Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

svchost.exe virus/malware

Started by JohnSheen , Nov 14 2013 04:08 PM

  • Please log in to reply

#1
JohnSheen
Posted 14 November 2013 - 04:08 PM

JohnSheen

    Member

  • Member
  • PipPip
  • 62 posts
Hello dear members of Geeks To Go community and malware fighters,

My name is John,

Let me give you a little description first of all, I was using a DAW software and was trying to load some samples (big ones) then I get the message that there is not enough memory to proceed. And I began looking into the Task Manager to see if there are programs eating up my memory. There I saw many tasks named svchost.exe. And they are eating up to 500mb of memory even when idle. Also recently my computer slowed down enough to irritate me even if not fatal, but I thought that was because of the music sample libraries I began to use. Alas, the performance loss and the slower internet bade me to go make some research and I found out that this is a virus using the name of svchost application which should normally use around 11mb memory at most.

I did not apply any kind of web-based solution to attempt to remove the virus. I'm hoping you guys help me figure out the real problem and solve it.

My System specs are,

16gb RAM
i7 2600 cpu
2tb hdd
hd 5850



and here is the OTL log as requested;

OTL log:


OTL logfile created on: 14.11.2013 23:49:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ahmet\Desktop\malware fight
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041f | Country: Türkiye | Language: TRK | Date Format: dd.MM.yyyy

15,98 Gb Total Physical Memory | 12,63 Gb Available Physical Memory | 79,03% Memory free
31,96 Gb Paging File | 28,52 Gb Available in Paging File | 89,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 961,93 Gb Total Space | 635,56 Gb Free Space | 66,07% Space Free | Partition Type: NTFS
Drive D: | 900,99 Gb Total Space | 314,33 Gb Free Space | 34,89% Space Free | Partition Type: NTFS
Drive G: | 2,73 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: AHMET-CASPER | User Name: Ahmet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.11.14 23:47:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ahmet\Desktop\malware fight\OTL.exe
PRC - [2013.11.11 15:37:52 | 002,349,392 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2013.10.28 10:06:40 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.10.09 02:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.10.01 14:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013.09.16 05:13:34 | 000,460,344 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
PRC - [2013.08.13 03:34:11 | 000,439,360 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2013.05.21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.03.12 06:32:58 | 000,506,744 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012.02.28 16:20:02 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012.02.28 16:19:56 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2013.10.09 02:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
MOD - [2013.10.09 02:02:42 | 013,584,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
MOD - [2013.10.09 02:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013.10.09 02:01:50 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
MOD - [2013.10.09 02:01:49 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
MOD - [2013.10.09 02:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
MOD - [2013.09.16 05:13:34 | 000,460,344 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
MOD - [2013.09.14 19:06:12 | 000,597,504 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
MOD - [2013.09.14 19:05:52 | 000,215,552 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll
MOD - [2013.09.14 19:05:42 | 000,127,488 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll
MOD - [2013.09.14 19:05:36 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
MOD - [2013.09.14 19:05:30 | 000,056,832 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll
MOD - [2013.07.15 19:29:04 | 000,620,718 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2012.05.30 16:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON 360 PREMIER EDITION\ENGINE\20.4.0.40\wincfi39.dll
MOD - [2010.01.21 00:34:10 | 008,793,952 | ---- | M] () -- C:\PROGRA~2\MICROS~1\Office14\1033\GrooveIntlResource.dll
MOD - [2010.01.09 19:18:18 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf


========== Services (SafeList) ==========

SRV:64bit: - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013.03.29 03:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.02.02 21:29:52 | 000,628,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.11.11 15:37:48 | 002,756,944 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013.11.05 21:56:00 | 004,673,992 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2013.10.28 10:06:40 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.10.11 11:51:18 | 000,377,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013.10.01 14:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013.09.05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.07.10 03:56:22 | 000,559,016 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.05.21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.06 19:29:12 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2013.04.04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.02.04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012.02.28 16:20:02 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.02.28 16:19:56 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.08.04 23:25:50 | 000,091,984 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.10.31 23:15:49 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013.08.14 20:22:22 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013.05.23 07:25:28 | 001,139,800 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2013.05.21 07:02:00 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\SymDS64.sys -- (SymDS)
DRV:64bit: - [2013.05.16 07:02:14 | 000,796,760 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013.05.07 17:04:28 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013.04.25 02:43:56 | 000,433,752 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013.04.16 04:41:14 | 000,169,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013.04.04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.03.29 04:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013.03.29 03:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013.03.05 03:40:08 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2013.03.05 03:21:35 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013.02.14 13:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013.01.31 23:38:38 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013.01.31 23:38:38 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013.01.31 23:15:20 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013.01.31 23:10:36 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013.01.31 23:10:36 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013.01.31 23:10:36 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013.01.31 23:10:36 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.12.13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.11.17 07:22:26 | 000,105,624 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2012.08.29 12:50:38 | 000,057,408 | ---- | M] (MusicLab, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mlkumidi.sys -- (mlkumidi)
DRV:64bit: - [2011.11.10 00:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.09.29 11:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.08.21 05:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010.04.13 15:05:10 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.04.28 11:03:46 | 000,047,160 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmdTools64.sys -- (AmdTools64)
DRV - [2013.10.31 16:51:24 | 000,521,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20131113.002\IDSviA64.sys -- (IDSVia64)
DRV - [2013.10.31 11:32:40 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131114.002\ex64.sys -- (NAVEX15)
DRV - [2013.10.31 11:32:40 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013.10.31 11:32:40 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013.10.31 11:32:40 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131114.002\eng64.sys -- (NAVENG)
DRV - [2013.10.22 23:20:58 | 001,524,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131101.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013.09.16 05:13:04 | 000,010,568 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.tr/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = tr-TR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BD DF D9 48 EC 40 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Ahmet\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF [2013.11.01 14:02:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\ [2013.11.14 16:07:28 | 000,000,000 | ---D | M]

[2013.05.07 16:09:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ahmet\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2013.04.11 17:54:38 | 000,197,614 | ---- | M] () (No name found) -- C:\Users\Ahmet\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
[2012.07.31 13:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\Ahmet\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
[2013.05.07 16:09:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Raidcall plugin (Disabled) = C:\Users\Ahmet\AppData\Roaming\raidcall\plugins\nprcplugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Dragon Age Legends: Remix 01 = C:\Users\Ahmet\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkiinhllammkfejicmjmhnanlbifccfj\3_0\
CHR - Extension: AdBlock = C:\Users\Ahmet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0\
CHR - Extension: Norton Identity Protection = C:\Users\Ahmet\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.0.27_0\
CHR - Extension: Google C\u00FCzdan = C:\Users\Ahmet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Canvas Rider = C:\Users\Ahmet\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk\0.71_0\

