Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Boot failure... malware infection???


  • This topic is locked This topic is locked
45 replies to this topic

#1 purat111

purat111

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 06 March 2014 - 01:31 PM

Hi there,

 

I have a serious problem with my computer and I think it is probably malware causing it. I am unable to boot into Normal mode as the computer just loops into the Advanced Startup Options. When I try to boot into Safe Mode, I see the login screen for a flash of a second but then get a BSOD with the error: CRITICAL_PROCESS_DIED. I talked with HP support, and they determined it was not a hardware failure, but a Windows reinstall was required. I really don't want to do this, as it would reset my PC back to Windows 8 and erase the many programs and their updates I have. I have not been able to ru n DDS, as it gives me a "The subsystem required to support the image type is not loaded" error. I instead ran the Farbar Recovery Scan Tool, and have posted the log below.

 

Thanks for your help! :)

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-03-2014
Ran by SYSTEM on MININT-9KQMKO1 on 06-03-2014 18:16:51
Running from F:\
WIN_8 (X64) OS Language: English(UK)
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit]  [X]
HKLM\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
HKLM-x32\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
HKLM\...\InprocServer32: [Default-wbemess]  ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKU\ozane_000\...\Run: [Power2GoExpress8] - C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1712904 2013-05-21] (CyberLink Corp.)
HKU\ozane_000\...\Run: [MyDriveConnect.exe] - C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [473496 2013-11-29] (TomTom)
HKU\Pinar\...\Run: [Skitch] - C:\Program Files (x86)\Evernote\Skitch\Skitch.exe [4304704 2013-08-09] (Evernote)
Startup: C:\Users\ozane_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\ozane_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\ozane_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iMindMap6 Preloader.lnk
ShortcutTarget: iMindMap6 Preloader.lnk ->  (No File)
Startup: C:\Users\Pinar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Pinar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iMindMap6 Preloader.lnk
ShortcutTarget: iMindMap6 Preloader.lnk ->  (No File)

