Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix log help - extremely slow windows


  • This topic is locked This topic is locked
9 replies to this topic

#1 irmalp

irmalp

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 18 August 2014 - 10:28 AM

Hi,

 

I have this combofix log, I am not an expert of it, one of my friends suggested me to use it but I think I am alone on understanding it. I hope one of you might help me. My Windows start process is extremely slow so I thought it might be related to some kind of malwares or something. Could you help me on this issue? Any other suggestions? (my last resort is formatting it for a fresh start - as usual with my windows experience).

 

 

ComboFix 14-08-17.01 - Alptug 18.08.2014  11:04:33.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1254.90.1033.18.3932.1709 [GMT -4:00]
Running from: c:\users\Alptug\Downloads\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files (x86)\SecureW2
c:\program files (x86)\SecureW2\sw2_res_default.bmp
c:\program files (x86)\SecureW2\sw2_rsaproxy.exe
c:\program files (x86)\SecureW2\sw2_tool.exe
c:\program files (x86)\SecureW2\sw2_tray.exe
c:\program files (x86)\SecureW2\Uninstall.exe
c:\users\Alptug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\users\Alptug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-18 to 2014-08-18  )))))))))))))))))))))))))))))))
.
.
2014-08-17 15:51 . 2014-08-17 15:51 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-08-17 15:50 . 2014-07-25 16:55 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-16 06:04 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-16 06:04 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-16 06:04 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-16 06:04 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-16 06:04 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-16 06:04 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-16 06:04 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-16 06:04 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-15 17:15 . 2014-06-25 02:05 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-08-15 17:15 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-08-15 17:15 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-08-15 17:15 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-08-15 17:15 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-08-15 17:15 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-08-15 17:15 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-08-15 17:15 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-08-15 17:13 . 2014-07-31 23:41 810176 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2014-08-15 17:11 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-15 17:11 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-15 17:11 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-15 17:11 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-01 01:20 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-08-01 01:20 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-01 01:20 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-01 01:20 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-08-01 01:19 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2014-08-01 01:19 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2014-08-01 01:19 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2014-08-01 01:19 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-08-01 01:19 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2014-08-01 01:19 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-08-01 01:19 . 2014-05-14 13:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-01 01:19 . 2014-05-14 13:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-08-01 01:19 . 2014-05-14 13:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-08-01 01:19 . 2014-05-14 13:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2014-07-29 17:59 . 2014-07-29 17:59 -------- d-----w- C:\found.000
2014-07-29 17:30 . 2014-05-30 08:08 340992 ----a-w- c:\windows\system32\schannel.dll
2014-07-29 17:27 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-29 17:27 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-07-29 17:27 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-07-29 08:15 . 2014-07-29 08:15 11204096 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-16 06:09 . 2013-08-14 11:46 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-07-29 08:16 . 2013-12-13 02:02 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-29 08:16 . 2013-12-13 02:02 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-23 14:52 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-10-14 02:44 . 2013-10-14 02:44 2174976 ----a-w- c:\program files (x86)\Common Files\atimpenc.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Alptug\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Alptug\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Alptug\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KeyboardLeds.exe"="c:\program files (x86)\Keyboard LEDs\KeyboardLeds.exe" [2012-09-06 912896]
"GoogleChromeAutoLaunch_CF9F41B5682403CECD8BCD289E5A60AA"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-08-07 860488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2014-01-16 243560]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2013-03-22 337440]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-05-10 465536]
"Dolby Home Theater v4"="c:\dolby pcee4\pcee4.exe" [2012-04-23 508256]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
c:\users\Alptug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Alptug\AppData\Roaming\Dropbox\bin\Dropbox.exe [2014-7-29 36414496]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-2-22 1380128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 PanoptoRecorderService;Panopto Recorder Upload Service;c:\program files (x86)\Panopto\Recorder\Recorder.exe;c:\program files (x86)\Panopto\Recorder\Recorder.exe [x]
R3 BoxSyncUpdateService;Box Sync Update Service;c:\program files\Box\Box Sync\SyncUpdaterService.exe;c:\program files\Box\Box Sync\SyncUpdaterService.exe [x]
R3 Disc Soft Bus Service;Disc Soft Bus Service;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 CouponPrinterService;Coupon Printer Service;c:\program files (x86)\Coupons\CouponPrinterService.exe;c:\program files (x86)\Coupons\CouponPrinterService.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtscsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtscsibus.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-15 17:15 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-13 08:16]
.
2014-08-18 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-1673934600-4125219948-4271301298-1000.job
- c:\users\Alptug\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe [2014-07-02 01:18]
.
2014-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-18 22:02]
.
2014-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-18 22:02]
.
2014-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1673934600-4125219948-4271301298-1000Core.job
- c:\users\Alptug\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-05 17:05]
.
2014-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1673934600-4125219948-4271301298-1000UA.job
- c:\users\Alptug\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-05 17:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncFileLocked]
@="{1b9c95e1-ce36-3737-81c8-1ec9807f03c1}"
[HKEY_CLASSES_ROOT\CLSID\{1b9c95e1-ce36-3737-81c8-1ec9807f03c1}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncNotSynced]
@="{e22ccf16-2db6-3de8-9a2c-acb66b571b69}"
[HKEY_CLASSES_ROOT\CLSID\{e22ccf16-2db6-3de8-9a2c-acb66b571b69}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncProblem]
@="{84878798-e5c4-3e6b-b7c4-b51c4ac4e7dc}"
[HKEY_CLASSES_ROOT\CLSID\{84878798-e5c4-3e6b-b7c4-b51c4ac4e7dc}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncSynced]
@="{01fcd170-7f0a-3b6a-b992-66a7a20289b5}"
[HKEY_CLASSES_ROOT\CLSID\{01fcd170-7f0a-3b6a-b992-66a7a20289b5}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0YndCase0Sync]
@="{63D48440-63AB-44D0-B323-4731DFCDE9E9}"
[HKEY_CLASSES_ROOT\CLSID\{63D48440-63AB-44D0-B323-4731DFCDE9E9}]
2014-01-20 22:24 1297184 ----a-w- c:\program files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0YndCase1Modified]
@="{7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0}"
[HKEY_CLASSES_ROOT\CLSID\{7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0}]
2014-01-20 22:24 1297184 ----a-w- c:\program files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0YndCase2Error]
@="{FB2FE984-05F5-4512-9D9B-69D3DE61F6D9}"
[HKEY_CLASSES_ROOT\CLSID\{FB2FE984-05F5-4512-9D9B-69D3DE61F6D9}]
2014-01-20 22:24 1297184 ----a-w- c:\program files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0YndCase3Shared]
@="{AF8D197E-7022-4c3d-BD88-68AD35C9C169}"
[HKEY_CLASSES_ROOT\CLSID\{AF8D197E-7022-4c3d-BD88-68AD35C9C169}]
2014-01-20 22:24 1297184 ----a-w- c:\program files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Alptug\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Alptug\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Alptug\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Alptug\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-13 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-13 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-13 441968]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-09-05 12503184]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-09-05 1212048]
"BoxSync"="c:\program files\Box\Box Sync\BoxSync.exe" [2014-08-08 13540536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-SecureW2 Tray - c:\program files (x86)\SecureW2\sw2_tray.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-SecureW2 Enterprise Client - c:\program files (x86)\SecureW2\Uninstall.exe
AddRemove-The Weather Channel App - c:\program files (x86)\The Weather Channel\The Weather Channel App\TheWeatherChannelCustomUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-18  11:12:55
ComboFix-quarantined-files.txt  2014-08-18 15:12
.
Pre-Run: 76.497.588.224 bytes free
Post-Run: 83.891.699.712 bytes free
.
- - End Of File - - B1411FB3C29DFDD59886F19985B20645
A36C5E4F47E84449FF07ED3517B43A31
 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:03 AM

