 11:58:03 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Local\avgchrome
[2013/10/07 11:57:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/10/07 11:53:31 | 000,430,080 | ---- | C] (Sweesh LTD) -- C:\Windows\SysNative\webmakerplus64.dll
[2013/10/07 11:53:27 | 000,364,544 | ---- | C] (Sweesh LTD) -- C:\Windows\SysWow64\webmakerplus.dll
[2013/10/07 11:53:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\webmakerplus
[2013/10/07 11:52:17 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Roaming\Media Plugin Update
[2013/10/07 11:52:13 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Roaming\5253e249160ba001730009de
[2013/10/07 06:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/10/07 06:14:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/10/07 06:14:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/10/07 06:14:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/10/07 06:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/10/05 17:14:49 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Roaming\SUPERAntiSpyware.com
[2013/10/05 17:13:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/10/05 17:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/09/27 08:38:59 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013/09/27 08:38:35 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sports Interactive
[2013/09/26 23:28:33 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/26 23:28:12 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Local\{5C970D52-F8E7-496E-8D75-81E3333E0313}
[2013/09/26 08:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/09/26 08:11:18 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/09/26 08:10:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/09/25 22:45:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/09/25 22:45:02 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/09/25 22:16:25 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Local\{EC78CF2C-12DD-4A8C-8883-A8B16B6307E6}
[2013/09/25 22:16:23 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Local\{80FD7189-B85D-4B1C-A674-4A650DFD2E81}
[2013/09/24 14:19:26 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Local\{4A269946-16A9-46C3-9A02-258C60D549FE}
[2013/09/24 07:18:25 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Local\{5A892FC6-8AD0-4F56-BD31-1CF133E4B88B}
[2013/09/23 08:15:01 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Local\{BD6751D9-92AC-497C-BC79-6056E94872F0}
[2013/09/23 08:05:21 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Local\{29EA668B-8438-4CFC-92FD-C6417B3F521D}
[2013/09/23 06:27:25 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Local\{334B09E1-519D-4E22-8B12-E9112B878332}
[2013/09/21 13:03:44 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Local\{96235868-E058-4D6D-A3EE-E1137C0FA884}
[2013/09/21 09:59:20 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Local\{B484CECF-5735-424E-85FE-FCF6132F1E80}
[2013/09/19 10:26:48 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Local\{348BCD48-3793-4BA4-9235-85C35F6BED91}
[2013/09/17 15:28:15 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Local\{BC533474-4BD5-48EC-B654-66D19004A3CF}
[2013/09/17 15:18:44 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Local\{9524841A-4A71-47BE-ACA3-94E8BDC3087C}
[2013/09/16 23:24:12 | 000,000,000 | ---D | C] -- C:\Users\Niyazi Mustafa\AppData\Local\{1A2C01FA-7DD7-4A09-96B7-C0AF37A884F6}
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/15 16:15:01 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/15 16:15:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-353934349-3502004749-830363461-1003UA.job
[2013/10/15 16:00:10 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/15 16:00:10 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/15 15:45:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/15 15:44:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/15 15:44:29 | 2312,085,504 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/15 01:28:09 | 000,020,480 | ---- | M] () -- C:\msg.db
[2013/10/14 23:39:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-353934349-3502004749-830363461-1005UA.job
[2013/10/14 23:39:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-353934349-3502004749-830363461-1005Core.job
[2013/10/14 23:35:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-353934349-3502004749-830363461-1004UA.job
[2013/10/14 22:22:52 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-353934349-3502004749-830363461-1000UA.job
[2013/10/13 10:27:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/12 09:01:30 | 000,732,638 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/12 09:01:30 | 000,633,016 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/12 09:01:30 | 000,112,970 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/12 07:35:48 | 000,161,724 | ---- | M] () -- C:\Users\Niyazi Mustafa\Documents\_OTL.zip
[2013/10/11 17:38:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Niyazi Mustafa\Desktop\OTL.exe
[2013/10/11 17:37:28 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/10/11 17:35:38 | 001,048,960 | ---- | M] () -- C:\Users\Niyazi Mustafa\Desktop\adwcleaner.exe
[2013/10/11 05:22:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-353934349-3502004749-830363461-1000Core.job
[2013/10/10 06:59:21 | 000,002,453 | ---- | M] () -- C:\Users\Niyazi Mustafa\Desktop\Google Chrome.lnk
[2013/10/09 19:15:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-353934349-3502004749-830363461-1003Core.job
[2013/10/08 22:28:13 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/08 22:28:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/08 22:27:47 | 017,813,896 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/10/07 12:11:00 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-353934349-3502004749-830363461-1005UA.job
[2013/10/07 06:16:00 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/07 06:11:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-353934349-3502004749-830363461-1005Core.job
[2013/10/05 17:13:56 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/09/27 12:35:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-353934349-3502004749-830363461-1004Core.job
[2013/09/26 08:11:26 | 000,001,346 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/09/25 22:45:11 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/09/17 21:43:50 | 000,430,080 | ---- | M] (Sweesh LTD) -- C:\Windows\SysNative\webmakerplus64.dll
[2013/09/17 21:41:42 | 000,364,544 | ---- | M] (Sweesh LTD) -- C:\Windows\SysWow64\webmakerplus.dll
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/12 07:37:30 | 000,161,724 | ---- | C] () -- C:\Users\Niyazi Mustafa\Documents\_OTL.zip
[2013/10/11 17:35:21 | 001,048,960 | ---- | C] () -- C:\Users\Niyazi Mustafa\Desktop\adwcleaner.exe
[2013/10/10 06:59:21 | 000,002,453 | ---- | C] () -- C:\Users\Niyazi Mustafa\Desktop\Google Chrome.lnk
[2013/10/07 12:16:57 | 000,020,480 | ---- | C] () -- C:\msg.db
[2013/10/07 06:16:00 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/05 17:13:56 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/09/26 08:11:26 | 000,001,358 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/09/26 08:11:26 | 000,001,346 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/09/26 07:46:20 | 000,001,071 | ---- | C] () -- C:\Users\Niyazi Mustafa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/09/25 22:45:11 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/09/13 15:12:08 | 000,002,176 | ---- | C] () -- C:\Windows\wininit.ini
[2012/06/22 23:11:08 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2012/06/22 23:11:08 | 000,107,064 | ---- | C] () -- C:\Windows\unins000.dat
[2012/06/03 16:11:09 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/05/30 18:34:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/29 21:02:50 | 000,002,455 | ---- | C] () -- C:\Users\Niyazi Mustafa\Google Chrome.lnk