O1 HOSTS File: ([2013.08.26 18:00:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Daemon Tools\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.25.83.11 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5868A4A-5AB4-4A1F-B99D-9F23584CD0E6}: DhcpNameServer = 85.25.83.11 8.8.8.8
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.11.14 21:11:51 | 000,000,000 | ---D | C] -- C:\Users\Ahmet\Desktop\pluginler
[2013.11.14 16:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013.11.14 16:03:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013.11.13 22:15:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2013.11.13 21:49:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image-Line
[2013.11.13 16:35:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.11.13 16:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.11.13 16:35:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.11.10 22:24:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\East West
[2013.11.10 22:09:13 | 000,000,000 | ---D | C] -- C:\Users\Ahmet\Documents\Image-Line
[2013.11.10 21:53:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASIO4ALL v2
[2013.11.10 20:34:38 | 000,000,000 | ---D | C] -- C:\Users\Ahmet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\East West Symphonic Choirs
[2013.11.10 20:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\East West Symphonic Choirs
[2013.11.10 12:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Digidesign
[2013.11.10 12:03:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PACE Anti-Piracy
[2013.11.10 11:54:16 | 000,000,000 | ---D | C] -- C:\Users\Ahmet\Documents\Play
[2013.11.10 11:40:20 | 000,000,000 | ---D | C] -- C:\Users\Ahmet\AppData\Roaming\PACE Anti-Piracy
[2013.11.10 11:40:20 | 000,000,000 | ---D | C] -- C:\Users\Ahmet\AppData\Local\PACE Anti-Piracy
[2013.11.10 11:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2013.11.10 11:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PACE Anti-Piracy
[2013.11.09 18:17:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VstPlugins
[2013.11.09 18:17:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outsim
[2013.11.09 00:51:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steinberg
[2013.11.09 00:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EastWest
[2013.11.09 00:51:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2013.11.09 00:51:08 | 000,000,000 | ---D | C] -- C:\Program Files\EastWest
[2013.11.09 00:51:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\East West
[2013.11.09 00:51:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Avid
[2013.11.09 00:24:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.11.08 23:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\East West
[2013.11.07 22:08:09 | 000,000,000 | ---D | C] -- C:\Users\Ahmet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\East West EWQLSO Gold Edition
[2013.11.07 22:08:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\East West EWQLSO Gold Edition
[2013.11.06 20:20:44 | 000,000,000 | ---D | C] -- C:\Users\Ahmet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2013.11.06 20:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2013.11.06 20:20:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[2013.11.06 20:20:33 | 000,000,000 | ---D | C] -- C:\Users\Ahmet\AppData\Roaming\FlowStone
[2013.11.06 20:20:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DSPRobotics
[2013.11.06 19:48:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steinberg
[2013.11.01 00:22:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
[2013.11.01 00:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2013.10.31 23:24:03 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.10.31 23:15:49 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013.10.31 23:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013.10.31 23:15:28 | 001,139,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\SymEFA64.sys
[2013.10.31 23:15:28 | 000,796,760 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys
[2013.10.31 23:15:28 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\SymDS64.sys
[2013.10.31 23:15:28 | 000,433,752 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys
[2013.10.31 23:15:28 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\Ironx64.sys
[2013.10.31 23:15:28 | 000,169,048 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccSetx64.sys
[2013.10.31 23:15:28 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys
[2013.10.31 23:15:28 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\SymELAM.sys
[2013.10.31 23:15:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2013.10.31 23:15:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1404000.028
[2013.10.31 23:15:13 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 Premier Edition
[2013.10.31 23:15:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360 Premier Edition
[2013.10.31 23:15:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013.10.31 22:54:05 | 000,000,000 | ---D | C] -- C:\Users\Ahmet\Desktop\NORTON
[2013.10.29 17:14:59 | 000,000,000 | ---D | C] -- C:\Users\Ahmet\AppData\Roaming\Guild Wars 2
[2013.10.29 00:07:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity
[2013.10.28 23:30:04 | 000,000,000 | ---D | C] -- C:\Users\Ahmet\AppData\Roaming\Audacity
[2013.10.28 23:29:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2013.10.28 23:26:24 | 000,000,000 | ---D | C] -- C:\Users\Ahmet\Desktop\wav files
[2013.10.28 10:06:33 | 000,000,000 | ---D | C] -- C:\Users\Ahmet\AppData\Local\PunkBuster
[2013.10.28 10:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2013.10.28 09:56:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
[2013.10.27 09:22:57 | 000,000,000 | ---D | C] -- C:\Users\Ahmet\AppData\Local\SKIDROW
[2013.10.27 09:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WB Games
[2013.10.19 21:54:03 | 000,000,000 | ---D | C] -- C:\Users\Ahmet\AppData\Roaming\GameRanger
[2013.10.17 11:20:58 | 000,000,000 | ---D | C] -- C:\Users\Ahmet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[2 C:\Users\Ahmet\Desktop\*.tmp files -> C:\Users\Ahmet\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.11.14 23:38:20 | 000,007,602 | ---- | M] () -- C:\Users\Ahmet\AppData\Local\Resmon.ResmonCfg
[2013.11.14 23:18:00 | 000,001,018 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.11.14 20:40:50 | 000,001,130 | ---- | M] () -- C:\Users\Ahmet\Desktop\EWQLSO Gold Edition.lnk
[2013.11.14 17:18:00 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.11.14 16:12:47 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.11.14 16:12:47 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.11.14 16:05:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.11.14 16:04:52 | 4280,934,398 | -HS- | M] () -- C:\hiberfil.sys
[2013.11.14 16:01:57 | 000,502,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.11.13 22:15:41 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013.11.13 21:52:34 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\FL Studio 10.lnk
[2013.11.13 20:35:56 | 000,015,370 | ---- | M] () -- C:\Users\Ahmet\Desktop\FL Studio 10.torrent
[2013.11.11 17:32:02 | 001,569,902 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.11.11 17:32:02 | 000,657,090 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2013.11.11 17:32:02 | 000,654,354 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.11.11 17:32:02 | 000,138,610 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2013.11.11 17:32:02 | 000,121,226 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.11.10 22:54:36 | 002,051,022 | ---- | M] () -- C:\Users\Ahmet\Desktop\Ahmet Can Şen Orkestral Kısa Versiyon.mp3
[2013.11.10 22:53:23 | 033,902,002 | ---- | M] () -- C:\Users\Ahmet\Desktop\modern çalışmalar.wav
[2013.11.10 22:45:15 | 000,001,145 | ---- | M] () -- C:\Users\Ahmet\Desktop\Symphonic Choirs.lnk
[2013.11.05 21:56:00 | 004,673,992 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2013.11.03 15:22:14 | 000,000,031 | ---- | M] () -- C:\Windows\progress
[2013.10.31 23:16:03 | 001,721,889 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\Cat.DB
[2013.10.31 23:15:49 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013.10.31 23:15:49 | 000,007,631 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013.10.31 23:15:49 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013.10.31 23:15:44 | 000,002,571 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013.10.31 21:21:50 | 000,017,830 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\VT20131031.017
[2013.10.29 15:01:16 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.10.29 00:07:58 | 009,600,895 | ---- | M] () -- C:\Users\Ahmet\Desktop\Ambient Piano Music.mp3
[2013.10.29 00:02:32 | 115,200,242 | ---- | M] () -- C:\Users\Ahmet\Desktop\ambient piano music 1.wav
[2013.10.28 23:56:33 | 018,502,317 | ---- | M] () -- C:\Users\Ahmet\Desktop\naturesounds.ogg
[2013.10.28 23:47:43 | 171,648,124 | ---- | M] () -- C:\Users\Ahmet\Desktop\piano ambient 2.wav
[2013.10.28 23:29:59 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Audacity.lnk
[2013.10.28 22:46:16 | 001,858,661 | ---- | M] () -- C:\Users\Ahmet\Desktop\calm thunderstorm.ogg
[2013.10.28 10:06:40 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.10.28 10:05:22 | 000,000,331 | ---- | M] () -- C:\Windows\game.ini
[2013.10.23 20:44:10 | 000,052,068 | ---- | M] () -- C:\Users\Ahmet\Desktop\kimya ws2.jpg
[2013.10.23 20:07:57 | 000,052,647 | ---- | M] () -- C:\Users\Ahmet\Desktop\kimya ws.jpg
[2013.10.19 21:54:10 | 000,001,074 | ---- | M] () -- C:\Users\Ahmet\Desktop\GameRanger.lnk
[2013.10.19 11:21:36 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.10.18 20:02:58 | 889,020,604 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.10.17 11:21:03 | 000,001,090 | ---- | M] () -- C:\Users\Ahmet\Desktop\MSI Afterburner.lnk
[2 C:\Users\Ahmet\Desktop\*.tmp files -> C:\Users\Ahmet\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.11.14 23:38:20 | 000,007,602 | ---- | C] () -- C:\Users\Ahmet\AppData\Local\Resmon.ResmonCfg
[2013.11.14 20:40:50 | 000,001,130 | ---- | C] () -- C:\Users\Ahmet\Desktop\EWQLSO Gold Edition.lnk
[2013.11.13 22:15:41 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013.11.13 22:15:41 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013.11.13 21:52:36 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\FL Studio 10.lnk
[2013.11.13 20:35:55 | 000,015,370 | ---- | C] () -- C:\Users\Ahmet\Desktop\FL Studio 10.torrent
[2013.11.10 22:54:31 | 002,051,022 | ---- | C] () -- C:\Users\Ahmet\Desktop\Ahmet Can Şen Orkestral Kısa Versiyon.mp3
[2013.11.10 22:45:15 | 000,001,145 | ---- | C] () -- C:\Users\Ahmet\Desktop\Symphonic Choirs.lnk
[2013.11.08 12:36:33 | 033,902,002 | ---- | C] () -- C:\Users\Ahmet\Desktop\modern çalışmalar.wav
[2013.11.04 22:35:51 | 000,001,304 | ---- | C] () -- C:\Users\Ahmet\Desktop\Notepad.lnk
[2013.11.03 15:30:46 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2013.11.03 15:22:07 | 000,000,031 | ---- | C] () -- C:\Windows\progress
[2013.11.01 14:02:26 | 000,017,830 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\VT20131031.017
[2013.10.31 23:15:51 | 001,721,889 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\Cat.DB
[2013.10.31 23:15:49 | 000,007,631 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013.10.31 23:15:49 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013.10.31 23:15:44 | 000,002,571 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013.10.31 23:15:23 | 000,003,434 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\SymEFA.inf
[2013.10.31 23:15:23 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\SymDS.inf
[2013.10.31 23:15:23 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\SymNet.inf
[2013.10.31 23:15:23 | 000,001,437 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.inf
[2013.10.31 23:15:23 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.inf
[2013.10.31 23:15:23 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symELAM.inf
[2013.10.31 23:15:23 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccSetx64.inf
[2013.10.31 23:15:23 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\Iron.inf
[2013.10.31 23:15:14 | 000,014,818 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\SymVTcer.dat
[2013.10.31 23:15:14 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\SymELAM64.cat
[2013.10.31 23:15:14 | 000,008,067 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnet64.cat
[2013.10.31 23:15:14 | 000,008,067 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.cat
[2013.10.31 23:15:14 | 000,008,063 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\SymDS64.cat
[2013.10.31 23:15:14 | 000,007,667 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.cat
[2013.10.31 23:15:14 | 000,007,593 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\iron.cat
[2013.10.31 23:15:14 | 000,007,589 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.cat
[2013.10.31 23:15:14 | 000,007,587 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\SymEFA64.cat
[2013.10.31 23:15:14 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\isolate.ini
[2013.10.29 00:07:35 | 009,600,895 | ---- | C] () -- C:\Users\Ahmet\Desktop\Ambient Piano Music.mp3
[2013.10.29 00:02:25 | 115,200,242 | ---- | C] () -- C:\Users\Ahmet\Desktop\ambient piano music 1.wav
[2013.10.28 23:56:32 | 018,502,317 | ---- | C] () -- C:\Users\Ahmet\Desktop\naturesounds.ogg
[2013.10.28 23:45:15 | 171,648,124 | ---- | C] () -- C:\Users\Ahmet\Desktop\piano ambient 2.wav
[2013.10.28 23:29:58 | 000,001,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013.10.28 23:29:58 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Audacity.lnk
[2013.10.28 22:46:16 | 001,858,661 | ---- | C] () -- C:\Users\Ahmet\Desktop\calm thunderstorm.ogg
[2013.10.28 10:05:22 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2013.10.23 20:44:07 | 000,052,068 | ---- | C] () -- C:\Users\Ahmet\Desktop\kimya ws2.jpg
[2013.10.23 20:07:38 | 000,052,647 | ---- | C] () -- C:\Users\Ahmet\Desktop\kimya ws.jpg
[2013.10.19 21:54:09 | 000,001,074 | ---- | C] () -- C:\Users\Ahmet\Desktop\GameRanger.lnk
[2013.10.19 21:54:09 | 000,001,060 | ---- | C] () -- C:\Users\Ahmet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
[2013.10.17 11:21:02 | 000,001,090 | ---- | C] () -- C:\Users\Ahmet\Desktop\MSI Afterburner.lnk
[2013.10.08 15:46:48 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.10.08 15:46:43 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.07.25 15:29:40 | 006,509,128 | ---- | C] () -- C:\Windows\SysWow64\SFrame.exe
[2013.07.20 00:04:52 | 000,000,000 | ---- | C] () -- C:\Users\Ahmet\__ng3d.lock
[2013.05.14 17:15:45 | 001,065,984 | ---- | C] () -- C:\Users\Ahmet\AppData\Local\file__0.localstorage
[2013.05.06 20:59:39 | 000,000,624 | -H-- | C] () -- C:\Program Files (x86)\Common Files\_Z3
[2013.05.06 20:53:51 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\_Z2
[2013.04.24 15:31:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.04.24 15:28:34 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013.04.24 15:28:34 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013.04.24 15:28:31 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013.04.24 15:28:31 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013.04.24 15:28:31 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2013.04.24 15:16:25 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013.04.24 15:16:24 | 004,078,592 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2013.04.24 15:16:24 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013.04.24 15:16:24 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013.04.24 15:16:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2013.04.24 15:16:24 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013.04.24 15:14:55 | 001,587,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.11.27 00:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.09.28 21:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2012.02.02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.08.16 22:53:53 | 000,000,000 | ---D | M] -- C:\Users\Ahmet\AppData\Roaming\.minecraft
[2013.08.27 10:48:14 | 000,000,000 | ---D | M] -- C:\Users\Ahmet\AppData\Roaming\Ableton
[2013.11.10 22:54:44 | 000,000,000 | ---D | M] -- C:\Users\Ahmet\AppData\Roaming\Audacity
[2013.05.30 20:16:17 | 000,000,000 | ---D | M] -- C:\Users\Ahmet\AppData\Roaming\AVG
[2013.04.24 18:41:35 | 000,000,000 | ---D | M] -- C:\Users\Ahmet\AppData\Roaming\AVG10
[2013.04.27 04:01:19 | 000,000,000 | ---D | M] -- C:\Users\Ahmet\AppData\Roaming\Avid
[2013.09.19 19:27:52 | 000,000,000 | ---D | M] -- C:\Users\Ahmet\AppData\Roaming\DAEMON Tools Lite
[2013.08.22 14:06:38 | 000,000,000 | ---D | M] -- C:\Users\Ahmet\AppData\Roaming\Fatshark
[2013.11.06 20:20:33 | 000,000,000 | ---D | M] -- C:\Users\Ahmet\AppData\Roaming\FlowStone
[2013.10.19 21:54:09 | 000,000,000 | ---D | M] -- C:\Users\Ahmet\AppData\Roaming\GameRanger
[2013.10.29 17:15:02 | 000,000,000 | ---D | M] -- C:\Users\Ahmet\AppData\Roaming\Guild Wars 2
[2013.05.06 21:08:44 | 000,000,000 | ---D | M] -- C:\Users\Ahmet\AppData\Roaming\Leadertech
[2013.04.24 15:47:52 | 000,000,000 | ---D | M] -- C:\Users\Ahmet\AppData\Roaming\MAXON
[2013.04.24 17:22:48 | 000,000,000 | ---D | M] -- C:\Users\Ahmet\AppData\Roaming\Mirillis
[2013.05.06 20:25:44 | 000,000,000 | ---D | M] -- C:\Users\Ahmet\AppData\Roaming\Mount&Blade Warband
[2013.04.24 17:56:33 | 000,000,000 | ---D | M] -- C:\Users\Ahmet\AppData\Roaming\Mount&Blade With Fire and Sword
[2013.06.30 12:37:16 | 000,000,000 | ---D | M] -- C:\Users\Ahmet\AppData\Roaming\MusicLab
[2013.09.07 23:09:06 | 000,000,000 | ---D | M] -- C:\Users\Ahmet\AppData\Roaming\Origin
[2013.11.10 11:40:20 | 000,000,000 | ---D | M] -- C:\Users\Ahmet\AppData\Roaming\PACE Anti-Piracy
[2013.08.26 21:01:44 | 000,000,000 | ---D | M] -- C:\Users\Ahmet\AppData\Roaming\Propellerhead Software
[2013.10.08 15:46:42 | 000,000,000 | ---D | M] -- C:\Users\Ahmet\AppData\Roaming\PunkBuster
[2013.06.06 19:53:50 | 000,000,000 | ---D | M] -- C:\Users\Ahmet\AppData\Roaming\raidcall
[2013.08.27 21:32:35 | 000,000,000 | ---D | M] -- C:\Users\Ahmet\AppData\Roaming\To the Moon - Freebird Games
[2013.06.05 14:08:18 | 000,000,000 | ---D | M] -- C:\Users\Ahmet\AppData\Roaming\TuneUp Software
[2013.11.14 23:24:43 | 000,000,000 | ---D | M] -- C:\Users\Ahmet\AppData\Roaming\uTorrent
[2013.08.29 12:21:44 | 000,000,000 | ---D | M] -- C:\Users\Ahmet\AppData\Roaming\WinPatrol