Posted 23 August 2014 - 08:16 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 

Remove Combofix. It's no longer required.
  • The following will implement some cleanup procedures as well as reset  System Restore points:
  • Click Start > Run  and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===
 
Download Malwarebytes' Anti-Malware from Here
 
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.
===
 
Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the  Scan  button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
 
IMPORTANT
 
  • If you click the Clean button all items listed in the report will be removed.
 
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
 
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the  Scan  button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===
 
Download the  version of this tool for your operating system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===
 
Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.
 
How is the computer running?
Wait for further instructions.


#3 irmalp

irmalp
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 23 August 2014 - 01:36 PM

Hello,

 

Thank you very much for your time and helps. I can say the computer runs slightly better than before; but it still 'thinks' a lot while doing some actions. Here are my log files in the order you asked. (addition.txt file is dated earlier as I ran it 5 days ago, it was the first time the tool was ran). Here, I am also adding a dropbox link for the picture of a recent blue screen I had: https://www.dropbox.com/s/y8qax1vzsmna79d/bluescreen.jpg?dl=0

Attached File  Addition.txt   41.46KB   3 downloadsAttached File  Addition.txt   41.46KB   3 downloads

 

Thanks in advance!

 

-------------------------------

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 23.08.2014
Scan Time: 13:11:11
Logfile: log 1.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.23.04
Rootkit Database: v2014.08.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Alptug
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349812
Time Elapsed: 20 min, 2 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 6
PUP.Optional.SweetPacks.A, HKU\S-1-5-21-1673934600-4125219948-4271301298-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}, Quarantined, [fd9c2b9e88f358de1cc6426b37cb9070], 
PUP.Optional.TopArcadeHits.A, HKU\S-1-5-21-1673934600-4125219948-4271301298-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CF190686-9E72-403C-B99D-682ABDB63C5B}, Quarantined, [3f5acaff5724171f412c85252ed4ae52], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, Quarantined, [6f2a8148c8b3f343fa29c36a679dbd43], 
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, Quarantined, [fc9d25a45f1c52e49aa676bd10f4bf41], 
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-1673934600-4125219948-4271301298-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TidyNetwork, Quarantined, [dbbee2e798e3a2944be81bf305feb749], 
PUP.Optional.SweetIM.A, HKU\S-1-5-21-1673934600-4125219948-4271301298-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, Quarantined, [6c2d8f3a611a0a2cbc6652dbab595da3], 
 