==================== Services (Whitelisted) =================

S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
S4 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-11-29] (CyberLink)
S2 CyberLink PowerDVD 13 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [327432 2013-11-29] (CyberLink)
S2 DTuneSrvc; C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTuneSrvc.exe [120352 2013-03-21] (Portrait Displays, Inc.)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129336 2013-01-31] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-01-31] (Intel Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-12-11] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)
S2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2014-01-17] (Sony Corporation)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2013-06-10] ()
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-19] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.)
S1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [27096 2013-04-08] (Cyberlink Co.,Ltd.)
S2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [380376 2013-04-08] (CyberLink Corporation.)
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
S0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
S2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
S2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.)
S2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-01-27] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.)
S2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.)
S2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.)
S3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [32456 2013-11-29] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-06 18:16 - 2014-03-06 18:16 - 00000000 ____D () C:\FRST
2014-03-01 18:59 - 2014-03-01 18:59 - 00000178 _____ () C:\Users\ozane_000\New shortcut.lnk
2014-02-28 12:40 - 2014-02-28 18:04 - 00000000 _____ () C:\Recovery.txt
2014-02-28 10:31 - 2014-03-04 17:01 - 440221750 _____ () C:\Windows\MEMORY.DMP
2014-02-27 21:17 - 2014-02-27 21:17 - 00029080 ____N () C:\bootsqm.dat
2014-02-27 21:17 - 2014-02-27 21:17 - 00000000 __SHD () C:\found.000
2014-02-27 20:12 - 2014-02-27 20:12 - 00001873 _____ () C:\Users\ozane_000\Desktop\RKreport[0]_D_02272014_201240.txt
2014-02-27 20:12 - 2014-02-27 20:12 - 00000699 _____ () C:\Users\ozane_000\Desktop\RKreport[0]_DN_02272014_201247.txt
2014-02-27 20:11 - 2014-02-27 20:11 - 00001824 _____ () C:\Users\ozane_000\Desktop\RKreport[0]_S_02272014_201158.txt
2014-02-27 19:59 - 2014-02-27 20:07 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-27 18:01 - 2014-02-27 18:01 - 04765152 _____ (Piriform Ltd) C:\Users\ozane_000\Downloads\ccsetup411.exe
2014-02-26 19:28 - 2014-02-26 19:28 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-02-26 19:26 - 2014-02-26 19:27 - 41945432 _____ (Apple Inc.) C:\Users\ozane_000\Downloads\QuickTimeInstaller (1).exe
2014-02-26 18:08 - 2014-02-26 18:09 - 41945432 _____ (Apple Inc.) C:\Users\ozane_000\Downloads\QuickTimeInstaller.exe
2014-02-25 19:55 - 2014-02-25 20:19 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-25 19:55 - 2014-02-25 19:55 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-02-24 20:07 - 2014-02-24 20:07 - 00003589 _____ () C:\Users\ozane_000\Documents\~ScratcherSetupSelf.DDF
2014-02-24 18:59 - 2014-02-24 18:59 - 00000000 ____D () C:\Users\ozane_000\Documents\ListdirTest
2014-02-24 18:59 - 2014-02-24 18:59 - 00000000 ____D () C:\Users\ozane_000\AppData\Local\listdir-test
2014-02-24 17:12 - 2014-02-27 21:01 - 00000000 ____D () C:\Users\ozane_000\Documents\listdir Test
2014-02-24 16:59 - 2014-02-24 17:05 - 48726470 _____ () C:\Users\ozane_000\NothingYouCanDo!.bat
2014-02-23 21:26 - 2014-02-23 21:26 - 00000277 _____ () C:\Users\ozane_000\Documents\funny.vbs
2014-02-23 21:09 - 2014-02-23 21:11 - 00001740 _____ () C:\Users\ozane_000\Desktop\My School Laptop.lnk
2014-02-23 20:31 - 2014-02-23 20:32 - 40668896 _____ () C:\Users\ozane_000\Documents\thiswillcrashyourpc!.txt
2014-02-23 20:28 - 2014-02-23 20:29 - 00000000 _____ () C:\Users\ozane_000\Documents\testdirectories2.txt
2014-02-23 20:25 - 2014-02-23 20:28 - 11122199 _____ () C:\Users\ozane_000\Documents\testdirectories.txt
2014-02-23 19:16 - 2014-02-23 19:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-23 19:16 - 2014-02-23 19:16 - 00000000 _____ () C:\Windows\setupact.log
2014-02-23 15:16 - 2014-02-27 18:17 - 01115237 _____ () C:\Windows\WindowsUpdate.log
2014-02-23 13:49 - 2014-02-27 21:07 - 00000000 ____D () C:\Users\Pinar\AppData\Local\CrashDumps
2014-02-20 20:14 - 2014-02-20 20:16 - 00000158 _____ () C:\Users\ozane_000\Documents\BrainPop.py
2014-02-20 20:00 - 2014-02-20 20:00 - 00002776 _____ () C:\Windows\System32\Tasks\RunSpeccy
2014-02-20 19:55 - 2014-02-20 19:55 - 00000000 ____D () C:\Program Files\Speccy
2014-02-20 18:05 - 2014-02-20 18:05 - 00000000 ____D () C:\Users\ozane_000\AppData\Roaming\ThinkBuzan
2014-02-20 17:25 - 2014-02-20 17:25 - 00003098 _____ () C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2973332726-1994808904-4280726643-1001
2014-02-20 17:25 - 2014-02-20 17:25 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-02-20 11:42 - 2014-02-20 11:42 - 00000072 _____ () C:\Users\ozane_000\Documents\Hakan will love this.vbs
2014-02-18 20:18 - 2014-02-27 21:06 - 00000000 ____D () C:\Users\ozane_000\AppData\Local\CrashDumps
2014-02-18 18:08 - 2014-02-01 15:34 - 00000054 _____ () C:\Users\ozane_000\Downloads\Funny.bat
2014-02-18 17:27 - 2014-02-18 17:30 - 00000000 ____D () C:\Users\ozane_000\Documents\Java Greenfoot
2014-02-18 17:26 - 2014-02-18 17:28 - 00000000 ____D () C:\Users\ozane_000\greenfoot
2014-02-18 17:25 - 2014-02-18 17:25 - 00000000 ____D () C:\Users\ozane_000\.jmc
2014-02-18 17:25 - 2014-02-18 17:25 - 00000000 ____D () C:\Users\ozane_000\.eclipse
2014-02-18 17:24 - 2014-02-18 17:24 - 00312744 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe
2014-02-18 17:24 - 2014-02-18 17:24 - 00189352 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe
2014-02-18 17:24 - 2014-02-18 17:24 - 00189352 _____ (Oracle Corporation) C:\Windows\System32\java.exe
2014-02-18 17:24 - 2014-02-18 17:24 - 00108968 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2014-02-18 17:24 - 2014-02-18 17:24 - 00000000 ____D () C:\Program Files\Java
2014-02-18 17:23 - 2014-02-18 17:23 - 00001854 _____ () C:\Users\Public\Desktop\Greenfoot.lnk
2014-02-18 17:23 - 2014-02-18 17:23 - 00000000 ____D () C:\Program Files (x86)\Greenfoot
2014-02-18 17:15 - 2014-02-18 17:21 - 131557792 _____ (Oracle Corporation) C:\Users\ozane_000\Downloads\jdk-7u51-windows-x64.exe
2014-02-18 17:14 - 2014-02-18 17:14 - 07836560 _____ () C:\Users\ozane_000\Downloads\Greenfoot-windows-230.msi
2014-02-18 17:10 - 2014-02-27 17:06 - 00000000 ____D () C:\Users\ozane_000\AppData\Roaming\edu.media.mit.Scratch2Editor
2014-02-18 13:30 - 2014-02-18 13:32 - 00000000 ____D () C:\Users\ozane_000\Desktop\RK_Quarantine
2014-02-18 13:24 - 2014-02-18 13:28 - 00000000 ____D () C:\AdwCleaner
2014-02-18 11:48 - 2014-02-18 11:48 - 00000000 ____D () C:\Users\ozane_000\AppData\Roaming\Malwarebytes
2014-02-18 11:48 - 2014-02-18 11:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-18 11:48 - 2014-02-18 11:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-18 11:48 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-02-18 11:03 - 2014-02-18 11:04 - 00001616 _____ () C:\Users\ozane_000\Desktop\Rkill.txt
2014-02-17 21:21 - 2014-02-17 21:24 - 221290352 _____ () C:\Users\ozane_000\Downloads\EmsisoftEmergencyKit.exe
2014-02-17 21:21 - 2014-02-17 21:21 - 09988304 _____ (SurfRight B.V.) C:\Users\ozane_000\Downloads\HitmanPro.exe
2014-02-17 21:20 - 2014-02-17 21:20 - 03813376 _____ () C:\Users\ozane_000\Downloads\RogueKiller.exe
2014-02-17 21:19 - 2014-02-17 21:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\ozane_000\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-17 21:18 - 2014-02-17 21:18 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\ozane_000\Downloads\iExplore.exe
2014-02-17 20:55 - 2014-02-17 20:55 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\ozane_000\Downloads\tdsskiller.exe
2014-02-17 19:53 - 2014-02-17 19:53 - 00000000 ____D () C:\Users\Pinar\Documents\Ev
2014-02-17 15:34 - 2014-02-17 15:34 - 00000047 _____ () C:\Users\ozane_000\Documents\RudeWords.py
2014-02-16 18:55 - 2014-02-16 18:56 - 00000249 _____ () C:\Users\ozane_000\Documents\test.py
2014-02-16 18:53 - 2014-02-16 18:54 - 00000256 _____ () C:\Users\ozane_000\Documents\test.bat
2014-02-16 18:52 - 2014-02-16 18:52 - 00000000 ____D () C:\Python
2014-02-16 18:49 - 2014-02-16 18:49 - 06422528 _____ () C:\Users\ozane_000\Downloads\pygame-1.9.2a0.win32-py3.2.msi
2014-02-16 18:42 - 2014-02-17 10:41 - 00000000 ____D () C:\Users\ozane_000\AppData\Local\IndieCity
2014-02-16 18:42 - 2014-02-17 10:41 - 00000000 ____D () C:\ProgramData\IndieCity
2014-02-16 18:42 - 2014-02-16 18:42 - 00000000 ____D () C:\Program Files (x86)\IndieCity
2014-02-16 17:51 - 2014-02-16 17:52 - 00000000 ____D () C:\Users\ozane_000\Downloads\I'manoob
2014-02-16 17:07 - 2014-02-16 17:07 - 21168128 _____ () C:\Users\ozane_000\Downloads\python-3.3.4.amd64.msi
2014-02-16 14:13 - 2014-01-09 12:17 - 00480472 ____N () C:\Users\ozane_000\Downloads\recovery.elf
2014-02-16 14:13 - 2014-01-09 12:16 - 00000376 ____N () C:\Users\ozane_000\Downloads\BUILD-DATA
2014-02-16 14:11 - 2014-02-16 14:11 - 00002069 _____ () C:\Users\Public\Desktop\SDFormatter.lnk
2014-02-16 14:11 - 2014-02-16 14:11 - 00000000 ____D () C:\Program Files (x86)\SDA
2014-02-16 14:10 - 2012-10-31 11:08 - 06786320 ____N (SD Association ) C:\Users\ozane_000\Downloads\setup.exe
2014-02-16 14:05 - 2014-02-16 14:07 - 06286748 _____ () C:\Users\ozane_000\Downloads\SDFormatterv4.zip
2014-02-16 13:21 - 2014-02-16 14:12 - 1373248241 _____ () C:\Users\ozane_000\Downloads\NOOBS_v1_3_4.zip
2014-02-15 18:53 - 2014-02-15 18:53 - 00002067 _____ () C:\Users\Public\Desktop\LEGO MINDSTORMS EV3 Home Edition.lnk
2014-02-15 18:53 - 2014-02-15 18:53 - 00000000 ____D () C:\Users\ozane_000\Documents\LEGO Creations
2014-02-15 18:53 - 2014-02-15 18:53 - 00000000 ____D () C:\Program Files (x86)\LEGO Software
2014-02-15 18:52 - 2014-02-15 18:52 - 00000000 ____D () C:\ProgramData\LEGO MINDSTORMS EV3
2014-02-15 18:32 - 2014-02-15 18:33 - 00000096 _____ () C:\Users\ozane_000\Documents\Open Me!!!!!!!.vbs
2014-02-14 17:59 - 2014-02-14 17:59 - 00002713 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-14 17:59 - 2014-02-14 17:59 - 00000000 ____D () C:\Users\ozane_000\AppData\Local\Skype
2014-02-13 21:33 - 2014-02-13 21:33 - 00000000 ____D () C:\Users\ozane_000\Documents\Sony PMB
2014-02-13 17:27 - 2014-02-13 17:27 - 01323619 _____ () C:\Users\ozane_000\Downloads\Scratch Error.zip
2014-02-11 22:03 - 2014-02-20 22:05 - 00049966 _____ () C:\Users\ozane_000\Documents\thingy.html
2014-02-11 21:25 - 2014-01-08 01:46 - 00325464 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\USBXHCI.SYS
2014-02-11 21:25 - 2014-01-08 01:41 - 01530712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2014-02-11 21:25 - 2014-01-08 01:41 - 00382808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2014-02-11 21:25 - 2014-01-04 15:54 - 00138240 _____ () C:\Windows\System32\OEMLicense.dll
2014-02-11 21:25 - 2014-01-04 15:08 - 00103936 _____ () C:\Windows\SysWOW64\OEMLicense.dll
2014-02-11 21:25 - 2014-01-04 14:08 - 00206336 _____ (Microsoft Corporation) C:\Windows\System32\WSClient.dll
2014-02-11 21:25 - 2014-01-04 13:53 - 00174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2014-02-11 21:25 - 2014-01-02 23:54 - 00461312 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2014-02-11 21:25 - 2014-01-02 23:48 - 00336896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-02-11 21:25 - 2014-01-02 23:40 - 05770752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-11 21:25 - 2014-01-02 23:38 - 06640640 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2014-02-11 21:25 - 2014-01-01 01:55 - 01720560 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2014-02-11 21:25 - 2014-01-01 01:52 - 00481944 _____ (Microsoft Corporation) C:\Windows\System32\mfsvr.dll
2014-02-11 21:25 - 2014-01-01 00:56 - 01472048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-02-11 21:25 - 2014-01-01 00:55 - 00381168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2014-02-11 21:25 - 2013-12-31 23:59 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-02-11 21:25 - 2013-12-31 23:57 - 01214976 _____ (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2014-02-11 21:25 - 2013-12-31 23:56 - 00960512 _____ (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll
2014-02-11 21:25 - 2013-12-30 23:34 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sti.dll
2014-02-11 21:25 - 2013-12-30 23:33 - 00770560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2014-02-11 21:25 - 2013-12-30 23:32 - 00303616 _____ (Microsoft Corporation) C:\Windows\System32\sti.dll
2014-02-11 21:25 - 2013-12-30 23:31 - 00947712 _____ (Microsoft Corporation) C:\Windows\System32\reseteng.dll
2014-02-11 21:25 - 2013-12-30 23:31 - 00914944 _____ (Microsoft Corporation) C:\Windows\System32\ReAgent.dll
2014-02-11 21:25 - 2013-12-27 15:09 - 00419160 _____ (Microsoft Corporation) C:\Windows\System32\hal.dll
2014-02-11 21:25 - 2013-12-27 10:38 - 01057280 _____ (Microsoft Corporation) C:\Windows\System32\rdvidcrl.dll
2014-02-11 21:25 - 2013-12-27 08:57 - 00842752 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.dll
2014-02-11 21:25 - 2013-12-27 08:57 - 00628736 _____ (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
2014-02-11 21:25 - 2013-12-27 08:23 - 00749056 _____ (Microsoft Corporation) C:\Windows\System32\SettingSyncCore.dll
2014-02-11 21:25 - 2013-12-27 08:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-02-11 21:25 - 2013-12-27 07:03 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsSpellCheckingFacility.dll
2014-02-11 21:25 - 2013-12-27 07:03 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2014-02-11 21:25 - 2013-12-27 06:37 - 00588800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2014-02-11 21:25 - 2013-12-21 07:21 - 00376320 _____ (Microsoft Corporation) C:\Windows\System32\pnrpsvc.dll
2014-02-11 21:25 - 2013-12-17 07:21 - 00408576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys
2014-02-11 21:25 - 2013-12-14 06:31 - 13949440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-02-11 21:25 - 2013-12-14 06:19 - 18576384 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2014-02-11 21:25 - 2013-12-13 10:54 - 00131160 _____ (Microsoft Corporation) C:\Windows\System32\easinvoker.exe
2014-02-11 21:25 - 2013-12-13 06:36 - 00178176 _____ (Microsoft Corporation) C:\Windows\System32\easwrt.dll
2014-02-11 21:25 - 2013-12-13 05:32 - 00140800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\easwrt.dll
2014-02-11 21:25 - 2013-12-09 08:05 - 21199256 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-02-11 21:25 - 2013-12-09 04:51 - 18643560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-02-11 21:25 - 2013-12-09 03:25 - 04190720 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-02-11 21:24 - 2014-02-06 12:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-02-11 21:24 - 2014-02-06 11:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-02-11 21:24 - 2014-02-06 11:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-02-11 21:24 - 2014-02-06 11:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-02-11 21:24 - 2014-02-06 11:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-02-11 21:24 - 2014-02-06 11:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-02-11 21:24 - 2014-02-06 10:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-02-11 21:24 - 2014-02-06 10:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-02-11 21:24 - 2014-02-06 10:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-02-11 21:24 - 2014-02-06 10:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-02-11 21:24 - 2014-02-06 10:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-02-11 21:24 - 2014-02-06 10:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-11 21:24 - 2014-02-06 10:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-02-11 21:24 - 2014-02-06 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-11 21:24 - 2014-02-06 10:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-02-11 21:24 - 2014-02-06 10:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-02-11 21:24 - 2014-02-06 10:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-11 21:24 - 2014-02-06 10:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-11 21:24 - 2014-02-06 09:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-11 21:24 - 2014-02-06 09:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-02-11 21:24 - 2014-02-06 09:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-11 21:24 - 2014-02-06 09:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-11 21:24 - 2014-02-06 09:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-02-11 21:24 - 2014-02-06 09:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-11 21:24 - 2014-02-06 09:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-11 21:24 - 2014-02-06 09:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-11 21:24 - 2014-02-06 09:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-11 21:24 - 2014-02-06 09:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-02-11 21:24 - 2014-02-06 09:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-02-11 21:24 - 2014-02-06 09:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-11 21:24 - 2014-02-06 09:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-11 21:24 - 2014-02-06 09:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-11 21:24 - 2014-02-06 08:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-02-11 21:24 - 2014-02-06 08:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-11 21:24 - 2014-02-06 08:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-02-11 21:24 - 2014-02-06 08:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-11 21:24 - 2014-02-06 08:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-11 21:23 - 2014-01-09 08:25 - 02804224 _____ (Microsoft Corporation) C:\Windows\System32\actxprxy.dll
2014-02-11 21:23 - 2014-01-09 07:59 - 01020928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-02-11 21:23 - 2014-01-09 07:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\System32\winbici.dll
2014-02-11 21:23 - 2014-01-09 07:49 - 00919040 _____ (Microsoft Corporation) C:\Windows\System32\MrmCoreR.dll
2014-02-11 21:23 - 2014-01-09 07:44 - 00720384 _____ (Microsoft Corporation) C:\Windows\System32\SkyDriveTelemetry.dll
2014-02-11 21:23 - 2014-01-09 07:43 - 00121344 _____ (Microsoft Corporation) C:\Windows\System32\SkyDriveShell.dll
2014-02-11 21:23 - 2014-01-09 07:29 - 00105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-02-11 21:23 - 2014-01-09 07:28 - 04217344 _____ (Microsoft Corporation) C:\Windows\System32\SyncEngine.dll
2014-02-11 21:23 - 2014-01-09 07:28 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-02-11 21:23 - 2014-01-09 07:18 - 00870912 _____ (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
2014-02-11 21:23 - 2014-01-07 07:03 - 00018944 _____ (Microsoft Corporation) C:\Windows\System32\pcaui.exe
2014-02-11 21:23 - 2014-01-07 05:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pcaui.exe
2014-02-11 21:23 - 2014-01-07 05:00 - 02397184 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2014-02-11 21:23 - 2014-01-07 04:30 - 02071552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-11 21:23 - 2014-01-04 20:50 - 01462216 _____ (Microsoft Corporation) C:\Windows\System32\propsys.dll
2014-02-11 21:23 - 2014-01-04 19:22 - 01202888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-02-11 21:23 - 2014-01-04 14:30 - 13209088 _____ (Microsoft Corporation) C:\Windows\System32\twinui.dll
2014-02-11 21:23 - 2014-01-04 14:23 - 11702272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-02-11 21:23 - 2014-01-04 13:42 - 01105408 _____ (Microsoft Corporation) C:\Windows\System32\SearchFolder.dll
2014-02-11 21:23 - 2014-01-04 13:40 - 07416832 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Search.dll
2014-02-11 21:23 - 2014-01-04 13:36 - 00830976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-02-11 21:23 - 2014-01-04 13:28 - 04961792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-02-11 21:23 - 2013-12-21 02:10 - 00009701 _____ () C:\Windows\SysWOW64\connectedsearch-results.searchconnector-ms
2014-02-11 21:23 - 2013-12-21 02:10 - 00009701 _____ () C:\Windows\System32\connectedsearch-results.searchconnector-ms
2014-02-11 21:23 - 2013-12-20 10:10 - 01113040 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2014-02-11 21:23 - 2013-12-20 06:13 - 00835584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-02-11 21:23 - 2013-12-09 02:57 - 00548864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-02-11 21:23 - 2013-12-09 01:51 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-11 21:23 - 2013-12-09 00:27 - 02152448 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-02-11 21:23 - 2013-12-09 00:19 - 00570880 _____ (Microsoft Corporation) C:\Windows\System32\msdrm.dll
2014-02-11 21:23 - 2013-12-08 23:55 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-11 21:23 - 2013-12-08 23:54 - 01317376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-11 21:23 - 2013-11-21 06:42 - 04604416 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2014-02-11 21:23 - 2013-11-21 05:44 - 03936256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-10 19:35 - 2014-02-10 19:35 - 00009264 _____ () C:\Users\Pinar\Documents\House Mortgages.xlsx
2014-02-10 18:13 - 2014-02-10 18:13 - 03926528 _____ (Python Software Foundation) C:\Windows\System32\python33.dll
2014-02-10 18:12 - 2014-02-10 18:12 - 00094208 _____ (Python Software Foundation) C:\Windows\pyw.exe
2014-02-10 18:12 - 2014-02-10 18:12 - 00093696 _____ (Python Software Foundation) C:\Windows\py.exe
2014-02-09 19:51 - 2014-02-09 19:51 - 00000017 _____ () C:\Users\ozane_000\AppData\Local\resmon.resmoncfg
2014-02-09 15:10 - 2014-02-09 15:10 - 01029080 _____ (CyberLink) C:\Users\Pinar\Downloads\CyberLink_PowerProducer_Downloader (1).exe
2014-02-09 14:49 - 2014-02-09 14:49 - 01029080 _____ (CyberLink) C:\Users\Pinar\Downloads\CyberLink_PowerProducer_Downloader.exe
2014-02-09 14:46 - 2014-02-09 14:47 - 01029080 _____ (CyberLink) C:\Users\Pinar\Downloads\CyberLink_PowerDirector_Downloader.exe
2014-02-07 11:47 - 2014-02-19 21:06 - 00000000 ____D () C:\Users\Pinar\Documents\PINAR
2014-02-07 11:29 - 2014-02-26 13:10 - 00000000 ____D () C:\Users\Pinar\Documents\BUYRENT
2014-02-07 10:18 - 2014-02-18 13:26 - 00000000 ____D () C:\Users\Pinar\Documents\FOX QUIZ 2104
2014-02-07 08:22 - 2014-02-07 08:22 - 00000000 ____D () C:\Users\Pinar\AppData\Roaming\Wacom
2014-02-06 20:22 - 2014-02-06 20:22 - 00001130 _____ () C:\Users\Public\Desktop\Bamboo Dock.lnk
2014-02-06 20:22 - 2014-02-06 20:22 - 00000000 ____D () C:\Users\ozane_000\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
2014-02-06 20:22 - 2014-02-06 20:22 - 00000000 ____D () C:\Users\ozane_000\AppData\Roaming\wacomid-desktop-launcher
2014-02-06 20:22 - 2014-02-06 20:22 - 00000000 ____D () C:\Users\ozane_000\AppData\Roaming\Wacom
2014-02-06 20:22 - 2014-02-06 20:22 - 00000000 ____D () C:\ProgramData\Wacom
2014-02-06 20:21 - 2014-02-06 20:22 - 00000000 ____D () C:\Program Files (x86)\Bamboo Dock
2014-02-06 20:03 - 2014-02-06 20:22 - 00000002 _____ () C:\Users\ozane_000\.bdockinstall.log
2014-02-06 20:02 - 2014-02-06 20:02 - 30011936 _____ () C:\Users\ozane_000\Downloads\dock_setup.exe
2014-02-06 18:21 - 2014-02-06 18:21 - 04319176 _____ (Piriform Ltd) C:\Users\Pinar\Downloads\dfsetup217.exe
2014-02-05 21:07 - 2014-02-24 19:13 - 00000000 ____D () C:\Program Files\Recuva
2014-02-05 21:06 - 2014-02-05 21:06 - 04092088 _____ (Piriform Ltd) C:\Users\ozane_000\Downloads\rcsetup150.exe
2014-02-05 18:31 - 2014-02-05 18:31 - 00002523 _____ () C:\Users\Public\Desktop\Evernote.lnk
2014-02-05 17:41 - 2014-02-27 17:02 - 00000368 _____ () C:\Windows\Tasks\HPCeeScheduleForozane_000.job
2014-02-05 17:41 - 2014-02-27 16:59 - 00003190 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForozane_000
2014-02-05 17:39 - 2014-02-06 18:22 - 00000000 ____D () C:\Program Files\Defraggler
2014-02-05 17:38 - 2014-02-05 17:38 - 04208656 _____ (Piriform Ltd) C:\Users\ozane_000\Downloads\dfsetup216.exe
2014-02-04 21:44 - 2014-02-04 21:44 - 20537344 _____ () C:\Users\ozane_000\Downloads\python-3.3.3.msi
2014-02-04 19:57 - 2014-02-04 19:56 - 00001440 _____ () C:\Users\ozane_000\Documents\launch.ica
2014-02-04 17:54 - 2014-02-04 17:54 - 00000000 ____D () C:\Users\ozane_000\AppData\Roaming\Sony Corporation
2014-02-04 17:45 - 2014-02-04 17:45 - 00022648 _____ () C:\Users\Pinar\Documents\cc_20140204_174531.reg
2014-02-04 17:33 - 2014-02-04 17:33 - 00000000 ____D () C:\Users\Pinar\Documents\Splashtop Whiteboard
2014-02-04 17:33 - 2014-02-04 17:33 - 00000000 ____D () C:\Users\Pinar\Documents\Splashtop Presenter
2014-02-04 17:20 - 2014-02-04 17:20 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2014-02-04 17:17 - 2014-02-04 17:17 - 00000000 ____D () C:\Program Files\Common Files\Sony Shared
2014-02-04 17:11 - 2014-02-04 17:11 - 00002142 _____ () C:\Users\Public\Desktop\PlayMemories Home.lnk
2014-02-04 17:11 - 2014-02-04 17:11 - 00002046 _____ () C:\Users\Public\Desktop\PlayMemories Home Help.lnk
2014-02-04 17:00 - 2014-02-04 17:26 - 00000000 ____D () C:\Users\Pinar\Documents\Sony PMB
2014-02-04 17:00 - 2014-02-04 17:00 - 02761240 _____ (Sony Corporation) C:\Users\Pinar\Downloads\PMHOME_3031DL.exe
2014-02-04 17:00 - 2014-02-04 17:00 - 00000000 ____D () C:\Users\Pinar\AppData\Roaming\Sony Corporation
2014-02-04 16:58 - 2014-02-04 17:17 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-02-04 16:58 - 2014-02-04 17:06 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-02-04 16:58 - 2014-02-04 16:58 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-02-04 16:56 - 2014-02-04 16:56 - 00000000 ____D () C:\Users\Pinar\Downloads\SONYPMB
2014-02-04 16:54 - 2014-02-04 16:56 - 212086392 _____ () C:\Users\Pinar\Downloads\PMB_5802.exe
2014-02-04 16:53 - 2014-02-04 16:53 - 00000000 ____D () C:\Users\Pinar\Downloads\SPUDownloadManager_1111a
2014-02-04 16:50 - 2014-02-04 16:50 - 00000000 ____D () C:\Users\Pinar\Downloads\SPUDownloadManager
2014-02-04 16:49 - 2014-02-04 16:49 - 01379960 _____ () C:\Users\Pinar\Downloads\SPUDownloadManager_1111a.exe

==================== One Month Modified Files and Folders =======

2014-03-06 18:16 - 2014-03-06 18:16 - 00000000 ____D () C:\FRST
2014-03-04 17:01 - 2014-02-28 10:31 - 440221750 _____ () C:\Windows\MEMORY.DMP
2014-03-03 17:24 - 2013-11-08 16:42 - 00000000 ____D () C:\ProgramData\Recovery
2014-03-01 18:59 - 2014-03-01 18:59 - 00000178 _____ () C:\Users\ozane_000\New shortcut.lnk
2014-03-01 18:59 - 2013-10-20 09:18 - 00000000 ____D () C:\users\ozane_000
2014-02-28 18:04 - 2014-02-28 12:40 - 00000000 _____ () C:\Recovery.txt
2014-02-27 21:17 - 2014-02-27 21:17 - 00029080 ____N () C:\bootsqm.dat
2014-02-27 21:17 - 2014-02-27 21:17 - 00000000 __SHD () C:\found.000
2014-02-27 21:08 - 2013-08-22 13:25 - 01310720 ___SH () C:\Windows\System32\config\BBI
2014-02-27 21:07 - 2014-02-23 13:49 - 00000000 ____D () C:\Users\Pinar\AppData\Local\CrashDumps
2014-02-27 21:07 - 2013-10-20 09:18 - 00000000 ____D () C:\Users\ozane_000\AppData\Local\Microsoft Help
2014-02-27 21:06 - 2014-02-18 20:18 - 00000000 ____D () C:\Users\ozane_000\AppData\Local\CrashDumps
2014-02-27 21:05 - 2013-10-19 14:51 - 00000000 __RDO () C:\Users\Pinar\SkyDrive
2014-02-27 21:04 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\System32\sru
2014-02-27 21:01 - 2014-02-24 17:12 - 00000000 ____D () C:\Users\ozane_000\Documents\listdir Test
2014-02-27 20:45 - 2013-10-24 07:45 - 00000000 ____D () C:\Users\ozane_000\AppData\Roaming\Skype
2014-02-27 20:33 - 2013-10-25 15:33 - 00000352 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-02-27 20:28 - 2013-11-09 16:08 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-27 20:25 - 2013-10-19 15:26 - 00000000 ____D () C:\ProgramData\Skype
2014-02-27 20:24 - 2013-09-30 04:11 - 00956476 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-02-27 20:12 - 2014-02-27 20:12 - 00001873 _____ () C:\Users\ozane_000\Desktop\RKreport[0]_D_02272014_201240.txt
2014-02-27 20:12 - 2014-02-27 20:12 - 00000699 _____ () C:\Users\ozane_000\Desktop\RKreport[0]_DN_02272014_201247.txt
2014-02-27 20:11 - 2014-02-27 20:11 - 00001824 _____ () C:\Users\ozane_000\Desktop\RKreport[0]_S_02272014_201158.txt
2014-02-27 20:07 - 2014-02-27 19:59 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-27 20:07 - 2013-10-20 09:24 - 00000000 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2973332726-1994808904-4280726643-1004
2014-02-27 20:07 - 2013-10-19 12:49 - 00000000 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2973332726-1994808904-4280726643-1001
2014-02-27 20:02 - 2013-10-19 15:06 - 00001867 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk
2014-02-27 19:28 - 2013-11-09 16:09 - 00002170 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-27 19:28 - 2013-11-09 16:08 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-27 18:17 - 2014-02-23 15:16 - 01115237 _____ () C:\Windows\WindowsUpdate.log
2014-02-27 18:01 - 2014-02-27 18:01 - 04765152 _____ (Piriform Ltd) C:\Users\ozane_000\Downloads\ccsetup411.exe
2014-02-27 18:01 - 2014-02-02 21:28 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-27 17:50 - 2013-10-19 12:41 - 00000000 ____D () C:\Users\Pinar\AppData\Local\Packages
2014-02-27 17:29 - 2013-12-17 17:31 - 00003166 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForPinar
2014-02-27 17:29 - 2013-12-17 17:31 - 00000352 _____ () C:\Windows\Tasks\HPCeeScheduleForPinar.job
2014-02-27 17:27 - 2013-10-19 15:05 - 00000000 __RSD () C:\Users\Pinar\Documents\McAfee Vaults
2014-02-27 17:25 - 2013-10-19 14:38 - 00000000 ____D () C:\users\Pinar
2014-02-27 17:06 - 2014-02-18 17:10 - 00000000 ____D () C:\Users\ozane_000\AppData\Roaming\edu.media.mit.Scratch2Editor
2014-02-27 17:06 - 2013-10-20 18:49 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C98B7FBC-1293-43C2-A0B2-30FA5941B48F}
2014-02-27 17:06 - 2013-10-20 09:21 - 00000000 __RSD () C:\Users\ozane_000\Documents\McAfee Vaults
2014-02-27 17:04 - 2013-10-20 09:20 - 00000000 __RDO () C:\Users\ozane_000\SkyDrive
2014-02-27 17:02 - 2014-02-05 17:41 - 00000368 _____ () C:\Windows\Tasks\HPCeeScheduleForozane_000.job
2014-02-27 17:02 - 2013-08-22 14:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-27 16:59 - 2014-02-05 17:41 - 00003190 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForozane_000
2014-02-27 16:58 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-02-26 19:28 - 2014-02-26 19:28 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-02-26 19:27 - 2014-02-26 19:26 - 41945432 _____ (Apple Inc.) C:\Users\ozane_000\Downloads\QuickTimeInstaller (1).exe
2014-02-26 18:09 - 2014-02-26 18:08 - 41945432 _____ (Apple Inc.) C:\Users\ozane_000\Downloads\QuickTimeInstaller.exe
2014-02-26 17:36 - 2013-10-23 13:10 - 00000000 ____D () C:\Users\Pinar\Documents\LATYMER
2014-02-26 17:24 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\System32\config\ELAM
2014-02-26 16:33 - 2013-10-19 14:52 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{41C721E7-B2A6-4F11-A7EC-6516ED80CDDA}
2014-02-26 13:10 - 2014-02-07 11:29 - 00000000 ____D () C:\Users\Pinar\Documents\BUYRENT
2014-02-26 11:25 - 2013-12-15 11:53 - 00000000 ____D () C:\Users\Pinar\Documents\Hakan
2014-02-26 11:15 - 2013-10-27 13:53 - 00000000 ____D () C:\Users\ozane_000\Documents\ScanSnap
2014-02-25 20:19 - 2014-02-25 19:55 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-25 19:55 - 2014-02-25 19:55 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-02-25 17:06 - 2013-10-20 09:19 - 00000000 ____D () C:\Users\ozane_000\AppData\Local\Adobe
2014-02-24 20:07 - 2014-02-24 20:07 - 00003589 _____ () C:\Users\ozane_000\Documents\~ScratcherSetupSelf.DDF
2014-02-24 20:07 - 2014-01-29 19:40 - 00002923 _____ () C:\Users\ozane_000\Documents\ScratcherSetupSelf.SED
2014-02-24 19:24 - 2014-02-01 20:27 - 00000171 _____ () C:\Users\ozane_000\Documents\Shutdown.bat
2014-02-24 19:13 - 2014-02-05 21:07 - 00000000 ____D () C:\Program Files\Recuva
2014-02-24 18:59 - 2014-02-24 18:59 - 00000000 ____D () C:\Users\ozane_000\Documents\ListdirTest
2014-02-24 18:59 - 2014-02-24 18:59 - 00000000 ____D () C:\Users\ozane_000\AppData\Local\listdir-test
2014-02-24 17:05 - 2014-02-24 16:59 - 48726470 _____ () C:\Users\ozane_000\NothingYouCanDo!.bat
2014-02-23 21:26 - 2014-02-23 21:26 - 00000277 _____ () C:\Users\ozane_000\Documents\funny.vbs
2014-02-23 21:11 - 2014-02-23 21:09 - 00001740 _____ () C:\Users\ozane_000\Desktop\My School Laptop.lnk
2014-02-23 20:32 - 2014-02-23 20:31 - 40668896 _____ () C:\Users\ozane_000\Documents\thiswillcrashyourpc!.txt
2014-02-23 20:29 - 2014-02-23 20:28 - 00000000 _____ () C:\Users\ozane_000\Documents\testdirectories2.txt
2014-02-23 20:28 - 2014-02-23 20:25 - 11122199 _____ () C:\Users\ozane_000\Documents\testdirectories.txt
2014-02-23 19:16 - 2014-02-23 19:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-23 19:16 - 2014-02-23 19:16 - 00000000 _____ () C:\Windows\setupact.log
2014-02-23 19:01 - 2013-11-06 20:47 - 00000000 _____ () C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-02-23 19:01 - 2013-10-19 13:42 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-02-23 14:40 - 2013-10-25 10:59 - 00000000 ____D () C:\Users\ozane_000\Documents\SafeNet Sentinel
2014-02-23 14:38 - 2013-12-16 14:06 - 00000000 ____D () C:\Windows\Minidump
2014-02-20 22:05 - 2014-02-11 22:03 - 00049966 _____ () C:\Users\ozane_000\Documents\thingy.html
2014-02-20 20:16 - 2014-02-20 20:14 - 00000158 _____ () C:\Users\ozane_000\Documents\BrainPop.py
2014-02-20 20:00 - 2014-02-20 20:00 - 00002776 _____ () C:\Windows\System32\Tasks\RunSpeccy
2014-02-20 19:55 - 2014-02-20 19:55 - 00000000 ____D () C:\Program Files\Speccy
2014-02-20 18:16 - 2013-11-03 19:20 - 00000000 ____D () C:\Users\ozane_000\AppData\Local\Deployment
2014-02-20 18:09 - 2013-09-30 13:35 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-20 18:06 - 2013-10-25 17:19 - 00000000 ____D () C:\Users\ozane_000\.thinkbuzan
2014-02-20 18:06 - 2013-10-24 15:24 - 00000000 ____D () C:\ProgramData\ThinkBuzan
2014-02-20 18:06 - 2013-10-24 15:24 - 00000000 ____D () C:\ProgramData\JSoft
2014-02-20 18:05 - 2014-02-20 18:05 - 00000000 ____D () C:\Users\ozane_000\AppData\Roaming\ThinkBuzan
2014-02-20 17:25 - 2014-02-20 17:25 - 00003098 _____ () C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2973332726-1994808904-4280726643-1001
2014-02-20 17:25 - 2014-02-20 17:25 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-02-20 11:42 - 2014-02-20 11:42 - 00000072 _____ () C:\Users\ozane_000\Documents\Hakan will love this.vbs
2014-02-19 21:06 - 2014-02-07 11:47 - 00000000 ____D () C:\Users\Pinar\Documents\PINAR
2014-02-18 20:41 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\rescache
2014-02-18 17:30 - 2014-02-18 17:27 - 00000000 ____D () C:\Users\ozane_000\Documents\Java Greenfoot
2014-02-18 17:28 - 2014-02-18 17:26 - 00000000 ____D () C:\Users\ozane_000\greenfoot
2014-02-18 17:25 - 2014-02-18 17:25 - 00000000 ____D () C:\Users\ozane_000\.jmc
2014-02-18 17:25 - 2014-02-18 17:25 - 00000000 ____D () C:\Users\ozane_000\.eclipse
2014-02-18 17:24 - 2014-02-18 17:24 - 00312744 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe
2014-02-18 17:24 - 2014-02-18 17:24 - 00189352 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe
2014-02-18 17:24 - 2014-02-18 17:24 - 00189352 _____ (Oracle Corporation) C:\Windows\System32\java.exe
2014-02-18 17:24 - 2014-02-18 17:24 - 00108968 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2014-02-18 17:24 - 2014-02-18 17:24 - 00000000 ____D () C:\Program Files\Java
2014-02-18 17:23 - 2014-02-18 17:23 - 00001854 _____ () C:\Users\Public\Desktop\Greenfoot.lnk
2014-02-18 17:23 - 2014-02-18 17:23 - 00000000 ____D () C:\Program Files (x86)\Greenfoot
2014-02-18 17:21 - 2014-02-18 17:15 - 131557792 _____ (Oracle Corporation) C:\Users\ozane_000\Downloads\jdk-7u51-windows-x64.exe
2014-02-18 17:14 - 2014-02-18 17:14 - 07836560 _____ () C:\Users\ozane_000\Downloads\Greenfoot-windows-230.msi
2014-02-18 13:32 - 2014-02-18 13:30 - 00000000 ____D () C:\Users\ozane_000\Desktop\RK_Quarantine
2014-02-18 13:28 - 2014-02-18 13:24 - 00000000 ____D () C:\AdwCleaner
2014-02-18 13:26 - 2014-02-07 10:18 - 00000000 ____D () C:\Users\Pinar\Documents\FOX QUIZ 2104
2014-02-18 11:48 - 2014-02-18 11:48 - 00000000 ____D () C:\Users\ozane_000\AppData\Roaming\Malwarebytes
2014-02-18 11:48 - 2014-02-18 11:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-18 11:48 - 2014-02-18 11:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-18 11:24 - 2014-01-07 21:12 - 00144208 _____ () C:\Users\ozane_000\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-18 11:04 - 2014-02-18 11:03 - 00001616 _____ () C:\Users\ozane_000\Desktop\Rkill.txt
2014-02-17 21:24 - 2014-02-17 21:21 - 221290352 _____ () C:\Users\ozane_000\Downloads\EmsisoftEmergencyKit.exe
2014-02-17 21:21 - 2014-02-17 21:21 - 09988304 _____ (SurfRight B.V.) C:\Users\ozane_000\Downloads\HitmanPro.exe
2014-02-17 21:20 - 2014-02-17 21:20 - 03813376 _____ () C:\Users\ozane_000\Downloads\RogueKiller.exe
2014-02-17 21:19 - 2014-02-17 21:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\ozane_000\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-17 21:18 - 2014-02-17 21:18 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\ozane_000\Downloads\iExplore.exe
2014-02-17 21:00 - 2013-08-22 15:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-17 21:00 - 2013-08-22 15:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-17 20:55 - 2014-02-17 20:55 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\ozane_000\Downloads\tdsskiller.exe
2014-02-17 19:53 - 2014-02-17 19:53 - 00000000 ____D () C:\Users\Pinar\Documents\Ev
2014-02-17 15:34 - 2014-02-17 15:34 - 00000047 _____ () C:\Users\ozane_000\Documents\RudeWords.py
2014-02-17 11:09 - 2013-11-23 19:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2014-02-17 10:41 - 2014-02-16 18:42 - 00000000 ____D () C:\Users\ozane_000\AppData\Local\IndieCity
2014-02-17 10:41 - 2014-02-16 18:42 - 00000000 ____D () C:\ProgramData\IndieCity
2014-02-16 18:56 - 2014-02-16 18:55 - 00000249 _____ () C:\Users\ozane_000\Documents\test.py
2014-02-16 18:54 - 2014-02-16 18:53 - 00000256 _____ () C:\Users\ozane_000\Documents\test.bat
2014-02-16 18:52 - 2014-02-16 18:52 - 00000000 ____D () C:\Python
2014-02-16 18:49 - 2014-02-16 18:49 - 06422528 _____ () C:\Users\ozane_000\Downloads\pygame-1.9.2a0.win32-py3.2.msi
2014-02-16 18:42 - 2014-02-16 18:42 - 00000000 ____D () C:\Program Files (x86)\IndieCity
2014-02-16 17:52 - 2014-02-16 17:51 - 00000000 ____D () C:\Users\ozane_000\Downloads\I'manoob
2014-02-16 17:09 - 2013-11-01 16:15 - 00000000 ____D () C:\Python33
2014-02-16 17:07 - 2014-02-16 17:07 - 21168128 _____ () C:\Users\ozane_000\Downloads\python-3.3.4.amd64.msi
2014-02-16 14:12 - 2014-02-16 13:21 - 1373248241 _____ () C:\Users\ozane_000\Downloads\NOOBS_v1_3_4.zip
2014-02-16 14:11 - 2014-02-16 14:11 - 00002069 _____ () C:\Users\Public\Desktop\SDFormatter.lnk
2014-02-16 14:11 - 2014-02-16 14:11 - 00000000 ____D () C:\Program Files (x86)\SDA
2014-02-16 14:10 - 2014-02-02 18:54 - 00000000 ____D () C:\Users\ozane_000\AppData\Local\Downloaded Installations
2014-02-16 14:07 - 2014-02-16 14:05 - 06286748 _____ () C:\Users\ozane_000\Downloads\SDFormatterv4.zip
2014-02-15 20:57 - 2013-10-19 15:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-15 20:57 - 2013-10-19 15:04 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-02-15 18:54 - 2014-01-17 20:56 - 00000000 ____D () C:\ProgramData\National Instruments
2014-02-15 18:53 - 2014-02-15 18:53 - 00002067 _____ () C:\Users\Public\Desktop\LEGO MINDSTORMS EV3 Home Edition.lnk
2014-02-15 18:53 - 2014-02-15 18:53 - 00000000 ____D () C:\Users\ozane_000\Documents\LEGO Creations
2014-02-15 18:53 - 2014-02-15 18:53 - 00000000 ____D () C:\Program Files (x86)\LEGO Software
2014-02-15 18:52 - 2014-02-15 18:52 - 00000000 ____D () C:\ProgramData\LEGO MINDSTORMS EV3
2014-02-15 18:52 - 2014-01-17 20:56 - 00000000 ____D () C:\Program Files (x86)\National Instruments
2014-02-15 18:33 - 2014-02-15 18:32 - 00000096 _____ () C:\Users\ozane_000\Documents\Open Me!!!!!!!.vbs
2014-02-14 19:35 - 2013-10-29 15:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 17:59 - 2014-02-14 17:59 - 00002713 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-14 17:59 - 2014-02-14 17:59 - 00000000 ____D () C:\Users\ozane_000\AppData\Local\Skype
2014-02-14 17:59 - 2013-10-19 15:50 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-14 17:11 - 2014-01-12 17:27 - 00000000 ____D () C:\Users\Pinar\AppData\Local\Windows Live
2014-02-14 14:10 - 2013-10-19 14:53 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-02-14 14:10 - 2012-07-26 08:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-02-13 21:54 - 2013-11-26 20:48 - 00000000 ___RD () C:\Users\ozane_000\Dropbox
2014-02-13 21:33 - 2014-02-13 21:33 - 00000000 ____D () C:\Users\ozane_000\Documents\Sony PMB
2014-02-13 21:23 - 2013-11-26 20:45 - 00000000 ____D () C:\Users\ozane_000\AppData\Roaming\Dropbox
2014-02-13 19:34 - 2013-10-25 10:56 - 00000000 ____D () C:\Users\ozane_000\AppData\Roaming\HpUpdate
2014-02-13 19:23 - 2013-11-09 16:08 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-13 19:23 - 2013-11-09 16:08 - 00003660 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-13 17:27 - 2014-02-13 17:27 - 01323619 _____ () C:\Users\ozane_000\Downloads\Scratch Error.zip
2014-02-12 20:11 - 2013-12-19 16:47 - 00000000 ____D () C:\Users\ozane_000\Documents\Scores
2014-02-12 09:13 - 2013-08-22 14:44 - 00605096 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-02-11 22:06 - 2013-08-22 15:36 - 00000000 ___RD () C:\Windows\ToastData
2014-02-11 22:06 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\SysWOW64\en-GB
2014-02-11 22:06 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\System32\en-GB
2014-02-11 22:06 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-02-11 22:06 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\FileManager
2014-02-11 22:06 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\Camera
2014-02-11 21:28 - 2013-10-19 15:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-11 21:27 - 2013-10-19 13:14 - 00000000 ____D () C:\Windows\System32\MRT
2014-02-11 21:25 - 2013-10-19 13:14 - 88567024 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-02-11 13:46 - 2013-11-16 18:04 - 00000000 ____D () C:\Users\Pinar\Documents\FOX
2014-02-11 11:27 - 2014-01-08 11:28 - 00000000 ____D () C:\Users\Pinar\Documents\ScanSnap
2014-02-10 19:35 - 2014-02-10 19:35 - 00009264 _____ () C:\Users\Pinar\Documents\House Mortgages.xlsx
2014-02-10 18:13 - 2014-02-10 18:13 - 03926528 _____ (Python Software Foundation) C:\Windows\System32\python33.dll
2014-02-10 18:12 - 2014-02-10 18:12 - 00094208 _____ (Python Software Foundation) C:\Windows\pyw.exe
2014-02-10 18:12 - 2014-02-10 18:12 - 00093696 _____ (Python Software Foundation) C:\Windows\py.exe
2014-02-09 21:49 - 2013-10-19 15:51 - 00000000 ____D () C:\Users\Pinar\AppData\Roaming\Skype
2014-02-09 19:51 - 2014-02-09 19:51 - 00000017 _____ () C:\Users\ozane_000\AppData\Local\resmon.resmoncfg
2014-02-09 15:12 - 2014-01-17 21:01 - 00000000 ____D () C:\Users\ozane_000\Downloads\Cyberlink
2014-02-09 15:10 - 2014-02-09 15:10 - 01029080 _____ (CyberLink) C:\Users\Pinar\Downloads\CyberLink_PowerProducer_Downloader (1).exe
2014-02-09 14:50 - 2014-02-02 19:04 - 00000000 ____D () C:\Users\Pinar\Documents\SelfMV
2014-02-09 14:50 - 2014-02-02 18:55 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-09 14:49 - 2014-02-09 14:49 - 01029080 _____ (CyberLink) C:\Users\Pinar\Downloads\CyberLink_PowerProducer_Downloader.exe
2014-02-09 14:47 - 2014-02-09 14:46 - 01029080 _____ (CyberLink) C:\Users\Pinar\Downloads\CyberLink_PowerDirector_Downloader.exe
2014-02-07 08:22 - 2014-02-07 08:22 - 00000000 ____D () C:\Users\Pinar\AppData\Roaming\Wacom
2014-02-06 20:22 - 2014-02-06 20:22 - 00001130 _____ () C:\Users\Public\Desktop\Bamboo Dock.lnk
2014-02-06 20:22 - 2014-02-06 20:22 - 00000000 ____D () C:\Users\ozane_000\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
2014-02-06 20:22 - 2014-02-06 20:22 - 00000000 ____D () C:\Users\ozane_000\AppData\Roaming\wacomid-desktop-launcher
2014-02-06 20:22 - 2014-02-06 20:22 - 00000000 ____D () C:\Users\ozane_000\AppData\Roaming\Wacom
2014-02-06 20:22 - 2014-02-06 20:22 - 00000000 ____D () C:\ProgramData\Wacom
2014-02-06 20:22 - 2014-02-06 20:21 - 00000000 ____D () C:\Program Files (x86)\Bamboo Dock
2014-02-06 20:22 - 2014-02-06 20:03 - 00000002 _____ () C:\Users\ozane_000\.bdockinstall.log
2014-02-06 20:02 - 2014-02-06 20:02 - 30011936 _____ () C:\Users\ozane_000\Downloads\dock_setup.exe
2014-02-06 18:22 - 2014-02-05 17:39 - 00000000 ____D () C:\Program Files\Defraggler
2014-02-06 18:21 - 2014-02-06 18:21 - 04319176 _____ (Piriform Ltd) C:\Users\Pinar\Downloads\dfsetup217.exe
2014-02-06 12:16 - 2014-02-11 21:24 - 23170048 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-02-06 11:30 - 2014-02-11 21:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-02-06 11:30 - 2014-02-11 21:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:12 - 2014-02-11 21:24 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-02-06 11:07 - 2014-02-11 21:24 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-02-06 11:06 - 2014-02-11 21:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-11 21:24 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-02-06 10:56 - 2014-02-11 21:24 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-02-06 10:49 - 2014-02-11 21:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48 - 2014-02-11 21:24 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-02-06 10:48 - 2014-02-11 21:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:38 - 2014-02-11 21:24 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 10:32 - 2014-02-11 21:24 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-02-06 10:20 - 2014-02-11 21:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 10:17 - 2014-02-11 21:24 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-02-06 10:11 - 2014-02-11 21:24 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-02-06 10:01 - 2014-02-11 21:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 10:00 - 2014-02-11 21:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 09:57 - 2014-02-11 21:24 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 09:57 - 2014-02-11 21:24 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-02-06 09:52 - 2014-02-11 21:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 09:52 - 2014-02-11 21:24 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 09:50 - 2014-02-11 21:24 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47 - 2014-02-11 21:24 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 09:46 - 2014-02-11 21:24 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 09:25 - 2014-02-11 21:24 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 09:25 - 2014-02-11 21:24 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 09:24 - 2014-02-11 21:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-02-06 09:22 - 2014-02-11 21:24 - 13051392 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-02-06 09:13 - 2014-02-11 21:24 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 09:09 - 2014-02-11 21:24 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 09:03 - 2014-02-11 21:24 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 08:55 - 2014-02-11 21:24 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-02-06 08:41 - 2014-02-11 21:24 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 08:40 - 2014-02-11 21:24 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-02-06 08:36 - 2014-02-11 21:24 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 08:34 - 2014-02-11 21:24 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 21:06 - 2014-02-05 21:06 - 04092088 _____ (Piriform Ltd) C:\Users\ozane_000\Downloads\rcsetup150.exe
2014-02-05 19:03 - 2013-12-16 19:37 - 00000000 ____D () C:\Users\ozane_000\Documents\Scratch Projects
2014-02-05 18:31 - 2014-02-05 18:31 - 00002523 _____ () C:\Users\Public\Desktop\Evernote.lnk
2014-02-05 17:38 - 2014-02-05 17:38 - 04208656 _____ (Piriform Ltd) C:\Users\ozane_000\Downloads\dfsetup216.exe
2014-02-04 21:44 - 2014-02-04 21:44 - 20537344 _____ () C:\Users\ozane_000\Downloads\python-3.3.3.msi
2014-02-04 19:56 - 2014-02-04 19:57 - 00001440 _____ () C:\Users\ozane_000\Documents\launch.ica
2014-02-04 17:54 - 2014-02-04 17:54 - 00000000 ____D () C:\Users\ozane_000\AppData\Roaming\Sony Corporation
2014-02-04 17:45 - 2014-02-04 17:45 - 00022648 _____ () C:\Users\Pinar\Documents\cc_20140204_174531.reg
2014-02-04 17:39 - 2014-02-02 19:04 - 00000000 ____D () C:\Users\Pinar\AppData\Roaming\Samsung
2014-02-04 17:39 - 2014-02-02 18:55 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-02-04 17:33 - 2014-02-04 17:33 - 00000000 ____D () C:\Users\Pinar\Documents\Splashtop Whiteboard
2014-02-04 17:33 - 2014-02-04 17:33 - 00000000 ____D () C:\Users\Pinar\Documents\Splashtop Presenter
2014-02-04 17:32 - 2013-10-20 07:06 - 00000000 ____D () C:\Program Files (x86)\TomTom International B.V
2014-02-04 17:26 - 2014-02-04 17:00 - 00000000 ____D () C:\Users\Pinar\Documents\Sony PMB
2014-02-04 17:20 - 2014-02-04 17:20 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2014-02-04 17:17 - 2014-02-04 17:17 - 00000000 ____D () C:\Program Files\Common Files\Sony Shared
2014-02-04 17:17 - 2014-02-04 16:58 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-02-04 17:11 - 2014-02-04 17:11 - 00002142 _____ () C:\Users\Public\Desktop\PlayMemories Home.lnk
2014-02-04 17:11 - 2014-02-04 17:11 - 00002046 _____ () C:\Users\Public\Desktop\PlayMemories Home Help.lnk
2014-02-04 17:06 - 2014-02-04 16:58 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-02-04 17:00 - 2014-02-04 17:00 - 02761240 _____ (Sony Corporation) C:\Users\Pinar\Downloads\PMHOME_3031DL.exe
2014-02-04 17:00 - 2014-02-04 17:00 - 00000000 ____D () C:\Users\Pinar\AppData\Roaming\Sony Corporation
2014-02-04 16:58 - 2014-02-04 16:58 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-02-04 16:56 - 2014-02-04 16:56 - 00000000 ____D () C:\Users\Pinar\Downloads\SONYPMB
2014-02-04 16:56 - 2014-02-04 16:54 - 212086392 _____ () C:\Users\Pinar\Downloads\PMB_5802.exe
2014-02-04 16:53 - 2014-02-04 16:53 - 00000000 ____D () C:\Users\Pinar\Downloads\SPUDownloadManager_1111a
2014-02-04 16:50 - 2014-02-04 16:50 - 00000000 ____D () C:\Users\Pinar\Downloads\SPUDownloadManager
2014-02-04 16:49 - 2014-02-04 16:49 - 01379960 _____ () C:\Users\Pinar\Downloads\SPUDownloadManager_1111a.exe

Files to move or delete:
====================
C:\Users\ozane_000\NothingYouCanDo!.bat
C:\Users\ozane_000\Scratcher 3.3.exe


Some content of TEMP:
====================
C:\Users\ozane_000\AppData\Local\Temp\certutil.exe
C:\Users\ozane_000\AppData\Local\Temp\msvcr71.dll
C:\Users\ozane_000\AppData\Local\Temp\nspr4.dll
C:\Users\ozane_000\AppData\Local\Temp\nss3.dll
C:\Users\ozane_000\AppData\Local\Temp\ntdll_dump.dll
C:\Users\ozane_000\AppData\Local\Temp\plc4.dll
C:\Users\ozane_000\AppData\Local\Temp\plds4.dll
C:\Users\ozane_000\AppData\Local\Temp\SkypeSetup.exe
C:\Users\ozane_000\AppData\Local\Temp\smime3.dll
C:\Users\ozane_000\AppData\Local\Temp\softokn3.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe:  <===== ATTENTION!
HKLM\...\exefile\DefaultIcon:  <===== ATTENTION!
HKLM\...\exefile\open\command:  <===== ATTENTION!

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 8126.09 MB
Available physical RAM: 7078.99 MB
Total Pagefile: 8126.09 MB
Available Pagefile: 7105.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:913.79 GB) (Free:724.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:15.9 GB) (Free:1.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (External Disk) (Fixed) (Total:931.48 GB) (Free:728.8 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.12 GB) (Free:0.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: A7DF1070)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931 GB) (Disk ID: 00042ADA)
Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)


LastRegBack: 2014-02-18 18:53

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


m

#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:37 AM

Posted 06 March 2014 - 07:24 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit]  [X]
HKLM\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
HKLM-x32\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
HKLM\...\InprocServer32: [Default-wbemess]  ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
Startup: C:\Users\ozane_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\ozane_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iMindMap6 Preloader.lnk
ShortcutTarget: iMindMap6 Preloader.lnk ->  (No File)
ShortcutTarget: iMindMap6 Preloader.lnk ->  (No File)
C:\Users\ozane_000\NothingYouCanDo!.bat
C:\Users\ozane_000\Scratcher 3.3.exe
C:\Users\ozane_000\AppData\Local\Temp\certutil.exe
C:\Users\ozane_000\AppData\Local\Temp\msvcr71.dll
C:\Users\ozane_000\AppData\Local\Temp\nspr4.dll
C:\Users\ozane_000\AppData\Local\Temp\nss3.dll
C:\Users\ozane_000\AppData\Local\Temp\ntdll_dump.dll
C:\Users\ozane_000\AppData\Local\Temp\plc4.dll
C:\Users\ozane_000\AppData\Local\Temp\plds4.dll
C:\Users\ozane_000\AppData\Local\Temp\SkypeSetup.exe
C:\Users\ozane_000\AppData\Local\Temp\smime3.dll
C:\Users\ozane_000\AppData\Local\Temp\softokn3.dll
HKLM\...\.exe:  <===== ATTENTION!
HKLM\...\exefile\DefaultIcon:  <===== ATTENTION!
HKLM\...\exefile\open\command:  <===== ATTENTION!

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

 

Once you have ran this script please try and boot normally and in Safemode. Let me know how it goes?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 purat111

purat111
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 07 March 2014 - 12:14 PM

Hi there,

 

i've run the fix, but unfortunately, I'm still unable to boot into any mode - when I setelct Safe Mode or Normal Mode, I get the error 'No boot disk is inserted or it ihas failed" .

Here's the log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-03-2014
Ran by SYSTEM at 2014-03-07 17:04:50 Run:1
Running from F:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit]  [X]
HKLM\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
HKLM-x32\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
HKLM\...\InprocServer32: [Default-wbemess]  ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
Startup: C:\Users\ozane_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\ozane_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iMindMap6 Preloader.lnk
ShortcutTarget: iMindMap6 Preloader.lnk ->  (No File)
ShortcutTarget: iMindMap6 Preloader.lnk ->  (No File)
C:\Users\ozane_000\NothingYouCanDo!.bat
C:\Users\ozane_000\Scratcher 3.3.exe
C:\Users\ozane_000\AppData\Local\Temp\certutil.exe
C:\Users\ozane_000\AppData\Local\Temp\msvcr71.dll
C:\Users\ozane_000\AppData\Local\Temp\nspr4.dll
C:\Users\ozane_000\AppData\Local\Temp\nss3.dll
C:\Users\ozane_000\AppData\Local\Temp\ntdll_dump.dll
C:\Users\ozane_000\AppData\Local\Temp\plc4.dll
C:\Users\ozane_000\AppData\Local\Temp\plds4.dll
C:\Users\ozane_000\AppData\Local\Temp\SkypeSetup.exe
C:\Users\ozane_000\AppData\Local\Temp\smime3.dll
C:\Users\ozane_000\AppData\Local\Temp\softokn3.dll
HKLM\...\.exe:  <===== ATTENTION!
HKLM\...\exefile\DefaultIcon:  <===== ATTENTION!
HKLM\...\exefile\open\command:  <===== ATTENTION!
*****************

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default => Value was restored successfully.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
C:\Users\ozane_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk => Moved successfully.
ShortcutTarget: Dropbox.lnk ->  (No File) not found.
C:\Users\ozane_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iMindMap6 Preloader.lnk => Moved successfully.
ShortcutTarget: iMindMap6 Preloader.lnk ->  (No File) not found.
ShortcutTarget: iMindMap6 Preloader.lnk ->  (No File) not found.
C:\Users\ozane_000\NothingYouCanDo!.bat => Moved successfully.
C:\Users\ozane_000\Scratcher 3.3.exe => Moved successfully.
C:\Users\ozane_000\AppData\Local\Temp\certutil.exe => Moved successfully.
C:\Users\ozane_000\AppData\Local\Temp\msvcr71.dll => Moved successfully.
C:\Users\ozane_000\AppData\Local\Temp\nspr4.dll => Moved successfully.
C:\Users\ozane_000\AppData\Local\Temp\nss3.dll => Moved successfully.
C:\Users\ozane_000\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
C:\Users\ozane_000\AppData\Local\Temp\plc4.dll => Moved successfully.
C:\Users\ozane_000\AppData\Local\Temp\plds4.dll => Moved successfully.
C:\Users\ozane_000\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\ozane_000\AppData\Local\Temp\smime3.dll => Moved successfully.
C:\Users\ozane_000\AppData\Local\Temp\softokn3.dll => Moved successfully.
HKLM\Software\Classes\.exe\\Default => Value was restored successfully.
HKLM\Software\Classes\exefile\DefaultIcon\\Default => Value was restored successfully.
HKLM\Software\Classes\exefile\shell\open\command\\Default => Value was restored successfully.

==== End of Fixlog ====

Thanks for your help :)



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:37 AM

Posted 07 March 2014 - 01:31 PM

Do you have a Cd in the cd player? 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 purat111

purat111
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 07 March 2014 - 02:06 PM

No, I don't but there is a USB hard drive attached to the computer. I'll remove it and try again.



#6 purat111

purat111
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 07 March 2014 - 02:11 PM

At least something is working... this time it gets past the HP screen without any error, waits a few seconds then shows the same BSOD, and after the restart goes to the 'No boot disk is inserted' message.



#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:37 AM

Posted 07 March 2014 - 10:59 PM

  • Download ListParts to a USB flash drive.
  • Download ListParts64 to a USB flash drive.
  • Plug the USB drive into the infected machine.


Boot your computer into Recovery Environment

  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer.
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...


W7InstallDisk2.png

  • Select the Command Prompt option.
  • A command window will open.
  • Type notepad then hit Enter.
  • Notepad will open.
  • Click File > Open then select Computer.
  • Note down the drive letter for your USB Drive.
  • Close Notepad.


[*]Back in the command window ....
  • Type e:/listparts.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
  • Type e:/listparts64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
  • ListParts will start to run.
  • Press the Scan button.
  • When finished scanning it will make a log Result.txt on the flash drive.


[*]Close the command window.
[*]Boot back into normal mode and post me the Result.txt log please.
[/list]


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 purat111

purat111
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 08 March 2014 - 04:41 AM

Hello,

 

Here's the ListParts log:

 

ListParts by Farbar Version: 19-02-2014
Ran by SYSTEM (administrator) on 08-03-2014 at 09:38:48
WIN_81 (X64)
Running From: E:\Recovery Files
Language: 0809
************************************************************

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8126.09 MB
Available physical RAM: 7350.21 MB
Total Pagefile: 8126.09 MB
Available Pagefile: 7369.02 MB
Total Virtual: 131072 MB
Available Virtual: 131071.9 MB

======================= Partitions =========================

1 Drive c: (Windows) (Fixed) (Total:913.79 GB) (Free:724.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (Recovery Image) (Fixed) (Total:15.9 GB) (Free:1.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (External Disk) (Fixed) (Total:931.48 GB) (Free:728.8 GB) NTFS
5 Drive g: () (Fixed) (Total:0.34 GB) (Free:0.06 GB) NTFS
6 Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS


  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          931 GB  5120 KB        *
  Disk 1    Online          931 GB      0 B         

Partitions of Disk 0:
===============


Disk ID: {07F635A6-C2CE-49B9-9B31-114D9DF161AC}

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Recovery          1023 MB  1024 KB
  Partition 2    System (partition with boot components)             360 MB  1024 MB
  Partition 3    Reserved           128 MB  1384 MB
  Partition 4    Primary            913 GB  1512 MB
  Partition 5    Recovery           350 MB   915 GB
  Partition 6    Primary             15 GB   915 GB

======================================================================================================

Disk: 0
Partition 1
Type    : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden  : Yes
Required: Yes
Attrib  : 0X8000000000000001

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3         Windows RE   NTFS   Partition   1023 MB  Healthy    Hidden  

======================================================================================================

Disk: 0
Partition 2
Type    : c12a7328-f81f-11d2-ba4b-00a0c93ec93b
Hidden  : Yes
Required: No
Attrib  : 0X8000000000000000

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4         SYSTEM       FAT32  Partition    360 MB  Healthy    Hidden  

======================================================================================================

Disk: 0
Partition 3
Type    : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden  : Yes
Required: No
Attrib  : 0X8000000000000000

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 4
Type    : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden  : No
Required: No
Attrib  : 0000000000000000

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C   Windows      NTFS   Partition    913 GB  Healthy            

======================================================================================================

Disk: 0
Partition 5
Type    : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden  : Yes
Required: Yes
Attrib  : 0X8000000000000001

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5     G                NTFS   Partition    350 MB  Healthy    Hidden  

======================================================================================================

Disk: 0
Partition 6
Type    : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden  : No
Required: Yes
Attrib  : 0X0000000000000001

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 7     D   Recovery Im  NTFS   Partition     15 GB  Healthy    Hidden  

======================================================================================================

Partitions of Disk 1:
===============


Disk ID: 00042ADA

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            931 GB  1024 KB

======================================================================================================

Disk: 1
Partition 1
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 6     E   External Di  NTFS   Partition    931 GB  Healthy            

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: A7DF1070

Partition: GPT Partition Type.

==============================
Partitions of Disk 1:
===============
Disk ID: 00042ADA
Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)


****** End Of Log ******



#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:37 AM

Posted 08 March 2014 - 11:46 PM

Can you disconnect the external hard drive and see if it will boot? Do you have a Cd in the CDrom or a dvd in the dvd drive?


Edited by fireman4it, 08 March 2014 - 11:50 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 purat111

purat111
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 09 March 2014 - 04:09 AM

I've removed everything apart from keyboard and mouse connectors, and now we are back to before: the system just loops into Automatic Repair.



#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:37 AM

Posted 09 March 2014 - 06:23 PM

Please run FRST as you did the first time you ran it and post the log.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 purat111

purat111
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 10 March 2014 - 12:59 PM

Hi,

 

Here's the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64)

Version: 06-03-2014
Ran by SYSTEM on MININT-1FNO786 on 10-03-2014 17:26:52
Running from F:\Recovery Files
WIN_8 (X64) OS Language: English(UK)
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be

run from normal or Safe mode to create a complete log.



The only official download link for FRST:
Download link for 32-Bit version:

http://www.bleepingcomputer.com/download/farbar-recovery-

scan-tool/dl/81/
Download link for 64-Bit Version:

http://www.bleepingcomputer.com/download/farbar-recovery-

scan-tool/dl/82/
Download link from any site other than Bleeping Computer is

unpermitted or outdated.
See tutorial for FRST:

http://www.geekstogo.com/forum/topic/335081-frst-tutorial-

how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted)

==================

HKLM\...\Winlogon: [Userinit] \system32\userinit.exe,
HKU\ozane_000\...\Run: [Power2GoExpress8] - C:\Program Files

(x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1712904 2013

-05-21] (CyberLink Corp.)
HKU\ozane_000\...\Run: [MyDriveConnect.exe] - C:\Program

Files (x86)\MyDrive Connect\MyDriveConnect.exe [473496 2013-

11-29] (TomTom)
HKU\Pinar\...\Run: [Skitch] - C:\Program Files

(x86)\Evernote\Skitch\Skitch.exe [4304704 2013-08-09]

(Evernote)
Startup: C:\Users\ozane_000\AppData\Roaming\Microsoft

\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files

(x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp.,

305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Pinar\AppData\Roaming\Microsoft\Windows

\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files

(x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp.,

305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Pinar\AppData\Roaming\Microsoft\Windows

\Start Menu\Programs\Startup\iMindMap6 Preloader.lnk
ShortcutTarget: iMindMap6 Preloader.lnk ->  (No File)

==================== Services (Whitelisted) =================

S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars

\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03]

(Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc

\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft

Corporation)
S4 CyberLink PowerDVD 13 Media Server Monitor Service; C:

\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS

\CLMSMonitorServicePDVD13.exe [77576 2013-11-29] (CyberLink)
S2 CyberLink PowerDVD 13 Media Server Service; C:\Program

Files (x86)\CyberLink\PowerDVD13\Kernel\DMS

\CLMSServerPDVD13.exe [327432 2013-11-29] (CyberLink)
S2 DTuneSrvc; C:\Program Files (x86)\Common Files\Portrait

Displays\Libs\DTuneSrvc.exe [120352 2013-03-21] (Portrait

Displays, Inc.)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform

\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 HPSupportSolutionsFrameworkService; C:\Program Files

(x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904

2013-12-17] (Hewlett-Packard Company)
S3 Intel® Capability Licensing Service TCP IP Interface;

c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe

[803872 2012-12-10] (Intel® Corporation)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel®

Management Engine Components\FWService\IntelMeFWService.exe

[129336 2013-01-31] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel®

Management Engine Components\DAL\jhi_service.exe [167736

2013-01-31] (Intel Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files

\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30]

(McAfee, Inc.)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528

2014-01-28] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform

\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform

\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944

2013-08-02] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform

\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform

\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore

\mcshield.exe [1025232 2013-12-11] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\

\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)
S2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [185792 2014-01-

27] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee

\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee,

Inc.)
S2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony

\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2014-01

-17] (Sony Corporation)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files

\RichVideo.exe [254512 2013-06-10] ()
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800

2013-10-19] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe

[346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe

[23840 2013-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted)

====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176

2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624

2013-08-12] (Windows ® Win 7 DDK provider)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592

2014-01-27] (McAfee, Inc.)
S1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [27096

2013-04-08] (Cyberlink Co.,Ltd.)
S2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [380376

2013-04-08] (CyberLink Corporation.)
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS

\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-

10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040

2012-10-19] (Windows ® Win 7 DDK provider)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys

[197704 2013-09-23] (McAfee, Inc.)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys

[24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys

[99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248

2013-08-10] (Intel Corporation)
S0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768

2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760

2013-08-22] (LSI Corporation)
S2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [74560

2013-09-09] (McAfee, Inc.)
S2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272

2014-01-27] (McAfee, Inc.)
S2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600

2014-01-27] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352

2014-01-27] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696

2014-01-27] (McAfee, Inc.)
S2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864

2014-01-27] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [411944

2013-11-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96112

2013-11-26] (McAfee, Inc.)
S2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688

2014-01-27] (McAfee, Inc.)
S3 NdisVirtualBus; C:\Windows\System32\drivers

\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft

Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040

2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-

08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776

2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176

2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08

-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256

2013-08-22] (Microsoft Corporation)
S2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files

(x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [32456

2013-11-29] (CyberLink Corp.)

==================== NetSvcs (Whitelisted)

===================


==================== One Month Created Files and Folders

========

2014-03-06 18:16 - 2014-03-07 17:04 - 00000000 ____D () C:

\FRST
2014-03-01 18:59 - 2014-03-01 18:59 - 00000178 _____ () C:

\Users\ozane_000\New shortcut.lnk
2014-02-28 12:40 - 2014-02-28 18:04 - 00000000 _____ () C:

\Recovery.txt
2014-02-28 10:31 - 2014-03-07 19:08 - 440086726 _____ () C:

\Windows\MEMORY.DMP
2014-02-27 21:17 - 2014-02-27 21:17 - 00032240 ____N () C:

\bootsqm.dat
2014-02-27 21:17 - 2014-02-27 21:17 - 00000000 __SHD () C:

\found.000
2014-02-27 20:12 - 2014-02-27 20:12 - 00001873 _____ () C:

\Users\ozane_000\Desktop\RKreport[0]_D_02272014_201240.txt
2014-02-27 20:12 - 2014-02-27 20:12 - 00000699 _____ () C:

\Users\ozane_000\Desktop\RKreport[0]_DN_02272014_201247.txt
2014-02-27 20:11 - 2014-02-27 20:11 - 00001824 _____ () C:

\Users\ozane_000\Desktop\RKreport[0]_S_02272014_201158.txt
2014-02-27 19:59 - 2014-02-27 20:07 - 00000000 ____D () C:

\ProgramData\HitmanPro
2014-02-27 18:01 - 2014-02-27 18:01 - 04765152 _____

(Piriform Ltd) C:\Users\ozane_000\Downloads\ccsetup411.exe
2014-02-26 19:28 - 2014-02-26 19:28 - 00000000 ____D () C:

\Program Files (x86)\QuickTime
2014-02-26 19:26 - 2014-02-26 19:27 - 41945432 _____ (Apple

Inc.) C:\Users\ozane_000\Downloads\QuickTimeInstaller (1).exe
2014-02-26 18:08 - 2014-02-26 18:09 - 41945432 _____ (Apple

Inc.) C:\Users\ozane_000\Downloads\QuickTimeInstaller.exe
2014-02-25 19:55 - 2014-02-25 20:19 - 00000000 ____D () C:

\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-25 19:55 - 2014-02-25 19:55 - 00091352 _____

(Malwarebytes Corporation) C:\Windows\System32\Drivers

\mbamchameleon.sys
2014-02-24 20:07 - 2014-02-24 20:07 - 00003589 _____ () C:

\Users\ozane_000\Documents\~ScratcherSetupSelf.DDF
2014-02-24 18:59 - 2014-02-24 18:59 - 00000000 ____D () C:

\Users\ozane_000\Documents\ListdirTest
2014-02-24 18:59 - 2014-02-24 18:59 - 00000000 ____D () C:

\Users\ozane_000\AppData\Local\listdir-test
2014-02-24 17:12 - 2014-02-27 21:01 - 00000000 ____D () C:

\Users\ozane_000\Documents\listdir Test
2014-02-23 21:26 - 2014-02-23 21:26 - 00000277 _____ () C:

\Users\ozane_000\Documents\funny.vbs
2014-02-23 21:09 - 2014-02-23 21:11 - 00001740 _____ () C:

\Users\ozane_000\Desktop\My School Laptop.lnk
2014-02-23 20:31 - 2014-02-23 20:32 - 40668896 _____ () C:

\Users\ozane_000\Documents\thiswillcrashyourpc!.txt
2014-02-23 20:28 - 2014-02-23 20:29 - 00000000 _____ () C:

\Users\ozane_000\Documents\testdirectories2.txt
2014-02-23 20:25 - 2014-02-23 20:28 - 11122199 _____ () C:

\Users\ozane_000\Documents\testdirectories.txt
2014-02-23 19:16 - 2014-02-23 19:16 - 00000000 _____ () C:

\Windows\setuperr.log
2014-02-23 19:16 - 2014-02-23 19:16 - 00000000 _____ () C:

\Windows\setupact.log
2014-02-23 15:16 - 2014-02-27 18:17 - 01115237 _____ () C:

\Windows\WindowsUpdate.log
2014-02-23 13:49 - 2014-02-27 21:07 - 00000000 ____D () C:

\Users\Pinar\AppData\Local\CrashDumps
2014-02-20 20:14 - 2014-02-20 20:16 - 00000158 _____ () C:

\Users\ozane_000\Documents\BrainPop.py
2014-02-20 20:00 - 2014-02-20 20:00 - 00002776 _____ () C:

\Windows\System32\Tasks\RunSpeccy
2014-02-20 19:55 - 2014-02-20 19:55 - 00000000 ____D () C:

\Program Files\Speccy
2014-02-20 18:05 - 2014-02-20 18:05 - 00000000 ____D () C:

\Users\ozane_000\AppData\Roaming\ThinkBuzan
2014-02-20 17:25 - 2014-02-20 17:25 - 00003098 _____ () C:

\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-

S-1-5-21-2973332726-1994808904-4280726643-1001
2014-02-20 17:25 - 2014-02-20 17:25 - 00000000 ____D () C:

\ProgramData\Microsoft OneDrive
2014-02-20 11:42 - 2014-02-20 11:42 - 00000072 _____ () C:

\Users\ozane_000\Documents\Hakan will love this.vbs
2014-02-18 20:18 - 2014-02-27 21:06 - 00000000 ____D () C:

\Users\ozane_000\AppData\Local\CrashDumps
2014-02-18 18:08 - 2014-02-01 15:34 - 00000054 _____ () C:

\Users\ozane_000\Downloads\Funny.bat
2014-02-18 17:27 - 2014-02-18 17:30 - 00000000 ____D () C:

\Users\ozane_000\Documents\Java Greenfoot
2014-02-18 17:26 - 2014-02-18 17:28 - 00000000 ____D () C:

\Users\ozane_000\greenfoot
2014-02-18 17:25 - 2014-02-18 17:25 - 00000000 ____D () C:

\Users\ozane_000\.jmc
2014-02-18 17:25 - 2014-02-18 17:25 - 00000000 ____D () C:

\Users\ozane_000\.eclipse
2014-02-18 17:24 - 2014-02-18 17:24 - 00312744 _____ (Oracle

Corporation) C:\Windows\System32\javaws.exe
2014-02-18 17:24 - 2014-02-18 17:24 - 00189352 _____ (Oracle

Corporation) C:\Windows\System32\javaw.exe
2014-02-18 17:24 - 2014-02-18 17:24 - 00189352 _____ (Oracle

Corporation) C:\Windows\System32\java.exe
2014-02-18 17:24 - 2014-02-18 17:24 - 00108968 _____ (Oracle

Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2014-02-18 17:24 - 2014-02-18 17:24 - 00000000 ____D () C:

\Program Files\Java
2014-02-18 17:23 - 2014-02-18 17:23 - 00001854 _____ () C:

\Users\Public\Desktop\Greenfoot.lnk
2014-02-18 17:23 - 2014-02-18 17:23 - 00000000 ____D () C:

\Program Files (x86)\Greenfoot
2014-02-18 17:15 - 2014-02-18 17:21 - 131557792 _____ (Oracle

Corporation) C:\Users\ozane_000\Downloads\jdk-7u51-windows-

x64.exe
2014-02-18 17:14 - 2014-02-18 17:14 - 07836560 _____ () C:

\Users\ozane_000\Downloads\Greenfoot-windows-230.msi
2014-02-18 17:10 - 2014-02-27 17:06 - 00000000 ____D () C:

\Users\ozane_000\AppData\Roaming\edu.media.mit.Scratch2Editor
2014-02-18 13:30 - 2014-02-18 13:32 - 00000000 ____D () C:

\Users\ozane_000\Desktop\RK_Quarantine
2014-02-18 13:24 - 2014-02-18 13:28 - 00000000 ____D () C:

\AdwCleaner
2014-02-18 11:48 - 2014-03-06 18:42 - 00000000 ____D () C:

\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-18 11:48 - 2014-02-18 11:48 - 00000000 ____D () C:

\Users\ozane_000\AppData\Roaming\Malwarebytes
2014-02-18 11:48 - 2014-02-18 11:48 - 00000000 ____D () C:

\ProgramData\Malwarebytes
2014-02-18 11:48 - 2013-04-04 14:50 - 00025928 _____

(Malwarebytes Corporation) C:\Windows\System32\Drivers

\mbam.sys
2014-02-18 11:03 - 2014-02-18 11:04 - 00001616 _____ () C:

\Users\ozane_000\Desktop\Rkill.txt
2014-02-17 21:21 - 2014-02-17 21:24 - 221290352 _____ () C:

\Users\ozane_000\Downloads\EmsisoftEmergencyKit.exe
2014-02-17 21:21 - 2014-02-17 21:21 - 09988304 _____

(SurfRight B.V.) C:\Users\ozane_000\Downloads\HitmanPro.exe
2014-02-17 21:20 - 2014-02-17 21:20 - 03813376 _____ () C:

\Users\ozane_000\Downloads\RogueKiller.exe
2014-02-17 21:19 - 2014-02-17 21:19 - 10285040 _____

(Malwarebytes Corporation ) C:\Users\ozane_000\Downloads

\mbam-setup-1.75.0.1300.exe
2014-02-17 21:18 - 2014-02-17 21:18 - 01933048 _____

(Bleeping Computer, LLC) C:\Users\ozane_000\Downloads

\iExplore.exe
2014-02-17 20:55 - 2014-02-17 20:55 - 04122976 _____

(Kaspersky Lab ZAO) C:\Users\ozane_000\Downloads

\tdsskiller.exe
2014-02-17 19:53 - 2014-02-17 19:53 - 00000000 ____D () C:

\Users\Pinar\Documents\Ev
2014-02-17 15:34 - 2014-02-17 15:34 - 00000047 _____ () C:

\Users\ozane_000\Documents\RudeWords.py
2014-02-16 18:55 - 2014-02-16 18:56 - 00000249 _____ () C:

\Users\ozane_000\Documents\test.py
2014-02-16 18:53 - 2014-02-16 18:54 - 00000256 _____ () C:

\Users\ozane_000\Documents\test.bat
2014-02-16 18:52 - 2014-02-16 18:52 - 00000000 ____D () C:

\Python
2014-02-16 18:49 - 2014-02-16 18:49 - 06422528 _____ () C:

\Users\ozane_000\Downloads\pygame-1.9.2a0.win32-py3.2.msi
2014-02-16 18:42 - 2014-02-17 10:41 - 00000000 ____D () C:

\Users\ozane_000\AppData\Local\IndieCity
2014-02-16 18:42 - 2014-02-17 10:41 - 00000000 ____D () C:

\ProgramData\IndieCity
2014-02-16 18:42 - 2014-02-16 18:42 - 00000000 ____D () C:

\Program Files (x86)\IndieCity
2014-02-16 17:51 - 2014-02-16 17:52 - 00000000 ____D () C:

\Users\ozane_000\Downloads\I'manoob
2014-02-16 17:07 - 2014-02-16 17:07 - 21168128 _____ () C:

\Users\ozane_000\Downloads\python-3.3.4.amd64.msi
2014-02-16 14:13 - 2014-01-09 12:17 - 00480472 ____N () C:

\Users\ozane_000\Downloads\recovery.elf
2014-02-16 14:13 - 2014-01-09 12:16 - 00000376 ____N () C:

\Users\ozane_000\Downloads\BUILD-DATA
2014-02-16 14:11 - 2014-02-16 14:11 - 00002069 _____ () C:

\Users\Public\Desktop\SDFormatter.lnk
2014-02-16 14:11 - 2014-02-16 14:11 - 00000000 ____D () C:

\Program Files (x86)\SDA
2014-02-16 14:10 - 2012-10-31 11:08 - 06786320 ____N (SD

Association ) C:\Users\ozane_000\Downloads\setup.exe
2014-02-16 14:05 - 2014-02-16 14:07 - 06286748 _____ () C:

\Users\ozane_000\Downloads\SDFormatterv4.zip
2014-02-16 13:21 - 2014-02-16 14:12 - 1373248241 _____ () C:

\Users\ozane_000\Downloads\NOOBS_v1_3_4.zip
2014-02-15 18:53 - 2014-02-15 18:53 - 00002067 _____ () C:

\Users\Public\Desktop\LEGO MINDSTORMS EV3 Home Edition.lnk
2014-02-15 18:53 - 2014-02-15 18:53 - 00000000 ____D () C:

\Users\ozane_000\Documents\LEGO Creations
2014-02-15 18:53 - 2014-02-15 18:53 - 00000000 ____D () C:

\Program Files (x86)\LEGO Software
2014-02-15 18:52 - 2014-02-15 18:52 - 00000000 ____D () C:

\ProgramData\LEGO MINDSTORMS EV3
2014-02-15 18:32 - 2014-02-15 18:33 - 00000096 _____ () C:

\Users\ozane_000\Documents\Open Me!!!!!!!.vbs
2014-02-14 17:59 - 2014-02-14 17:59 - 00002713 _____ () C:

\Users\Public\Desktop\Skype.lnk
2014-02-14 17:59 - 2014-02-14 17:59 - 00000000 ____D () C:

\Users\ozane_000\AppData\Local\Skype
2014-02-13 21:33 - 2014-02-13 21:33 - 00000000 ____D () C:

\Users\ozane_000\Documents\Sony PMB
2014-02-13 17:27 - 2014-02-13 17:27 - 01323619 _____ () C:

\Users\ozane_000\Downloads\Scratch Error.zip
2014-02-11 22:03 - 2014-02-20 22:05 - 00049966 _____ () C:

\Users\ozane_000\Documents\thingy.html
2014-02-11 21:25 - 2014-01-08 01:46 - 00325464 ____C

(Microsoft Corporation) C:\Windows\System32\Drivers

\USBXHCI.SYS
2014-02-11 21:25 - 2014-01-08 01:41 - 01530712 _____

(Microsoft Corporation) C:\Windows\System32\Drivers

\dxgkrnl.sys
2014-02-11 21:25 - 2014-01-08 01:41 - 00382808 _____

(Microsoft Corporation) C:\Windows\System32\Drivers

\dxgmms1.sys
2014-02-11 21:25 - 2014-01-04 15:54 - 00138240 _____ () C:

\Windows\System32\OEMLicense.dll
2014-02-11 21:25 - 2014-01-04 15:08 - 00103936 _____ () C:

\Windows\SysWOW64\OEMLicense.dll
2014-02-11 21:25 - 2014-01-04 14:08 - 00206336 _____

(Microsoft Corporation) C:\Windows\System32\WSClient.dll
2014-02-11 21:25 - 2014-01-04 13:53 - 00174592 _____

(Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2014-02-11 21:25 - 2014-01-02 23:54 - 00461312 _____

(Microsoft Corporation) C:\Windows

\System32\XpsGdiConverter.dll
2014-02-11 21:25 - 2014-01-02 23:48 - 00336896 _____

(Microsoft Corporation) C:\Windows

\SysWOW64\XpsGdiConverter.dll
2014-02-11 21:25 - 2014-01-02 23:40 - 05770752 _____

(Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-11 21:25 - 2014-01-02 23:38 - 06640640 _____

(Microsoft Corporation) C:\Windows\System32\mstscax.dll
2014-02-11 21:25 - 2014-01-01 01:55 - 01720560 _____

(Microsoft Corporation) C:\Windows\System32\ntdll.dll
2014-02-11 21:25 - 2014-01-01 01:52 - 00481944 _____

(Microsoft Corporation) C:\Windows\System32\mfsvr.dll
2014-02-11 21:25 - 2014-01-01 00:56 - 01472048 _____

(Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-02-11 21:25 - 2014-01-01 00:55 - 00381168 _____

(Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2014-02-11 21:25 - 2013-12-31 23:59 - 00802816 _____

(Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-02-11 21:25 - 2013-12-31 23:57 - 01214976 _____

(Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2014-02-11 21:25 - 2013-12-31 23:56 - 00960512 _____

(Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll
2014-02-11 21:25 - 2013-12-30 23:34 - 00218112 _____

(Microsoft Corporation) C:\Windows\SysWOW64\sti.dll
2014-02-11 21:25 - 2013-12-30 23:33 - 00770560 _____

(Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2014-02-11 21:25 - 2013-12-30 23:32 - 00303616 _____

(Microsoft Corporation) C:\Windows\System32\sti.dll
2014-02-11 21:25 - 2013-12-30 23:31 - 00947712 _____

(Microsoft Corporation) C:\Windows\System32\reseteng.dll
2014-02-11 21:25 - 2013-12-30 23:31 - 00914944 _____

(Microsoft Corporation) C:\Windows\System32\ReAgent.dll
2014-02-11 21:25 - 2013-12-27 15:09 - 00419160 _____

(Microsoft Corporation) C:\Windows\System32\hal.dll
2014-02-11 21:25 - 2013-12-27 10:38 - 01057280 _____

(Microsoft Corporation) C:\Windows\System32\rdvidcrl.dll
2014-02-11 21:25 - 2013-12-27 08:57 - 00842752 _____

(Microsoft Corporation) C:\Windows

\System32\MsSpellCheckingFacility.dll
2014-02-11 21:25 - 2013-12-27 08:57 - 00628736 _____

(Microsoft Corporation) C:\Windows

\System32\SettingSyncHost.exe
2014-02-11 21:25 - 2013-12-27 08:23 - 00749056 _____

(Microsoft Corporation) C:\Windows

\System32\SettingSyncCore.dll
2014-02-11 21:25 - 2013-12-27 08:16 - 00855552 _____

(Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-02-11 21:25 - 2013-12-27 07:03 - 00630272 _____

(Microsoft Corporation) C:\Windows

\SysWOW64\MsSpellCheckingFacility.dll
2014-02-11 21:25 - 2013-12-27 07:03 - 00478208 _____

(Microsoft Corporation) C:\Windows

\SysWOW64\SettingSyncHost.exe
2014-02-11 21:25 - 2013-12-27 06:37 - 00588800 _____

(Microsoft Corporation) C:\Windows

\SysWOW64\SettingSyncCore.dll
2014-02-11 21:25 - 2013-12-21 07:21 - 00376320 _____

(Microsoft Corporation) C:\Windows\System32\pnrpsvc.dll
2014-02-11 21:25 - 2013-12-17 07:21 - 00408576 _____

(Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys
2014-02-11 21:25 - 2013-12-14 06:31 - 13949440 _____

(Microsoft Corporation) C:\Windows

\SysWOW64\Windows.UI.Xaml.dll
2014-02-11 21:25 - 2013-12-14 06:19 - 18576384 _____

(Microsoft Corporation) C:\Windows

\System32\Windows.UI.Xaml.dll
2014-02-11 21:25 - 2013-12-13 10:54 - 00131160 _____

(Microsoft Corporation) C:\Windows\System32\easinvoker.exe
2014-02-11 21:25 - 2013-12-13 06:36 - 00178176 _____

(Microsoft Corporation) C:\Windows\System32\easwrt.dll
2014-02-11 21:25 - 2013-12-13 05:32 - 00140800 _____

(Microsoft Corporation) C:\Windows\SysWOW64\easwrt.dll
2014-02-11 21:25 - 2013-12-09 08:05 - 21199256 _____

(Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-02-11 21:25 - 2013-12-09 04:51 - 18643560 _____

(Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-02-11 21:25 - 2013-12-09 03:25 - 04190720 _____

(Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-02-11 21:24 - 2014-02-06 12:16 - 23170048 _____

(Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-02-11 21:24 - 2014-02-06 11:30 - 02724864 _____

(Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-02-11 21:24 - 2014-02-06 11:30 - 00004096 _____

(Microsoft Corporation) C:\Windows

\System32\ieetwcollectorres.dll
2014-02-11 21:24 - 2014-02-06 11:12 - 02765824 _____

(Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-02-11 21:24 - 2014-02-06 11:07 - 00066048 _____

(Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-02-11 21:24 - 2014-02-06 11:06 - 00048640 _____

(Microsoft Corporation) C:\Windows

\System32\ieetwproxystub.dll
2014-02-11 21:24 - 2014-02-06 10:57 - 00053760 _____

(Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-02-11 21:24 - 2014-02-06 10:56 - 00033792 _____

(Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-02-11 21:24 - 2014-02-06 10:49 - 00139264 _____

(Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-02-11 21:24 - 2014-02-06 10:48 - 00708608 _____

(Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-02-11 21:24 - 2014-02-06 10:48 - 00111616 _____

(Microsoft Corporation) C:\Windows

\System32\ieetwcollector.exe
2014-02-11 21:24 - 2014-02-06 10:38 - 17103872 _____

(Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-11 21:24 - 2014-02-06 10:32 - 00218624 _____

(Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-02-11 21:24 - 2014-02-06 10:20 - 02724864 _____

(Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-11 21:24 - 2014-02-06 10:17 - 00195584 _____

(Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-02-11 21:24 - 2014-02-06 10:11 - 05768704 _____

(Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-02-11 21:24 - 2014-02-06 10:01 - 00061952 _____

(Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-11 21:24 - 2014-02-06 10:00 - 00051200 _____

(Microsoft Corporation) C:\Windows

\SysWOW64\ieetwproxystub.dll
2014-02-11 21:24 - 2014-02-06 09:57 - 02168320 _____

(Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-11 21:24 - 2014-02-06 09:57 - 00627200 _____

(Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-02-11 21:24 - 2014-02-06 09:52 - 00043008 _____

(Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-11 21:24 - 2014-02-06 09:52 - 00032768 _____

(Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-11 21:24 - 2014-02-06 09:50 - 02041856 _____

(Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-02-11 21:24 - 2014-02-06 09:47 - 00112128 _____

(Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-11 21:24 - 2014-02-06 09:46 - 00553472 _____

(Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-11 21:24 - 2014-02-06 09:25 - 04244480 _____

(Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-11 21:24 - 2014-02-06 09:25 - 00164864 _____

(Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-11 21:24 - 2014-02-06 09:24 - 02334208 _____

(Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-02-11 21:24 - 2014-02-06 09:22 - 13051392 _____

(Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-02-11 21:24 - 2014-02-06 09:13 - 00524288 _____

(Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-11 21:24 - 2014-02-06 09:09 - 01964032 _____

(Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-11 21:24 - 2014-02-06 09:03 - 11266048 _____

(Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-11 21:24 - 2014-02-06 08:55 - 01393664 _____

(Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-02-11 21:24 - 2014-02-06 08:41 - 01820160 _____

(Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-11 21:24 - 2014-02-06 08:40 - 00817664 _____

(Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-02-11 21:24 - 2014-02-06 08:36 - 01156096 _____

(Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-11 21:24 - 2014-02-06 08:34 - 00703488 _____

(Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-11 21:23 - 2014-01-09 08:25 - 02804224 _____

(Microsoft Corporation) C:\Windows\System32\actxprxy.dll
2014-02-11 21:23 - 2014-01-09 07:59 - 01020928 _____

(Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-02-11 21:23 - 2014-01-09 07:59 - 00115712 _____

(Microsoft Corporation) C:\Windows\System32\winbici.dll
2014-02-11 21:23 - 2014-01-09 07:49 - 00919040 _____

(Microsoft Corporation) C:\Windows\System32\MrmCoreR.dll
2014-02-11 21:23 - 2014-01-09 07:44 - 00720384 _____

(Microsoft Corporation) C:\Windows

\System32\SkyDriveTelemetry.dll
2014-02-11 21:23 - 2014-01-09 07:43 - 00121344 _____

(Microsoft Corporation) C:\Windows\System32\SkyDriveShell.dll
2014-02-11 21:23 - 2014-01-09 07:29 - 00105984 _____

(Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-02-11 21:23 - 2014-01-09 07:28 - 04217344 _____

(Microsoft Corporation) C:\Windows\System32\SyncEngine.dll
2014-02-11 21:23 - 2014-01-09 07:28 - 00628736 _____

(Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-02-11 21:23 - 2014-01-09 07:18 - 00870912 _____

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
2014-02-11 21:23 - 2014-01-07 07:03 - 00018944 _____

(Microsoft Corporation) C:\Windows\System32\pcaui.exe
2014-02-11 21:23 - 2014-01-07 05:59 - 00017408 _____

(Microsoft Corporation) C:\Windows\SysWOW64\pcaui.exe
2014-02-11 21:23 - 2014-01-07 05:00 - 02397184 _____

(Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2014-02-11 21:23 - 2014-01-07 04:30 - 02071552 _____

(Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-11 21:23 - 2014-01-04 20:50 - 01462216 _____

(Microsoft Corporation) C:\Windows\System32\propsys.dll
2014-02-11 21:23 - 2014-01-04 19:22 - 01202888 _____

(Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-02-11 21:23 - 2014-01-04 14:30 - 13209088 _____

(Microsoft Corporation) C:\Windows\System32\twinui.dll
2014-02-11 21:23 - 2014-01-04 14:23 - 11702272 _____

(Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-02-11 21:23 - 2014-01-04 13:42 - 01105408 _____

(Microsoft Corporation) C:\Windows\System32\SearchFolder.dll
2014-02-11 21:23 - 2014-01-04 13:40 - 07416832 _____

(Microsoft Corporation) C:\Windows

\System32\Windows.UI.Search.dll
2014-02-11 21:23 - 2014-01-04 13:36 - 00830976 _____

(Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-02-11 21:23 - 2014-01-04 13:28 - 04961792 _____

(Microsoft Corporation) C:\Windows

\SysWOW64\Windows.UI.Search.dll
2014-02-11 21:23 - 2013-12-21 02:10 - 00009701 _____ () C:

\Windows\SysWOW64\connectedsearch-results.searchconnector-ms
2014-02-11 21:23 - 2013-12-21 02:10 - 00009701 _____ () C:

\Windows\System32\connectedsearch-results.searchconnector-ms
2014-02-11 21:23 - 2013-12-20 10:10 - 01113040 _____

(Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2014-02-11 21:23 - 2013-12-20 06:13 - 00835584 _____

(Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-02-11 21:23 - 2013-12-09 02:57 - 00548864 _____

(Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-02-11 21:23 - 2013-12-09 01:51 - 00454656 _____

(Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-11 21:23 - 2013-12-09 00:27 - 02152448 _____

(Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-02-11 21:23 - 2013-12-09 00:19 - 00570880 _____

(Microsoft Corporation) C:\Windows\System32\msdrm.dll
2014-02-11 21:23 - 2013-12-08 23:55 - 00444928 _____

(Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-11 21:23 - 2013-12-08 23:54 - 01317376 _____

(Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-11 21:23 - 2013-11-21 06:42 - 04604416 _____

(Microsoft Corporation) C:\Windows\System32\d2d1.dll
2014-02-11 21:23 - 2013-11-21 05:44 - 03936256 _____

(Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-10 19:35 - 2014-02-10 19:35 - 00009264 _____ () C:

\Users\Pinar\Documents\House Mortgages.xlsx
2014-02-10 18:13 - 2014-02-10 18:13 - 03926528 _____ (Python

Software Foundation) C:\Windows\System32\python33.dll
2014-02-10 18:12 - 2014-02-10 18:12 - 00094208 _____ (Python

Software Foundation) C:\Windows\pyw.exe
2014-02-10 18:12 - 2014-02-10 18:12 - 00093696 _____ (Python

Software Foundation) C:\Windows\py.exe
2014-02-09 19:51 - 2014-02-09 19:51 - 00000017 _____ () C:

\Users\ozane_000\AppData\Local\resmon.resmoncfg
2014-02-09 15:10 - 2014-02-09 15:10 - 01029080 _____

(CyberLink) C:\Users\Pinar\Downloads

\CyberLink_PowerProducer_Downloader (1).exe
2014-02-09 14:49 - 2014-02-09 14:49 - 01029080 _____

(CyberLink) C:\Users\Pinar\Downloads

\CyberLink_PowerProducer_Downloader.exe
2014-02-09 14:46 - 2014-02-09 14:47 - 01029080 _____

(CyberLink) C:\Users\Pinar\Downloads

\CyberLink_PowerDirector_Downloader.exe

==================== One Month Modified Files and Folders

=======

2014-03-07 19:08 - 2014-02-28 10:31 - 440086726 _____ () C:

\Windows\MEMORY.DMP
2014-03-07 17:04 - 2014-03-06 18:16 - 00000000 ____D () C:

\FRST
2014-03-07 17:04 - 2013-10-20 09:18 - 00000000 ____D () C:

\users\ozane_000
2014-03-06 18:42 - 2014-02-18 11:48 - 00000000 ____D () C:

\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-03 17:24 - 2013-11-08 16:42 - 00000000 ____D () C:

\ProgramData\Recovery
2014-03-01 18:59 - 2014-03-01 18:59 - 00000178 _____ () C:

\Users\ozane_000\New shortcut.lnk
2014-02-28 18:04 - 2014-02-28 12:40 - 00000000 _____ () C:

\Recovery.txt
2014-02-27 21:17 - 2014-02-27 21:17 - 00032240 ____N () C:

\bootsqm.dat
2014-02-27 21:17 - 2014-02-27 21:17 - 00000000 __SHD () C:

\found.000
2014-02-27 21:08 - 2013-08-22 13:25 - 01310720 ___SH () C:

\Windows\System32\config\BBI
2014-02-27 21:07 - 2014-02-23 13:49 - 00000000 ____D () C:

\Users\Pinar\AppData\Local\CrashDumps
2014-02-27 21:07 - 2013-10-20 09:18 - 00000000 ____D () C:

\Users\ozane_000\AppData\Local\Microsoft Help
2014-02-27 21:06 - 2014-02-18 20:18 - 00000000 ____D () C:

\Users\ozane_000\AppData\Local\CrashDumps
2014-02-27 21:05 - 2013-10-19 14:51 - 00000000 __RDO () C:

\Users\Pinar\SkyDrive
2014-02-27 21:04 - 2013-08-22 15:36 - 00000000 ____D () C:

\Windows\System32\sru
2014-02-27 21:01 - 2014-02-24 17:12 - 00000000 ____D () C:

\Users\ozane_000\Documents\listdir Test
2014-02-27 20:45 - 2013-10-24 07:45 - 00000000 ____D () C:

\Users\ozane_000\AppData\Roaming\Skype
2014-02-27 20:33 - 2013-10-25 15:33 - 00000352 _____ () C:

\Windows\Tasks\HP Photo Creations Communicator.job
2014-02-27 20:28 - 2013-11-09 16:08 - 00000924 _____ () C:

\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-27 20:25 - 2013-10-19 15:26 - 00000000 ____D () C:

\ProgramData\Skype
2014-02-27 20:24 - 2013-09-30 04:11 - 00956476 _____ () C:

\Windows\System32\PerfStringBackup.INI
2014-02-27 20:12 - 2014-02-27 20:12 - 00001873 _____ () C:

\Users\ozane_000\Desktop\RKreport[0]_D_02272014_201240.txt
2014-02-27 20:12 - 2014-02-27 20:12 - 00000699 _____ () C:

\Users\ozane_000\Desktop\RKreport[0]_DN_02272014_201247.txt
2014-02-27 20:11 - 2014-02-27 20:11 - 00001824 _____ () C:

\Users\ozane_000\Desktop\RKreport[0]_S_02272014_201158.txt
2014-02-27 20:07 - 2014-02-27 19:59 - 00000000 ____D () C:

\ProgramData\HitmanPro
2014-02-27 20:07 - 2013-10-20 09:24 - 00000000 _____ () C:

\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-

5-21-2973332726-1994808904-4280726643-1004
2014-02-27 20:07 - 2013-10-19 12:49 - 00000000 _____ () C:

\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-

5-21-2973332726-1994808904-4280726643-1001
2014-02-27 20:02 - 2013-10-19 15:06 - 00001867 _____ () C:

\Users\Public\Desktop\McAfee Total Protection.lnk
2014-02-27 19:28 - 2013-11-09 16:09 - 00002170 _____ () C:

\Users\Public\Desktop\Google Chrome.lnk
2014-02-27 19:28 - 2013-11-09 16:08 - 00000920 _____ () C:

\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-27 18:17 - 2014-02-23 15:16 - 01115237 _____ () C:

\Windows\WindowsUpdate.log
2014-02-27 18:01 - 2014-02-27 18:01 - 04765152 _____

(Piriform Ltd) C:\Users\ozane_000\Downloads\ccsetup411.exe
2014-02-27 18:01 - 2014-02-02 21:28 - 00000000 ____D () C:

\Program Files\CCleaner
2014-02-27 17:50 - 2013-10-19 12:41 - 00000000 ____D () C:

\Users\Pinar\AppData\Local\Packages
2014-02-27 17:29 - 2013-12-17 17:31 - 00003166 _____ () C:

\Windows\System32\Tasks\HPCeeScheduleForPinar
2014-02-27 17:29 - 2013-12-17 17:31 - 00000352 _____ () C:

\Windows\Tasks\HPCeeScheduleForPinar.job
2014-02-27 17:27 - 2013-10-19 15:05 - 00000000 __RSD () C:

\Users\Pinar\Documents\McAfee Vaults
2014-02-27 17:25 - 2013-10-19 14:38 - 00000000 ____D () C:

\users\Pinar
2014-02-27 17:06 - 2014-02-18 17:10 - 00000000 ____D () C:

\Users\ozane_000\AppData\Roaming\edu.media.mit.Scratch2Editor
2014-02-27 17:06 - 2013-10-20 18:49 - 00003946 _____ () C:

\Windows\System32\Tasks\User_Feed_Synchronization-{C98B7FBC-

1293-43C2-A0B2-30FA5941B48F}
2014-02-27 17:06 - 2013-10-20 09:21 - 00000000 __RSD () C:

\Users\ozane_000\Documents\McAfee Vaults
2014-02-27 17:04 - 2013-10-20 09:20 - 00000000 __RDO () C:

\Users\ozane_000\SkyDrive
2014-02-27 17:02 - 2014-02-05 17:41 - 00000368 _____ () C:

\Windows\Tasks\HPCeeScheduleForozane_000.job
2014-02-27 17:02 - 2013-08-22 14:45 - 00000006 ____H () C:

\Windows\Tasks\SA.DAT
2014-02-27 16:59 - 2014-02-05 17:41 - 00003190 _____ () C:

\Windows\System32\Tasks\HPCeeScheduleForozane_000
2014-02-27 16:58 - 2013-08-22 15:36 - 00000000 ____D () C:

\Windows\AppReadiness
2014-02-26 19:28 - 2014-02-26 19:28 - 00000000 ____D () C:

\Program Files (x86)\QuickTime
2014-02-26 19:27 - 2014-02-26 19:26 - 41945432 _____ (Apple

Inc.) C:\Users\ozane_000\Downloads\QuickTimeInstaller (1).exe
2014-02-26 18:09 - 2014-02-26 18:08 - 41945432 _____ (Apple

Inc.) C:\Users\ozane_000\Downloads\QuickTimeInstaller.exe
2014-02-26 17:36 - 2013-10-23 13:10 - 00000000 ____D () C:

\Users\Pinar\Documents\LATYMER
2014-02-26 17:24 - 2013-08-22 13:25 - 00262144 ___SH () C:

\Windows\System32\config\ELAM
2014-02-26 16:33 - 2013-10-19 14:52 - 00003930 _____ () C:

\Windows\System32\Tasks\User_Feed_Synchronization-{41C721E7-

B2A6-4F11-A7EC-6516ED80CDDA}
2014-02-26 13:10 - 2014-02-07 11:29 - 00000000 ____D () C:

\Users\Pinar\Documents\BUYRENT
2014-02-26 11:25 - 2013-12-15 11:53 - 00000000 ____D () C:

\Users\Pinar\Documents\Hakan
2014-02-26 11:15 - 2013-10-27 13:53 - 00000000 ____D () C:

\Users\ozane_000\Documents\ScanSnap
2014-02-25 20:19 - 2014-02-25 19:55 - 00000000 ____D () C:

\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-25 19:55 - 2014-02-25 19:55 - 00091352 _____

(Malwarebytes Corporation) C:\Windows\System32\Drivers

\mbamchameleon.sys
2014-02-25 17:06 - 2013-10-20 09:19 - 00000000 ____D () C:

\Users\ozane_000\AppData\Local\Adobe
2014-02-24 20:07 - 2014-02-24 20:07 - 00003589 _____ () C:

\Users\ozane_000\Documents\~ScratcherSetupSelf.DDF
2014-02-24 20:07 - 2014-01-29 19:40 - 00002923 _____ () C:

\Users\ozane_000\Documents\ScratcherSetupSelf.SED
2014-02-24 19:24 - 2014-02-01 20:27 - 00000171 _____ () C:

\Users\ozane_000\Documents\Shutdown.bat
2014-02-24 19:13 - 2014-02-05 21:07 - 00000000 ____D () C:

\Program Files\Recuva
2014-02-24 18:59 - 2014-02-24 18:59 - 00000000 ____D () C:

\Users\ozane_000\Documents\ListdirTest
2014-02-24 18:59 - 2014-02-24 18:59 - 00000000 ____D () C:

\Users\ozane_000\AppData\Local\listdir-test
2014-02-23 21:26 - 2014-02-23 21:26 - 00000277 _____ () C:

\Users\ozane_000\Documents\funny.vbs
2014-02-23 21:11 - 2014-02-23 21:09 - 00001740 _____ () C:

\Users\ozane_000\Desktop\My School Laptop.lnk
2014-02-23 20:32 - 2014-02-23 20:31 - 40668896 _____ () C:

\Users\ozane_000\Documents\thiswillcrashyourpc!.txt
2014-02-23 20:29 - 2014-02-23 20:28 - 00000000 _____ () C:

\Users\ozane_000\Documents\testdirectories2.txt
2014-02-23 20:28 - 2014-02-23 20:25 - 11122199 _____ () C:

\Users\ozane_000\Documents\testdirectories.txt
2014-02-23 19:16 - 2014-02-23 19:16 - 00000000 _____ () C:

\Windows\setuperr.log
2014-02-23 19:16 - 2014-02-23 19:16 - 00000000 _____ () C:

\Windows\setupact.log
2014-02-23 19:01 - 2013-11-06 20:47 - 00000000 _____ () C:

\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-02-23 19:01 - 2013-10-19 13:42 - 00000052 _____ () C:

\Windows\SysWOW64\DOErrors.log
2014-02-23 14:40 - 2013-10-25 10:59 - 00000000 ____D () C:

\Users\ozane_000\Documents\SafeNet Sentinel
2014-02-23 14:38 - 2013-12-16 14:06 - 00000000 ____D () C:

\Windows\Minidump
2014-02-20 22:05 - 2014-02-11 22:03 - 00049966 _____ () C:

\Users\ozane_000\Documents\thingy.html
2014-02-20 20:16 - 2014-02-20 20:14 - 00000158 _____ () C:

\Users\ozane_000\Documents\BrainPop.py
2014-02-20 20:00 - 2014-02-20 20:00 - 00002776 _____ () C:

\Windows\System32\Tasks\RunSpeccy
2014-02-20 19:55 - 2014-02-20 19:55 - 00000000 ____D () C:

\Program Files\Speccy
2014-02-20 18:16 - 2013-11-03 19:20 - 00000000 ____D () C:

\Users\ozane_000\AppData\Local\Deployment
2014-02-20 18:09 - 2013-09-30 13:35 - 00000000 ___HD () C:

\Program Files (x86)\InstallShield Installation Information
2014-02-20 18:06 - 2013-10-25 17:19 - 00000000 ____D () C:

\Users\ozane_000\.thinkbuzan
2014-02-20 18:06 - 2013-10-24 15:24 - 00000000 ____D () C:

\ProgramData\ThinkBuzan
2014-02-20 18:06 - 2013-10-24 15:24 - 00000000 ____D () C:

\ProgramData\JSoft
2014-02-20 18:05 - 2014-02-20 18:05 - 00000000 ____D () C:

\Users\ozane_000\AppData\Roaming\ThinkBuzan
2014-02-20 17:25 - 2014-02-20 17:25 - 00003098 _____ () C:

\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-

S-1-5-21-2973332726-1994808904-4280726643-1001
2014-02-20 17:25 - 2014-02-20 17:25 - 00000000 ____D () C:

\ProgramData\Microsoft OneDrive
2014-02-20 11:42 - 2014-02-20 11:42 - 00000072 _____ () C:

\Users\ozane_000\Documents\Hakan will love this.vbs
2014-02-19 21:06 - 2014-02-07 11:47 - 00000000 ____D () C:

\Users\Pinar\Documents\PINAR
2014-02-18 20:41 - 2013-08-22 15:36 - 00000000 ____D () C:

\Windows\rescache
2014-02-18 17:30 - 2014-02-18 17:27 - 00000000 ____D () C:

\Users\ozane_000\Documents\Java Greenfoot
2014-02-18 17:28 - 2014-02-18 17:26 - 00000000 ____D () C:

\Users\ozane_000\greenfoot
2014-02-18 17:25 - 2014-02-18 17:25 - 00000000 ____D () C:

\Users\ozane_000\.jmc
2014-02-18 17:25 - 2014-02-18 17:25 - 00000000 ____D () C:

\Users\ozane_000\.eclipse
2014-02-18 17:24 - 2014-02-18 17:24 - 00312744 _____ (Oracle

Corporation) C:\Windows\System32\javaws.exe
2014-02-18 17:24 - 2014-02-18 17:24 - 00189352 _____ (Oracle

Corporation) C:\Windows\System32\javaw.exe
2014-02-18 17:24 - 2014-02-18 17:24 - 00189352 _____ (Oracle

Corporation) C:\Windows\System32\java.exe
2014-02-18 17:24 - 2014-02-18 17:24 - 00108968 _____ (Oracle

Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2014-02-18 17:24 - 2014-02-18 17:24 - 00000000 ____D () C:

\Program Files\Java
2014-02-18 17:23 - 2014-02-18 17:23 - 00001854 _____ () C:

\Users\Public\Desktop\Greenfoot.lnk
2014-02-18 17:23 - 2014-02-18 17:23 - 00000000 ____D () C:

\Program Files (x86)\Greenfoot
2014-02-18 17:21 - 2014-02-18 17:15 - 131557792 _____ (Oracle

Corporation) C:\Users\ozane_000\Downloads\jdk-7u51-windows-

x64.exe
2014-02-18 17:14 - 2014-02-18 17:14 - 07836560 _____ () C:

\Users\ozane_000\Downloads\Greenfoot-windows-230.msi
2014-02-18 13:32 - 2014-02-18 13:30 - 00000000 ____D () C:

\Users\ozane_000\Desktop\RK_Quarantine
2014-02-18 13:28 - 2014-02-18 13:24 - 00000000 ____D () C:

\AdwCleaner
2014-02-18 13:26 - 2014-02-07 10:18 - 00000000 ____D () C:

\Users\Pinar\Documents\FOX QUIZ 2104
2014-02-18 11:48 - 2014-02-18 11:48 - 00000000 ____D () C:

\Users\ozane_000\AppData\Roaming\Malwarebytes
2014-02-18 11:48 - 2014-02-18 11:48 - 00000000 ____D () C:

\ProgramData\Malwarebytes
2014-02-18 11:24 - 2014-01-07 21:12 - 00144208 _____ () C:

\Users\ozane_000\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-18 11:04 - 2014-02-18 11:03 - 00001616 _____ () C:

\Users\ozane_000\Desktop\Rkill.txt
2014-02-17 21:24 - 2014-02-17 21:21 - 221290352 _____ () C:

\Users\ozane_000\Downloads\EmsisoftEmergencyKit.exe
2014-02-17 21:21 - 2014-02-17 21:21 - 09988304 _____

(SurfRight B.V.) C:\Users\ozane_000\Downloads\HitmanPro.exe
2014-02-17 21:20 - 2014-02-17 21:20 - 03813376 _____ () C:

\Users\ozane_000\Downloads\RogueKiller.exe
2014-02-17 21:19 - 2014-02-17 21:19 - 10285040 _____

(Malwarebytes Corporation ) C:\Users\ozane_000\Downloads

\mbam-setup-1.75.0.1300.exe
2014-02-17 21:18 - 2014-02-17 21:18 - 01933048 _____

(Bleeping Computer, LLC) C:\Users\ozane_000\Downloads

\iExplore.exe
2014-02-17 21:00 - 2013-08-22 15:38 - 00693240 _____ (Adobe

Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-17 21:00 - 2013-08-22 15:38 - 00105464 _____ (Adobe

Systems Incorporated) C:\Windows

\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-17 20:55 - 2014-02-17 20:55 - 04122976 _____

(Kaspersky Lab ZAO) C:\Users\ozane_000\Downloads

\tdsskiller.exe
2014-02-17 19:53 - 2014-02-17 19:53 - 00000000 ____D () C:

\Users\Pinar\Documents\Ev
2014-02-17 15:34 - 2014-02-17 15:34 - 00000047 _____ () C:

\Users\ozane_000\Documents\RudeWords.py
2014-02-17 11:09 - 2013-11-23 19:06 - 00000000 ____D () C:

\Program Files (x86)\Microsoft Games
2014-02-17 10:41 - 2014-02-16 18:42 - 00000000 ____D () C:

\Users\ozane_000\AppData\Local\IndieCity
2014-02-17 10:41 - 2014-02-16 18:42 - 00000000 ____D () C:

\ProgramData\IndieCity
2014-02-16 18:56 - 2014-02-16 18:55 - 00000249 _____ () C:

\Users\ozane_000\Documents\test.py
2014-02-16 18:54 - 2014-02-16 18:53 - 00000256 _____ () C:

\Users\ozane_000\Documents\test.bat
2014-02-16 18:52 - 2014-02-16 18:52 - 00000000 ____D () C:

\Python
2014-02-16 18:49 - 2014-02-16 18:49 - 06422528 _____ () C:

\Users\ozane_000\Downloads\pygame-1.9.2a0.win32-py3.2.msi
2014-02-16 18:42 - 2014-02-16 18:42 - 00000000 ____D () C:

\Program Files (x86)\IndieCity
2014-02-16 17:52 - 2014-02-16 17:51 - 00000000 ____D () C:

\Users\ozane_000\Downloads\I'manoob
2014-02-16 17:09 - 2013-11-01 16:15 - 00000000 ____D () C:

\Python33
2014-02-16 17:07 - 2014-02-16 17:07 - 21168128 _____ () C:

\Users\ozane_000\Downloads\python-3.3.4.amd64.msi
2014-02-16 14:12 - 2014-02-16 13:21 - 1373248241 _____ () C:

\Users\ozane_000\Downloads\NOOBS_v1_3_4.zip
2014-02-16 14:11 - 2014-02-16 14:11 - 00002069 _____ () C:

\Users\Public\Desktop\SDFormatter.lnk
2014-02-16 14:11 - 2014-02-16 14:11 - 00000000 ____D () C:

\Program Files (x86)\SDA
2014-02-16 14:10 - 2014-02-02 18:54 - 00000000 ____D () C:

\Users\ozane_000\AppData\Local\Downloaded Installations
2014-02-16 14:07 - 2014-02-16 14:05 - 06286748 _____ () C:

\Users\ozane_000\Downloads\SDFormatterv4.zip
2014-02-15 20:57 - 2013-10-19 15:20 - 00000000 ____D () C:

\Program Files (x86)\Mozilla Maintenance Service
2014-02-15 20:57 - 2013-10-19 15:04 - 00000000 ____D () C:

\Program Files (x86)\McAfee
2014-02-15 18:54 - 2014-01-17 20:56 - 00000000 ____D () C:

\ProgramData\National Instruments
2014-02-15 18:53 - 2014-02-15 18:53 - 00002067 _____ () C:

\Users\Public\Desktop\LEGO MINDSTORMS EV3 Home Edition.lnk
2014-02-15 18:53 - 2014-02-15 18:53 - 00000000 ____D () C:

\Users\ozane_000\Documents\LEGO Creations
2014-02-15 18:53 - 2014-02-15 18:53 - 00000000 ____D () C:

\Program Files (x86)\LEGO Software
2014-02-15 18:52 - 2014-02-15 18:52 - 00000000 ____D () C:

\ProgramData\LEGO MINDSTORMS EV3
2014-02-15 18:52 - 2014-01-17 20:56 - 00000000 ____D () C:

\Program Files (x86)\National Instruments
2014-02-15 18:33 - 2014-02-15 18:32 - 00000096 _____ () C:

\Users\ozane_000\Documents\Open Me!!!!!!!.vbs
2014-02-14 19:35 - 2013-10-29 15:10 - 00000000 ____D () C:

\Program Files (x86)\Mozilla Firefox
2014-02-14 17:59 - 2014-02-14 17:59 - 00002713 _____ () C:

\Users\Public\Desktop\Skype.lnk
2014-02-14 17:59 - 2014-02-14 17:59 - 00000000 ____D () C:

\Users\ozane_000\AppData\Local\Skype
2014-02-14 17:59 - 2013-10-19 15:50 - 00000000 ___RD () C:

\Program Files (x86)\Skype
2014-02-14 17:11 - 2014-01-12 17:27 - 00000000 ____D () C:

\Users\Pinar\AppData\Local\Windows Live
2014-02-14 14:10 - 2013-10-19 14:53 - 00000000 ____D () C:

\Program Files\Common Files\McAfee
2014-02-14 14:10 - 2012-07-26 08:12 - 00000000 ___HD () C:

\Windows\ELAMBKUP
2014-02-13 21:54 - 2013-11-26 20:48 - 00000000 ___RD () C:

\Users\ozane_000\Dropbox
2014-02-13 21:33 - 2014-02-13 21:33 - 00000000 ____D () C:

\Users\ozane_000\Documents\Sony PMB
2014-02-13 21:23 - 2013-11-26 20:45 - 00000000 ____D () C:

\Users\ozane_000\AppData\Roaming\Dropbox
2014-02-13 19:34 - 2013-10-25 10:56 - 00000000 ____D () C:

\Users\ozane_000\AppData\Roaming\HpUpdate
2014-02-13 19:23 - 2013-11-09 16:08 - 00003896 _____ () C:

\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-13 19:23 - 2013-11-09 16:08 - 00003660 _____ () C:

\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-13 17:27 - 2014-02-13 17:27 - 01323619 _____ () C:

\Users\ozane_000\Downloads\Scratch Error.zip
2014-02-12 20:11 - 2013-12-19 16:47 - 00000000 ____D () C:

\Users\ozane_000\Documents\Scores
2014-02-12 09:13 - 2013-08-22 14:44 - 00605096 _____ () C:

\Windows\System32\FNTCACHE.DAT
2014-02-11 22:06 - 2013-08-22 15:36 - 00000000 ___RD () C:

\Windows\ToastData
2014-02-11 22:06 - 2013-08-22 15:36 - 00000000 ____D () C:

\Windows\SysWOW64\en-GB
2014-02-11 22:06 - 2013-08-22 15:36 - 00000000 ____D () C:

\Windows\System32\en-GB
2014-02-11 22:06 - 2013-08-22 15:36 - 00000000 ____D () C:

\Windows\MediaViewer
2014-02-11 22:06 - 2013-08-22 15:36 - 00000000 ____D () C:

\Windows\FileManager
2014-02-11 22:06 - 2013-08-22 15:36 - 00000000 ____D () C:

\Windows\Camera
2014-02-11 21:28 - 2013-10-19 15:11 - 00000000 ____D () C:

\ProgramData\Microsoft Help
2014-02-11 21:27 - 2013-10-19 13:14 - 00000000 ____D () C:

\Windows\System32\MRT
2014-02-11 21:25 - 2013-10-19 13:14 - 88567024 _____

(Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-02-11 13:46 - 2013-11-16 18:04 - 00000000 ____D () C:

\Users\Pinar\Documents\FOX
2014-02-11 11:27 - 2014-01-08 11:28 - 00000000 ____D () C:

\Users\Pinar\Documents\ScanSnap
2014-02-10 19:35 - 2014-02-10 19:35 - 00009264 _____ () C:

\Users\Pinar\Documents\House Mortgages.xlsx
2014-02-10 18:13 - 2014-02-10 18:13 - 03926528 _____ (Python

Software Foundation) C:\Windows\System32\python33.dll
2014-02-10 18:12 - 2014-02-10 18:12 - 00094208 _____ (Python

Software Foundation) C:\Windows\pyw.exe
2014-02-10 18:12 - 2014-02-10 18:12 - 00093696 _____ (Python

Software Foundation) C:\Windows\py.exe
2014-02-09 21:49 - 2013-10-19 15:51 - 00000000 ____D () C:

\Users\Pinar\AppData\Roaming\Skype
2014-02-09 19:51 - 2014-02-09 19:51 - 00000017 _____ () C:

\Users\ozane_000\AppData\Local\resmon.resmoncfg
2014-02-09 15:12 - 2014-01-17 21:01 - 00000000 ____D () C:

\Users\ozane_000\Downloads\Cyberlink
2014-02-09 15:10 - 2014-02-09 15:10 - 01029080 _____

(CyberLink) C:\Users\Pinar\Downloads

\CyberLink_PowerProducer_Downloader (1).exe
2014-02-09 14:50 - 2014-02-02 19:04 - 00000000 ____D () C:

\Users\Pinar\Documents\SelfMV
2014-02-09 14:50 - 2014-02-02 18:55 - 00000000 ____D () C:

\ProgramData\Samsung
2014-02-09 14:49 - 2014-02-09 14:49 - 01029080 _____

(CyberLink) C:\Users\Pinar\Downloads

\CyberLink_PowerProducer_Downloader.exe
2014-02-09 14:47 - 2014-02-09 14:46 - 01029080 _____

(CyberLink) C:\Users\Pinar\Downloads

\CyberLink_PowerDirector_Downloader.exe

==================== Known DLLs (Whitelisted)

================


==================== Bamital & volsnap Check

=================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  

=========================


==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 8126.09 MB
Available physical RAM: 7101.76 MB
Total Pagefile: 8126.09 MB
Available Pagefile: 7112.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:913.79 GB) (Free:724.51 GB)

NTFS ==>[System with boot components (obtained from reading

drive)]
Drive d: (Recovery Image) (Fixed) (Total:15.9 GB) (Free:1.93

GB) NTFS ==>[System with boot components (obtained from

reading drive)]
Drive f: (External Disk) (Fixed) (Total:931.48 GB)

(Free:728.74 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.12 GB) (Free:0.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: A7DF1070)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931 GB) (Disk ID:

00042ADA)
Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)


LastRegBack: 2014-02-18 18:53

==================== End Of Log ============================



#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:37 AM

Posted 11 March 2014 - 05:42 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

LastRegBack: 2014-02-18 18:53

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

 

Once this fix is done try and boot your machine. Somehow your software hives have become corrupted or not loading.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 purat111

purat111
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 12 March 2014 - 12:56 PM

Hi there,

 

YES!!!!!!!!!!!!!!!!!!!!! My PC has booted into the desktop and everything seems to be working normally. Thank you so, so much for your help - I did not need to do a factory reset!

:D :D :D



#15 purat111

purat111
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 12 March 2014 - 02:24 PM

Oops... forgot to post the log! :)

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-03-2014
Ran by SYSTEM at 2014-03-12 17:49:25 Run:2
Running from F:\Recovery Files
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
LastRegBack: 2014-02-18 18:53
*****************

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users