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/14 02:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 06:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/14 02:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 14:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 14:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/14 02:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 23:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 06:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/09 05:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 14:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 14:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 13:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 07:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/14 02:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/14 02:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/14 02:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 14:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2013/07/18 20:33:12 | 000,023,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/07/18 20:33:12 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/14 02:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/14 02:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/14 02:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/14 02:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 18:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/14 02:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 12:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 07:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/14 02:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 14:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 14:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 14:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/14 02:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 14:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 14:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 13:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 14:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 14:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 13:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/14 02:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 06:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 14:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 14:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 14:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 14:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 14:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 14:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 14:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 14:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 13:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/14 02:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 23:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 14:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/14 02:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 14:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >
[2009/07/15 17:30:46 | 000,028,672 | R--- | M] (Microsoft Corporation) -- C:\setupSNK.exe

< MD5 for: EXPLORER.EXE >
[2013/05/16 10:58:12 | 003,859,928 | ---- | M] (Safer-Networking Ltd.) MD5=03250DB0886A23B1F6C077C5D9F152B0 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 22:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2013/09/03 14:53:56 | 000,558,864 | ---- | M] () MD5=4097D9DB7F5DB4533DDA8271136C9B7B -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/14 03:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/14 03:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/14 03:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/14 03:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/14 03:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/14 03:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PNG >
[2013/05/26 09:03:17 | 000,000,653 | ---- | M] () MD5=F4FFE88C8F84EE82D9EB026D42F449D4 -- C:\Users\Niyazi Mustafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.3_0\i\menu\services.png

< MD5 for: SERVICES.PTXML >
[2009/07/13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.SBS >
[2011/03/01 00:00:00 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files (x86)\Spybot - Search & Destroy 2\Includes\Services.sbs
[2011/03/01 08:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files (x86)\Spybot - Search & Destroy 2\Updates\Extracts\Services.sbs

< MD5 for: SERVICES.SBS-20110301.CAB >
[2013/09/26 08:13:00 | 000,041,248 | ---- | M] () MD5=149FF3413EED31253183D6E65E383138 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\Updates\Downloads\Services.sbs-20110301.cab