Registry Values: 3
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, {D5DDF422-2588-11E3-B046-08EDB9F444E0}, Quarantined, [6f2a8148c8b3f343fa29c36a679dbd43]
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, MYSTART, Quarantined, [fc9d25a45f1c52e49aa676bd10f4bf41]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-1673934600-4125219948-4271301298-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, {D5DDF422-2588-11E3-B046-08EDB9F444E0}, Quarantined, [6c2d8f3a611a0a2cbc6652dbab595da3]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 6
PUP.Optional.SoftwareUpdater.A, C:\Users\Alptug\AppData\Local\SwvUpdater, Quarantined, [9dfc1dac94e74cea68b09757689adf21], 
PUP.Optional.OpenCandy, C:\Users\Alptug\AppData\Roaming\OpenCandy, Quarantined, [efaa6960a0db4beb08b9932a16ec8b75], 
PUP.Optional.OpenCandy, C:\Users\Alptug\AppData\Roaming\OpenCandy\604098B46BED4D98966F789D96F0D1A3, Quarantined, [efaa6960a0db4beb08b9932a16ec8b75], 
PUP.Optional.OpenCandy, C:\Users\Alptug\AppData\Roaming\OpenCandy\7A05F02F6AC449DC84C9DDF6F90D175B, Quarantined, [efaa6960a0db4beb08b9932a16ec8b75], 
PUP.Optional.NextLive.A, C:\Users\Alptug\AppData\Roaming\newnext.me, Quarantined, [61383f8a413a1f176903ffc0c53da060], 
PUP.Optional.NextLive.A, C:\Users\Alptug\AppData\Roaming\newnext.me\cache, Quarantined, [61383f8a413a1f176903ffc0c53da060], 
 
Files: 21
PUP.Optional.Conduit.A, C:\Users\Alptug\AppData\Roaming\OpenCandy\7A05F02F6AC449DC84C9DDF6F90D175B\sp-downloader.exe, Quarantined, [aaef696036451b1bbb0cfa2e5ba6e51b], 
PUP.Optional.Conduit, C:\Users\Alptug\Downloads\bsplayer266.1075 (3).exe, Quarantined, [8118fbce403b74c28bd574940005748c], 
PUP.Optional.Somoto, C:\Users\Alptug\Downloads\VideoPlayerSetup-5TCb4XZ.exe, Quarantined, [7f1a0bbec8b373c3ce1dc041b64fcd33], 
PUP.Optional.IsFreemium, C:\Users\Alptug\Downloads\Mipony-Installer.exe, Quarantined, [653401c84c2fa393b9f4910d01034cb4], 
PUP.Optional.Conduit, C:\Users\Alptug\Downloads\bsplayer266.1075 (4).exe, Quarantined, [9efbdaef9ae1bd7978e8c147e025d927], 
PUP.Optional.Conduit, C:\Users\Alptug\Downloads\bsplayer266.1075 (5).exe, Quarantined, [6138c504bdbed95df66a1fe9996cdd23], 
PUP.Optional.Conduit, C:\Users\Alptug\Downloads\bsplayer266.1075 (6).exe, Quarantined, [b2e76a5f4536290d4020dc2c798c1fe1], 
PUP.Optional.Conduit, C:\Users\Alptug\Downloads\bsplayer266.1075 (7).exe, Quarantined, [b6e321a8b1caab8b68f8f1173dc82ed2], 
PUP.Optional.Conduit, C:\Users\Alptug\Downloads\bsplayer266.1075.exe, Quarantined, [3a5fa1282e4dbc7aa4bc1fe9a65f926e], 
PUP.Optional.Conduit, C:\Users\Alptug\Downloads\bsplayer266_1075.exe, Quarantined, [990073564734de58d68a4bbdaa5b6c94], 
PUP.Optional.OpenCandy, C:\Users\Alptug\Downloads\DAEMONToolsUltra110-0103.exe, Quarantined, [0a8f3198b7c4f541a70c857dfb0a3ec2], 
PUP.Optional.Conduit, C:\Users\Alptug\Downloads\bs-player.exe, Quarantined, [6435e8e1daa189ad164ac74125e08c74], 
PUP.Optional.Conduit, C:\Users\Alptug\Downloads\bsplayer266.1075 (1).exe, Quarantined, [91082a9f6e0db87eabb5a66259ac22de], 
PUP.Optional.Conduit, C:\Users\Alptug\Downloads\bsplayer266.1075 (2).exe, Quarantined, [c9d08c3d6714092d0d53cf3972935fa1], 
PUP.Optional.OpenCandy, C:\Users\Alptug\Downloads\GOMPLAYEREN_2.2.56.zip, Quarantined, [79200ebbbfbcf6401e9560a2cc39ed13], 
Trojan.MSIL, C:\Users\Alptug\Downloads\EvaerSetup.rar, Quarantined, [b1e84c7d542721156b988823a35d758b], 
PUP.Optional.Softonic.A, C:\Users\Alptug\Downloads\SoftonicDownloader_for_potplayer.exe, Quarantined, [afea9732a1daa98d51fc65c75ca52ad6], 
PUP.Optional.SoftwareUpdater.A, C:\Users\Alptug\AppData\Local\SwvUpdater\Updater.xml, Quarantined, [9dfc1dac94e74cea68b09757689adf21], 
PUP.Optional.SoftwareUpdater.A, C:\Users\Alptug\AppData\Local\SwvUpdater\status.cfg, Quarantined, [9dfc1dac94e74cea68b09757689adf21], 
PUP.Optional.NextLive.A, C:\Users\Alptug\AppData\Roaming\newnext.me\nengine.cookie, Quarantined, [61383f8a413a1f176903ffc0c53da060], 
PUP.Optional.NextLive.A, C:\Users\Alptug\AppData\Roaming\newnext.me\cache\spark.bin, Quarantined, [61383f8a413a1f176903ffc0c53da060], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
# AdwCleaner v3.308 - Report created 23/08/2014 at 14:07:39
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Alptug - ALPTUG-PC
# Running from : C:\Users\Alptug\Downloads\adwcleaner_3.308.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Users\Alptug\AppData\Local\genienext
Folder Deleted : C:\Users\Alptug\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Alptug\Documents\Mobogenie
File Deleted : C:\Users\Alptug\daemonprocess.txt
File Deleted : C:\Users\Alptug\AppData\LocalLow\SkwConfig.bin
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\AppDataLow\Software\Re_Markit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Google Chrome v36.0.1985.143
 
