Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FRST.txt Log file help with to fixlist.txt


  • This topic is locked This topic is locked
2 replies to this topic

#1 Cagri Kara

Cagri Kara

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 04 January 2013 - 08:33 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-12-2012
Ran by SYSTEM at 04-01-2013 15:32:27
Running from K:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11490408 2011-06-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [2179688 2011-06-16] (Realtek Semiconductor)
HKLM\...\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-05-02] (Intel® Corporation)
HKLM\...\Run: [Apoint] %ProgramFiles%\Apoint\Apoint.exe [226672 2011-06-15] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [497648 2010-09-16] (Adobe Systems Incorporated)
HKLM\...\Run: [ClientAppLogon] C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe [421192 2011-04-26] (AuthenTec, Inc.)
HKLM\...\Run: [ClientAppLogon32] C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe [308040 2011-04-26] (AuthenTec, Inc.)
HKLM\...\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [2801288 2011-05-31] (Sony Corporation)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36800 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [823224 2012-07-27] (Adobe Systems Inc.)
HKLM-x32\...\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-07-14] (cyberlink)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKU\Seckin Figen\...\Run: [Google Update] "C:\Users\Seckin Figen\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-03-25] (Google Inc.)
HKU\Seckin Figen\...\Run: [EPSON4D09C2 (WF-7515 Series)] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHCE.EXE /FU "C:\Users\SECKIN~1\AppData\Local\Temp\E_S2206.tmp" /EF "HKCU" [232448 2011-02-28] (SEIKO EPSON CORPORATION)
HKU\Seckin Figen\...\Run: [WF-7515 Series(Ag)] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHCE.EXE /FU "C:\Users\SECKIN~1\AppData\Local\Temp\E_S2264.tmp" /EF "HKCU" [232448 2011-02-28] (SEIKO EPSON CORPORATION)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 62.217.132.66
Startup: C:\Users\All Users\Start Menu\Programs\Startup\iBurst_Terminal UTL.lnk
ShortcutTarget: iBurst_Terminal UTL.lnk -> C:\Program Files (x86)\iBurst Terminal\iBurst_Terminal_UTL.EXE ()

==================== Services (Whitelisted) ===================

3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [86224 2012-08-20] (Avira Operations GmbH & Co. KG)
2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [110032 2012-08-20] (Avira Operations GmbH & Co. KG)
2 Autodesk Content Service; "C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe" [19232 2012-01-31] (Autodesk, Inc.)
2 CSIScanner; "C:\Program Files\Prevx\prevx.exe" /service [6751640 2012-05-16] (Prevx)
2 FPLService; "C:\Program Files\TrueSuite\TrueSuite.Service.exe" [294216 2011-04-26] (AuthenTec, Inc)
2 GobiQDLService; C:\Program Files (x86)\Huawei\Gobi\GobiQDLService\GobiQDLService.exe [318464 2011-03-04] (HUAWEI Technologies Co., Ltd.)
2 HASP Loader; C:\Windows\SysWow64\nhsrvice.exe -service [249856 2005-05-29] (Aladdin Knowledge Systems Ltd.)
2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2012-04-18] ()
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
2 SampleCollector; "C:\Program Files\Sony\VAIO Care\VCPerfService.exe" "/service" "/sstates" "/sampleinterval=5000" "/procinterval=5" "/dllinterval=120" "/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1" "/counter=\Network Interface(*)\Bytes Total/sec:1" "/expandcounter=\Processor Information(*)\Processor Frequency:1" "&_" "/expandcounter=\Processor(*)\% Idle Time:1" "/expandcounter=\Processor(*)\% C1 Time:1" "/expandcounter=\Processor(*)\% C2 Time:1" "/expandcounter=\Processor(*)\%C3 &_ Time:1" "/expandcounter=\Processor(*)\% Processor Time:1" "/directory=C:\ProgramData\Sony Corporation\VAIO Care\inteldata" [259512 2011-07-22] (Sony Corporation)
2 TeamViewer8; "C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe" [3463080 2012-11-29] (TeamViewer GmbH)
2 WTGService; C:\Program Files (x86)\OneClickInternet\WTGService.exe [342984 2011-03-09] ()
3 sppuinotify; C:\Windows\System32\sppuinotify.dll [x]