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< dir C:\ /S /A:L /C >
Volume in drive C is WINDOWS
Volume Serial Number is D094-FBF1
Directory of C:\
14/07/2009 06:08 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
14/07/2009 06:08 <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 06:08 <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 06:08 <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 06:08 <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 06:08 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 06:08 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
14/07/2009 06:08 <SYMLINKD> All Users [C:\ProgramData]
14/07/2009 06:08 <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
14/07/2009 06:08 <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 06:08 <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 06:08 <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 06:08 <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 06:08 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 06:08 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Ayse
29/05/2011 21:05 <JUNCTION> Application Data [C:\Users\Ayse\AppData\Roaming]
29/05/2011 21:05 <JUNCTION> Cookies [C:\Users\Ayse\AppData\Roaming\Microsoft\Windows\Cookies]
29/05/2011 21:05 <JUNCTION> Local Settings [C:\Users\Ayse\AppData\Local]
29/05/2011 21:05 <JUNCTION> My Documents [C:\Users\Ayse\Documents]
29/05/2011 21:05 <JUNCTION> NetHood [C:\Users\Ayse\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
29/05/2011 21:05 <JUNCTION> PrintHood [C:\Users\Ayse\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
29/05/2011 21:05 <JUNCTION> Recent [C:\Users\Ayse\AppData\Roaming\Microsoft\Windows\Recent]
29/05/2011 21:05 <JUNCTION> SendTo [C:\Users\Ayse\AppData\Roaming\Microsoft\Windows\SendTo]
29/05/2011 21:05 <JUNCTION> Start Menu [C:\Users\Ayse\AppData\Roaming\Microsoft\Windows\Start Menu]
29/05/2011 21:05 <JUNCTION> Templates [C:\Users\Ayse\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Ayse\AppData\Local
29/05/2011 21:05 <JUNCTION> Application Data [C:\Users\Ayse\AppData\Local]
29/05/2011 21:05 <JUNCTION> History [C:\Users\Ayse\AppData\Local\Microsoft\Windows\History]
29/05/2011 21:05 <JUNCTION> Temporary Internet Files [C:\Users\Ayse\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Ayse\Documents
29/05/2011 21:05 <JUNCTION> My Music [C:\Users\Ayse\Music]
29/05/2011 21:05 <JUNCTION> My Pictures [C:\Users\Ayse\Pictures]
29/05/2011 21:05 <JUNCTION> My Videos [C:\Users\Ayse\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
14/07/2009 06:08 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009 06:08 <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009 06:08 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
14/07/2009 06:08 <JUNCTION> My Documents [C:\Users\Default\Documents]
14/07/2009 06:08 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009 06:08 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009 06:08 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009 06:08 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009 06:08 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009 06:08 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
14/07/2009 06:08 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
14/07/2009 06:08 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009 06:08 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
14/07/2009 06:08 <JUNCTION> My Music [C:\Users\Default\Music]
14/07/2009 06:08 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
14/07/2009 06:08 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Emine
30/05/2011 08:20 <JUNCTION> Application Data [C:\Users\Emine\AppData\Roaming]
30/05/2011 08:20 <JUNCTION> Cookies [C:\Users\Emine\AppData\Roaming\Microsoft\Windows\Cookies]
30/05/2011 08:20 <JUNCTION> Local Settings [C:\Users\Emine\AppData\Local]
30/05/2011 08:20 <JUNCTION> My Documents [C:\Users\Emine\Documents]
30/05/2011 08:20 <JUNCTION> NetHood [C:\Users\Emine\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
30/05/2011 08:20 <JUNCTION> PrintHood [C:\Users\Emine\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
30/05/2011 08:20 <JUNCTION> Recent [C:\Users\Emine\AppData\Roaming\Microsoft\Windows\Recent]
30/05/2011 08:20 <JUNCTION> SendTo [C:\Users\Emine\AppData\Roaming\Microsoft\Windows\SendTo]
30/05/2011 08:20 <JUNCTION> Start Menu [C:\Users\Emine\AppData\Roaming\Microsoft\Windows\Start Menu]
30/05/2011 08:20 <JUNCTION> Templates [C:\Users\Emine\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Emine\AppData\Local
30/05/2011 08:20 <JUNCTION> Application Data [C:\Users\Emine\AppData\Local]
30/05/2011 08:20 <JUNCTION> History [C:\Users\Emine\AppData\Local\Microsoft\Windows\History]
30/05/2011 08:20 <JUNCTION> Temporary Internet Files [C:\Users\Emine\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Emine\Documents
30/05/2011 08:20 <JUNCTION> My Music [C:\Users\Emine\Music]
30/05/2011 08:20 <JUNCTION> My Pictures [C:\Users\Emine\Pictures]
30/05/2011 08:20 <JUNCTION> My Videos [C:\Users\Emine\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Niyazi Mustafa
29/05/2011 17:27 <JUNCTION> Application Data [C:\Users\Niyazi Mustafa\AppData\Roaming]
29/05/2011 17:27 <JUNCTION> Cookies [C:\Users\Niyazi Mustafa\AppData\Roaming\Microsoft\Windows\Cookies]
29/05/2011 17:27 <JUNCTION> Local Settings [C:\Users\Niyazi Mustafa\AppData\Local]
29/05/2011 17:27 <JUNCTION> My Documents [C:\Users\Niyazi Mustafa\Documents]
29/05/2011 17:27 <JUNCTION> NetHood [C:\Users\Niyazi Mustafa\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
29/05/2011 17:27 <JUNCTION> PrintHood [C:\Users\Niyazi Mustafa\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
29/05/2011 17:27 <JUNCTION> Recent [C:\Users\Niyazi Mustafa\AppData\Roaming\Microsoft\Windows\Recent]
29/05/2011 17:27 <JUNCTION> SendTo [C:\Users\Niyazi Mustafa\AppData\Roaming\Microsoft\Windows\SendTo]
29/05/2011 17:27 <JUNCTION> Start Menu [C:\Users\Niyazi Mustafa\AppData\Roaming\Microsoft\Windows\Start Menu]
29/05/2011 17:27 <JUNCTION> Templates [C:\Users\Niyazi Mustafa\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Niyazi Mustafa\AppData\Local
29/05/2011 17:27 <JUNCTION> Application Data [C:\Users\Niyazi Mustafa\AppData\Local]
29/05/2011 17:27 <JUNCTION> History [C:\Users\Niyazi Mustafa\AppData\Local\Microsoft\Windows\History]
29/05/2011 17:27 <JUNCTION> Temporary Internet Files [C:\Users\Niyazi Mustafa\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Niyazi Mustafa\Documents
29/05/2011 17:27 <JUNCTION> My Music [C:\Users\Niyazi Mustafa\Music]
29/05/2011 17:27 <JUNCTION> My Pictures [C:\Users\Niyazi Mustafa\Pictures]
29/05/2011 17:27 <JUNCTION> My Videos [C:\Users\Niyazi Mustafa\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Ozay
30/05/2011 19:15 <JUNCTION> Application Data [C:\Users\Ozay\AppData\Roaming]
30/05/2011 19:15 <JUNCTION> Cookies [C:\Users\Ozay\AppData\Roaming\Microsoft\Windows\Cookies]
30/05/2011 19:15 <JUNCTION> Local Settings [C:\Users\Ozay\AppData\Local]
30/05/2011 19:15 <JUNCTION> My Documents [C:\Users\Ozay\Documents]
30/05/2011 19:15 <JUNCTION> NetHood [C:\Users\Ozay\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
30/05/2011 19:15 <JUNCTION> PrintHood [C:\Users\Ozay\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
30/05/2011 19:15 <JUNCTION> Recent [C:\Users\Ozay\AppData\Roaming\Microsoft\Windows\Recent]
30/05/2011 19:15 <JUNCTION> SendTo [C:\Users\Ozay\AppData\Roaming\Microsoft\Windows\SendTo]
30/05/2011 19:15 <JUNCTION> Start Menu [C:\Users\Ozay\AppData\Roaming\Microsoft\Windows\Start Menu]
30/05/2011 19:15 <JUNCTION> Templates [C:\Users\Ozay\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Ozay\AppData\Local
30/05/2011 19:15 <JUNCTION> Application Data [C:\Users\Ozay\AppData\Local]
30/05/2011 19:15 <JUNCTION> History [C:\Users\Ozay\AppData\Local\Microsoft\Windows\History]
30/05/2011 19:15 <JUNCTION> Temporary Internet Files [C:\Users\Ozay\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Ozay\Documents
30/05/2011 19:15 <JUNCTION> My Music [C:\Users\Ozay\Music]
30/05/2011 19:15 <JUNCTION> My Pictures [C:\Users\Ozay\Pictures]
30/05/2011 19:15 <JUNCTION> My Videos [C:\Users\Ozay\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
14/07/2009 06:08 <JUNCTION> My Music [C:\Users\Public\Music]
14/07/2009 06:08 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
14/07/2009 06:08 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
23/10/2011 20:40 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
23/10/2011 20:40 <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
23/10/2011 20:40 <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
23/10/2011 20:40 <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
23/10/2011 20:40 <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
23/10/2011 20:40 <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
23/10/2011 20:40 <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
23/10/2011 20:40 <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
23/10/2011 20:40 <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
23/10/2011 20:40 <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
23/10/2011 20:40 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
23/10/2011 20:40 <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
23/10/2011 20:40 <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
23/10/2011 20:40 <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
23/10/2011 20:40 <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
23/10/2011 20:40 <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile
23/10/2011 20:40 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
23/10/2011 20:40 <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
23/10/2011 20:40 <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
23/10/2011 20:40 <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
23/10/2011 20:40 <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
23/10/2011 20:40 <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
23/10/2011 20:40 <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
23/10/2011 20:40 <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
23/10/2011 20:40 <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
23/10/2011 20:40 <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
23/10/2011 20:40 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
23/10/2011 20:40 <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
23/10/2011 20:40 <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
23/10/2011 20:40 <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
23/10/2011 20:40 <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
23/10/2011 20:40 <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
130 Dir(s) 48,297,291,776 bytes free