[ File : C:\Users\Alptug\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Extension] : dcpfhaghaadpjpgocojgnlhjcieeooel
Deleted [Extension] : eiimolhnbbbdagljikeckdkldgemmmlj
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
 
*************************
 
AdwCleaner[R0].txt - [3140 octets] - [23/08/2014 13:59:14]
AdwCleaner[S0].txt - [2985 octets] - [23/08/2014 14:07:39]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3045 octets] ##########
 
 
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-08-2014
Ran by Alptug (administrator) on ALPTUG-PC on 23-08-2014 14:14:15
Running from C:\Users\Alptug\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(Panopto, Inc) C:\Program Files (x86)\Panopto\Recorder\Recorder.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe
(KARPOLAN) C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro Advanced\DTShellHlp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\Alptug\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
(Farbar) C:\Users\Alptug\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2013-09-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2013-09-04] (Realtek Semiconductor)
HKLM\...\Run: [BoxSync] => c:\Program Files\Box\Box Sync\BoxSync.exe [13544880 2014-08-14] (Box, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [243560 2014-01-15] (McAfee, Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [337440 2013-03-21] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [465536 2010-05-10] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1673934600-4125219948-4271301298-1000\...\Run: [KeyboardLeds.exe] => C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe [912896 2012-09-05] (KARPOLAN)
HKU\S-1-5-21-1673934600-4125219948-4271301298-1000\...\Run: [GoogleChromeAutoLaunch_CF9F41B5682403CECD8BCD289E5A60AA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-08-06] (Google Inc.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [247144 2012-10-11] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [203112 2012-10-11] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Alptug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Alptug\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 0000BoxSyncFileLocked -> {1b9c95e1-ce36-3737-81c8-1ec9807f03c1} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 0000BoxSyncNotSynced -> {e22ccf16-2db6-3de8-9a2c-acb66b571b69} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 0000BoxSyncProblem -> {84878798-e5c4-3e6b-b7c4-b51c4ac4e7dc} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 0000BoxSyncSynced -> {01fcd170-7f0a-3b6a-b992-66a7a20289b5} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 0YndCase0Sync -> {63D48440-63AB-44D0-B323-4731DFCDE9E9} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll (Yandex)
ShellIconOverlayIdentifiers: 0YndCase1Modified -> {7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll (Yandex)
ShellIconOverlayIdentifiers: 0YndCase2Error -> {FB2FE984-05F5-4512-9D9B-69D3DE61F6D9} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll (Yandex)
ShellIconOverlayIdentifiers: 0YndCase3Shared -> {AF8D197E-7022-4c3d-BD88-68AD35C9C169} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll (Yandex)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2C39C335EF98CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = tr-TR
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140422221911.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140422221915.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: NetDvr_Plugins -> C:\Program Files (x86)\NetDvr\Plugins\npDvr.dll (DVR)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Alptug\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Alptug\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Alptug\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Alptug\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Alptug\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Alptug\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Alptug\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013-08-14]
 
Chrome: 
=======
CHR HomePage: hxxp://go.microsoft.com/fwlink/?LinkId=69157
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Alptug\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-18]
CHR Extension: (Google Drive) - C:\Users\Alptug\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Alptug\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-29]
CHR Extension: (YouTube) - C:\Users\Alptug\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-18]
CHR Extension: (Google Search) - C:\Users\Alptug\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-18]
CHR Extension: (Easy Youtube Video Downloader) - C:\Users\Alptug\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmknocfkgffdgekmfonabppnhdgmghem [2014-04-05]
CHR Extension: (AdBlock) - C:\Users\Alptug\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-04]
CHR Extension: (Google Voice (by Google)) - C:\Users\Alptug\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-01-25]
CHR Extension: (Google Wallet) - C:\Users\Alptug\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Grooveshark Downloader) - C:\Users\Alptug\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooblpjoncpjmbncgocjlnannofkjjhnp [2014-01-11]
CHR Extension: (Gmail) - C:\Users\Alptug\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-18]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [21504 2013-12-26] (Box Inc.) [File not signed]
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)
S3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [632352 2013-06-25] (Disc Soft Ltd)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [130080 2013-03-21] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [242448 2014-04-22] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [208416 2014-01-15] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185280 2014-04-22] (McAfee, Inc.)
R2 PanoptoRecorderService; C:\Program Files (x86)\Panopto\Recorder\Recorder.exe [825664 2014-04-10] (Panopto, Inc)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5824512 2013-08-14] (Broadcom Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2012-02-22] (Broadcom Corporation.)
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2013-09-14] (Disc Soft Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-12-04] (DT Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-04-22] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-04-22] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782968 2014-04-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [107032 2014-04-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344176 2014-04-22] (McAfee, Inc.)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-23 14:13 - 2014-08-23 14:13 - 02103296 _____ (Farbar) C:\Users\Alptug\Downloads\FRST64 (1).exe
2014-08-23 14:03 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-23 13:58 - 2014-08-23 14:07 - 00000000 ____D () C:\AdwCleaner
2014-08-23 13:57 - 2014-08-23 13:57 - 01364531 _____ () C:\Users\Alptug\Downloads\adwcleaner_3.308.exe
2014-08-23 13:51 - 2014-08-23 14:09 - 00007324 _____ () C:\Windows\PFRO.log
2014-08-23 13:09 - 2014-08-23 14:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-23 13:08 - 2014-08-23 13:08 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-23 13:08 - 2014-08-23 13:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-23 13:08 - 2014-08-23 13:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-23 13:08 - 2014-08-23 13:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-23 13:08 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-23 13:08 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-23 13:08 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-23 13:06 - 2014-08-23 13:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Alptug\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-22 09:27 - 2014-08-22 09:27 - 00008892 _____ () C:\Users\Alptug\Downloads\STMT_TK496079730_082014.html
2014-08-22 00:38 - 2014-08-22 00:39 - 00287880 _____ () C:\Windows\Minidump\082214-45817-01.dmp
2014-08-19 23:21 - 2014-08-19 23:21 - 00000000 ____D () C:\Users\Alptug\Downloads\2014-Ahmet-Kaya-Bir-Eksigiz
2014-08-19 17:32 - 2014-08-22 00:38 - 448729121 _____ () C:\Windows\MEMORY.DMP
2014-08-19 17:32 - 2014-08-19 17:33 - 00285768 _____ () C:\Windows\Minidump\081914-27986-01.dmp
2014-08-18 21:43 - 2014-08-18 21:44 - 00042451 _____ () C:\Users\Alptug\Downloads\Addition.txt
2014-08-18 21:40 - 2014-08-23 14:14 - 00022240 _____ () C:\Users\Alptug\Downloads\FRST.txt
2014-08-18 21:40 - 2014-08-23 14:14 - 00000000 ____D () C:\FRST
2014-08-18 21:40 - 2014-08-18 21:40 - 02101760 _____ (Farbar) C:\Users\Alptug\Downloads\FRST64.exe
2014-08-18 12:06 - 2014-08-23 14:09 - 00001602 _____ () C:\Windows\setupact.log
2014-08-18 12:06 - 2014-08-18 12:06 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-18 11:56 - 2014-08-18 11:56 - 00205604 _____ () C:\Users\Alptug\Documents\cc_20140818_115643.reg
2014-08-18 11:51 - 2014-08-18 11:51 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-18 11:51 - 2014-08-18 11:51 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-18 11:42 - 2014-08-18 11:44 - 04813544 _____ (Piriform Ltd) C:\Users\Alptug\Downloads\ccsetup416.exe
2014-08-18 11:12 - 2014-08-18 11:12 - 00021262 _____ () C:\ComboFix.txt
2014-08-18 11:02 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-18 11:02 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-18 11:02 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-18 11:02 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-18 11:02 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-18 11:02 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-18 11:02 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-18 11:02 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-18 11:00 - 2014-08-18 11:12 - 00000000 ____D () C:\Qoobox
2014-08-18 10:59 - 2014-08-18 11:11 - 00000000 ____D () C:\Windows\erdnt
2014-08-17 12:00 - 2014-08-17 12:01 - 01790760 _____ (Juniper Networks, Inc.) C:\Users\Alptug\Downloads\JuniperSetupClientInstaller (7).exe
2014-08-17 11:57 - 2014-08-17 11:58 - 01790760 _____ (Juniper Networks, Inc.) C:\Users\Alptug\Downloads\JuniperSetupClientInstaller (6).exe
2014-08-17 11:51 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-17 11:50 - 2014-08-17 11:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-17 11:50 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-17 11:50 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-17 11:50 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-17 11:47 - 2014-08-17 11:50 - 00004162 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-16 02:04 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 02:04 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 02:04 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 02:04 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-16 02:04 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 02:04 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 02:04 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 02:04 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-15 13:15 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-15 13:15 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-15 13:15 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-15 13:15 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-15 13:15 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-15 13:15 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-15 13:15 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-15 13:15 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-15 13:15 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-15 13:15 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-15 13:15 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-15 13:15 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-15 13:15 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 13:15 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 13:14 - 2014-07-15 23:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-15 13:14 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 13:14 - 2014-07-15 22:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-15 13:14 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 13:14 - 2014-07-15 22:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-15 13:14 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 13:14 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 13:14 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 13:14 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 13:14 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 13:14 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 13:14 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 13:14 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 13:13 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 13:13 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 13:13 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 13:13 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 13:13 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 13:13 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 13:13 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 13:13 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 13:13 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 13:13 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 13:13 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 13:13 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 13:13 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 13:13 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 13:13 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 13:13 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 13:13 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 13:13 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 13:13 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 13:13 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 13:13 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 13:13 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 13:13 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 13:13 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 13:13 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 13:13 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 13:13 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 13:13 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 13:13 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 13:13 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 13:13 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 13:13 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 13:13 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 13:13 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 13:13 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 13:13 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 13:13 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 13:13 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 13:13 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 13:13 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 13:13 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 13:13 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 13:13 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 13:13 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 13:13 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 13:13 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 13:13 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 13:13 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 13:13 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 13:13 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 13:13 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 13:13 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 13:13 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 13:13 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 13:13 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 13:13 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 13:11 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 13:11 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 13:11 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 13:11 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 21:53 - 2014-08-14 22:40 - 144421951 _____ () C:\Users\Alptug\Downloads\2014-Ahmet-Kaya-Bir-Eksigiz.zip
2014-07-31 21:20 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 21:20 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 21:20 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 21:20 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 21:19 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 21:19 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-31 21:19 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 21:19 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-31 21:19 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 21:19 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-31 21:19 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 21:19 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-31 21:19 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-31 21:19 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-29 13:59 - 2014-07-29 13:59 - 00000000 ____D () C:\found.000
2014-07-29 13:31 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-29 13:31 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-29 13:31 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-29 13:31 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-29 13:31 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-29 13:30 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-29 13:30 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-29 13:30 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-29 13:30 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-29 13:30 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-29 13:30 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-29 13:30 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-29 13:30 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-29 13:30 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-29 13:30 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-29 13:30 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-29 13:30 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-29 13:30 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-29 13:30 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-29 13:27 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-29 13:27 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-29 13:27 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-29 04:15 - 2014-07-29 04:15 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-23 14:15 - 2014-08-18 21:40 - 00022240 _____ () C:\Users\Alptug\Downloads\FRST.txt
2014-08-23 14:14 - 2014-08-23 13:09 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-23 14:14 - 2014-08-18 21:40 - 00000000 ____D () C:\FRST
2014-08-23 14:13 - 2014-08-23 14:13 - 02103296 _____ (Farbar) C:\Users\Alptug\Downloads\FRST64 (1).exe
2014-08-23 14:13 - 2014-01-01 19:07 - 00000000 ____D () C:\Users\Alptug\AppData\Local\Box Sync
2014-08-23 14:12 - 2013-08-21 22:03 - 00000000 ____D () C:\Users\Alptug\AppData\Roaming\Dropbox
2014-08-23 14:10 - 2013-08-18 18:02 - 00001016 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-23 14:10 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-23 14:10 - 2009-07-14 00:45 - 00417584 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 14:09 - 2014-08-23 13:51 - 00007324 _____ () C:\Windows\PFRO.log
2014-08-23 14:09 - 2014-08-18 12:06 - 00001602 _____ () C:\Windows\setupact.log
2014-08-23 14:08 - 2013-12-12 22:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-23 14:08 - 2013-08-13 09:51 - 01060788 _____ () C:\Windows\WindowsUpdate.log
2014-08-23 14:07 - 2014-08-23 13:58 - 00000000 ____D () C:\AdwCleaner
2014-08-23 14:07 - 2013-08-13 09:53 - 00000000 ____D () C:\Users\Alptug
2014-08-23 14:01 - 2009-07-14 00:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-23 14:01 - 2009-07-14 00:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-23 13:57 - 2014-08-23 13:57 - 01364531 _____ () C:\Users\Alptug\Downloads\adwcleaner_3.308.exe
2014-08-23 13:51 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Branding
2014-08-23 13:49 - 2013-10-05 13:05 - 00001034 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1673934600-4125219948-4271301298-1000UA.job
2014-08-23 13:41 - 2014-04-18 09:17 - 00000568 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1673934600-4125219948-4271301298-1000.job
2014-08-23 13:09 - 2013-08-18 18:02 - 00001020 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-23 13:08 - 2014-08-23 13:08 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-23 13:08 - 2014-08-23 13:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-23 13:08 - 2014-08-23 13:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-23 13:08 - 2014-08-23 13:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-23 13:07 - 2014-08-23 13:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Alptug\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-22 23:45 - 2013-08-14 06:25 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{246C691D-DE49-4201-AC71-E6E69B1528B0}
2014-08-22 18:22 - 2014-04-18 09:17 - 00003598 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1673934600-4125219948-4271301298-1000
2014-08-22 09:49 - 2013-10-05 13:05 - 00000982 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1673934600-4125219948-4271301298-1000Core.job
2014-08-22 09:27 - 2014-08-22 09:27 - 00008892 _____ () C:\Users\Alptug\Downloads\STMT_TK496079730_082014.html
2014-08-22 00:39 - 2014-08-22 00:38 - 00287880 _____ () C:\Windows\Minidump\082214-45817-01.dmp
2014-08-22 00:38 - 2014-08-19 17:32 - 448729121 _____ () C:\Windows\MEMORY.DMP
2014-08-22 00:38 - 2013-09-12 09:13 - 00000000 ____D () C:\Windows\Minidump
2014-08-21 18:00 - 2014-01-01 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync
2014-08-19 23:43 - 2013-09-14 23:39 - 00000000 ____D () C:\Quarantine
2014-08-19 23:21 - 2014-08-19 23:21 - 00000000 ____D () C:\Users\Alptug\Downloads\2014-Ahmet-Kaya-Bir-Eksigiz
2014-08-19 17:33 - 2014-08-19 17:32 - 00285768 _____ () C:\Windows\Minidump\081914-27986-01.dmp
2014-08-18 21:44 - 2014-08-18 21:43 - 00042451 _____ () C:\Users\Alptug\Downloads\Addition.txt
2014-08-18 21:40 - 2014-08-18 21:40 - 02101760 _____ (Farbar) C:\Users\Alptug\Downloads\FRST64.exe
2014-08-18 12:06 - 2014-08-18 12:06 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-18 11:56 - 2014-08-18 11:56 - 00205604 _____ () C:\Users\Alptug\Documents\cc_20140818_115643.reg
2014-08-18 11:53 - 2013-12-04 19:10 - 00000000 ____D () C:\Users\Alptug\AppData\Roaming\DAEMON Tools Pro
2014-08-18 11:53 - 2013-09-10 20:58 - 00000000 ____D () C:\Users\Alptug\AppData\Roaming\uTorrent
2014-08-18 11:53 - 2013-08-13 20:33 - 00000000 ____D () C:\Windows\Panther
2014-08-18 11:51 - 2014-08-18 11:51 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-18 11:51 - 2014-08-18 11:51 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-18 11:44 - 2014-08-18 11:42 - 04813544 _____ (Piriform Ltd) C:\Users\Alptug\Downloads\ccsetup416.exe
2014-08-18 11:12 - 2014-08-18 11:12 - 00021262 _____ () C:\ComboFix.txt
2014-08-18 11:12 - 2014-08-18 11:00 - 00000000 ____D () C:\Qoobox
2014-08-18 11:11 - 2014-08-18 10:59 - 00000000 ____D () C:\Windows\erdnt
2014-08-18 11:10 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-17 15:45 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-17 12:01 - 2014-08-17 12:00 - 01790760 _____ (Juniper Networks, Inc.) C:\Users\Alptug\Downloads\JuniperSetupClientInstaller (7).exe
2014-08-17 11:58 - 2014-08-17 11:57 - 01790760 _____ (Juniper Networks, Inc.) C:\Users\Alptug\Downloads\JuniperSetupClientInstaller (6).exe
2014-08-17 11:52 - 2013-10-16 22:51 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-17 11:51 - 2014-08-17 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-17 11:50 - 2014-08-17 11:47 - 00004162 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-17 11:50 - 2013-08-29 22:13 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-16 12:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-16 02:22 - 2013-08-14 06:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-16 02:15 - 2013-08-14 07:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-16 02:09 - 2013-08-14 07:46 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-16 02:04 - 2014-05-11 08:21 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-15 13:18 - 2013-08-18 18:04 - 00002193 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-15 12:49 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-15 12:43 - 2009-07-14 01:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-14 22:40 - 2014-08-14 21:53 - 144421951 _____ () C:\Users\Alptug\Downloads\2014-Ahmet-Kaya-Bir-Eksigiz.zip
2014-08-14 11:37 - 2013-08-21 22:06 - 00000000 ____D () C:\Users\Alptug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-09 21:28 - 2014-01-01 19:20 - 00000000 ____D () C:\Users\Alptug\Box Sync
2014-08-06 22:06 - 2014-08-15 13:11 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-15 13:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 09:20 - 2010-11-20 23:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-07-31 19:41 - 2014-08-15 13:13 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 19:16 - 2014-08-15 13:13 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-30 07:43 - 2010-11-21 03:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-30 07:43 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-30 07:43 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-29 14:52 - 2013-08-14 08:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-29 14:51 - 2013-08-14 08:21 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-29 14:51 - 2013-08-14 08:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-29 13:59 - 2014-07-29 13:59 - 00000000 ____D () C:\found.000
2014-07-29 04:16 - 2013-12-12 22:02 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-29 04:16 - 2013-12-12 22:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-29 04:16 - 2013-12-12 22:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-29 04:15 - 2014-07-29 04:15 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-25 12:55 - 2014-08-17 11:50 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-25 12:49 - 2014-08-17 11:51 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-25 12:49 - 2014-08-17 11:50 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-25 12:49 - 2014-08-17 11:50 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-25 10:52 - 2014-08-15 13:13 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 10:02 - 2014-08-15 13:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 10:01 - 2014-08-15 13:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 09:51 - 2014-08-15 13:13 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 09:30 - 2014-08-15 13:13 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 09:28 - 2014-08-15 13:13 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 09:28 - 2014-08-15 13:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 09:25 - 2014-08-15 13:13 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 09:25 - 2014-08-15 13:13 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 09:11 - 2014-08-15 13:13 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 09:10 - 2014-08-15 13:13 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 09:04 - 2014-08-15 13:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 09:03 - 2014-08-15 13:13 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 09:00 - 2014-08-15 13:13 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 09:00 - 2014-08-15 13:13 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 08:59 - 2014-08-15 13:13 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 08:47 - 2014-08-15 13:13 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 08:40 - 2014-08-15 13:13 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 08:34 - 2014-08-15 13:13 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 08:34 - 2014-08-15 13:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 08:33 - 2014-08-15 13:13 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 08:30 - 2014-08-15 13:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 08:28 - 2014-08-15 13:13 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 08:28 - 2014-08-15 13:13 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 08:21 - 2014-08-15 13:13 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 08:19 - 2014-08-15 13:13 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 08:18 - 2014-08-15 13:13 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 08:17 - 2014-08-15 13:13 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 08:17 - 2014-08-15 13:13 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 08:12 - 2014-08-15 13:13 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 08:10 - 2014-08-15 13:13 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 08:10 - 2014-08-15 13:13 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 08:08 - 2014-08-15 13:13 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 08:06 - 2014-08-15 13:13 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 07:52 - 2014-08-15 13:13 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 07:47 - 2014-08-15 13:13 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 07:43 - 2014-08-15 13:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 07:42 - 2014-08-15 13:13 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 07:39 - 2014-08-15 13:13 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 07:39 - 2014-08-15 13:13 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 07:36 - 2014-08-15 13:13 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 07:34 - 2014-08-15 13:13 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 07:29 - 2014-08-15 13:13 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 07:23 - 2014-08-15 13:13 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 07:13 - 2014-08-15 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 07:07 - 2014-08-15 13:13 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 07:07 - 2014-08-15 13:13 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 07:03 - 2014-08-15 13:13 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 06:52 - 2014-08-15 13:13 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 06:26 - 2014-08-15 13:13 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 06:17 - 2014-08-15 13:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 06:09 - 2014-08-15 13:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 06:05 - 2014-08-15 13:13 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 06:00 - 2014-08-15 13:13 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
 
Some content of TEMP:
====================
C:\Users\Alptug\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpukqd9y.dll
C:\Users\Alptug\AppData\Local\Temp\log4net.dll
C:\Users\Alptug\AppData\Local\Temp\Quarantine.exe
C:\Users\Alptug\AppData\Local\Temp\SyncRestarter.exe
C:\Users\Alptug\AppData\Local\Temp\sync_upgrader.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-17 15:36
 
==================== End Of Log ============================
 
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
 

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:03 AM

Posted 24 August 2014 - 07:37 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)
U3 mfeavfk01; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
EmptyTemp:
 
End
 
Save the files as fixlist.txt into the same folder as FRST
 
Run FRST and click Fix only once and wait.
 
Restart the computer normally to reset the registry.
 
The tool will create a log (Fixlog.txt) please post it to your reply.
===
 
Download Security Check by screen317 from here.
  •  
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
 
If the site is busy or not available use this mirror site:
===
 
How is the computer running now?
 
 
 


#5 irmalp

irmalp
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 24 August 2014 - 05:10 PM

Thank you, again.

 

Here are the latest two statistics about my laptop: it starts up after 3 minutes and 20 seconds. When I double click chrome, after it first started, it takes 40 seconds for chrome to pop up. After 5 minutes or so, it takes an average of 5-6 seconds to chrome to pop up. 

 

My system: intel i5, 2.50 ghz; 4 gb ram, windows 7 sp1, intel hd graphics 3000 and nvidia geforce gt 630m, I also turned off windows aero. 

 

Is this normal and am I expecting too much from my system? Or is this unusual and what should I do? Below are the latest two logs you asked, thanks in advance!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-08-2014 03
Ran by Alptug at 2014-08-24 17:25:27 Run:1
Running from C:\Users\Alptug\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)
U3 mfeavfk01; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
EmptyTemp:
 
End
*****************
 
[1548] C:\Program Files (x86)\Coupons\CouponPrinterService.exe => Process closed successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
CouponPrinterService => Service deleted successfully.
mfeavfk01 => Service deleted successfully.
catchme => Service deleted successfully.
RimUsb => Service deleted successfully.
EmptyTemp: => Removed 467.9 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
 
 
 
 

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
McAfee VirusScan Enterprise   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 60  
 Java version out of Date! 
 Adobe Flash Player 14.0.0.145  
 Google Chrome 36.0.1985.125  
 Google Chrome 36.0.1985.143  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````  
 McAfee VirusScan Enterprise VsTskMgr.exe  
 McAfee VirusScan Enterprise mfeann.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:03 AM

Posted 25 August 2014 - 07:59 AM

See if you can get better results with this.
Follow the instructions on the page.
 
Get the Last Good Configuration.


#7 irmalp

irmalp
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 25 August 2014 - 01:01 PM

Thank you very much. It takes 2.10 mins to start right now. This is almost twice the speed compared to the time I started this thread. Chrome starting up is about 5 seconds in general, without the initial time delay I mentioned in my previous post. So, thank you very much in general. Do you think is there some other thing left we can do?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:03 AM

Posted 26 August 2014 - 08:03 AM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u67.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 60

===

This Logitech Download Assistant is started everytime you boot the computer.
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

It's checking for new Driver for Logitech.
http://www.drivermax.com/driver/update/HIDCLASS/Logitech--x64-/USB-Input-Device--Logitech-Download-Assistant-/1016244

You do not need this to run at start up. You can run the application when you want to check.
I suggest your disable it via the Task Manager.
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 irmalp

irmalp
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 26 August 2014 - 04:48 PM

I removed the Java and installed it with the information you provided. And I also disabled the item you mentioned. Thank you very much for your patience and guidance!



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:03 AM

Posted 27 August 2014 - 07:51 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users