==================== Drivers (Whitelisted) =====================

3 aksusb; C:\Windows\System32\Drivers\aksusb.sys [296576 2012-06-06] (SafeNet Inc.)
2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [98848 2012-08-20] (Avira GmbH)
1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [132832 2012-08-20] (Avira GmbH)
1 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [27760 2012-02-03] (Avira GmbH)
3 gobi3kfilter; C:\Windows\System32\Drivers\gobi3kfilter.sys [34304 2010-12-13] (QUALCOMM Incorporated)
3 gobi3kmbb; C:\Windows\System32\Drivers\gobi3kmbb.sys [399872 2011-04-21] (QUALCOMM Incorporated)
3 gobi3kserial; C:\Windows\System32\Drivers\gobi3kserial.sys [233984 2010-12-13] (QUALCOMM Incorporated)
2 Hardlock; C:\Windows\System32\Drivers\Hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
3 iBurstU; C:\Windows\System32\DRIVERS\iBux64.sys [37888 2009-09-24] (KYOCERA CORPORATION)
2 mcamvusb; C:\Windows\System32\Drivers\mcamvusb.sys [41984 2012-09-14] (Chingachguk & Denger2k)
3 pxkbf; C:\Windows\System32\Drivers\pxkbf.sys [25256 2012-05-31] (Prevx)
1 pxrts; C:\Windows\System32\Drivers\pxrts.sys [66976 2012-05-16] (Prevx)
0 pxscan; C:\Windows\System32\Drivers\pxscan.sys [37624 2012-05-16] (Prevx)
2 resetat; C:\Windows\System32\DRIVERS\resetat_2.sys [35328 2012-03-25] (Chingachguk & Denger2k (Elit & SP edition))
0 vmci; C:\Windows\System32\DRIVERS\vmci.sys [x]
3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-01-04 15:32 - 2013-01-04 15:32 - 00000000 ____D C:\FRST
2013-01-04 06:10 - 2013-01-04 05:54 - 02117773 ____A C:\Users\Seckin Figen\Desktop\windows_loader_2.2.zip
2013-01-04 06:10 - 2012-12-28 14:33 - 03931485 ____A C:\Users\Seckin Figen\Desktop\Windows Loader.exe
2013-01-04 06:10 - 2012-12-28 14:33 - 00014549 ____A C:\Users\Seckin Figen\Desktop\Keys.ini
2013-01-04 06:10 - 2011-08-23 15:06 - 00696831 ____A C:\Users\Seckin Figen\Desktop\WAT Fix.exe
2013-01-03 13:17 - 2013-01-03 13:17 - 00009920 ____N C:\bootsqm.dat
2013-01-03 13:15 - 2013-01-03 13:15 - 00000000 __SHD C:\found.000
2013-01-02 09:29 - 2013-01-02 09:29 - 00144452 ____A C:\Users\Seckin Figen\Downloads\wood door.skp
2012-12-31 17:20 - 2012-12-31 17:21 - 02861936 ____A C:\Users\Seckin Figen\Downloads\Group_3.skp
2012-12-31 17:17 - 2012-12-31 17:17 - 00830720 ____A C:\Users\Seckin Figen\Downloads\Kramfors_Two-seat sofa with arm left.skp
2012-12-31 16:35 - 2012-12-31 16:35 - 00000000 ____D C:\Users\Seckin Figen\AppData\Roaming\Google
2012-12-31 16:27 - 2012-12-31 16:27 - 00003120 ____A C:\Windows\SysWOW64\ALLFSAF8a.ocx
2012-12-31 16:26 - 2012-12-31 16:26 - 00000000 ____D C:\Users\All Users\Google
2012-12-31 15:42 - 2012-12-31 15:46 - 51902136 ____A (Trimble Navigation Limited) C:\Users\Seckin Figen\Downloads\sketchupprowen.exe
2012-12-22 07:49 - 2012-12-16 17:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-22 07:49 - 2012-12-16 14:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-22 07:49 - 2012-12-16 14:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-22 07:49 - 2012-12-16 14:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-19 11:43 - 2012-12-19 11:50 - 00000000 ____D C:\Windows\rescache
2012-12-14 13:55 - 2012-12-14 13:55 - 00004618 ____A C:\Users\Seckin Figen\Downloads\CV MURAT (1).rar
2012-12-13 10:50 - 2012-12-13 10:50 - 00016594 ____A C:\Users\Seckin Figen\Downloads\Turk Hava Yollari Online Bilet - Bilgi Mesaji.zip
2012-12-13 10:50 - 2012-12-13 10:50 - 00016478 ____A C:\Users\Seckin Figen\Downloads\mail.html
2012-12-13 06:49 - 2012-11-22 03:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-13 06:49 - 2012-11-09 05:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-13 06:49 - 2012-11-09 04:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-12-13 06:49 - 2012-10-04 17:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-12-13 06:49 - 2012-10-04 17:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-12-13 06:49 - 2012-10-04 17:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-12-13 06:49 - 2012-10-04 17:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-12-13 06:49 - 2012-10-04 17:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-12-13 06:49 - 2012-10-04 17:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-12-13 06:49 - 2012-10-04 17:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-12-13 06:49 - 2012-10-04 17:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 17:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 17:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 17:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 17:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 17:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 17:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 17:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 17:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 17:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 17:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 17:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 17:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 17:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 17:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 17:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 17:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 17:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 17:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 17:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 17:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 17:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 17:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 16:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-12-13 06:49 - 2012-10-04 16:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-12-13 06:49 - 2012-10-04 16:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-12-13 06:49 - 2012-10-04 16:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 16:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 16:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 16:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 16:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 16:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 16:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 16:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 16:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 16:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 16:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 16:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 16:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 16:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 16:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 16:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 16:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 16:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-13 06:49 - 2012-10-04 15:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-12-13 06:49 - 2012-10-04 14:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-12-13 06:49 - 2012-10-04 14:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-12-13 06:49 - 2012-10-04 14:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-12-13 06:48 - 2012-11-02 05:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-13 06:48 - 2012-11-02 05:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2012-12-13 06:48 - 2012-10-04 17:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-12-13 06:48 - 2012-10-04 17:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-12-13 06:48 - 2012-10-04 17:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-12-13 06:48 - 2012-10-04 17:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-13 06:48 - 2012-10-04 17:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-12-13 06:48 - 2012-10-04 16:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-13 06:48 - 2012-10-04 16:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-13 06:48 - 2012-10-04 16:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-13 06:48 - 2012-10-04 16:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-13 06:48 - 2012-10-04 16:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-13 06:48 - 2012-10-04 16:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-13 06:48 - 2012-10-04 14:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-12-13 06:48 - 2012-10-04 14:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-12-13 06:48 - 2012-10-04 14:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-13 06:48 - 2012-10-04 14:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-13 06:48 - 2012-10-04 14:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-08 15:55 - 2012-12-08 15:55 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-12-05 12:55 - 2012-12-05 12:55 - 00004618 ____A C:\Users\Seckin Figen\Downloads\CV MURAT.rar
2012-12-05 08:01 - 2012-12-05 08:01 - 00000000 ____D C:\Users\Seckin Figen\AppData\Local\{7702F921-F687-4DC1-AD9D-E15FFEFE55A0}
2012-12-05 08:01 - 2012-12-05 08:01 - 00000000 ____D C:\Users\Seckin Figen\AppData\Local\{6FF22EA5-988C-4018-B97E-9A0E846A8EC9}

==================== One Month Modified Files and Folders =======

2013-01-04 15:32 - 2013-01-04 15:32 - 00000000 ____D C:\FRST
2013-01-04 06:35 - 2010-11-21 03:47 - 00139652 ____A C:\Windows\PFRO.log
2013-01-04 05:54 - 2013-01-04 06:10 - 02117773 ____A C:\Users\Seckin Figen\Desktop\windows_loader_2.2.zip
2013-01-04 05:48 - 2012-04-13 17:17 - 00001028 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-01-04 05:34 - 2012-09-12 04:43 - 00000012 ____A C:\Windows\SysWOW64\haspaddr.dat
2013-01-04 05:33 - 2009-07-14 05:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-04 05:33 - 2009-07-14 04:51 - 00125059 ____A C:\Windows\setupact.log
2013-01-04 05:06 - 2012-03-25 19:00 - 00001058 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3827954257-700169798-233167169-1000UA.job
2013-01-04 05:06 - 2012-03-25 19:00 - 00001006 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3827954257-700169798-233167169-1000Core.job
2013-01-04 05:01 - 2012-04-13 17:17 - 00001032 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-01-04 00:20 - 2012-03-24 11:00 - 01439791 ____A C:\Windows\WindowsUpdate.log
2013-01-03 21:33 - 2011-02-14 21:20 - 00657444 ____A C:\Windows\System32\perfh01F.dat
2013-01-03 21:33 - 2011-02-14 21:20 - 00139974 ____A C:\Windows\System32\perfc01F.dat
2013-01-03 21:33 - 2009-07-14 05:13 - 01572740 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-03 20:15 - 2012-04-01 08:39 - 00000814 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-03 17:23 - 2012-03-24 12:26 - 00000000 ____D C:\users\Seckin Figen
2013-01-03 17:21 - 2012-09-14 04:07 - 00000000 ____D C:\Users\Seckin Figen\AppData\Local\DefaultDomain_Path_qnzascsnyettr5aiy1gn5dmrnnwopzvc
2013-01-03 17:21 - 2012-09-14 04:06 - 00000000 ____D C:\Users\All Users\Netcad
2013-01-03 17:21 - 2012-05-16 04:09 - 00000000 ____D C:\Users\All Users\PrevxCSI
2013-01-03 17:21 - 2012-04-03 06:56 - 00000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2013-01-03 17:21 - 2012-03-25 16:19 - 00000000 ____D C:\NETCAD
2013-01-03 17:21 - 2009-07-14 05:32 - 00000000 ____D C:\Windows\System32\WinBioDatabase
2013-01-03 17:21 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\registration
2013-01-03 17:21 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\AppCompat
2013-01-03 13:17 - 2013-01-03 13:17 - 00009920 ____N C:\bootsqm.dat
2013-01-03 13:15 - 2013-01-03 13:15 - 00000000 __SHD C:\found.000
2013-01-03 10:15 - 2010-01-01 06:47 - 00000000 ____D C:\Users\Seckin Figen\Documents\Outlook Dosyalari
2013-01-03 08:31 - 2009-07-14 04:45 - 00031808 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-03 08:31 - 2009-07-14 04:45 - 00031808 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-02 09:29 - 2013-01-02 09:29 - 00144452 ____A C:\Users\Seckin Figen\Downloads\wood door.skp
2012-12-31 17:21 - 2012-12-31 17:20 - 02861936 ____A C:\Users\Seckin Figen\Downloads\Group_3.skp
2012-12-31 17:17 - 2012-12-31 17:17 - 00830720 ____A C:\Users\Seckin Figen\Downloads\Kramfors_Two-seat sofa with arm left.skp
2012-12-31 16:35 - 2012-12-31 16:35 - 00000000 ____D C:\Users\Seckin Figen\AppData\Roaming\Google
2012-12-31 16:27 - 2012-12-31 16:27 - 00003120 ____A C:\Windows\SysWOW64\ALLFSAF8a.ocx
2012-12-31 16:26 - 2012-12-31 16:26 - 00000000 ____D C:\Users\All Users\Google
2012-12-31 16:26 - 2012-04-13 17:17 - 00000000 ____D C:\Program Files (x86)\Google
2012-12-31 15:46 - 2012-12-31 15:42 - 51902136 ____A (Trimble Navigation Limited) C:\Users\Seckin Figen\Downloads\sketchupprowen.exe
2012-12-31 00:24 - 2012-03-24 12:27 - 00314609 ____A C:\Windows\IE9_main.log
2012-12-30 19:06 - 2012-03-25 15:03 - 00000000 ____D C:\Users\Seckin Figen\AppData\Local\cache
2012-12-28 14:33 - 2013-01-04 06:10 - 03931485 ____A C:\Users\Seckin Figen\Desktop\Windows Loader.exe
2012-12-28 14:33 - 2013-01-04 06:10 - 00014549 ____A C:\Users\Seckin Figen\Desktop\Keys.ini
2012-12-25 10:44 - 2009-07-14 05:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2012-12-23 16:38 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\System32\NDF
2012-12-22 14:08 - 2009-07-14 04:45 - 00492784 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-21 11:01 - 2012-04-24 05:13 - 00246647 ____A C:\test.xml
2012-12-19 11:50 - 2012-12-19 11:43 - 00000000 ____D C:\Windows\rescache
2012-12-18 11:39 - 2012-03-24 17:04 - 00000000 ____D C:\Users\Seckin Figen\AppData\Roaming\Skype
2012-12-16 17:11 - 2012-12-22 07:49 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-16 14:45 - 2012-12-22 07:49 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-16 14:13 - 2012-12-22 07:49 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-16 14:13 - 2012-12-22 07:49 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-14 15:03 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2012-12-14 15:03 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\System32\tr-TR
2012-12-14 13:55 - 2012-12-14 13:55 - 00004618 ____A C:\Users\Seckin Figen\Downloads\CV MURAT (1).rar
2012-12-14 07:02 - 2012-03-24 16:49 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-12-13 10:50 - 2012-12-13 10:50 - 00016594 ____A C:\Users\Seckin Figen\Downloads\Turk Hava Yollari Online Bilet - Bilgi Mesaji.zip
2012-12-13 10:50 - 2012-12-13 10:50 - 00016478 ____A C:\Users\Seckin Figen\Downloads\mail.html
2012-12-12 08:19 - 2012-04-01 08:39 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-12-12 08:19 - 2012-03-24 11:27 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-12-10 14:49 - 2012-03-25 08:17 - 00000000 ____D C:\Users\Seckin Figen\AppData\Roaming\TeamViewer
2012-12-10 12:22 - 2012-03-24 12:26 - 00143792 ____A C:\Users\Seckin Figen\AppData\Local\GDIPFONTCACHEV1.DAT
2012-12-10 12:20 - 2012-03-25 08:02 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2012-12-08 15:56 - 2012-03-24 11:44 - 00000000 ____D C:\Users\All Users\Skype
2012-12-08 15:55 - 2012-12-08 15:55 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-12-05 12:55 - 2012-12-05 12:55 - 00004618 ____A C:\Users\Seckin Figen\Downloads\CV MURAT.rar
2012-12-05 08:01 - 2012-12-05 08:01 - 00000000 ____D C:\Users\Seckin Figen\AppData\Local\{7702F921-F687-4DC1-AD9D-E15FFEFE55A0}
2012-12-05 08:01 - 2012-12-05 08:01 - 00000000 ____D C:\Users\Seckin Figen\AppData\Local\{6FF22EA5-988C-4018-B97E-9A0E846A8EC9}
2012-12-05 08:01 - 2012-03-25 07:51 - 00000000 ____D C:\Users\Seckin Figen\AppData\Local\Windows Live

==================== Known DLLs (Whitelisted) =================

C:\Windows\System32\user32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\user32.dll IS MISSING <==== ATTENTION!

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-12-31 00:24:39
Restore point made on: 2012-12-31 16:26:05
Restore point made on: 2012-12-31 23:00:44
Restore point made on: 2013-01-03 04:59:09

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 6059.86 MB
Available physical RAM: 5221.17 MB
Total Pagefile: 6058.06 MB
Available Pagefile: 5234.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:105.55 GB) (Free:7.54 GB) NTFS
2 Drive d: (ARSIV1) (Fixed) (Total:83.01 GB) (Free:79.02 GB) NTFS
3 Drive e: (ARSIV2) (Fixed) (Total:83.01 GB) (Free:82.89 GB) NTFS
4 Drive f: (BAKU) (Fixed) (Total:87.89 GB) (Free:81.52 GB) NTFS
5 Drive g: (BOS) (Fixed) (Total:87.89 GB) (Free:48.65 GB) NTFS
6 Drive i: (Recovery) (Fixed) (Total:18.32 GB) (Free:1.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
8 Drive k: (TOSHIBA EXT) (Fixed) (Total:596.17 GB) (Free:472.62 GB) NTFS
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
10 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 4096 KB
Disk 1 Online 596 GB 1024 KB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 18 GB 1024 KB
Partition 2 Primary 100 MB 18 GB
Partition 3 Primary 105 GB 18 GB
Partition 0 Extended 341 GB 123 GB
Partition 4 Logical 83 GB 123 GB
Partition 5 Logical 83 GB 206 GB
Partition 6 Logical 87 GB 289 GB
Partition 7 Logical 87 GB 377 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 I Recovery NTFS Partition 18 GB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 105 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D ARSIV1 NTFS Partition 83 GB Healthy

=========================================================

Disk: 0
Partition 5
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E ARSIV2 NTFS Partition 83 GB Healthy

=========================================================

Disk: 0
Partition 6
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 F BAKU NTFS Partition 87 GB Healthy

=========================================================

Disk: 0
Partition 7
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 G BOS NTFS Partition 87 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 596 GB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 K TOSHIBA EXT NTFS Partition 596 GB Healthy

=========================================================

Last Boot: 2012-12-24 21:11

==================== End Of Log =============================

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:43 PM

Posted 04 January 2013 - 05:45 PM

Good evening. :)

I want you to fire up FRST again and enter the following into the Search: textbox, exactly as shown: user32.dll;winlogon.exe
Then click the Search File(s) button and wait.
Once the search has completed, the results will be saved alongside FRST as Search.txt - please copy and paste the contents of that textfile into your next reply.

So long, and thanks for all the fish.

 

 


#3 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:43 PM

Posted 09 January 2013 - 02:53 PM

As there has been no response for five days this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users