< End of report >
  • 0

#14
aliboy66

aliboy66

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
Extra


OTL Extras logfile created on: 10/15/2013 4:12:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Niyazi Mustafa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 62.67% Memory free
5.74 Gb Paging File | 3.95 Gb Available in Paging File | 68.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.41 Gb Total Space | 44.85 Gb Free Space | 30.01% Space Free | Partition Type: NTFS
Drive D: | 148.28 Gb Total Space | 141.13 Gb Free Space | 95.18% Space Free | Partition Type: NTFS

Computer Name: NIYAZIMUSTAFA | User Name: Niyazi Mustafa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E49853-8840-478B-8345-F49AD9FCF85A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0E8DC91D-CEA5-4D35-8BDF-03BDA1339745}" = rport=137 | protocol=17 | dir=out | app=system |
"{2AA23316-87FC-4EA1-B268-A73D5FF5D23B}" = rport=445 | protocol=6 | dir=out | app=system |
"{2B5E0EF4-D123-4588-8540-F11461245904}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2D7DA8D3-D4A0-4B57-B544-962C72DE520F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2EFFC24A-3902-4A88-9C0F-7BB4AE5E2220}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{33E1534A-6889-4B73-B0E1-9BEA60FE091B}" = lport=137 | protocol=17 | dir=in | app=system |
"{392F737D-E143-42E2-A53B-F85BC8F038D1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3E072E55-FD96-40EE-A9E0-2A41A9CE4C2F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3F14489F-808D-4FF2-B56A-546AEE821511}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4D2F2F38-7138-4102-9383-F36FECDC4A84}" = lport=445 | protocol=6 | dir=in | app=system |
"{592D8963-4578-49DE-AF6C-F1EF96FDEA71}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5C103E45-6C64-4BCE-A87F-84D085FD611E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5D260D61-5252-4BC3-848E-D4F33EF3B50C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6BA5D06C-98DB-4618-A61B-E0953EF1A81E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6FFCDA1F-0E87-4BB8-8C4E-B9F2E610895E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{70BF44EC-826D-4BB8-935E-540612A71F8C}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{76BB9DA2-6243-4F7C-B32F-E7E99F48DF69}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8204FC00-4D2F-4F3A-8407-138385B46FFD}" = rport=139 | protocol=6 | dir=out | app=system |
"{830D3BD4-060A-4730-9A24-127CDBFE3F50}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{839739C8-3FA1-4D5D-A9CF-8E458E018E15}" = lport=139 | protocol=6 | dir=in | app=system |
"{86074961-F1BA-47F4-92B8-47281340AABD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C0B62CD-71EF-419B-A54A-F7BD52965F94}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8F3B74CB-E88B-4F85-8D92-EF273CF8F277}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{914FFFA9-157E-4699-9FCF-AE590434A147}" = lport=138 | protocol=17 | dir=in | app=system |
"{94C97C63-C701-41F2-B649-ECB9F47F04A2}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{976C6AAC-5037-46D7-BDDF-6531BE0A4506}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9A08BAB3-EB59-48FF-A6C3-401E20D2C007}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9B85915E-8A23-4705-A33C-FC1A2DAEB6B1}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{A57C7C68-E826-4CF1-952F-7FE900F930CA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{A765E05E-7C30-43CF-B86B-421A28F14666}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF1234FE-0AA7-4A54-9992-7AEE95B2229B}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{B25DFE15-9F03-4403-ADF3-DF8AC6B04524}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BEC3328B-1DD9-432E-8DF1-5A7B0F2B5630}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{BF71C625-ED83-481E-A41E-E50BCD2691C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C6D67301-9CA5-4086-BF13-AA5579518B70}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D1146C90-EE5C-474E-8EB6-B5A96F6E38E2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D43976E8-CF91-4D2D-8455-A94AAC1A37D4}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{D85AEA08-0F96-479C-A8FB-F1AE80E2405D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E0DB5EB0-F0F2-4E94-8F46-BD6536BE15B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EA2CDA62-C2A2-4A0F-9DD5-BC750314C942}" = rport=138 | protocol=17 | dir=out | app=system |
"{EC9273B3-8CEE-4313-B8D6-9D2C3C2215E1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FA28FE18-22B8-4C68-B2C9-6B0903506A9E}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B058A57-5188-4C7E-B42B-3BD648ACC20A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{126EE80C-AE2B-4D27-B9C8-EB8458713893}" = protocol=17 | dir=in | app=c:\program files (x86)\sports interactive\football manager 2011\fm.exe |
"{15357C3C-2B1B-425D-BC1C-29085C2FD10F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{1EAB7E7B-EED1-41A6-8351-B455781CEE35}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{222F1AEF-C2A9-4988-A0BC-36D42912B43C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2279C289-9889-401F-B6BF-CB5D6103F3C4}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{29A01031-C125-4D0A-B283-15C794AE6474}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{2E63B8FD-8574-4B53-9E14-0E99885B8834}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{3AF7CC35-5FB7-492F-8336-15B43D0634CE}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{4B13FEA7-6451-4970-A850-580CBBC69127}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{4D254DCF-EA91-450D-BA93-2424AF55763C}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{557DDD83-0362-4C40-AE6E-6116BE310506}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{5958F778-3A2E-471B-9563-E25DB32805F3}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{5BA5C355-C1EF-4BCB-8964-53F36492C030}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{5BF9D867-FA91-4264-B490-138740550371}" = protocol=6 | dir=in | app=c:\program files (x86)\sports interactive\football manager 2011\fm.exe |
"{5C01773F-2E34-4781-966C-46FFC464A7E5}" = protocol=1 | dir=in | [email protected],-28543 |
"{5F7FC62F-1803-43BA-882F-9DF039ED70EC}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{5FB07470-BB9E-40DA-9145-B6B88F86AE93}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{697B5D27-F095-4C40-BDB5-464F4266C560}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{71ABB719-216D-42C3-9554-DF219867F75F}" = protocol=58 | dir=out | [email protected],-28546 |
"{71AE8994-C198-49C5-9823-8630E4E2F7AD}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{721FBDD6-36BD-4E5B-9A2A-0E3BD95805A2}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{7B03C5A9-BE59-4AE6-9E84-6AB8C758005C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7B1DE8AF-E21D-4421-9759-051B2935C0E1}" = protocol=6 | dir=out | app=system |
"{7B77AC99-83D0-4E77-9BBA-EC00BEB84F26}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{7C40BF90-35C2-47B5-8A33-C6CBA9CA9E8F}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{812AFF98-91C4-4A08-98CC-23012D14B88B}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{81E1547E-FCD9-4B03-A2F9-5FB39B731120}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{82AA797A-4F23-4D9C-8D43-0B5A49B9C99C}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{86FF9C30-97EC-4E3B-953C-78342DDC7CEF}" = protocol=1 | dir=out | [email protected],-28544 |
"{87C6D417-6A4A-4F0D-B670-E97CE21D701E}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe |
"{8E802960-622A-4123-AF65-75C7D6DBA41F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8FFFA684-522E-4F81-8BD9-9DC5F20918AB}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |
"{90D3A6F6-BCEF-4DDF-AD11-E6243DAB6F94}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{912812C2-A2A7-47B6-A1DD-7C29D8A52B91}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{92CA101C-2C5C-4776-8CF0-ED91D196D862}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9465A3D0-6223-41DD-900E-3DCCA09932EA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{99188AD8-ECC4-4358-B27A-B9AC410D378B}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{9A558212-4AE1-4DAD-9ECC-D3A63914F53C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9A6CB217-9B7A-47CB-8E1F-384FEE497A24}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{9B4D40FE-CFA9-4C00-AA75-886F152E826E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9F9720B2-28DB-4FCD-BB66-9706BD90D553}" = protocol=17 | dir=in | app=c:\users\emine\appdata\roaming\utorrent\utorrent.exe |
"{A7F5E441-5CE0-486C-A2F2-8D65B30220C0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A82638B8-5C7C-46C4-87DE-787BFC597FFE}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{A93FDDC6-EECB-4890-A560-DA79E12FEEF7}" = protocol=6 | dir=in | app=c:\users\emine\appdata\roaming\utorrent\utorrent.exe |
"{AFCB89AC-84EA-4105-A075-66DDCC47181E}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{B0F0EB9C-C2CC-438C-9E19-2BEC5EF4D026}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B40ABD3F-23B4-4260-A3BF-D656BD16889D}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{B4AD9530-F394-4164-B8EE-CD2978D12403}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BA1CE6A3-4248-4855-8071-F71C543ED6EE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BE684964-BBA4-4790-9A3D-EF63A6121FE7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C00D22B9-D5D3-4E67-8DAD-FD1A3B93287E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C3936C12-DE5D-443C-A5E7-EABAC176663A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C4E5ED17-F288-4965-8E94-945761D3D934}" = protocol=58 | dir=in | [email protected],-28545 |
"{C84D5C38-495F-4E16-9376-39B4AEEDA546}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C86E9DB9-1EB2-4280-9B8D-045C6B019C0E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C9F1EBB6-8754-4976-952B-8EDFB7C80ED0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D24C4807-643C-4B5F-A263-7B45F4373739}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D95E6075-A8F8-4DD9-8FFC-ECBDA6379E05}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{DC0D9315-17D6-4CCA-A9C2-9EC1288A65E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DF621A84-CE38-4AF5-8B9A-708436C705CA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EAACFBD9-092D-4BBD-9F75-744A4351C9AD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EF19BE81-3159-4245-903F-30DDB811CD63}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{F1FCE4C7-0FD2-4618-A177-EF3AAED12ABA}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{F646FF2B-801F-44C3-93C2-E96A42FA18D6}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{FBF18061-01C6-4EFB-A857-E6C97C2091B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD66D76C-1C07-4ADC-9017-9721E9321204}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{44ED09E0-2889-448A-AF2D-5B930242EFE6}C:\users\emine\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\emine\desktop\utorrent.exe |
"TCP Query User{70544311-479F-4871-81A4-01906E2DE926}C:\users\emine\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\emine\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"TCP Query User{E00AE088-6742-4F5B-952F-6C2FB6395FAD}C:\users\emine\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\emine\downloads\utorrent.exe |
"UDP Query User{3DC38FAB-3F70-42F8-9236-789EB9AFE81C}C:\users\emine\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\emine\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"UDP Query User{B1EC997C-C3C8-48ED-BB68-08BCCA1B1402}C:\users\emine\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\emine\downloads\utorrent.exe |
"UDP Query User{E55F15CD-0924-4509-9994-35E3E1AF0724}C:\users\emine\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\emine\desktop\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{237D687E-9E50-4A30-B810-262764CC491B}" = Garmin Communicator Plugin x64
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{3DB84568-DD0E-401F-BC21-CE24720A0C5B}" = Microsoft Security Client
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{A535111D-95C8-487F-869E-CE4C239972D2}" = iTunes
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}" = iCloud
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{0A844D8F-A965-11E2-9E77-B8AC6F98CCE3}" = Google Earth
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{232F1B14-7126-491F-AC8C-6123BA58FDE2}" = QuickShare
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{49CFD5D9-0556-4037-B7D6-E13ED4BEA4C5}" = Football Manager 2006
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{607BE7BF-7C28-4ADB-A4A0-385962B901C3}" = TOSHIBA ConfigFree
"{647BB978-2876-487B-9B0E-FDB73F0EA4A2}" = Garmin Communicator Plugin
"{65135558-F1AE-4B9B-8C0B-180730ACA261}" = Garmin Express
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{876AB032-B2A4-41FF-AF87-DBC78454C1B0}" = Garmin Update Service
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9168d95f-e754-422e-acde-f2b098122816}" = Nero 9 Essentials
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93765DFA-8A67-41FB-9FC0-B12341CA65F3}" = Elevated Installer
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA0961E-FCFE-EEF2-04AA-32631F7CEC9E}" = Photo Service - powered by myphotobook
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}" = Amazon.co.uk
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C233BCC3-29C4-49C0-B955-0A94509FC4FC}" = Garmin Express Tray
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{e47a5c85-88a2-47d2-b380-fc2e763c2e6d}" = Garmin Express
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FDE58148-57E7-43BF-879A-29CCE818C078}" = eBay
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook
"Football Manager 2011" = Football Manager 2011
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"LyricsShow[email protected]" = LyricsShow
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"PrintProjects" = PrintProjects
"WebMakerPlus" = WebMakerPlus
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-353934349-3502004749-830363461-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"3293382625.go.sky.com" = Sky Go Desktop
"ActiveTouchMeetingClient" = WebEx
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/14/2013 2:07:29 AM | Computer Name = NiyaziMustafa | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(6c:c2:6b:2b:7c:[email protected]::6ec2:6bff:fe2b:7c07._apple-mobdev._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 10/14/2013 4:45:37 PM | Computer Name = NiyaziMustafa | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.5:5353 23 5.1.168.192.in-addr.arpa.
PTR NiyaziMustafa-2.local.