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 985 bytes -> C:\ProgramData\Microsoft:FUN3b4B0DWxJcf3PQIjhO
@Alternate Data Stream - 926 bytes -> C:\Program Files (x86)\Common Files\System:sjBYpA0MSyPmv2Q1tVov6i3
@Alternate Data Stream - 1156 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:n3YP8Awzbn88p2o6I7K8m
@Alternate Data Stream - 1122 bytes -> C:\Program Files\Common Files\System:sjBYpA0MSyPmv2Q1tVov6i3
@Alternate Data Stream - 1086 bytes -> C:\Program Files (x86)\Common Files\System:QFr8jREmhLFTKzl9mMJeKPUh
@Alternate Data Stream - 1050 bytes -> C:\Program Files\Common Files\System:QFr8jREmhLFTKzl9mMJeKPUh
@Alternate Data Stream - 1046 bytes -> C:\Program Files\Common Files\Microsoft Shared:n3YP8Awzbn88p2o6I7K8m
@Alternate Data Stream - 1009 bytes -> C:\ProgramData\Microsoft:oDKFXh8NCLxbchTHHxq1
@Alternate Data Stream - 1005 bytes -> C:\Users\Ahmet\AppData\Local\NHg2PaGq4kK:QD11BCa8hLKHB7e49nl

< End of report >



I wish you all a great day :)
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP