Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unidentified file


  • This topic is locked This topic is locked
6 replies to this topic

#1 sub_brine

sub_brine

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 12 June 2014 - 08:06 AM

Mod Edit: Moved to proper forum ~~ boopme



I had a problem with randomly generating .tmp files I cleaned my computer with combofix and avast startup search after the search I closed the combofix log and found a file without a name that I cxan't open properties of it or copy it I am worried if I should delete it or keep it or what is it and how that this came in my computer here is the picture of the file and combofix log
4myynq.jpg
ComboFix 14-06-12.01 - everese 12.06.2014  13:57:47.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1254.90.1055.18.3564.2013 [GMT 3:00]
Running from: c:\users\everese\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\everese\AppData\Roaming\Origin
c:\users\everese\AppData\Roaming\Origin\Cloud Saves\blacklist
c:\users\everese\AppData\Roaming\Origin\local.xml
c:\windows\Fonts\pkmnbw.ttf
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
D:\install.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-12 to 2014-06-12  )))))))))))))))))))))))))))))))
.
.
2014-06-12 11:04 . 2014-06-12 12:25	--------	d-----w-	c:\users\everese\AppData\Local\temp
2014-06-12 08:20 . 2014-06-12 08:20	39464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{83CA660C-99A8-48C7-AF0D-7C6017C1655B}\MpKsl9517bff2.sys
2014-06-12 07:23 . 2014-06-12 07:23	--------	d-----w-	c:\program files\coupon downloader
2014-06-12 07:17 . 2014-06-12 07:17	--------	d-----w-	c:\program files\CCleaner
2014-06-11 11:20 . 2014-04-30 23:37	8073384	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{83CA660C-99A8-48C7-AF0D-7C6017C1655B}\mpengine.dll
2014-06-11 08:22 . 2014-05-08 09:06	2742784	----a-w-	c:\windows\system32\rdpcorets.dll
2014-06-11 08:22 . 2014-05-08 09:06	13824	----a-w-	c:\windows\system32\RdpGroupPolicyExtension.dll
2014-06-10 17:17 . 2014-06-10 17:58	--------	d-----w-	C:\NTTGame
2014-06-10 08:13 . 2014-04-30 23:37	8073384	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-07 22:33 . 2014-06-07 22:33	--------	d-----w-	c:\program files\Common Files\Skype
2014-06-07 09:21 . 2014-06-07 09:21	--------	d-----w-	c:\windows\system32\xlive
2014-06-07 09:21 . 2014-06-07 09:21	--------	d-----w-	c:\program files\Microsoft Games for Windows - LIVE
2014-06-06 17:19 . 2014-06-06 17:19	--------	d-----w-	c:\users\everese\AppData\Local\WinZip
2014-06-06 17:18 . 2014-06-06 17:19	--------	d-----w-	c:\programdata\WinZip
2014-06-06 06:27 . 2014-06-12 08:33	--------	d-----w-	c:\users\everese\AppData\Roaming\IDM
2014-06-06 06:27 . 2014-06-06 08:04	--------	d-----w-	c:\users\everese\AppData\Roaming\DMCache
2014-06-06 06:27 . 2014-06-06 06:27	--------	d-----w-	c:\programdata\IDM
2014-06-06 06:27 . 2014-06-06 08:18	--------	d-----w-	c:\program files\Internet Download Manager
2014-06-05 13:37 . 2014-05-02 13:44	765968	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A0ABD3A-E54C-4DEE-80B2-2D52DE822C85}\gapaengine.dll
2014-06-05 05:16 . 2014-06-05 01:06	113168	----a-w-	c:\windows\system32\drivers\idmwfp.sys
2014-06-01 13:56 . 2013-04-28 11:56	396800	----a-w-	c:\program files\Common Files\Microsoft Shared\DAO\w\a\l\m\a\r\t\dll\ISSkinExW.dll
2014-05-31 22:33 . 2014-06-06 08:19	--------	d-----w-	c:\program files\LogMeIn Hamachi
2014-05-31 06:21 . 2014-05-31 06:21	--------	d-----w-	c:\users\everese\AppData\Local\Activision
2014-05-31 05:21 . 2014-05-31 05:21	--------	d-----w-	c:\users\everese\AppData\Roaming\.crazycraft
2014-05-31 05:21 . 2014-05-31 05:21	--------	d-----w-	c:\users\everese\AppData\Roaming\.beta-jurassiccraft
2014-05-31 05:21 . 2014-05-31 05:21	--------	d-----w-	c:\users\everese\AppData\Roaming\.aethericcrusade
2014-05-30 06:18 . 2014-05-30 06:19	--------	d-----w-	c:\users\everese\AppData\Roaming\MKKE
2014-05-30 05:55 . 2014-05-30 05:55	--------	d-----w-	c:\users\everese\AppData\Roaming\Mortal Kombat
2014-05-28 10:23 . 2014-05-28 10:23	--------	d-----w-	c:\programdata\TopApp soft
2014-05-27 14:36 . 2014-05-27 14:36	--------	d-----w-	c:\users\everese\AppData\Local\Ubisoft Game Launcher
2014-05-27 14:36 . 2014-05-27 14:36	--------	d-----w-	c:\program files\Ubisoft
2014-05-27 14:06 . 2014-05-27 14:06	--------	d-----w-	c:\programdata\Caphyon
2014-05-25 12:21 . 2014-05-25 12:21	--------	d-----w-	c:\users\everese\AppData\Local\Macromedia
2014-05-25 12:19 . 2014-05-25 12:20	--------	d-----w-	c:\users\everese\AppData\Roaming\Yandex
2014-05-25 10:05 . 2014-05-25 10:05	--------	d-----w-	c:\users\everese\AppData\Roaming\Rogue Legacy
2014-05-23 18:16 . 2014-05-23 19:01	--------	d-----w-	c:\users\everese\AppData\Local\FalloutNV
2014-05-19 09:11 . 2014-05-19 13:24	--------	d-----w-	c:\users\everese\AppData\Roaming\FTB Pack Install
2014-05-19 06:55 . 2014-05-19 06:55	--------	d-----w-	c:\users\everese\AppData\Local\SearchProtect
2014-05-17 13:15 . 2014-05-16 15:34	52920	----a-w-	c:\windows\system32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw.sys
2014-05-17 11:46 . 2014-06-06 08:19	--------	d-----w-	c:\program files\Quiknowledge
2014-05-17 11:43 . 2014-06-02 09:28	--------	d-----w-	c:\program files\webget
2014-05-17 11:43 . 2014-05-17 11:43	--------	d-----w-	c:\users\everese\AppData\Roaming\Systweak
2014-05-17 11:43 . 2014-04-25 11:49	18776	----a-w-	c:\windows\system32\roboot.exe
2014-05-14 22:50 . 2014-05-06 03:07	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-14 14:35 . 2014-05-14 14:35	17938608	----a-w-	c:\windows\system32\FlashPlayerInstaller.exe
2014-05-14 12:36 . 2013-11-13 19:52	660280	----a-w-	c:\windows\system32\pmls.dll
2014-05-14 12:11 . 2014-05-14 12:11	--------	d-----w-	c:\users\everese\AppData\Local\Local_Weather_LLC
2014-05-14 12:10 . 2014-05-14 19:33	--------	d-----w-	c:\users\everese\AppData\Local\WeatherAlerts
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-09 07:57 . 2014-04-25 22:45	38912	----a-w-	c:\windows\system32\drivers\iSafeKrnlBoot.sys
2014-05-14 14:35 . 2014-02-04 19:07	70832	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 14:35 . 2014-02-04 19:07	692400	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-05-05 20:40 . 2014-05-05 20:40	107736	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-02 13:44 . 2014-02-19 15:54	765968	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-21 14:55 . 2014-04-21 14:55	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2014-04-11 11:48 . 2014-04-11 11:48	4096	----a-w-	c:\windows\system32\drivers\nocashio.sys
2014-04-05 05:57 . 2014-04-05 05:57	107888	----a-w-	c:\windows\system32\CmdLineExt.dll
2014-04-01 19:59 . 2014-04-01 19:59	52752	----a-w-	c:\windows\system32\drivers\qknfd.sys
2014-04-01 14:32 . 2012-07-17 11:37	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-03-31 19:46 . 2014-03-31 19:46	130712	----a-w-	c:\windows\system32\MSSTDFMT.DLL
2014-03-31 19:46 . 2014-03-31 19:46	1070232	----a-w-	c:\windows\system32\MSCOMCTL.OCX
2014-03-30 22:24 . 2014-03-30 22:24	0	---ha-w-	c:\users\everese\AppData\Local\BITA161.tmp
2014-03-26 14:47 . 2014-03-26 14:47	0	---ha-w-	c:\users\everese\AppData\Local\BITD05D.tmp
2014-03-24 14:36 . 2014-02-04 18:49	67264	----a-w-	c:\windows\system32\drivers\aswStm.sys
2014-03-24 14:36 . 2014-02-04 18:49	180760	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-03-24 14:36 . 2014-02-04 18:49	81768	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2014-03-24 14:36 . 2014-02-04 18:49	776976	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2014-03-24 14:36 . 2014-02-04 18:49	67824	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-03-24 14:36 . 2014-02-04 18:49	49944	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-03-24 14:36 . 2014-02-04 18:49	411552	----a-w-	c:\windows\system32\drivers\aswSP.sys
2014-03-24 14:36 . 2014-03-24 14:36	43152	----a-w-	c:\windows\avastSS.scr
2014-03-24 14:36 . 2014-02-04 18:49	271264	----a-w-	c:\windows\system32\aswBoot.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-04-01 14:28	222920	----a-w-	c:\users\everese\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-04-01 14:28	222920	----a-w-	c:\users\everese\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-04-01 14:28	222920	----a-w-	c:\users\everese\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-24 14:36	260976	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 10:02	23008	----a-w-	c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\everese\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2013-01-22 11738184]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-24 3854640]
"ADSK DLMSession"="c:\program files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2014-02-05 1627032]
.
c:\users\everese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DesktopWeatherAlerts.lnk - c:\users\everese\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe [2014-2-25 550952]
Weather Alerts.lnk - c:\users\everese\AppData\Local\WeatherAlerts\WeatherAlerts.exe /restart [2013-11-13 166072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-16 277920]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2014-5-2 565104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [x]
R1 MpKsl240503c7;MpKsl240503c7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{83CA660C-99A8-48C7-AF0D-7C6017C1655B}\MpKsl240503c7.sys [x]
R1 MpKslc7119621;MpKslc7119621;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{83CA660C-99A8-48C7-AF0D-7C6017C1655B}\MpKslc7119621.sys [x]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2014-03-07 113704]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2014-02-26 1678672]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-03-24 67264]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 iSafeKrnlBoot;iSafeKrnl Boot Driver;c:\windows\system32\DRIVERS\iSafeKrnlBoot.sys [2014-06-09 38912]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 14856]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-02-16 14848]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2013-02-16 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-02-16 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-02-16 27136]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;c:\windows\system32\Wat\WatAdminSvc.exe [2013-02-16 1343400]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel(R) USB 3.0 Ana Bilgisayar Denetleyici Değiştirici Sürücüsü;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-12-04 16440]
S1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw;{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw;c:\windows\system32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw.sys [2014-05-16 52920]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-03-24 776976]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-03-24 411552]
S1 iSafeKrnlKit;iSafeKrnl Kit Driver;c:\program files\iSafe\iSafeKrnlKit.sys [2014-06-09 56664]
S1 iSafeNetFilter;iSafeNetFilter NDIS Driver;c:\program files\iSafe\iSafeNetFilter.sys [2014-06-09 40280]
S1 MpKsl9517bff2;MpKsl9517bff2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{83CA660C-99A8-48C7-AF0D-7C6017C1655B}\MpKsl9517bff2.sys [2014-06-12 39464]
S1 netfilter;netfilter;c:\windows\system32\drivers\netfilter.sys [2014-02-13 47488]
S1 qknfd;qknfd;c:\windows\system32\drivers\qknfd.sys [2014-04-01 52752]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-03-24 67824]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-04-11 1390720]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-04-11 1764992]
S2 CouponDownloaderService;CouponDownloaderService;c:\program files\CouponDownloader\CouponDownloaderService.exe [2014-05-01 150528]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\Hi-Rez Studios\HiPatchService.exe [2014-02-28 9216]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2014-06-05 113168]
S2 IePluginServices;IePlugin Services;c:\programdata\IePluginServices\PluginService.exe [2014-05-08 704112]
S2 iSafeService;iSafeService;c:\program files\iSafe\iSafeSvc.exe [2014-06-09 118056]
S2 qksvc;Quiknowledge Client Service;c:\program files\Quiknowledge\Service\qksvc.exe [2014-04-01 273000]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-02-17 4915040]
S2 Update BrowseMark;Update BrowseMark;c:\program files\BrowseMark\updateBrowseMark.exe [2014-05-25 317728]
S2 Update webget;Update webget;c:\program files\webget\updatewebget.exe [2014-06-02 317720]
S2 Util BrowseMark;Util BrowseMark;c:\program files\BrowseMark\bin\utilBrowseMark.exe [2014-05-25 317728]
S2 Util webget;Util webget;c:\program files\webget\bin\utilwebget.exe [2014-06-02 317720]
S2 winzipersvc;WinZiper service;c:\program files\WinZipper\winzipersvc.exe [2014-02-26 425104]
S3 iSafeKrnl;iSafeKrnl Mini-Filter Driver;c:\program files\iSafe\iSafeKrnl.sys [2014-06-09 202240]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 19720]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2012-07-13 55104]
S3 netr28u;Vista için RT2870 USB Kablosuz LAN Kartı Sürücüsü;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2012-12-27 614624]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-04 14:35]
.
2014-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-04 18:49]
.
2014-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-04 18:49]
.
2014-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-481012828-2389614954-1775651213-1000Core.job
- c:\users\everese\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-04 23:56]
.
2014-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-481012828-2389614954-1775651213-1000UA.job
- c:\users\everese\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-04 23:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sweet-page.com/?type=hp&ts=1399660791&from=cor&uid=ST500DM002-1BD142_Z3T3Z3BCXXXXZ3T3Z3BC
uDefault_Search_URL = hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=ST500DM002-1BD142_Z3T3Z3BCXXXXZ3T3Z3BC&ts=1393430832&type=default&q={searchTerms}
mStart Page = hxxp://www.sweet-page.com/?type=hp&ts=1399660791&from=cor&uid=ST500DM002-1BD142_Z3T3Z3BCXXXXZ3T3Z3BC
uInternet Settings,ProxyOverride = <local>
IE: IDM ile indir - c:\program files\Internet Download Manager\IEExt.htm
IE: Microsoft Excel'e &Ver - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Tüm bağlantıları IDM ile indir - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: Interfaces\{11696AFD-1B6E-480E-8A1F-0A2F1A6B5053}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{CBEEDF3D-B86F-4414-BAD1-F695F821872A}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\everese\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\
FF - prefs.js: browser.search.selectedEngine - sweet-page
FF - prefs.js: browser.startup.homepage - hxxp://www.sweet-page.com/?type=hppp&ts=1401257400&from=cor&uid=ST500DM002-1BD142_Z3T3Z3BCXXXXZ3T3Z3BC
user_pref(extensions.autoDisableScopes,14);
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{8F0A790C-F7EC-3323-F100-70F99DB5B75D} - (no file)
c:\users\everese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Cool Timer.lnk - c:\program files\Cool Timer\cooltimer.exe /winstart
AddRemove-{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43} - c:\program files\InstallShield Installation Information\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}\Sims3SP07Setup.exe
AddRemove-{3DE92282-CB49-434F-81BF-94E5B380E889} - c:\program files\Installshield Installation Information\{3DE92282-CB49-434F-81BF-94E5B380E889}\Sims3EP08Setup.exe
AddRemove-{9B2506E3-9A3F-45B5-96BF-509CAD584650} - c:\program files\InstallShield Installation Information\{9B2506E3-9A3F-45B5-96BF-509CAD584650}\Sims3SP06Setup.exe
AddRemove-{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09} - c:\program files\Installshield Installation Information\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}\Sims3EP11Setup.exe
AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver - c:\program files\NVIDIA Corporation\Installer2\installer.{754332CC-CE1F-42FA-AC82-C7A85EBFB422}\NVI2.DLL
AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update - c:\program files\NVIDIA Corporation\Installer2\installer.{754332CC-CE1F-42FA-AC82-C7A85EBFB422}\NVI2.DLL
AddRemove-{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1} - c:\program files\Installshield Installation Information\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}\Sims3EP07Setup.exe
AddRemove-{D0087539-3C57-44E0-BEE7-D779D546CBE1} - c:\program files\Installshield Installation Information\{D0087539-3C57-44E0-BEE7-D779D546CBE1}\Sims3SP09Setup.exe
AddRemove-{DB21639E-FE55-432C-BCA2-0C5249E3F79E} - c:\program files\Installshield Installation Information\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}\Sims3EP10Setup.exe
AddRemove-{E1868CAE-E3B9-4099-8C18-AA8944D336FD} - c:\program files\Installshield Installation Information\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}\Sims3SP08Setup.exe
AddRemove-{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36} - c:\program files\Installshield Installation Information\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}\Sims3EP09Setup.exe
AddRemove-DesktopWeatherAlerts - c:\users\everese\AppData\Local\WeatherAlerts\DesktopWeatherAlertsuninstall.exe
AddRemove-Midnight Racing - c:\program files\Midnight Racing\uninstall.exe
AddRemove-SaveSense - c:\users\everese\AppData\Roaming\SaveSense\UpdateProc\UpdateTask.exe
AddRemove-TidyNetwork - c:\users\everese\AppData\Local\TidyNetwork\TidyNetwork.exe
AddRemove-UnityWebPlayer - c:\users\everese\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-481012828-2389614954-1775651213-1000\Software\SecuROM\License information*]
"datasecu"=hex:da,7c,75,90,e2,ca,ea,18,7d,8d,61,ec,ac,d1,16,55,46,4b,29,72,5f,
   e1,31,ef,f0,9b,3e,7e,9e,92,66,98,67,6f,82,0c,12,0b,57,05,1d,80,fe,1e,39,04,\
"rkeysecu"=hex:95,c3,ca,ed,11,6e,ab,e3,a1,a6,8b,ed,c3,c2,f4,c0
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\iSafe\iSafeSvc2.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\iSafe\iSafeTray.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\msiexec.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\sppsvc.exe
c:\users\everese\AppData\Local\WeatherAlerts\WeatherAlerts.exe
c:\users\everese\AppData\Local\WeatherAlerts\WeatherAlerts.exe
.
**************************************************************************
.
Completion time: 2014-06-12  15:30:36 - machine was rebooted
ComboFix-quarantined-files.txt  2014-06-12 12:30
.
Pre-Run: 58.442.055.680 bayt boş
Post-Run: 58.046.783.488 bayt boş
.
- - End Of File - - 63044B943A0D56F952CB8CF31F1670F9
A36C5E4F47E84449FF07ED3517B43A31


Edited by sub_brine, 12 June 2014 - 09:05 AM.


BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:51 AM

Posted 12 June 2014 - 01:22 PM

Hello and Welcome on board sub_brine :welcome:,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 
  • Close all open Windows and disable all anti-virus and anti-malware software to prevent them inhibiting Combofix in any way. If you are unsure how to do this, see THIS
  • Copy (Ctrl+C) all of the text in the following box and paste (Ctrl+V) it into Notepad
    File::
    c:\windows\system32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw.sys
    c:\windows\system32\roboot.exe
    c:\windows\system32\pmls.dll
    c:\users\everese\AppData\Local\BITA161.tmp
    c:\users\everese\AppData\Local\BITD05D.tmp
    
    Folder::
    c:\program files\coupon downloader
    c:\users\everese\AppData\Local\SearchProtect
    c:\program files\Quiknowledge
    c:\program files\webget
    c:\users\everese\AppData\Roaming\Systweak
    c:\users\everese\AppData\Local\Local_Weather_LLC
    c:\users\everese\AppData\Local\WeatherAlerts
    c:\program files\BrowseMark
    c:\program files\WinZipper
    
    DDS::
    uStart Page = hxxp://www.sweet-page.com/?type=hp&ts=1399660791&from=cor&uid=ST500DM002-1BD142_Z3T3Z3BCXXXXZ3T3Z3BC
    uDefault_Search_URL = hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=ST500DM002-1BD142_Z3T3Z3BCXXXXZ3T3Z3BC&ts=1393430832&type=default&q={searchTerms}
    mStart Page = hxxp://www.sweet-page.com/?type=hp&ts=1399660791&from=cor&uid=ST500DM002-1BD142_Z3T3Z3BCXXXXZ3T3Z3BC
    uInternet Settings,ProxyOverride = <local>
    IE: IDM ile indir - c:\program files\Internet Download Manager\IEExt.htm
    IE: Tüm bağlantıları IDM ile indir - c:\program files\Internet Download Manager\IEGetAll.htm
    FF - prefs.js: browser.search.selectedEngine - sweet-page
    FF - prefs.js: browser.startup.homepage - hxxp://www.sweet-page.com/?type=hppp&ts=1401257400&from=cor&uid=ST500DM002-1BD142_Z3T3Z3BCXXXXZ3T3Z3BC
    user_pref(extensions.autoDisableScopes,14);
    
    Driver::
    {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw
    CouponDownloaderService;CouponDownloaderService
    qksvc
    Update BrowseMark
    Update webget
    Util BrowseMark
    Util webget
    winzipersvc
    
    
  • Go to File > Save As... and save it to your Desktop named CFScript.txt.

    CFScriptB-4.gif
  • Referring to the picture above, drag CFScript.txt into ComboFix.exe

    When finished, it will produce a log that can be found at C:\ComboFix.txt. Copy and paste the contents of this into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 sub_brine

sub_brine
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 12 June 2014 - 02:12 PM

here is the code and while combo fix was working one of the cleaners my brother downloaded said a .3xe file was trying to change my homepage and it blocked it

 

ComboFix 14-06-12.01 - everese 12.06.2014  21:54:35.2.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1254.90.1055.18.3564.2652 [GMT 3:00]
Running from: c:\users\everese\Desktop\ComboFix.exe
Command switches used :: c:\users\everese\Desktop\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\everese\AppData\Local\BITA161.tmp"
"c:\users\everese\AppData\Local\BITD05D.tmp"
"c:\windows\system32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw.sys"
"c:\windows\system32\pmls.dll"
"c:\windows\system32\roboot.exe"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\BrowseMark
c:\program files\BrowseMark\bin\utilBrowseMark.exe
c:\program files\BrowseMark\updateBrowseMark.exe
c:\program files\coupon downloader
c:\program files\coupon downloader\uninstaller.exe
c:\program files\Quiknowledge
c:\program files\Quiknowledge\Service\qksvc.exe
c:\program files\webget
c:\program files\webget\bin\utilwebget.exe
c:\program files\webget\updatewebget.exe
c:\program files\WinZipper
c:\program files\WinZipper\ebase.dll
c:\program files\WinZipper\eshellctx.dll
c:\program files\WinZipper\sqlite3.dll
c:\program files\WinZipper\winzipersvc.exe
c:\users\everese\AppData\Local\Local_Weather_LLC
c:\users\everese\AppData\Local\Local_Weather_LLC\WeatherAlerts.exe_Url_snvvtfpwrwoojykpcmykn2gotc2niaee\1.4.0.0\user.config
c:\users\everese\AppData\Local\SearchProtect
c:\users\everese\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat
c:\users\everese\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat
c:\users\everese\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat
c:\users\everese\AppData\Local\SearchProtect\UI\rep\UIRepository.dat
c:\users\everese\AppData\Local\WeatherAlerts
c:\users\everese\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe
c:\users\everese\AppData\Local\WeatherAlerts\WeatherAlerts.exe
c:\users\everese\AppData\Roaming\Systweak
c:\users\everese\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\log_05-17-2014.log
c:\users\everese\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Turkish_rcp_tr.dat
c:\users\everese\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\voice\tr\voice.wav
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_{9EDD0EA8-2819-47C2-8320-B007D5996F8A}GW
-------\Service_{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw
-------\Service_qksvc
-------\Service_Update BrowseMark
-------\Service_Update webget
-------\Service_Util BrowseMark
-------\Service_Util webget
-------\Service_winzipersvc
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-12 to 2014-06-12  )))))))))))))))))))))))))))))))
.
.
2014-06-12 19:01 . 2014-06-12 19:03	--------	d-----w-	c:\users\everese\AppData\Local\temp
2014-06-12 19:01 . 2014-06-12 19:01	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-06-12 19:01 . 2014-06-12 19:01	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2014-06-12 19:01 . 2014-06-12 19:01	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-06-12 19:01 . 2014-06-12 19:01	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2014-06-12 12:42 . 2014-04-30 23:37	8073384	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A41FC8C-A1B5-4CC4-B734-7C5DA17D69B0}\mpengine.dll
2014-06-12 12:26 . 2014-06-12 12:26	--------	d-----w-	c:\program files\LogMeIn Hamachi
2014-06-12 07:17 . 2014-06-12 07:17	--------	d-----w-	c:\program files\CCleaner
2014-06-11 11:20 . 2014-04-30 23:37	8073384	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-11 08:22 . 2014-05-08 09:06	2742784	----a-w-	c:\windows\system32\rdpcorets.dll
2014-06-11 08:22 . 2014-05-08 09:06	13824	----a-w-	c:\windows\system32\RdpGroupPolicyExtension.dll
2014-06-10 17:17 . 2014-06-10 17:58	--------	d-----w-	C:\NTTGame
2014-06-07 22:33 . 2014-06-07 22:33	--------	d-----w-	c:\program files\Common Files\Skype
2014-06-07 09:21 . 2014-06-07 09:21	--------	d-----w-	c:\windows\system32\xlive
2014-06-07 09:21 . 2014-06-07 09:21	--------	d-----w-	c:\program files\Microsoft Games for Windows - LIVE
2014-06-06 17:19 . 2014-06-06 17:19	--------	d-----w-	c:\users\everese\AppData\Local\WinZip
2014-06-06 17:18 . 2014-06-06 17:19	--------	d-----w-	c:\programdata\WinZip
2014-06-06 06:27 . 2014-06-12 08:33	--------	d-----w-	c:\users\everese\AppData\Roaming\IDM
2014-06-06 06:27 . 2014-06-06 08:04	--------	d-----w-	c:\users\everese\AppData\Roaming\DMCache
2014-06-06 06:27 . 2014-06-06 06:27	--------	d-----w-	c:\programdata\IDM
2014-06-06 06:27 . 2014-06-06 08:18	--------	d-----w-	c:\program files\Internet Download Manager
2014-06-05 13:37 . 2014-05-02 13:44	765968	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A0ABD3A-E54C-4DEE-80B2-2D52DE822C85}\gapaengine.dll
2014-06-05 05:16 . 2014-06-05 01:06	113168	----a-w-	c:\windows\system32\drivers\idmwfp.sys
2014-06-01 13:56 . 2013-04-28 11:56	396800	----a-w-	c:\program files\Common Files\Microsoft Shared\DAO\w\a\l\m\a\r\t\dll\ISSkinExW.dll
2014-05-31 06:21 . 2014-05-31 06:21	--------	d-----w-	c:\users\everese\AppData\Local\Activision
2014-05-31 05:21 . 2014-05-31 05:21	--------	d-----w-	c:\users\everese\AppData\Roaming\.crazycraft
2014-05-31 05:21 . 2014-05-31 05:21	--------	d-----w-	c:\users\everese\AppData\Roaming\.beta-jurassiccraft
2014-05-31 05:21 . 2014-05-31 05:21	--------	d-----w-	c:\users\everese\AppData\Roaming\.aethericcrusade
2014-05-30 06:18 . 2014-05-30 06:19	--------	d-----w-	c:\users\everese\AppData\Roaming\MKKE
2014-05-30 05:55 . 2014-05-30 05:55	--------	d-----w-	c:\users\everese\AppData\Roaming\Mortal Kombat
2014-05-28 10:23 . 2014-05-28 10:23	--------	d-----w-	c:\programdata\TopApp soft
2014-05-27 14:36 . 2014-05-27 14:36	--------	d-----w-	c:\users\everese\AppData\Local\Ubisoft Game Launcher
2014-05-27 14:36 . 2014-05-27 14:36	--------	d-----w-	c:\program files\Ubisoft
2014-05-27 14:06 . 2014-05-27 14:06	--------	d-----w-	c:\programdata\Caphyon
2014-05-25 12:21 . 2014-05-25 12:21	--------	d-----w-	c:\users\everese\AppData\Local\Macromedia
2014-05-25 12:19 . 2014-05-25 12:20	--------	d-----w-	c:\users\everese\AppData\Roaming\Yandex
2014-05-25 10:05 . 2014-05-25 10:05	--------	d-----w-	c:\users\everese\AppData\Roaming\Rogue Legacy
2014-05-23 18:16 . 2014-05-23 19:01	--------	d-----w-	c:\users\everese\AppData\Local\FalloutNV
2014-05-19 09:11 . 2014-05-19 13:24	--------	d-----w-	c:\users\everese\AppData\Roaming\FTB Pack Install
2014-05-17 13:15 . 2014-05-16 15:34	52920	----a-w-	c:\windows\system32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw.sys
2014-05-17 11:43 . 2014-04-25 11:49	18776	----a-w-	c:\windows\system32\roboot.exe
2014-05-14 22:50 . 2014-05-06 03:07	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-14 14:35 . 2014-05-14 14:35	17938608	----a-w-	c:\windows\system32\FlashPlayerInstaller.exe
2014-05-14 12:36 . 2013-11-13 19:52	660280	----a-w-	c:\windows\system32\pmls.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-09 07:57 . 2014-04-25 22:45	38912	----a-w-	c:\windows\system32\drivers\iSafeKrnlBoot.sys
2014-05-14 14:35 . 2014-02-04 19:07	70832	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 14:35 . 2014-02-04 19:07	692400	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-05-05 20:40 . 2014-05-05 20:40	107736	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-02 13:44 . 2014-02-19 15:54	765968	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-21 14:55 . 2014-04-21 14:55	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2014-04-11 11:48 . 2014-04-11 11:48	4096	----a-w-	c:\windows\system32\drivers\nocashio.sys
2014-04-05 05:57 . 2014-04-05 05:57	107888	----a-w-	c:\windows\system32\CmdLineExt.dll
2014-04-01 19:59 . 2014-04-01 19:59	52752	----a-w-	c:\windows\system32\drivers\qknfd.sys
2014-04-01 14:32 . 2012-07-17 11:37	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-03-31 19:46 . 2014-03-31 19:46	130712	----a-w-	c:\windows\system32\MSSTDFMT.DLL
2014-03-31 19:46 . 2014-03-31 19:46	1070232	----a-w-	c:\windows\system32\MSCOMCTL.OCX
2014-03-30 22:24 . 2014-03-30 22:24	0	---ha-w-	c:\users\everese\AppData\Local\BITA161.tmp
2014-03-26 14:47 . 2014-03-26 14:47	0	---ha-w-	c:\users\everese\AppData\Local\BITD05D.tmp
2014-03-24 14:36 . 2014-02-04 18:49	67264	----a-w-	c:\windows\system32\drivers\aswStm.sys
2014-03-24 14:36 . 2014-02-04 18:49	180760	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-03-24 14:36 . 2014-02-04 18:49	81768	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2014-03-24 14:36 . 2014-02-04 18:49	776976	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2014-03-24 14:36 . 2014-02-04 18:49	67824	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-03-24 14:36 . 2014-02-04 18:49	49944	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-03-24 14:36 . 2014-02-04 18:49	411552	----a-w-	c:\windows\system32\drivers\aswSP.sys
2014-03-24 14:36 . 2014-03-24 14:36	43152	----a-w-	c:\windows\avastSS.scr
2014-03-24 14:36 . 2014-02-04 18:49	271264	----a-w-	c:\windows\system32\aswBoot.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-04-01 14:28	222920	----a-w-	c:\users\everese\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-04-01 14:28	222920	----a-w-	c:\users\everese\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-04-01 14:28	222920	----a-w-	c:\users\everese\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-24 14:36	260976	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 10:02	23008	----a-w-	c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\everese\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
"uTorrent"="c:\users\everese\AppData\Roaming\uTorrent\uTorrent.exe" [2014-04-29 1270352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2013-01-22 11738184]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-24 3854640]
"ADSK DLMSession"="c:\program files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2014-02-05 1627032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-16 277920]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2014-5-2 565104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [x]
R1 MpKsl240503c7;MpKsl240503c7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{83CA660C-99A8-48C7-AF0D-7C6017C1655B}\MpKsl240503c7.sys [x]
R1 MpKsl9517bff2;MpKsl9517bff2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{83CA660C-99A8-48C7-AF0D-7C6017C1655B}\MpKsl9517bff2.sys [x]
R1 MpKslc7119621;MpKslc7119621;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{83CA660C-99A8-48C7-AF0D-7C6017C1655B}\MpKslc7119621.sys [x]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2014-03-07 113704]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-03-24 67264]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 iSafeKrnlBoot;iSafeKrnl Boot Driver;c:\windows\system32\DRIVERS\iSafeKrnlBoot.sys [2014-06-09 38912]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 14856]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-02-16 14848]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2013-02-16 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-02-16 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-02-16 27136]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;c:\windows\system32\Wat\WatAdminSvc.exe [2013-02-16 1343400]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel(R) USB 3.0 Ana Bilgisayar Denetleyici Değiştirici Sürücüsü;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-12-04 16440]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-03-24 776976]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-03-24 411552]
S1 iSafeKrnlKit;iSafeKrnl Kit Driver;c:\program files\iSafe\iSafeKrnlKit.sys [2014-06-09 56664]
S1 iSafeNetFilter;iSafeNetFilter NDIS Driver;c:\program files\iSafe\iSafeNetFilter.sys [2014-06-09 40280]
S1 netfilter;netfilter;c:\windows\system32\drivers\netfilter.sys [2014-02-13 47488]
S1 qknfd;qknfd;c:\windows\system32\drivers\qknfd.sys [2014-04-01 52752]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-03-24 67824]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-04-11 1390720]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-04-11 1764992]
S2 CouponDownloaderService;CouponDownloaderService;c:\program files\CouponDownloader\CouponDownloaderService.exe [2014-05-01 150528]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2014-02-26 1678672]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2014-06-05 113168]
S2 IePluginServices;IePlugin Services;c:\programdata\IePluginServices\PluginService.exe [2014-05-08 704112]
S2 iSafeService;iSafeService;c:\program files\iSafe\iSafeSvc.exe [2014-06-09 118056]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-02-17 4915040]
S3 iSafeKrnl;iSafeKrnl Mini-Filter Driver;c:\program files\iSafe\iSafeKrnl.sys [2014-06-09 202240]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 19720]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2012-07-13 55104]
S3 netr28u;Vista için RT2870 USB Kablosuz LAN Kartı Sürücüsü;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2012-12-27 614624]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-04 14:35]
.
2014-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-04 18:49]
.
2014-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-04 18:49]
.
2014-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-481012828-2389614954-1775651213-1000Core.job
- c:\users\everese\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-04 23:56]
.
2014-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-481012828-2389614954-1775651213-1000UA.job
- c:\users\everese\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-04 23:56]
.
.
------- Supplementary Scan -------
.
IE: Microsoft Excel'e &Ver - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{11696AFD-1B6E-480E-8A1F-0A2F1A6B5053}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{CBEEDF3D-B86F-4414-BAD1-F695F821872A}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\everese\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\
FF - prefs.js: browser.search.selectedEngine - sweet-page
FF - prefs.js: browser.startup.homepage - hxxp://www.sweet-page.com/?type=hppp&ts=1401257400&from=cor&uid=ST500DM002-1BD142_Z3T3Z3BCXXXXZ3T3Z3BC
user_pref(extensions.autoDisableScopes,14);
.
- - - - ORPHANS REMOVED - - - -
.
c:\users\everese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk - c:\users\everese\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe
c:\users\everese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk - c:\users\everese\AppData\Local\WeatherAlerts\WeatherAlerts.exe /restart
AddRemove-coupon downloader - c:\program files\coupon downloader\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-481012828-2389614954-1775651213-1000\Software\SecuROM\License information*]
"datasecu"=hex:da,7c,75,90,e2,ca,ea,18,7d,8d,61,ec,ac,d1,16,55,46,4b,29,72,5f,
   e1,31,ef,f0,9b,3e,7e,9e,92,66,98,67,6f,82,0c,12,0b,57,05,1d,80,fe,1e,39,04,\
"rkeysecu"=hex:95,c3,ca,ed,11,6e,ab,e3,a1,a6,8b,ed,c3,c2,f4,c0
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\iSafe\iSafeSvc2.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Hi-Rez Studios\HiPatchService.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2014-06-12  22:06:37 - machine was rebooted
ComboFix-quarantined-files.txt  2014-06-12 19:06
.
Pre-Run: 56.637.284.352 bayt boş
Post-Run: 56.631.975.936 bayt boş
.
- - End Of File - - B8C039B89338D52E61E7AC9FAC9175CC
A36C5E4F47E84449FF07ED3517B43A31



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:51 AM

Posted 12 June 2014 - 02:42 PM

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 sub_brine

sub_brine
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 12 June 2014 - 03:31 PM

here is frst

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-06-2014 02
Ran by everese (administrator) on EVERESE-P on 12-06-2014 23:28:03
Running from C:\Users\everese\Desktop
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: 041F
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Elex do Brasil Participações Ltda) C:\Program Files\iSafe\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files\iSafe\iSafeSvc2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files\CouponDownloader\CouponDownloaderService.exe
(Hi-Rez Studios) C:\Program Files\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Elex do Brasil Participações Ltda) C:\Program Files\iSafe\iSafeUpdate.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11738184 2013-01-22] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-03-24] (AVAST Software)
HKLM\...\Run: [ADSK DLMSession] => C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1627032 2014-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-481012828-2389614954-1775651213-1000\...\Run: [Akamai NetSession Interface] => C:\Users\everese\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-481012828-2389614954-1775651213-1000\...\Run: [uTorrent] => C:\Users\everese\AppData\Roaming\uTorrent\uTorrent.exe [1270352 2014-04-29] (BitTorrent Inc.)
HKU\S-1-5-21-481012828-2389614954-1775651213-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4AB49B9ED521CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = tr-TR
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1399660791&from=cor&uid=ST500DM002-1BD142_Z3T3Z3BCXXXXZ3T3Z3BC&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1399660791&from=cor&uid=ST500DM002-1BD142_Z3T3Z3BCXXXXZ3T3Z3BC&q={searchTerms}
SearchScopes: HKCU - 05BC1BF128BAFF3E5F463C0BCDF500A5 URL = http://www.google.com/search?hl=en&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1399660791&from=cor&uid=ST500DM002-1BD142_Z3T3Z3BCXXXXZ3T3Z3BC&q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO: No Name - {9030D464-4C02-4ABF-8ECC-5164760863C6} -  No File
BHO: No Name - {AA58ED58-01DD-4d91-8333-CF10577473F7} -  No File
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
Toolbar: HKLM - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -  No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{11696AFD-1B6E-480E-8A1F-0A2F1A6B5053}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{CBEEDF3D-B86F-4414-BAD1-F695F821872A}: [NameServer]8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\everese\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default
FF SelectedSearchEngine: sweet-page
FF Homepage: hxxp://www.sweet-page.com/?type=hppp&ts=1401257400&from=cor&uid=ST500DM002-1BD142_Z3T3Z3BCXXXXZ3T3Z3BC
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\everese\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\everese\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\everese\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\everese\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js
FF SearchPlugin: C:\Users\everese\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yqs-barff-yagorsel.xml
FF SearchPlugin: C:\Users\everese\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yqs-barff-yahaber.xml
FF SearchPlugin: C:\Users\everese\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yqs-barff-yandex.xml
FF SearchPlugin: C:\Users\everese\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yqs-barff-yavideo.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\sweet-page.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yandex-tr.xml
FF Extension: IDM CC - C:\Users\everese\AppData\Roaming\IDM\idmmzcc5 [2014-06-06]
FF HKLM\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files\PremierOpinion\firefox
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-04]
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\everese\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\everese\AppData\Roaming\IDM\idmmzcc5 [2014-06-06]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\everese\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\everese\AppData\Roaming\IDM\idmmzcc5 [2014-06-06]

Chrome: 
=======
CHR HomePage: hxxp://www.sweet-page.com/?type=hp&ts=1399660791&from=cor&uid=ST500DM002-1BD142_Z3T3Z3BCXXXXZ3T3Z3BC
CHR RestoreOnStartup: "hxxp://search.gboxapp.com/"
CHR StartupUrls: "hxxp://www.sweet-page.com/?type=hp&ts=1399660791&from=cor&uid=ST500DM002-1BD142_Z3T3Z3BCXXXXZ3T3Z3BC"
CHR DefaultSearchKeyword: sweet-page
CHR DefaultSearchProvider: sweet-page
CHR DefaultSearchURL: http://www.sweet-page.com/web/?type=ds&ts=1399660791&from=cor&uid=ST500DM002-1BD142_Z3T3Z3BCXXXXZ3T3Z3BC&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\everese\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\everese\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\everese\AppData\Local\Google\Chrome\Application\32.0.1700.107\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.169\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U51) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (HTML Saver) - C:\Users\everese\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-02-22]
CHR Extension: (avast! Online Security) - C:\Users\everese\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-04]
CHR Extension: (Google Cüzdan) - C:\Users\everese\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-05]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-24]
CHR HKLM\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\everese\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [2014-02-26]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2014-02-26]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-02-26]
CHR HKLM\...\Chrome\Extension: [mkndcbhcgphcfkkddanakjiepeknbgle] - C:\Program Files\PremierOpinion\pmcm.crx [2014-02-26]
CHR HKLM\...\Chrome\Extension: [ogfjmhfnldnajmfaofeiaepghjenbgjo] - C:\Users\everese\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx [2014-02-26]
CHR HKLM\...\Chrome\Extension: [pkndmigholgfjlniaohblojbhgjbkakn] - C:\Users\everese\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2014-02-05]
CHR StartMenuInternet: Google Chrome - c:\users\everese\appdata\local\google\chrome\application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-24] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-03-07] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 CouponDownloaderService; c:\Program Files\CouponDownloader\CouponDownloaderService.exe [150528 2014-05-01] () [File not signed]
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1678672 2014-02-26] (LogMeIn Inc.)
U2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED)
R2 iSafeService; C:\Program Files\iSafe\iSafeSvc.exe [118056 2014-06-09] (Elex do Brasil Participações Ltda)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-03-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-03-24] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-03-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [776976 2014-03-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411552 2014-03-24] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [67264 2014-03-24] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180760 2014-03-24] ()
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 iSafeKrnl; C:\Program Files\iSafe\iSafeKrnl.sys [202240 2014-06-09] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files\iSafe\iSafeKrnlKit.sys [56664 2014-06-09] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Program Files\iSafe\iSafeNetFilter.sys [40280 2014-06-09] (Elex do Brasil Participações Ltda)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16440 2012-12-04] (Intel Corporation)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
S3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-13] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 netfilter; C:\Windows\System32\drivers\netfilter.sys [47488 2014-02-13] (NetFilterSDK.com) [File not signed]
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-14] (Ralink Technology Corp.)
S3 nocashio; C:\Windows\System32\drivers\nocashio.sys [4096 2014-04-11] () [File not signed]
R1 qknfd; C:\Windows\System32\drivers\qknfd.sys [52752 2014-04-01] (Quiknowledge)
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
R3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
S3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
S1 aswKbd; \??\C:\Windows\system32\drivers\aswKbd.sys [X]
S3 catchme; \??\C:\Users\everese\AppData\Local\Temp\catchme.sys [X]
S3 iSafeKrnlBoot; \??\system32\DRIVERS\iSafeKrnlBoot.sys [X]
S1 MpKsl240503c7; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{83CA660C-99A8-48C7-AF0D-7C6017C1655B}\MpKsl240503c7.sys [X]
S1 MpKsl9517bff2; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{83CA660C-99A8-48C7-AF0D-7C6017C1655B}\MpKsl9517bff2.sys [X]
S1 MpKslc7119621; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{83CA660C-99A8-48C7-AF0D-7C6017C1655B}\MpKslc7119621.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
U3 mbr; \??\C:\Users\everese\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-12 23:28 - 2014-06-12 23:28 - 00018477 _____ () C:\Users\everese\Desktop\FRST.txt
2014-06-12 23:26 - 2014-06-12 23:28 - 00000000 ____D () C:\FRST
2014-06-12 22:49 - 2014-06-12 22:49 - 01073152 _____ (Farbar) C:\Users\everese\Desktop\FRST.exe
2014-06-12 22:06 - 2014-06-12 22:06 - 00022556 _____ () C:\ComboFix.txt
2014-06-12 22:06 - 2014-06-12 22:06 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-06-12 22:06 - 2014-06-12 22:06 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-12 22:06 - 2014-06-12 22:06 - 00000000 ____D () C:\Users\Guest\AppData\Local\temp
2014-06-12 22:06 - 2014-06-12 22:06 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-12 22:06 - 2014-06-12 22:06 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-12 22:06 - 2014-06-12 22:06 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-06-12 22:01 - 2014-06-12 23:28 - 00000000 ____D () C:\Users\everese\AppData\Local\temp
2014-06-12 15:26 - 2014-06-12 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-06-12 15:26 - 2014-06-12 15:26 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2014-06-12 15:24 - 2014-06-12 22:03 - 00000112 _____ () C:\Windows\setupact.log
2014-06-12 15:24 - 2014-06-12 22:02 - 00001098 _____ () C:\Windows\PFRO.log
2014-06-12 15:24 - 2014-06-12 15:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-12 13:56 - 2011-06-26 09:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-12 13:56 - 2010-11-07 20:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-12 13:56 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-12 13:56 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-12 13:56 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-12 13:56 - 2000-08-31 03:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-12 13:56 - 2000-08-31 03:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-12 13:56 - 2000-08-31 03:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-12 13:46 - 2014-06-12 22:06 - 00000000 ____D () C:\Qoobox
2014-06-12 13:46 - 2014-06-12 22:01 - 00000000 ____D () C:\Windows\erdnt
2014-06-12 13:43 - 2014-06-12 13:43 - 05205897 ____R (Swearware) C:\Users\everese\Desktop\ComboFix.exe
2014-06-12 10:21 - 2014-06-12 10:21 - 00624872 _____ () C:\Users\everese\Downloads\CR_Downloader_for_conker's-bad-fur-day.exe
2014-06-12 10:17 - 2014-06-12 10:17 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-12 10:17 - 2014-06-12 10:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-12 10:16 - 2014-06-12 10:16 - 04748896 _____ (Piriform Ltd) C:\Users\everese\Downloads\ccsetup414.exe
2014-06-11 20:09 - 2014-06-11 20:09 - 00953277 _____ () C:\Users\everese\Downloads\Super Mario All-Stars.zip
2014-06-11 20:07 - 2014-06-11 20:08 - 00624872 _____ () C:\Users\everese\Downloads\CR_Downloader_for_super-mario-all-stars.exe
2014-06-11 15:25 - 2014-06-11 15:29 - 00000000 ____D () C:\Users\everese\Desktop\Yeni klasör (4)
2014-06-11 12:14 - 2014-06-11 12:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-11 11:22 - 2014-05-08 12:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 11:22 - 2014-05-08 12:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-10 22:36 - 2014-06-10 22:36 - 00924462 _____ () C:\Users\everese\Downloads\Mario is Missing!.zip
2014-06-10 22:36 - 2014-06-10 22:36 - 00624872 _____ () C:\Users\everese\Downloads\CR_Downloader_for_mario-is-missing!.exe
2014-06-10 20:17 - 2014-06-10 20:58 - 00000000 ____D () C:\NTTGame
2014-06-10 19:39 - 2014-06-10 20:16 - 718422944 _____ (KnightOnlineEn ) C:\Users\everese\Downloads\KnightOnlineSetup_v2020.exe
2014-06-10 19:24 - 2014-06-10 19:24 - 00000000 ____D () C:\Users\everese\Documents\VIEARDREAM FULL CLIENT
2014-06-10 19:12 - 2014-06-10 19:12 - 00000000 ____D () C:\Users\everese\Desktop\Yeni klasör (2)
2014-06-10 16:54 - 2014-06-10 16:54 - 00001299 _____ () C:\Users\everese\Desktop\Transforming Soul Gems v1.1.zip
2014-06-10 16:52 - 2014-06-10 16:52 - 00001299 _____ () C:\Users\everese\Desktop\Transforming Soul Gems 1.1.zip
2014-06-10 16:51 - 2014-06-10 16:52 - 00001299 _____ () C:\Users\everese\Desktop\transforming soulgems 1.1.zip
2014-06-09 21:43 - 2014-06-09 21:43 - 00652878 _____ () C:\Users\everese\Downloads\Gunstar Heroes.zip
2014-06-09 21:43 - 2014-06-09 21:43 - 00624872 _____ () C:\Users\everese\Downloads\CR_Downloader_for_gunstar-heroes.exe
2014-06-08 01:33 - 2014-06-08 01:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-08 01:33 - 2014-06-08 01:33 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-07 13:20 - 2014-06-07 13:20 - 00000000 ____D () C:\Users\everese\Downloads\Dead.Rising.2.Crack.Only-SKIDROW
2014-06-07 12:21 - 2014-06-07 12:21 - 00000000 ____D () C:\Windows\system32\xlive
2014-06-07 12:21 - 2014-06-07 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2014-06-07 12:21 - 2014-06-07 12:21 - 00000000 ____D () C:\Program Files\Microsoft Games for Windows - LIVE
2014-06-07 09:03 - 2014-06-07 09:03 - 00002283 _____ () C:\Users\everese\Desktop\WinZip.lnk
2014-06-06 20:22 - 2014-06-06 20:22 - 00000000 ____D () C:\Users\everese\Documents\One With Nature-54090-2-0-1
2014-06-06 20:19 - 2014-06-06 20:19 - 00002283 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-06-06 20:19 - 2014-06-06 20:19 - 00002277 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-06-06 20:19 - 2014-06-06 20:19 - 00000000 ____D () C:\Users\everese\AppData\Local\WinZip
2014-06-06 20:19 - 2014-06-06 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-06-06 20:18 - 2014-06-06 20:19 - 00000000 ____D () C:\ProgramData\WinZip
2014-06-06 20:18 - 2014-06-06 20:19 - 00000000 ____D () C:\Program Files\WinZip
2014-06-06 20:12 - 2014-06-06 20:13 - 00820840 _____ ( ) C:\Users\everese\Downloads\winzip18.exe
2014-06-06 20:03 - 2014-06-07 03:14 - 00000000 ____D () C:\Users\everese\Downloads\Dead Rising 2-SKIDROW
2014-06-06 11:14 - 2014-06-06 11:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-06-06 09:27 - 2014-06-12 11:33 - 00000000 ____D () C:\Users\everese\AppData\Roaming\IDM
2014-06-06 09:27 - 2014-06-06 11:22 - 00000000 ____D () C:\Users\everese\Downloads\Video
2014-06-06 09:27 - 2014-06-06 11:18 - 00000000 ____D () C:\Program Files\Internet Download Manager
2014-06-06 09:27 - 2014-06-06 11:04 - 00000000 ____D () C:\Users\everese\AppData\Roaming\DMCache
2014-06-06 09:27 - 2014-06-06 09:27 - 00000000 ____D () C:\Users\everese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2014-06-06 09:27 - 2014-06-06 09:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2014-06-06 09:27 - 2014-06-06 09:27 - 00000000 ____D () C:\ProgramData\IDM
2014-06-05 23:02 - 2012-02-07 05:10 - 00000000 ____D () C:\Users\everese\Desktop\MatysKnights
2014-06-05 08:16 - 2014-06-05 04:06 - 00113168 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2014-06-04 19:02 - 2014-06-04 19:02 - 00001290 _____ () C:\Users\everese\Desktop\Continue Paper Mario - The Thousand-Year Door Installation.lnk
2014-06-04 01:25 - 2014-06-04 01:25 - 00000737 _____ () C:\Users\everese\Desktop\Transforming Soul Gems.zip
2014-06-04 01:23 - 2014-06-04 00:33 - 00002158 _____ () C:\Users\everese\Desktop\Transforming Soul Gems.esp
2014-06-04 01:22 - 2014-06-04 01:22 - 00000438 _____ () C:\Users\everese\Desktop\don't read me(I know you wont).txt
2014-06-04 01:09 - 2014-06-09 18:58 - 00000890 _____ () C:\Users\everese\Desktop\don't read me(I know you wont)[transforming soulgems mod].txt
2014-06-04 00:58 - 2014-06-04 01:03 - 39868836 _____ () C:\Users\everese\Desktop\Filmim.mp4
2014-06-04 00:11 - 2014-06-04 00:11 - 00049664 _____ () C:\Users\everese\Downloads\keymaker(1).exe
2014-06-03 22:51 - 2014-06-04 00:27 - 00002158 _____ () C:\Users\everese\Desktop\Simply Crafting Or Transforming Soul Gems.esp
2014-06-03 22:25 - 2014-06-03 22:25 - 00000000 ____D () C:\Users\everese\Desktop\SCK
2014-06-03 22:16 - 2014-06-03 22:16 - 00003536 ____N () C:\bootsqm.dat
2014-06-02 12:44 - 2014-06-02 12:44 - 00000714 _____ () C:\Users\everese\Desktop\The Elder Scrolls III Morrowind GOTY.lnk
2014-06-01 23:48 - 2014-06-01 23:48 - 00000709 _____ () C:\Users\everese\Desktop\The Elder Scrolls IV Oblivion GOTY Deluxe.lnk
2014-06-01 17:28 - 2012-10-22 22:22 - 00158716 _____ () C:\Users\everese\Desktop\Random Alternate Start.bsa
2014-06-01 17:28 - 2012-10-22 07:13 - 00070692 _____ () C:\Users\everese\Desktop\Random Alternate Start.esp
2014-06-01 17:28 - 2012-10-22 06:12 - 00000383 _____ () C:\Users\everese\Desktop\RAS - Riverwood CharGen.esp
2014-06-01 17:05 - 2014-06-01 17:05 - 00000730 _____ () C:\Users\everese\Desktop\TSEV Skyrim LE.lnk
2014-06-01 17:05 - 2014-06-01 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TSEV Skyrim LE
2014-06-01 14:57 - 2014-06-01 15:41 - 00000000 ____D () C:\Users\everese\Desktop\dataa
2014-05-31 09:21 - 2014-05-31 09:21 - 00000000 ____D () C:\Users\everese\Documents\Activision
2014-05-31 09:21 - 2014-05-31 09:21 - 00000000 ____D () C:\Users\everese\AppData\Local\Activision
2014-05-31 08:45 - 2014-05-31 08:45 - 00000892 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Amazing Spider-Man 2.lnk
2014-05-31 08:45 - 2014-05-31 08:45 - 00000880 _____ () C:\Users\Public\Desktop\The Amazing Spider-Man 2.lnk
2014-05-31 08:26 - 2014-05-31 08:26 - 00005096 _____ () C:\Users\everese\Desktop\Super Mario Land1.sgm
2014-05-31 08:21 - 2014-05-31 08:21 - 00000000 ____D () C:\Users\everese\AppData\Roaming\.crazycraft
2014-05-31 08:21 - 2014-05-31 08:21 - 00000000 ____D () C:\Users\everese\AppData\Roaming\.beta-jurassiccraft
2014-05-31 08:21 - 2014-05-31 08:21 - 00000000 ____D () C:\Users\everese\AppData\Roaming\.aethericcrusade
2014-05-31 08:20 - 2014-05-31 08:36 - 00002010 _____ () C:\Users\everese\Desktop\vba.ini
2014-05-31 08:19 - 2005-10-01 14:08 - 01974352 _____ (None) C:\Users\everese\Desktop\VisualBoyAdvance.exe
2014-05-31 08:17 - 2014-06-05 19:05 - 00000000 ____D () C:\Users\everese\Desktop\SLOT
2014-05-31 08:16 - 2012-08-17 07:27 - 00065536 _____ () C:\Users\everese\Desktop\Super Mario Land.gb
2014-05-30 16:39 - 2014-06-06 20:11 - 00000000 ____D () C:\Users\everese\Downloads\The.Amazing.Spider-Man.2.Proper-RELOADED
2014-05-30 12:09 - 2014-05-30 12:09 - 16777216 _____ () C:\Users\everese\Desktop\argt312123.gba
2014-05-30 11:56 - 2014-05-30 11:56 - 16777216 _____ () C:\Users\everese\Desktop\argt.gba
2014-05-30 09:18 - 2014-05-30 09:19 - 00000000 ____D () C:\Users\everese\AppData\Roaming\MKKE
2014-05-30 08:56 - 2014-05-30 08:56 - 00001343 _____ () C:\Users\everese\Desktop\Play Mortal Kombat.lnk
2014-05-30 08:55 - 2014-05-30 08:55 - 00001319 _____ () C:\Users\everese\Desktop\Mortal Kombat.lnk
2014-05-30 08:55 - 2014-05-30 08:55 - 00000000 ____D () C:\Users\everese\AppData\Roaming\Mortal Kombat
2014-05-29 21:23 - 2014-06-09 21:44 - 00000000 ____D () C:\Users\everese\Desktop\sonic 1,2,3
2014-05-29 21:20 - 2014-05-29 21:20 - 00095370 _____ () C:\Users\everese\Desktop\jkj.SNA
2014-05-29 21:01 - 2014-05-29 21:02 - 33554432 _____ () C:\Users\everese\Desktop\Pokemon Emerald.gba
2014-05-29 15:23 - 2014-05-29 15:23 - 16777216 _____ () C:\Users\everese\Desktop\Pokemon shiny gold solo3.gba
2014-05-29 15:15 - 2014-05-29 15:15 - 16777216 _____ () C:\Users\everese\Desktop\Pokemon shiny gold solo2.gba
2014-05-29 14:16 - 2014-05-29 14:16 - 16777216 _____ () C:\Users\everese\Desktop\Pokemon FireRedrandomo2.gba
2014-05-29 14:12 - 2014-05-29 14:12 - 16777216 _____ () C:\Users\everese\Desktop\Pokemon FireRedrandomo.gba
2014-05-29 14:09 - 2014-05-30 12:05 - 00000000 ____D () C:\Users\everese\Desktop\Yeni klasör (3)
2014-05-28 21:55 - 2014-05-29 14:52 - 00099483 _____ () C:\Users\everese\Desktop\jk.SNA
2014-05-28 21:50 - 2012-12-26 12:31 - 134217728 _____ () C:\Users\everese\Desktop\Pokemon Platinum.nds
2014-05-28 21:43 - 2014-06-04 16:30 - 00001536 _____ () C:\Users\everese\Desktop\NO$GBA.INP
2014-05-28 21:38 - 2014-05-30 12:04 - 00000000 ____D () C:\Users\everese\Desktop\BATTERY
2014-05-28 19:47 - 2014-05-28 19:54 - 00000000 ____D () C:\Users\everese\Desktop\Pokémon Island 1.1h
2014-05-28 19:35 - 2013-08-04 22:24 - 00716825 _____ () C:\Users\everese\Desktop\Pokemon Fire Red DS UPDATED.patch
2014-05-28 19:32 - 2010-03-11 21:47 - 134217728 _____ () C:\Users\everese\Desktop\4787 Pokemon - HeartGold Version (US).nds
2014-05-28 19:18 - 2011-05-24 16:34 - 00266240 _____ (Microsoft) C:\Users\everese\Desktop\Zero's Starter Editor v1.0.1.exe
2014-05-28 14:53 - 2014-06-01 15:06 - 00000000 ____D () C:\Users\everese\Downloads\The.Elder.Scrolls.V.Skyrim.Legendary.Edition-WaLMaRT
2014-05-28 13:25 - 2014-05-28 13:26 - 00020270 _____ () C:\Users\everese\Desktop\zsnesw.cfg
2014-05-28 13:24 - 2014-06-11 20:50 - 00000000 ____D () C:\Users\everese\Desktop\snes
2014-05-28 13:23 - 2014-05-28 13:23 - 00000000 ____D () C:\ProgramData\TopApp soft
2014-05-27 17:36 - 2014-05-27 17:37 - 00001159 _____ () C:\Users\everese\Desktop\Uplay.lnk
2014-05-27 17:36 - 2014-05-27 17:36 - 00000000 ____D () C:\Users\everese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2014-05-27 17:36 - 2014-05-27 17:36 - 00000000 ____D () C:\Users\everese\AppData\Local\Ubisoft Game Launcher
2014-05-27 17:36 - 2014-05-27 17:36 - 00000000 ____D () C:\Program Files\Ubisoft
2014-05-27 17:06 - 2014-05-27 17:06 - 00000000 ____D () C:\ProgramData\Caphyon
2014-05-26 18:33 - 2014-05-26 18:33 - 00000000 ____D () C:\Users\everese\Desktop\Yeni klasör
2014-05-25 19:45 - 2014-05-25 19:45 - 00000000 ____D () C:\Users\everese\Documents\SimCity
2014-05-25 19:35 - 2014-05-25 19:35 - 00000778 _____ () C:\Users\everese\Desktop\SimCity.lnk
2014-05-25 19:35 - 2014-05-25 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor1911
2014-05-25 15:21 - 2014-05-25 15:21 - 00000000 ____D () C:\Users\everese\AppData\Local\Macromedia
2014-05-25 15:19 - 2014-05-25 15:20 - 00000000 ____D () C:\Users\everese\AppData\Roaming\Yandex
2014-05-25 15:19 - 2014-05-25 15:19 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-25 15:19 - 2014-05-25 15:19 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-25 15:19 - 2014-05-25 15:19 - 00000000 ____D () C:\ProgramData\Mozilla
2014-05-25 13:05 - 2014-05-25 13:05 - 00000000 ____D () C:\Users\everese\Documents\SavedGames
2014-05-25 13:05 - 2014-05-25 13:05 - 00000000 ____D () C:\Users\everese\AppData\Roaming\Rogue Legacy
2014-05-25 12:59 - 2014-05-25 12:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-05-23 21:16 - 2014-05-23 22:01 - 00000000 ____D () C:\Users\everese\AppData\Local\FalloutNV
2014-05-19 12:11 - 2014-05-19 16:24 - 00000000 ____D () C:\Users\everese\AppData\Roaming\FTB Pack Install
2014-05-19 12:11 - 2014-04-09 19:27 - 02940635 _____ (www.dropcrack.com) C:\Users\everese\Desktop\Technic - Cracked Launcher.exe
2014-05-19 12:11 - 2014-04-09 19:03 - 05607115 _____ (www.dropcrack.com) C:\Users\everese\Desktop\Feed The Beast - Cracked Launcher 32 Bit.exe
2014-05-19 11:12 - 2014-05-29 12:17 - 00002362 _____ () C:\Users\everese\Desktop\NO$GBA.INI
2014-05-19 10:43 - 2014-05-19 10:43 - 03932214 _____ () C:\Users\everese\Desktop\Yeni Bit Eşlem Resmi (2).bmp
2014-05-18 09:28 - 2014-05-18 09:28 - 00000000 ____D () C:\Users\everese\Documents\Amnesia
2014-05-17 16:15 - 2014-05-16 18:34 - 00052920 _____ (StdLib) C:\Windows\system32\Drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw.sys
2014-05-17 14:43 - 2014-05-17 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
2014-05-17 14:43 - 2014-04-25 14:49 - 00018776 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot.exe
2014-05-15 01:52 - 2014-05-15 01:52 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 01:51 - 2014-05-06 05:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 01:50 - 2014-05-06 06:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 01:50 - 2014-05-06 06:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 17:35 - 2014-05-14 17:35 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-05-14 15:36 - 2013-11-13 22:52 - 00660280 _____ (VoiceFive, Inc.) C:\Windows\system32\pmls.dll
2014-05-14 15:35 - 2014-05-14 15:35 - 00000000 ____D () C:\ProgramData\TEMP
2014-05-14 15:11 - 2014-05-14 15:11 - 00000000 ____D () C:\Users\everese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-05-14 13:01 - 2014-04-12 05:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 13:01 - 2014-04-12 05:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 13:01 - 2014-04-12 05:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 13:01 - 2014-04-12 05:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 13:01 - 2014-04-12 05:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 13:01 - 2014-04-12 05:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 13:01 - 2014-04-12 05:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 13:01 - 2014-03-04 12:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 13:01 - 2014-03-04 12:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 13:01 - 2014-03-04 12:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 13:01 - 2014-03-04 12:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 13:01 - 2014-03-04 12:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 13:01 - 2014-03-04 12:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 13:01 - 2014-03-04 12:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 13:01 - 2014-03-04 12:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 13:01 - 2014-03-04 12:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 13:01 - 2014-03-04 12:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 13:01 - 2014-03-04 12:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 13:01 - 2014-03-04 12:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 13:01 - 2014-03-04 12:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 13:01 - 2014-03-04 12:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 13:01 - 2014-03-04 12:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 13:01 - 2014-03-04 12:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 13:01 - 2014-03-04 12:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 12:50 - 2014-03-25 05:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-13 16:13 - 2014-05-13 17:37 - 16777216 _____ () C:\Users\everese\Desktop\Pokemon shiny gold solo.gba
2014-05-13 16:12 - 2007-07-13 14:12 - 00980596 _____ () C:\Users\everese\Desktop\ShinyGold_X_V4_ByZel.ips

==================== One Month Modified Files and Folders =======

2014-06-12 23:28 - 2014-06-12 23:28 - 00018477 _____ () C:\Users\everese\Desktop\FRST.txt
2014-06-12 23:28 - 2014-06-12 23:26 - 00000000 ____D () C:\FRST
2014-06-12 23:28 - 2014-06-12 22:01 - 00000000 ____D () C:\Users\everese\AppData\Local\temp
2014-06-12 23:20 - 2014-02-04 21:49 - 00001010 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-12 23:08 - 2014-02-05 02:56 - 00001038 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-481012828-2389614954-1775651213-1000UA.job
2014-06-12 22:49 - 2014-06-12 22:49 - 01073152 _____ (Farbar) C:\Users\everese\Desktop\FRST.exe
2014-06-12 22:49 - 2014-05-05 23:29 - 00000000 ____D () C:\Program Files\CouponDownloader
2014-06-12 22:35 - 2014-02-04 22:07 - 00000814 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-12 22:24 - 2014-04-26 01:45 - 00000000 ____D () C:\Program Files\iSafe
2014-06-12 22:11 - 2009-07-14 07:34 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-12 22:11 - 2009-07-14 07:34 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-12 22:07 - 2014-01-21 14:41 - 01269936 _____ () C:\Windows\WindowsUpdate.log
2014-06-12 22:06 - 2014-06-12 22:06 - 00022556 _____ () C:\ComboFix.txt
2014-06-12 22:06 - 2014-06-12 22:06 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-06-12 22:06 - 2014-06-12 22:06 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-12 22:06 - 2014-06-12 22:06 - 00000000 ____D () C:\Users\Guest\AppData\Local\temp
2014-06-12 22:06 - 2014-06-12 22:06 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-12 22:06 - 2014-06-12 22:06 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-12 22:06 - 2014-06-12 22:06 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-06-12 22:06 - 2014-06-12 13:46 - 00000000 ____D () C:\Qoobox
2014-06-12 22:04 - 2014-02-05 15:23 - 00000000 ____D () C:\Users\everese\AppData\Roaming\uTorrent
2014-06-12 22:03 - 2014-06-12 15:24 - 00000112 _____ () C:\Windows\setupact.log
2014-06-12 22:03 - 2014-02-04 21:49 - 00001006 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-12 22:03 - 2009-07-14 07:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-12 22:03 - 2009-07-14 05:04 - 00000215 _____ () C:\Windows\system.ini
2014-06-12 22:02 - 2014-06-12 15:24 - 00001098 _____ () C:\Windows\PFRO.log
2014-06-12 22:02 - 2009-07-14 05:03 - 48037888 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-06-12 22:02 - 2009-07-14 05:03 - 20971520 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-06-12 22:02 - 2009-07-14 05:03 - 00311296 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-06-12 22:02 - 2009-07-14 05:03 - 00028672 _____ () C:\Windows\system32\config\SAM.bak
2014-06-12 22:02 - 2009-07-14 05:03 - 00024576 _____ () C:\Windows\system32\config\SECURITY.bak
2014-06-12 22:01 - 2014-06-12 13:46 - 00000000 ____D () C:\Windows\erdnt
2014-06-12 21:52 - 2014-02-05 02:56 - 00000986 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-481012828-2389614954-1775651213-1000Core.job
2014-06-12 15:33 - 2014-02-24 21:13 - 00000000 ____D () C:\Users\everese\Desktop\resimler
2014-06-12 15:30 - 2009-07-14 05:37 - 00000000 __RHD () C:\Users\Default
2014-06-12 15:30 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\Public
2014-06-12 15:26 - 2014-06-12 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-06-12 15:26 - 2014-06-12 15:26 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2014-06-12 15:24 - 2014-06-12 15:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-12 14:15 - 2014-02-05 21:35 - 00000000 ____D () C:\ProgramData\WPM
2014-06-12 14:10 - 2014-05-05 23:26 - 00000000 ____D () C:\Program Files\004
2014-06-12 14:04 - 2014-02-26 18:58 - 00000000 ____D () C:\Users\everese\AppData\Local\CrashDumps
2014-06-12 13:43 - 2014-06-12 13:43 - 05205897 ____R (Swearware) C:\Users\everese\Desktop\ComboFix.exe
2014-06-12 11:33 - 2014-06-06 09:27 - 00000000 ____D () C:\Users\everese\AppData\Roaming\IDM
2014-06-12 10:27 - 2014-05-09 21:43 - 00000000 ____D () C:\Users\everese\Desktop\Project64 2.1
2014-06-12 10:21 - 2014-06-12 10:21 - 00624872 _____ () C:\Users\everese\Downloads\CR_Downloader_for_conker's-bad-fur-day.exe
2014-06-12 10:17 - 2014-06-12 10:17 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-12 10:17 - 2014-06-12 10:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-12 10:17 - 2014-01-21 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-12 10:16 - 2014-06-12 10:16 - 04748896 _____ (Piriform Ltd) C:\Users\everese\Downloads\ccsetup414.exe
2014-06-12 10:09 - 2014-04-26 01:45 - 00000000 ____D () C:\Users\everese\AppData\Roaming\iSafe
2014-06-12 00:20 - 2014-01-21 14:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 00:20 - 2014-01-21 14:49 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-06-11 20:50 - 2014-05-28 13:24 - 00000000 ____D () C:\Users\everese\Desktop\snes
2014-06-11 20:09 - 2014-06-11 20:09 - 00953277 _____ () C:\Users\everese\Downloads\Super Mario All-Stars.zip
2014-06-11 20:08 - 2014-06-11 20:07 - 00624872 _____ () C:\Users\everese\Downloads\CR_Downloader_for_super-mario-all-stars.exe
2014-06-11 20:02 - 2014-03-01 12:10 - 00000023 _____ () C:\Windows\BlendSettings.ini
2014-06-11 17:28 - 2014-04-17 21:51 - 00000000 ____D () C:\Users\everese\Desktop\dolphin
2014-06-11 15:29 - 2014-06-11 15:25 - 00000000 ____D () C:\Users\everese\Desktop\Yeni klasör (4)
2014-06-11 12:14 - 2014-06-11 12:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-11 10:58 - 2009-07-14 07:53 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-10 22:36 - 2014-06-10 22:36 - 00924462 _____ () C:\Users\everese\Downloads\Mario is Missing!.zip
2014-06-10 22:36 - 2014-06-10 22:36 - 00624872 _____ () C:\Users\everese\Downloads\CR_Downloader_for_mario-is-missing!.exe
2014-06-10 20:58 - 2014-06-10 20:17 - 00000000 ____D () C:\NTTGame
2014-06-10 20:16 - 2014-06-10 19:39 - 718422944 _____ (KnightOnlineEn ) C:\Users\everese\Downloads\KnightOnlineSetup_v2020.exe
2014-06-10 19:24 - 2014-06-10 19:24 - 00000000 ____D () C:\Users\everese\Documents\VIEARDREAM FULL CLIENT
2014-06-10 19:12 - 2014-06-10 19:12 - 00000000 ____D () C:\Users\everese\Desktop\Yeni klasör (2)
2014-06-10 16:54 - 2014-06-10 16:54 - 00001299 _____ () C:\Users\everese\Desktop\Transforming Soul Gems v1.1.zip
2014-06-10 16:52 - 2014-06-10 16:52 - 00001299 _____ () C:\Users\everese\Desktop\Transforming Soul Gems 1.1.zip
2014-06-10 16:52 - 2014-06-10 16:51 - 00001299 _____ () C:\Users\everese\Desktop\transforming soulgems 1.1.zip
2014-06-10 12:53 - 2014-02-10 22:30 - 00000000 ____D () C:\Users\everese\Documents\Bandicam
2014-06-09 21:44 - 2014-05-29 21:23 - 00000000 ____D () C:\Users\everese\Desktop\sonic 1,2,3
2014-06-09 21:43 - 2014-06-09 21:43 - 00652878 _____ () C:\Users\everese\Downloads\Gunstar Heroes.zip
2014-06-09 21:43 - 2014-06-09 21:43 - 00624872 _____ () C:\Users\everese\Downloads\CR_Downloader_for_gunstar-heroes.exe
2014-06-09 18:58 - 2014-06-04 01:09 - 00000890 _____ () C:\Users\everese\Desktop\don't read me(I know you wont)[transforming soulgems mod].txt
2014-06-09 10:57 - 2014-04-26 01:45 - 00038912 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-06-08 01:33 - 2014-06-08 01:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-08 01:33 - 2014-06-08 01:33 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-08 01:33 - 2014-02-10 22:05 - 00002693 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-08 01:33 - 2014-02-10 22:05 - 00000000 ___RD () C:\Program Files\Skype
2014-06-08 01:33 - 2014-01-21 14:57 - 00000000 ____D () C:\ProgramData\Skype
2014-06-07 13:20 - 2014-06-07 13:20 - 00000000 ____D () C:\Users\everese\Downloads\Dead.Rising.2.Crack.Only-SKIDROW
2014-06-07 13:05 - 2014-02-05 19:50 - 00000000 ____D () C:\Users\everese\Documents\My Games
2014-06-07 12:21 - 2014-06-07 12:21 - 00000000 ____D () C:\Windows\system32\xlive
2014-06-07 12:21 - 2014-06-07 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2014-06-07 12:21 - 2014-06-07 12:21 - 00000000 ____D () C:\Program Files\Microsoft Games for Windows - LIVE
2014-06-07 12:21 - 2009-07-14 07:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-07 09:03 - 2014-06-07 09:03 - 00002283 _____ () C:\Users\everese\Desktop\WinZip.lnk
2014-06-07 03:14 - 2014-06-06 20:03 - 00000000 ____D () C:\Users\everese\Downloads\Dead Rising 2-SKIDROW
2014-06-06 20:22 - 2014-06-06 20:22 - 00000000 ____D () C:\Users\everese\Documents\One With Nature-54090-2-0-1
2014-06-06 20:19 - 2014-06-06 20:19 - 00002283 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-06-06 20:19 - 2014-06-06 20:19 - 00002277 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-06-06 20:19 - 2014-06-06 20:19 - 00000000 ____D () C:\Users\everese\AppData\Local\WinZip
2014-06-06 20:19 - 2014-06-06 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-06-06 20:19 - 2014-06-06 20:18 - 00000000 ____D () C:\ProgramData\WinZip
2014-06-06 20:19 - 2014-06-06 20:18 - 00000000 ____D () C:\Program Files\WinZip
2014-06-06 20:13 - 2014-06-06 20:12 - 00820840 _____ ( ) C:\Users\everese\Downloads\winzip18.exe
2014-06-06 20:11 - 2014-05-30 16:39 - 00000000 ____D () C:\Users\everese\Downloads\The.Amazing.Spider-Man.2.Proper-RELOADED
2014-06-06 17:19 - 2014-03-22 21:49 - 00000000 ____D () C:\Program Files\Hi-Rez Studios
2014-06-06 14:14 - 2014-02-04 21:49 - 00000000 ____D () C:\Program Files\Google
2014-06-06 11:29 - 2009-07-14 07:52 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-06-06 11:29 - 2009-07-14 05:37 - 00000000 ____D () C:\Program Files\Windows NT
2014-06-06 11:27 - 2014-01-21 15:18 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-06-06 11:27 - 2009-07-14 07:52 - 00000000 ____D () C:\Program Files\MSBuild
2014-06-06 11:26 - 2014-02-15 23:21 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-06 11:26 - 2014-01-21 14:56 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-06-06 11:26 - 2014-01-21 14:49 - 00000000 ____D () C:\Program Files\WinRAR
2014-06-06 11:22 - 2014-06-06 09:27 - 00000000 ____D () C:\Users\everese\Downloads\Video
2014-06-06 11:18 - 2014-06-06 09:27 - 00000000 ____D () C:\Program Files\Internet Download Manager
2014-06-06 11:14 - 2014-06-06 11:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-06-06 11:04 - 2014-06-06 09:27 - 00000000 ____D () C:\Users\everese\AppData\Roaming\DMCache
2014-06-06 09:27 - 2014-06-06 09:27 - 00000000 ____D () C:\Users\everese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2014-06-06 09:27 - 2014-06-06 09:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2014-06-06 09:27 - 2014-06-06 09:27 - 00000000 ____D () C:\ProgramData\IDM
2014-06-05 19:05 - 2014-05-31 08:17 - 00000000 ____D () C:\Users\everese\Desktop\SLOT
2014-06-05 04:06 - 2014-06-05 08:16 - 00113168 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2014-06-04 19:02 - 2014-06-04 19:02 - 00001290 _____ () C:\Users\everese\Desktop\Continue Paper Mario - The Thousand-Year Door Installation.lnk
2014-06-04 16:30 - 2014-05-28 21:43 - 00001536 _____ () C:\Users\everese\Desktop\NO$GBA.INP
2014-06-04 01:25 - 2014-06-04 01:25 - 00000737 _____ () C:\Users\everese\Desktop\Transforming Soul Gems.zip
2014-06-04 01:22 - 2014-06-04 01:22 - 00000438 _____ () C:\Users\everese\Desktop\don't read me(I know you wont).txt
2014-06-04 01:03 - 2014-06-04 00:58 - 39868836 _____ () C:\Users\everese\Desktop\Filmim.mp4
2014-06-04 00:45 - 2014-02-04 23:14 - 00000000 ____D () C:\Users\everese\AppData\Roaming\NVIDIA
2014-06-04 00:33 - 2014-06-04 01:23 - 00002158 _____ () C:\Users\everese\Desktop\Transforming Soul Gems.esp
2014-06-04 00:27 - 2014-06-03 22:51 - 00002158 _____ () C:\Users\everese\Desktop\Simply Crafting Or Transforming Soul Gems.esp
2014-06-04 00:11 - 2014-06-04 00:11 - 00049664 _____ () C:\Users\everese\Downloads\keymaker(1).exe
2014-06-03 22:25 - 2014-06-03 22:25 - 00000000 ____D () C:\Users\everese\Desktop\SCK
2014-06-03 22:16 - 2014-06-03 22:16 - 00003536 ____N () C:\bootsqm.dat
2014-06-02 12:45 - 2014-03-01 10:07 - 00000000 ____D () C:\Users\everese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-06-02 12:44 - 2014-06-02 12:44 - 00000714 _____ () C:\Users\everese\Desktop\The Elder Scrolls III Morrowind GOTY.lnk
2014-06-02 12:44 - 2014-03-01 02:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2014-06-02 10:02 - 2009-07-14 05:04 - 00000580 _____ () C:\Windows\win.ini
2014-06-01 23:48 - 2014-06-01 23:48 - 00000709 _____ () C:\Users\everese\Desktop\The Elder Scrolls IV Oblivion GOTY Deluxe.lnk
2014-06-01 17:05 - 2014-06-01 17:05 - 00000730 _____ () C:\Users\everese\Desktop\TSEV Skyrim LE.lnk
2014-06-01 17:05 - 2014-06-01 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TSEV Skyrim LE
2014-06-01 15:41 - 2014-06-01 14:57 - 00000000 ____D () C:\Users\everese\Desktop\dataa
2014-06-01 15:39 - 2014-04-26 12:05 - 00000823 _____ () C:\Users\everese\Desktop\Skyrim (SKSE).lnk
2014-06-01 15:39 - 2014-02-09 14:36 - 00000823 _____ () C:\Users\UpdatusUser\Desktop\Skyrim (SKSE).lnk
2014-06-01 15:06 - 2014-05-28 14:53 - 00000000 ____D () C:\Users\everese\Downloads\The.Elder.Scrolls.V.Skyrim.Legendary.Edition-WaLMaRT
2014-05-31 09:21 - 2014-05-31 09:21 - 00000000 ____D () C:\Users\everese\Documents\Activision
2014-05-31 09:21 - 2014-05-31 09:21 - 00000000 ____D () C:\Users\everese\AppData\Local\Activision
2014-05-31 08:48 - 2014-04-26 14:10 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-31 08:45 - 2014-05-31 08:45 - 00000892 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Amazing Spider-Man 2.lnk
2014-05-31 08:45 - 2014-05-31 08:45 - 00000880 _____ () C:\Users\Public\Desktop\The Amazing Spider-Man 2.lnk
2014-05-31 08:36 - 2014-05-31 08:20 - 00002010 _____ () C:\Users\everese\Desktop\vba.ini
2014-05-31 08:26 - 2014-05-31 08:26 - 00005096 _____ () C:\Users\everese\Desktop\Super Mario Land1.sgm
2014-05-31 08:21 - 2014-05-31 08:21 - 00000000 ____D () C:\Users\everese\AppData\Roaming\.crazycraft
2014-05-31 08:21 - 2014-05-31 08:21 - 00000000 ____D () C:\Users\everese\AppData\Roaming\.beta-jurassiccraft
2014-05-31 08:21 - 2014-05-31 08:21 - 00000000 ____D () C:\Users\everese\AppData\Roaming\.aethericcrusade
2014-05-30 12:09 - 2014-05-30 12:09 - 16777216 _____ () C:\Users\everese\Desktop\argt312123.gba
2014-05-30 12:05 - 2014-05-29 14:09 - 00000000 ____D () C:\Users\everese\Desktop\Yeni klasör (3)
2014-05-30 12:04 - 2014-05-28 21:38 - 00000000 ____D () C:\Users\everese\Desktop\BATTERY
2014-05-30 11:56 - 2014-05-30 11:56 - 16777216 _____ () C:\Users\everese\Desktop\argt.gba
2014-05-30 09:19 - 2014-05-30 09:18 - 00000000 ____D () C:\Users\everese\AppData\Roaming\MKKE
2014-05-30 09:18 - 2014-03-19 11:28 - 00000000 ____D () C:\Users\everese\AppData\Local\SKIDROW
2014-05-30 08:56 - 2014-05-30 08:56 - 00001343 _____ () C:\Users\everese\Desktop\Play Mortal Kombat.lnk
2014-05-30 08:55 - 2014-05-30 08:55 - 00001319 _____ () C:\Users\everese\Desktop\Mortal Kombat.lnk
2014-05-30 08:55 - 2014-05-30 08:55 - 00000000 ____D () C:\Users\everese\AppData\Roaming\Mortal Kombat
2014-05-30 08:55 - 2014-05-10 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2014-05-29 21:20 - 2014-05-29 21:20 - 00095370 _____ () C:\Users\everese\Desktop\jkj.SNA
2014-05-29 21:02 - 2014-05-29 21:01 - 33554432 _____ () C:\Users\everese\Desktop\Pokemon Emerald.gba
2014-05-29 15:23 - 2014-05-29 15:23 - 16777216 _____ () C:\Users\everese\Desktop\Pokemon shiny gold solo3.gba
2014-05-29 15:15 - 2014-05-29 15:15 - 16777216 _____ () C:\Users\everese\Desktop\Pokemon shiny gold solo2.gba
2014-05-29 14:52 - 2014-05-28 21:55 - 00099483 _____ () C:\Users\everese\Desktop\jk.SNA
2014-05-29 14:16 - 2014-05-29 14:16 - 16777216 _____ () C:\Users\everese\Desktop\Pokemon FireRedrandomo2.gba
2014-05-29 14:12 - 2014-05-29 14:12 - 16777216 _____ () C:\Users\everese\Desktop\Pokemon FireRedrandomo.gba
2014-05-29 12:17 - 2014-05-19 11:12 - 00002362 _____ () C:\Users\everese\Desktop\NO$GBA.INI
2014-05-28 19:54 - 2014-05-28 19:47 - 00000000 ____D () C:\Users\everese\Desktop\Pokémon Island 1.1h
2014-05-28 19:24 - 2014-02-05 21:31 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-28 13:26 - 2014-05-28 13:25 - 00020270 _____ () C:\Users\everese\Desktop\zsnesw.cfg
2014-05-28 13:23 - 2014-05-28 13:23 - 00000000 ____D () C:\ProgramData\TopApp soft
2014-05-27 17:37 - 2014-05-27 17:36 - 00001159 _____ () C:\Users\everese\Desktop\Uplay.lnk
2014-05-27 17:36 - 2014-05-27 17:36 - 00000000 ____D () C:\Users\everese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2014-05-27 17:36 - 2014-05-27 17:36 - 00000000 ____D () C:\Users\everese\AppData\Local\Ubisoft Game Launcher
2014-05-27 17:36 - 2014-05-27 17:36 - 00000000 ____D () C:\Program Files\Ubisoft
2014-05-27 17:06 - 2014-05-27 17:06 - 00000000 ____D () C:\ProgramData\Caphyon
2014-05-26 18:33 - 2014-05-26 18:33 - 00000000 ____D () C:\Users\everese\Desktop\Yeni klasör
2014-05-25 19:45 - 2014-05-25 19:45 - 00000000 ____D () C:\Users\everese\Documents\SimCity
2014-05-25 19:42 - 2014-04-08 22:22 - 00000000 ____D () C:\ProgramData\Origin
2014-05-25 19:35 - 2014-05-25 19:35 - 00000778 _____ () C:\Users\everese\Desktop\SimCity.lnk
2014-05-25 19:35 - 2014-05-25 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor1911
2014-05-25 15:21 - 2014-05-25 15:21 - 00000000 ____D () C:\Users\everese\AppData\Local\Macromedia
2014-05-25 15:20 - 2014-05-25 15:19 - 00000000 ____D () C:\Users\everese\AppData\Roaming\Yandex
2014-05-25 15:19 - 2014-05-25 15:19 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-25 15:19 - 2014-05-25 15:19 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-25 15:19 - 2014-05-25 15:19 - 00000000 ____D () C:\ProgramData\Mozilla
2014-05-25 15:19 - 2014-02-05 15:24 - 00000000 ____D () C:\Users\everese\AppData\Roaming\Mozilla
2014-05-25 15:19 - 2014-02-05 15:24 - 00000000 ____D () C:\Users\everese\AppData\Local\Mozilla
2014-05-25 13:05 - 2014-05-25 13:05 - 00000000 ____D () C:\Users\everese\Documents\SavedGames
2014-05-25 13:05 - 2014-05-25 13:05 - 00000000 ____D () C:\Users\everese\AppData\Roaming\Rogue Legacy
2014-05-25 12:59 - 2014-05-25 12:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-05-23 22:01 - 2014-05-23 21:16 - 00000000 ____D () C:\Users\everese\AppData\Local\FalloutNV
2014-05-23 22:01 - 2014-04-14 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst
2014-05-23 21:07 - 2012-11-23 21:37 - 00000000 ____D () C:\Users\everese\Desktop\ciros-pokemon-maker
2014-05-21 18:04 - 2014-04-20 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cool Timer
2014-05-19 16:24 - 2014-05-19 12:11 - 00000000 ____D () C:\Users\everese\AppData\Roaming\FTB Pack Install
2014-05-19 10:43 - 2014-05-19 10:43 - 03932214 _____ () C:\Users\everese\Desktop\Yeni Bit Eşlem Resmi (2).bmp
2014-05-18 09:28 - 2014-05-18 09:28 - 00000000 ____D () C:\Users\everese\Documents\Amnesia
2014-05-17 23:13 - 2014-05-05 23:27 - 00000000 ____D () C:\temp
2014-05-17 14:43 - 2014-05-17 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
2014-05-17 13:57 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-16 18:34 - 2014-05-17 16:15 - 00052920 _____ (StdLib) C:\Windows\system32\Drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw.sys
2014-05-15 22:16 - 2014-02-05 22:33 - 00000000 ____D () C:\Users\everese\AppData\Local\Paint.NET
2014-05-15 16:28 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-05-15 01:54 - 2011-04-12 10:02 - 00657232 _____ () C:\Windows\system32\perfh01F.dat
2014-05-15 01:54 - 2011-04-12 10:02 - 00139762 _____ () C:\Windows\system32\perfc01F.dat
2014-05-15 01:54 - 2010-11-21 00:01 - 01591062 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-15 01:52 - 2014-05-15 01:52 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 22:53 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-14 22:39 - 2014-05-10 12:53 - 00000000 ____D () C:\Users\everese\AppData\Roaming\vlc
2014-05-14 22:34 - 2014-01-21 14:55 - 00000000 ____D () C:\Users\everese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-14 17:35 - 2014-05-14 17:35 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-05-14 17:35 - 2014-02-04 22:07 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 17:35 - 2014-02-04 22:07 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 15:35 - 2014-05-14 15:35 - 00000000 ____D () C:\ProgramData\TEMP
2014-05-14 15:11 - 2014-05-14 15:11 - 00000000 ____D () C:\Users\everese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-05-13 17:37 - 2014-05-13 16:13 - 16777216 _____ () C:\Users\everese\Desktop\Pokemon shiny gold solo.gba

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-12 16:49

==================== End Of Log ============================

and here is addition

Additional scan result of Farbar Recovery Scan Tool (x86) Version:12-06-2014 02
Ran by everese at 2014-06-12 23:28:35
Running from C:\Users\everese\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30888 - BitTorrent Inc.)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Turkish (HKLM\...\{AC76BA86-7AD7-1055-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Age of Mythology (HKLM\...\Age of Mythology 1.0) (Version:  - )
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Autodesk Download Manager (HKLM\...\{C897D9EC-13C6-4A22-ABF7-33F2126A7DB6}) (Version: 3.0.8.0 - Autodesk, Inc.)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2016 - Avast Software)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Camtasia Studio 8 (HKLM\...\{72144B9D-58C4-4C09-A5CF-C6A914B912E8}) (Version: 8.0.0.878 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CouponDownloader (HKLM\...\{813BA625-B0FA-48D8-9B75-59759C88C219}) (Version:  - ) <==== ATTENTION
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dead Rising 2 (HKLM\...\GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}) (Version: 1.0.0000.130 - Capcom)
Dead Rising 2 (Version: 1.0.0000.130 - Capcom) Hidden
Façade (HKLM\...\{24E34264-D483-477C-A9A0-4E53F69834CF}) (Version: 1.1.2 - Procedural Arts)
Fotoğraf Galerisi (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Goat Simulator (HKLM\...\Goat Simulator_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Hitman Blood Money (HKLM\...\{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}) (Version: 1.00.0000 - Eidos)
ImageShack Uploader 2.2.0 (HKLM\...\{8BCD7AE7-F713-4D50-BAB9-7839B9386870}) (Version: 2.2.0 - ImageShack Corp.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
League of Legends (HKLM\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.173 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.2.0.173 - LogMeIn, Inc.) Hidden
Mass Effect (HKLM\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile TRK Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended TRK Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Genişletilmiş TRK Dil Paketi (HKLM\...\Microsoft .NET Framework 4 Extended TRK Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 İstemci Profili TRK Dil Paketi (HKLM\...\Microsoft .NET Framework 4 Client Profile TRK Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (Turkish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Turkish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Turkish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Turkish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Turkish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-041F-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (Turkish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Turkish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Turkish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Turkish) 2007 (Version: 12.0.4518.1027 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (Turkish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Turkish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Turkish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4024.1220 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 10.0 (HKLM\...\{85317F07-8719-36EF-B19E-B196F383D0F3}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mortal Kombat (HKLM\...\Mortal Kombat_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Movie Maker (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 tr) (HKLM\...\Mozilla Firefox 30.0 (x86 tr)) (Version: 30.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
NVIDIA Denetim Masası 310.90 (Version: 310.90 - NVIDIA Corporation) Hidden
NVIDIA Install Application (Version: 2.1002.95.599 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41417}) (Version: 3.61.0 - dotPDN LLC)
Photo Gallery (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
RGSS-RTP Standard (HKLM\...\RGSS-RTP Standard_is1) (Version: 1.04 - Enterbrain)
Skype Click to Call (HKLM\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic Generations version 1.0 (HKLM\...\{4B7IL77L-LKS1-75B1-SONIC-18CD6E6334R1}_is1) (Version: 1.0 - SEGA)
SPORE™ (HKLM\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
SPORE™ Creepy & Cute Parts Pack (HKLM\...\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}) (Version: 1.00.0000 - Electronic Arts)
Sweet Page (HKLM\...\sweet-page uninstaller) (Version:  - sweet-page) <==== ATTENTION
The Elder Scrolls III Morrowind GOTY version 0.0.0.9 (HKLM\...\The Elder Scrolls III Morrowind GOTY_is1) (Version: 0.0.0.9 - WaLMaRT)
The Elder Scrolls IV: Oblivion GOTY Deluxe version 0.0.0.9 (HKLM\...\The Elder Scrolls IV: Oblivion GOTY Deluxe_is1) (Version: 0.0.0.9 - WaLMaRT)
TSEV Skyrim LE (HKLM\...\TSEV Skyrim LE_is1) (Version: 2.0.0.0 - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-041F-0000-0000000FF1CE}_ENTERPRISE_{96901D15-104F-43E2-9D90-A17022D975B2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version:  - Microsoft)
Uplay (HKLM\...\Uplay) (Version: 4.5 - Ubisoft)
Watch Dogs (HKLM\...\Watch Dogs 1.0.0) (Version: 1.0.0 - Ubisoft)
Watch Dogs (Version: 1.0.0 - Ubisoft) Hidden
Windows Live Communications Platform (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E2}) (Version: 18.5.11111 - WinZip Computing, S.L. )
Yet Another Cleaner! (HKLM\...\iSafe) (Version:  - ELEX DO BRASIL PARTICIPAÇÕES LTDA)

==================== Restore Points  =========================

07-06-2014 09:18:44 Installed DirectX
07-06-2014 09:21:07 Installed DirectX
07-06-2014 22:31:58 Windows Update
11-06-2014 11:19:30 Windows Update
11-06-2014 21:14:42 Windows Update

==================== Hosts content: ==========================

2009-07-14 05:04 - 2014-06-12 22:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1C8A8D7A-8763-45A6-8D95-7F9A38D59BB3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {2135CC9E-918F-4A02-9B0E-4CED25006780} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-481012828-2389614954-1775651213-1000Core => C:\Users\everese\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-05] (Google Inc.)
Task: {33D281A7-6611-4D62-80C9-76860FC64950} - System32\Tasks\{852E24CA-B7B0-4144-BFE9-586B01B2A8FC} => D:\Program Files\TSEV Skyrim LE\SkyrimLauncher.exe [2013-06-07] (Bethesda Softworks)
Task: {3AEAC4B9-6B8A-4448-B9A8-C2A5392BCA79} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {565D68AE-BFB8-4C3C-973D-530716631661} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-03-24] (AVAST Software)
Task: {5D6E21EA-6651-4F0D-9F75-ECAA826674E7} - System32\Tasks\RegClean Pro => C:\Program Files\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {5EDD7C02-313C-42D6-9D4E-36F59215331D} - System32\Tasks\{309DBFA7-B19C-447E-90BF-895953DA024E} => C:\Riot Games\League of Legends\lol.launcher.exe
Task: {75B5C37D-8F12-4A63-922A-7D4564BF31D4} - System32\Tasks\{27F4196F-F535-47B5-B5D5-DCEB1376098C} => C:\Users\everese\Downloads\KnightOnlineSetup_v2020 (1).exe
Task: {A4641007-93C5-4EC5-A14A-5F4C6A2C6F20} - System32\Tasks\{1DDCDB72-EB30-4B90-A062-1E57D7FF1F72} => C:\Riot Games\League of Legends\lol.launcher.exe
Task: {AA2C6D5C-CA9A-4BED-9CA3-870226F4E331} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-04] (Google Inc.)
Task: {B24D1860-ACD6-421F-8AA1-3AC67464F7E3} - System32\Tasks\{7F4BBC80-1239-4E47-BA23-F4E0CC54CB49} => C:\Program Files\Southpark Stick of Truth\South Park - The Stick of Truth.exe
Task: {B9F18199-CC71-442B-B29B-A071280FB58F} - System32\Tasks\TidyNetwork Update => C:\Users\everese\AppData\Local\TidyNetwork\petnupdate.exe
Task: {CC39A1B9-B507-4CDC-992E-20511F52FA0C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-04] (Google Inc.)
Task: {EBB5E4D6-65F8-4970-8EDF-0759A51E83DC} - System32\Tasks\{5269F712-60B6-431C-A45A-3EA3D277F1F9} => C:\Users\everese\Downloads\Minecraft.exe
Task: {F6EAD048-8596-42D2-97B5-25ED419D15DE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-481012828-2389614954-1775651213-1000UA => C:\Users\everese\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-05] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-481012828-2389614954-1775651213-1000Core.job => C:\Users\everese\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-481012828-2389614954-1775651213-1000UA.job => C:\Users\everese\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-26 01:45 - 2014-06-09 10:57 - 00065704 _____ () C:\Program Files\iSafe\zlib1.dll
2014-04-26 01:45 - 2014-06-09 10:55 - 00092328 _____ () C:\Program Files\iSafe\curlpp.dll
2014-04-26 01:45 - 2014-04-21 11:22 - 00176976 _____ () C:\Program Files\iSafe\tws\unrar.dll
2014-04-26 01:45 - 2014-04-21 11:22 - 00068432 _____ () C:\Program Files\iSafe\tws\zlib1.dll
2014-04-26 01:45 - 2014-04-21 11:22 - 00087744 _____ () C:\Program Files\iSafe\tws\unacev2.dll
2014-01-21 15:18 - 2012-12-29 11:25 - 00079800 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-06-12 13:46 - 2014-06-12 13:46 - 02775040 _____ () C:\Program Files\AVAST Software\Avast\defs\14061200\algo.dll
2014-05-01 16:37 - 2014-05-01 16:37 - 00150528 _____ () c:\Program Files\CouponDownloader\CouponDownloaderService.exe
2014-03-04 14:25 - 2014-03-04 14:25 - 00102400 _____ () c:\Program Files\CouponDownloader\nfapi.dll
2014-05-01 16:37 - 2014-05-01 16:37 - 00216064 _____ () c:\Program Files\CouponDownloader\ProtocolFilters.dll
2014-02-04 21:49 - 2014-02-04 21:49 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tünel Bağdaştırıcısı
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: MpKslc7119621
Description: MpKslc7119621
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKslc7119621
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: MpKsl240503c7
Description: MpKsl240503c7
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsl240503c7
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: MpKsl9517bff2
Description: MpKsl9517bff2
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsl9517bff2
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/12/2014 10:04:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/12/2014 03:26:51 PM) (Source: MsiInstaller) (EventID: 11406) (User: NT AUTHORITY)
Description: Product: LogMeIn Hamachi -- Error 1406. Could not write value LogMeIn Hamachi Ui to key \Software\Microsoft\Windows\CurrentVersion\Run.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (06/12/2014 03:26:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/12/2014 02:01:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Hatalı uygulama adı: swreg.3XE, sürüm: 3.0.0.0, zaman damgası: 0x2a425e19
Hatalı modül adı: KERNELBASE.dll, sürüm: 6.1.7601.18409, zaman damgası: 0x531599f6
Özel durum kodu: 0x0eedfade
Hata uzaklığı 0x0000812f
Hatalı işlem kimliği: 0xb18
Uygulama başlangıç zamanı: 0xswreg.3XE0
Hatalı uygulama yolu: swreg.3XE1
Hatalı modül yolu: swreg.3XE2
Rapor kimliği: swreg.3XE3

Error: (06/12/2014 11:22:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/12/2014 10:51:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/12/2014 10:10:57 AM) (Source: MsiInstaller) (EventID: 1024) (User: everese-p)
Description: Ürün: Adobe Reader XI (11.0.07) - Turkish - Güncelleştirme 'Adobe Reader XI (11.0.07)' yüklenemedi. Hata kodu 1603.  Windows Installer, yazılım paketlerinin yüklenmesi ile ilgili sorunların giderilmesine yardımcı olmak için günlük oluşturabilir. Günlüğe yazma desteğini etkinleştirmekle ilgili yönergeler için şu adresi kullanın: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (06/12/2014 10:10:54 AM) (Source: MsiInstaller) (EventID: 11311) (User: everese-p)
Description: Ürün+C563: Adobe Reader XI (11.0.07) - Turkish -- Hata 1311.Kaynak dosya bulunamadı(cabinet): C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1055-7B44-AB0000000001}\Data1.cab.  Dosyanın var olduğunu ve dosyaya erişebildiğinizi denetleyin.

Error: (06/12/2014 10:09:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/12/2014 00:20:25 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Ürün: Microsoft Office Enterprise 2007 - Güncelleştirme 'Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition ' yüklenemedi. Hata kodu 1603.  Windows Installer, yazılım paketlerinin yüklenmesi ile ilgili sorunların giderilmesine yardımcı olmak için günlük oluşturabilir. Günlüğe yazma desteğini etkinleştirmekle ilgili yönergeler için şu adresi kullanın: http://go.microsoft.com/fwlink/?LinkId=23127


System errors:
=============
Error: (06/12/2014 10:04:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Aşağıdaki önyükleme başlatma veya sistem başlatma sürücüsü (sürücüleri) yüklenemedi: 
aswKbd

Error: (06/12/2014 10:03:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: avast! Firewall hizmeti şu hata nedeniyle başlatılamadı: 
%%1053

Error: (06/12/2014 10:03:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: avast! Firewall hizmetinin bağlanması beklenirken zaman aşımı (30000 milisaniye) oluştu.

Error: (06/12/2014 10:03:08 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: 22:01:28, ‎12.‎06.‎2014 tarihinde gerçekleşen önceki sistem kapanışı beklenmiyordu.

Error: (06/12/2014 10:01:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Util webget hizmeti beklenmeyen bir şekilde sonlandırıldı. Bu durum 1 defa oluştu.

Error: (06/12/2014 10:01:08 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart hizmeti, etkileşimli bir hizmet olarak işaretli.  Ancak sistem, etkileşimli hizmetlere izin vermeyecek şekilde yapılandırıldı.  Bu hizmet düzgün çalışmayabilir.

Error: (06/12/2014 10:01:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Util BrowseMark hizmeti beklenmeyen bir şekilde sonlandırıldı. Bu durum 1 defa oluştu.

Error: (06/12/2014 10:01:08 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart hizmeti, etkileşimli bir hizmet olarak işaretli.  Ancak sistem, etkileşimli hizmetlere izin vermeyecek şekilde yapılandırıldı.  Bu hizmet düzgün çalışmayabilir.

Error: (06/12/2014 10:01:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Update webget hizmeti beklenmeyen bir şekilde sonlandırıldı. Bu durum 1 defa oluştu.

Error: (06/12/2014 10:01:07 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart hizmeti, etkileşimli bir hizmet olarak işaretli.  Ancak sistem, etkileşimli hizmetlere izin vermeyecek şekilde yapılandırıldı.  Bu hizmet düzgün çalışmayabilir.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 29%
Total physical RAM: 3564.17 MB
Available physical RAM: 2504.89 MB
Total Pagefile: 7126.63 MB
Available Pagefile: 5852.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:146.14 GB) (Free:52.61 GB) NTFS
Drive d: () (Fixed) (Total:319.28 GB) (Free:228.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: A3E582B4)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=319 GB) - (Type=07 NTFS)

==================== End Of Log ============================


#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:51 AM

Posted 12 June 2014 - 04:07 PM

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:51 AM

Posted 15 June 2014 - 01:59 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users