Error - 10/14/2013 4:45:37 PM | Computer Name = NiyaziMustafa | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 21 5.1.168.192.in-addr.arpa.
PTR NiyaziMustafa.local.

Error - 10/14/2013 4:47:58 PM | Computer Name = NiyaziMustafa | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 10.0.9200.16686 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1ac0 Start
Time: 01cec91e90ded816 Termination Time: 46 Application Path: C:\Program Files (x86)\Internet
Explorer\IEXPLORE.EXE Report Id:

Error - 10/14/2013 6:34:22 PM | Computer Name = NiyaziMustafa | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.5:5353 23 5.1.168.192.in-addr.arpa.
PTR NiyaziMustafa-2.local.

Error - 10/14/2013 6:34:22 PM | Computer Name = NiyaziMustafa | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 21 5.1.168.192.in-addr.arpa.
PTR NiyaziMustafa.local.

Error - 10/14/2013 6:34:35 PM | Computer Name = NiyaziMustafa | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.5:5353 23 5.1.168.192.in-addr.arpa.
PTR NiyaziMustafa-2.local.

Error - 10/14/2013 6:34:35 PM | Computer Name = NiyaziMustafa | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 21 5.1.168.192.in-addr.arpa.
PTR NiyaziMustafa.local.

Error - 10/15/2013 10:44:59 AM | Computer Name = NiyaziMustafa | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.5:5353 23 5.1.168.192.in-addr.arpa.
PTR NiyaziMustafa-2.local.

Error - 10/15/2013 10:44:59 AM | Computer Name = NiyaziMustafa | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 21 5.1.168.192.in-addr.arpa.
PTR NiyaziMustafa.local.

[ Media Center Events ]
Error - 7/23/2011 1:27:31 AM | Computer Name = NiyaziMustafa | Source = MCUpdate | ID = 0
Description = 06:27:31 - Error connecting to the internet. 06:27:31 - Unable
to contact server..

Error - 7/23/2011 1:27:41 AM | Computer Name = NiyaziMustafa | Source = MCUpdate | ID = 0
Description = 06:27:36 - Error connecting to the internet. 06:27:36 - Unable
to contact server..

Error - 1/21/2012 7:23:56 PM | Computer Name = NiyaziMustafa | Source = MCUpdate | ID = 0
Description = 23:23:56 - Error connecting to the internet. 23:23:56 - Unable
to contact server..

Error - 1/21/2012 7:24:31 PM | Computer Name = NiyaziMustafa | Source = MCUpdate | ID = 0
Description = 23:24:26 - Error connecting to the internet. 23:24:26 - Unable
to contact server..

Error - 2/15/2013 2:07:30 AM | Computer Name = NiyaziMustafa | Source = MCUpdate | ID = 0
Description = 06:07:29 - Error connecting to the internet. 06:07:29 - Unable
to contact server..

[ System Events ]
Error - 10/14/2013 6:35:00 PM | Computer Name = NiyaziMustafa | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Scanner Service service failed to start due to the
following error: %%1053

Error - 10/14/2013 6:35:43 PM | Computer Name = NiyaziMustafa | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D
2 Updating Service service to connect.

Error - 10/14/2013 6:35:43 PM | Computer Name = NiyaziMustafa | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Updating Service service failed to start due to the
following error: %%1053

Error - 10/15/2013 10:45:24 AM | Computer Name = NiyaziMustafa | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D
2 Scanner Service service to connect.

Error - 10/15/2013 10:45:24 AM | Computer Name = NiyaziMustafa | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Scanner Service service failed to start due to the
following error: %%1053

Error - 10/15/2013 10:46:15 AM | Computer Name = NiyaziMustafa | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D
2 Updating Service service to connect.

Error - 10/15/2013 10:46:15 AM | Computer Name = NiyaziMustafa | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Updating Service service failed to start due to the
following error: %%1053

Error - 10/15/2013 10:55:14 AM | Computer Name = NiyaziMustafa | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.159.2173.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9901.0 Error
code: 0x80244004 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 10/15/2013 10:44:35 AM | Computer Name = NiyaziMustafa | Source = EventLog | ID = 6008
Description = The previous system shutdown at 16:10:16 on ?15/?10/?2013 was unexpected.

Error - 10/15/2013 10:55:20 AM | Computer Name = NiyaziMustafa | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.159.2173.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9901.0 Error
code: 0x80244004 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.


< End of report >
  • 0

#15
aliboy66

aliboy66

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
Hi Teima my computer seams OK on my settings but yesterday I went on all the others just to see how things are,well they get all the popups all the fake alerts, since I have been corresponding with you the only person using this computer is me just letting you know
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP