Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Extended Unlimitided Problem


  • This topic is locked This topic is locked
4 replies to this topic

#1 alemindedesi

alemindedesi

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 AM

Posted 13 September 2014 - 09:57 AM

I have the same issue, tried almost every program but none of them could detect the trojan,virüs,malware or whatever it is. I need seriously help.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Bob Marley (administrator) on TEXAS on 13-09-2014 16:31:59
Running from C:\Users\Bob Marley\Downloads\frst
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(PixArt Imaging Incorporation) C:\Windows\Philips\SPC500NC\Monitor.exe
(Spotify Ltd) C:\Users\Bob Marley\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17200_none_fa7026dd9b04586e\TiWorker.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5581888 2014-02-24] (ESET)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2014-05-25] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10396440 2014-04-15] (Logitech Inc.)
HKLM\...\Run: [SPC500NC_Monitor] => C:\Windows\Philips\SPC500NC\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-05-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-3772674326-1853479937-3607070029-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKU\S-1-5-21-3772674326-1853479937-3607070029-1001\...\Run: [Spotify Web Helper] => C:\Users\Bob Marley\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-04] (Spotify Ltd)
HKU\S-1-5-21-3772674326-1853479937-3607070029-1001\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.tr.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = tr-TR
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6911E49B51CFCF01
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Bob Marley\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Bob Marley\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\staged [2014-05-25]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com ] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-05-26]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com ] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-05-22] (Advanced Micro Devices, Inc.) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2014-05-25] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2014-05-25] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2014-05-25] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe [1473664 2014-05-30] (ASUSTeK Computer Inc.)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1343408 2014-02-24] (ESET)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-05-15] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-05-15] (Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-05-15] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-05-15] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-05-25] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-05-25] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2014-05-25] (DT Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 SPC500NC; C:\Windows\system32\DRIVERS\SPC500NC.SYS [481280 2007-06-21] (PixArt Imaging Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-05-15] (Microsoft Corporation)
S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-13 16:20 - 2014-07-10 12:38 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Bob Marley\Desktop\TDSSKiller.exe
2014-09-13 16:19 - 2014-09-13 16:19 - 04161313 _____ () C:\Users\Bob Marley\Downloads\tdsskiller.zip
2014-09-13 16:10 - 2014-09-13 16:31 - 00000000 ____D () C:\Users\Bob Marley\Downloads\frst
2014-09-13 16:03 - 2014-09-13 16:03 - 00022078 _____ () C:\Users\Bob Marley\Downloads\Addition.txt
2014-09-13 16:01 - 2014-09-13 16:32 - 00000000 ____D () C:\FRST
2014-09-13 15:55 - 2014-09-13 15:57 - 199506240 _____ (Kaspersky Lab ZAO) C:\Users\Bob Marley\Downloads\pure13.0.2.558tr-tr.exe
2014-09-13 01:06 - 2014-09-13 01:06 - 01373475 _____ () C:\Users\Bob Marley\Downloads\adwcleaner_3.310.exe
2014-09-12 22:10 - 2014-09-12 22:10 - 00016600 _____ () C:\Users\Bob Marley\Downloads\541361-Maleficent-2014-1CD-23.976fps-TR-16kB-TurkceAltyazi-org.rar
2014-09-12 20:57 - 2014-09-12 21:03 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-12 20:40 - 2014-09-12 20:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-12 20:33 - 2014-09-12 20:33 - 00000000 ____D () C:\Windows\ERUNT
2014-09-12 20:31 - 2014-09-13 15:32 - 00000628 _____ () C:\Windows\PFRO.log
2014-09-12 20:29 - 2014-09-12 20:29 - 00060756 _____ () C:\Users\Bob Marley\Desktop\cc_20140912_202908.reg
2014-09-12 20:14 - 2014-09-13 15:32 - 00000000 ____D () C:\AdwCleaner
2014-09-11 20:48 - 2014-09-11 20:48 - 00036352 _____ () C:\Users\Bob Marley\Downloads\10101942_2014_eylul_kontenjan (1).xls
2014-09-11 20:42 - 2014-09-11 20:42 - 00036352 _____ () C:\Users\Bob Marley\Downloads\10101942_2014_eylul_kontenjan.xls
2014-09-11 14:37 - 2014-09-11 14:37 - 00030198 _____ () C:\Users\Bob Marley\Downloads\11102738_kontenjan.xlsx
2014-09-11 04:49 - 2014-08-16 05:40 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 04:49 - 2014-08-16 05:04 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 04:49 - 2014-08-16 05:00 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 04:49 - 2014-08-16 05:00 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 04:49 - 2014-08-16 04:56 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 04:49 - 2014-08-16 04:54 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 04:49 - 2014-08-16 04:45 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 04:49 - 2014-08-16 04:43 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 04:49 - 2014-08-16 04:32 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 04:49 - 2014-08-16 04:25 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 04:49 - 2014-08-16 04:22 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 04:49 - 2014-08-16 04:20 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 04:49 - 2014-08-16 04:19 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 04:49 - 2014-08-16 04:18 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 04:49 - 2014-08-16 04:18 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 04:49 - 2014-08-16 04:11 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 04:49 - 2014-08-16 04:06 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 04:49 - 2014-08-16 04:05 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 04:49 - 2014-08-16 04:05 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 04:49 - 2014-08-16 04:03 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 04:49 - 2014-08-16 04:03 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 04:49 - 2014-08-16 03:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 04:49 - 2014-08-16 03:56 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 04:49 - 2014-08-16 03:53 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 04:49 - 2014-08-16 03:53 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 04:49 - 2014-08-16 03:53 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 04:49 - 2014-08-16 03:51 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 04:49 - 2014-08-16 03:45 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 04:49 - 2014-08-16 03:44 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 04:49 - 2014-08-16 03:44 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 04:49 - 2014-08-16 03:34 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 04:49 - 2014-08-16 03:20 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 04:49 - 2014-08-16 03:18 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 04:49 - 2014-08-16 03:14 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 04:49 - 2014-08-16 03:12 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 20:17 - 2014-09-10 20:17 - 00000000 ____D () C:\Users\Bob Marley\Documents\Electronic Arts
2014-09-10 20:16 - 2014-07-24 06:20 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-09-10 20:16 - 2014-07-24 06:20 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-09-10 20:14 - 2014-08-02 03:18 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-09-10 20:02 - 2014-09-13 16:13 - 00000000 ____D () C:\Program Files (x86)\The SIMS 4 Deluxe Edition
2014-09-10 19:45 - 2014-09-10 19:45 - 00000000 ____D () C:\Users\Bob Marley\AppData\Local\Origin
2014-09-10 19:45 - 2014-09-10 19:45 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-10 19:44 - 2014-09-12 03:33 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-10 19:44 - 2014-09-10 20:17 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-09-09 14:28 - 2014-09-09 14:28 - 00000000 ____D () C:\Users\Bob Marley\Documents\KONAMI
2014-09-09 04:29 - 2014-09-09 04:29 - 00002211 _____ () C:\Users\Bob Marley\Desktop\PES2014 - Shortcut.lnk
2014-09-09 04:23 - 2014-09-09 04:23 - 00000000 ____D () C:\Program Files (x86)\Konami Digital Entertainment
2014-09-09 03:34 - 2014-09-09 03:34 - 00023663 _____ () C:\Users\Bob Marley\Downloads\Football.Manager.2014-RELOADED.torrent
2014-09-07 22:23 - 2014-09-07 22:30 - 00000000 ____D () C:\Users\Bob Marley\AppData\Roaming\Origin
2014-09-07 22:17 - 2014-09-12 05:19 - 00000000 ____D () C:\ProgramData\Origin
2014-09-07 19:26 - 2014-09-07 19:26 - 00000000 ____D () C:\Users\Bob Marley\AppData\Roaming\Steam
2014-09-05 16:49 - 2014-09-05 16:49 - 00035328 _____ () C:\Users\Bob Marley\Downloads\ela ciro prim eylül.xls
2014-09-04 14:50 - 2014-09-04 14:50 - 00119296 _____ () C:\Users\Bob Marley\Downloads\ela ciro prim a-ustos son.xls
2014-09-04 14:40 - 2014-09-04 14:40 - 00063488 _____ () C:\Users\Bob Marley\Downloads\ela ciro prim temmuz.xls
2014-09-04 14:33 - 2014-09-04 20:59 - 00014211 _____ () C:\Users\Bob Marley\Downloads\ela hakedi- toplamlar-.xlsx
2014-09-02 23:58 - 2014-05-13 10:01 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\BulkOperationHost.exe
2014-09-02 23:58 - 2014-05-13 08:07 - 02844160 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-09-02 23:58 - 2014-05-13 07:41 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-09-02 23:58 - 2014-05-13 06:59 - 01035264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-09-02 23:58 - 2014-05-03 14:29 - 01726224 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-09-02 23:58 - 2014-05-03 12:20 - 01473080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-09-02 23:58 - 2014-05-03 08:36 - 00997888 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2014-09-02 23:58 - 2014-05-03 08:19 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\ncobjapi.dll
2014-09-02 23:58 - 2014-05-03 08:08 - 00301056 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll
2014-09-02 23:58 - 2014-05-03 08:07 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll
2014-09-02 23:58 - 2014-05-03 07:46 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncobjapi.dll
2014-09-02 23:58 - 2014-05-03 07:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll
2014-09-02 23:58 - 2014-05-03 07:37 - 00207360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedyn.dll
2014-09-02 23:58 - 2014-05-03 02:26 - 00050745 _____ () C:\Windows\system32\srms.dat
2014-09-02 23:58 - 2014-05-01 08:44 - 01025536 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-09-02 23:58 - 2014-04-30 09:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys
2014-09-02 23:58 - 2014-04-30 09:41 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-09-02 23:58 - 2014-04-30 09:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2014-09-02 23:58 - 2014-04-30 09:41 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys
2014-09-02 23:58 - 2014-04-30 08:45 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-09-02 23:58 - 2014-04-30 07:48 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-09-02 23:58 - 2014-04-30 07:24 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-09-02 23:58 - 2014-04-30 07:23 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2014-09-02 23:58 - 2014-04-30 07:23 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-09-02 23:58 - 2014-04-30 07:23 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2014-09-02 23:58 - 2014-04-30 07:14 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2014-09-02 23:58 - 2014-04-30 06:59 - 01063424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-09-02 23:58 - 2014-04-30 06:46 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2014-09-02 23:58 - 2014-04-30 06:46 - 00229888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2014-09-02 23:58 - 2014-04-30 06:46 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2014-09-02 23:58 - 2014-04-30 06:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2014-09-02 23:58 - 2014-04-30 06:42 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2014-09-02 23:58 - 2014-04-29 01:40 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2014-09-02 23:58 - 2014-04-27 01:03 - 02140888 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-09-02 23:58 - 2014-04-26 23:14 - 02144984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-09-02 23:58 - 2014-04-26 21:41 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfg.exe
2014-09-02 23:58 - 2014-04-26 21:22 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfgLib.dll
2014-09-02 23:58 - 2014-04-26 21:04 - 00311296 _____ (Microsoft Corporation) C:\Windows\system32\fvecpl.dll
2014-09-02 23:58 - 2014-04-26 20:36 - 00794112 _____ (Microsoft Corporation) C:\Windows\system32\fvewiz.dll
2014-09-02 23:58 - 2014-04-26 19:39 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2014-09-02 23:58 - 2014-04-14 12:37 - 02125344 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2014-09-02 23:58 - 2014-04-14 11:08 - 01797896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2014-09-02 23:58 - 2014-04-14 08:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d8thk.dll
2014-09-02 23:58 - 2014-04-09 09:11 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-09-02 23:58 - 2014-04-09 08:20 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-09-02 23:56 - 2014-06-20 04:48 - 01273184 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-02 23:56 - 2014-06-20 02:52 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-09-02 23:56 - 2014-06-10 01:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-02 23:56 - 2014-06-10 01:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-02 23:56 - 2014-05-31 09:27 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-09-02 23:54 - 2014-08-23 03:42 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-02 23:54 - 2014-08-07 05:12 - 01336624 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-02 23:54 - 2014-08-02 06:56 - 01064448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-02 23:54 - 2014-06-13 04:15 - 00517528 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-09-02 23:54 - 2014-06-13 04:14 - 01557848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-02 23:54 - 2014-06-13 03:10 - 00406400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-09-02 23:54 - 2014-06-06 14:34 - 02133504 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2014-09-02 23:54 - 2014-06-05 17:13 - 00216368 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2014-09-02 23:54 - 2014-06-05 16:14 - 00189016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2014-09-02 23:54 - 2014-06-02 05:10 - 00423768 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2014-09-02 23:54 - 2014-05-31 13:07 - 00467800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-09-02 23:54 - 2014-05-31 13:07 - 00440664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-09-02 23:54 - 2014-05-31 13:07 - 00419672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-09-02 23:54 - 2014-05-31 13:07 - 00089944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-09-02 23:54 - 2014-05-31 13:07 - 00027480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-09-02 23:54 - 2014-05-31 09:30 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-09-02 23:54 - 2014-05-31 09:27 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-09-02 23:54 - 2014-05-31 09:26 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-09-02 23:54 - 2014-05-31 07:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-09-02 23:54 - 2014-05-31 07:01 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-09-02 23:54 - 2014-05-31 07:01 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-09-02 23:54 - 2014-05-29 09:21 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\cscui.dll
2014-09-02 23:54 - 2014-05-27 18:53 - 02518360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-09-02 23:54 - 2014-05-27 12:56 - 00323584 _____ (Microsoft Corporation) C:\Windows\system32\DaOtpCredentialProvider.dll
2014-09-02 23:54 - 2014-05-27 12:53 - 00270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DaOtpCredentialProvider.dll
2014-09-02 23:54 - 2014-05-17 07:59 - 16871936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-09-02 23:54 - 2014-05-17 07:13 - 12711424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-09-02 23:54 - 2014-04-30 07:30 - 00668160 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2014-09-02 23:54 - 2014-04-30 06:52 - 00590336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2014-09-02 23:53 - 2014-08-02 06:11 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-09-02 23:53 - 2014-07-15 21:16 - 03048880 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2014-09-02 23:53 - 2014-07-15 11:29 - 03118080 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-09-02 23:53 - 2014-07-15 11:22 - 02861056 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll
2014-09-02 23:53 - 2014-07-15 11:03 - 02344448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-09-02 23:53 - 2014-07-12 07:17 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2014-09-02 23:53 - 2014-07-10 07:16 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-09-02 23:53 - 2014-07-10 07:03 - 04756992 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-09-02 23:53 - 2014-07-10 06:33 - 01120256 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-09-02 23:53 - 2014-06-04 12:27 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-02 23:53 - 2014-06-04 08:31 - 00356352 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-02 23:53 - 2014-06-04 08:22 - 02790912 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-02 23:53 - 2014-06-04 07:43 - 00281088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-09-02 23:53 - 2014-06-04 07:38 - 03304448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-09-02 23:53 - 2014-06-04 05:15 - 02642944 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-02 23:53 - 2014-06-04 05:14 - 02318336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-02 23:53 - 2014-05-13 07:26 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-09-02 23:53 - 2014-05-13 06:31 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-09-02 23:50 - 2014-09-03 02:38 - 00145408 _____ () C:\Users\Bob Marley\Downloads\ela ciro prim 20.08.2014.xls
2014-09-02 23:48 - 2014-09-03 02:38 - 00020912 _____ () C:\Users\Bob Marley\Downloads\TUNÇER- A-USTOS (1).xlsx
2014-09-02 23:47 - 2014-09-02 23:48 - 00018466 _____ () C:\Users\Bob Marley\Downloads\TUNÇER- A-USTOS.xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-13 16:32 - 2014-09-13 16:01 - 00000000 ____D () C:\FRST
2014-09-13 16:31 - 2014-09-13 16:10 - 00000000 ____D () C:\Users\Bob Marley\Downloads\frst
2014-09-13 16:30 - 2014-06-03 20:14 - 01687671 _____ () C:\Windows\WindowsUpdate.log
2014-09-13 16:28 - 2014-05-26 03:52 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3772674326-1853479937-3607070029-1001
2014-09-13 16:19 - 2014-09-13 16:19 - 04161313 _____ () C:\Users\Bob Marley\Downloads\tdsskiller.zip
2014-09-13 16:16 - 2014-03-18 13:04 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-13 16:14 - 2014-06-27 15:49 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-09-13 16:13 - 2014-09-10 20:02 - 00000000 ____D () C:\Program Files (x86)\The SIMS 4 Deluxe Edition
2014-09-13 16:13 - 2014-01-26 22:23 - 00000000 ____D () C:\Games
2014-09-13 16:12 - 2013-08-22 17:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-13 16:11 - 2013-08-22 16:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-13 16:03 - 2014-09-13 16:03 - 00022078 _____ () C:\Users\Bob Marley\Downloads\Addition.txt
2014-09-13 16:00 - 2013-08-22 18:36 - 00000000 ____D () C:\Windows\system32\sru
2014-09-13 15:57 - 2014-09-13 15:55 - 199506240 _____ (Kaspersky Lab ZAO) C:\Users\Bob Marley\Downloads\pure13.0.2.558tr-tr.exe
2014-09-13 15:40 - 2014-05-25 17:59 - 00000000 ____D () C:\Users\Bob Marley\AppData\Roaming\Opera Software
2014-09-13 15:40 - 2014-05-25 17:59 - 00000000 ____D () C:\Users\Bob Marley\AppData\Local\Opera Software
2014-09-13 15:40 - 2014-05-25 17:59 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-09-13 15:32 - 2014-09-12 20:31 - 00000628 _____ () C:\Windows\PFRO.log
2014-09-13 15:32 - 2014-09-12 20:14 - 00000000 ____D () C:\AdwCleaner
2014-09-13 04:41 - 2014-05-25 20:01 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-13 01:06 - 2014-09-13 01:06 - 01373475 _____ () C:\Users\Bob Marley\Downloads\adwcleaner_3.310.exe
2014-09-12 22:10 - 2014-09-12 22:10 - 00016600 _____ () C:\Users\Bob Marley\Downloads\541361-Maleficent-2014-1CD-23.976fps-TR-16kB-TurkceAltyazi-org.rar
2014-09-12 21:03 - 2014-09-12 20:57 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-12 20:40 - 2014-09-12 20:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-12 20:33 - 2014-09-12 20:33 - 00000000 ____D () C:\Windows\ERUNT
2014-09-12 20:29 - 2014-09-12 20:29 - 00060756 _____ () C:\Users\Bob Marley\Desktop\cc_20140912_202908.reg
2014-09-12 20:28 - 2014-05-25 19:58 - 00000000 ____D () C:\Users\Bob Marley\AppData\Roaming\DAEMON Tools Lite
2014-09-12 18:25 - 2014-05-29 22:18 - 00000000 ____D () C:\Users\Bob Marley\AppData\Roaming\BitComet
2014-09-12 15:14 - 2013-08-22 18:36 - 00000000 ____D () C:\Windows\rescache
2014-09-12 14:55 - 2013-08-22 18:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-09-12 05:19 - 2014-09-07 22:17 - 00000000 ____D () C:\ProgramData\Origin
2014-09-12 03:33 - 2014-09-10 19:44 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-11 20:48 - 2014-09-11 20:48 - 00036352 _____ () C:\Users\Bob Marley\Downloads\10101942_2014_eylul_kontenjan (1).xls
2014-09-11 20:42 - 2014-09-11 20:42 - 00036352 _____ () C:\Users\Bob Marley\Downloads\10101942_2014_eylul_kontenjan.xls
2014-09-11 19:23 - 2014-05-25 20:59 - 00000000 ____D () C:\Users\Bob Marley\AppData\Roaming\Spotify
2014-09-11 14:37 - 2014-09-11 14:37 - 00030198 _____ () C:\Users\Bob Marley\Downloads\11102738_kontenjan.xlsx
2014-09-11 04:51 - 2013-08-22 18:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-11 04:49 - 2014-06-12 22:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 04:49 - 2014-06-12 22:19 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 04:49 - 2014-06-12 22:19 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 04:49 - 2014-06-12 22:19 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 04:49 - 2014-06-12 22:19 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 04:49 - 2014-06-12 22:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 04:49 - 2014-06-12 22:19 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 04:49 - 2014-06-12 22:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 04:49 - 2014-05-15 05:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 04:48 - 2014-05-28 12:20 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 04:46 - 2014-05-28 12:20 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 20:17 - 2014-09-10 20:17 - 00000000 ____D () C:\Users\Bob Marley\Documents\Electronic Arts
2014-09-10 20:17 - 2014-09-10 19:44 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-09-10 19:59 - 2014-05-26 03:56 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-10 19:45 - 2014-09-10 19:45 - 00000000 ____D () C:\Users\Bob Marley\AppData\Local\Origin
2014-09-10 19:45 - 2014-09-10 19:45 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-10 02:50 - 2014-05-25 19:58 - 00001229 _____ () C:\Users\Bob Marley\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2014-09-10 02:50 - 2014-05-25 19:58 - 00001205 _____ () C:\Users\Public\Desktop\GOM Player.lnk
2014-09-09 14:30 - 2014-06-13 22:12 - 00000000 ____D () C:\Users\Bob Marley\AppData\Local\SKIDROW
2014-09-09 14:28 - 2014-09-09 14:28 - 00000000 ____D () C:\Users\Bob Marley\Documents\KONAMI
2014-09-09 04:29 - 2014-09-09 04:29 - 00002211 _____ () C:\Users\Bob Marley\Desktop\PES2014 - Shortcut.lnk
2014-09-09 04:23 - 2014-09-09 04:23 - 00000000 ____D () C:\Program Files (x86)\Konami Digital Entertainment
2014-09-09 03:34 - 2014-09-09 03:34 - 00023663 _____ () C:\Users\Bob Marley\Downloads\Football.Manager.2014-RELOADED.torrent
2014-09-08 16:51 - 2014-05-25 21:00 - 00000000 ____D () C:\Users\Bob Marley\AppData\Local\Spotify
2014-09-08 02:21 - 2014-05-26 03:46 - 00000000 ____D () C:\Users\Bob Marley
2014-09-07 22:30 - 2014-09-07 22:23 - 00000000 ____D () C:\Users\Bob Marley\AppData\Roaming\Origin
2014-09-07 19:26 - 2014-09-07 19:26 - 00000000 ____D () C:\Users\Bob Marley\AppData\Roaming\Steam
2014-09-05 16:49 - 2014-09-05 16:49 - 00035328 _____ () C:\Users\Bob Marley\Downloads\ela ciro prim eylül.xls
2014-09-04 20:59 - 2014-09-04 14:33 - 00014211 _____ () C:\Users\Bob Marley\Downloads\ela hakedi- toplamlar-.xlsx
2014-09-04 14:50 - 2014-09-04 14:50 - 00119296 _____ () C:\Users\Bob Marley\Downloads\ela ciro prim a-ustos son.xls
2014-09-04 14:40 - 2014-09-04 14:40 - 00063488 _____ () C:\Users\Bob Marley\Downloads\ela ciro prim temmuz.xls
2014-09-03 09:05 - 2013-08-22 17:44 - 00426944 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-03 02:45 - 2013-08-22 18:36 - 00000000 ___RD () C:\Windows\ToastData
2014-09-03 02:45 - 2013-08-22 18:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-03 02:45 - 2013-08-22 18:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-09-03 02:45 - 2013-08-22 18:36 - 00000000 ____D () C:\Windows\FileManager
2014-09-03 02:45 - 2013-08-22 18:36 - 00000000 ____D () C:\Windows\Camera
2014-09-03 02:38 - 2014-09-02 23:50 - 00145408 _____ () C:\Users\Bob Marley\Downloads\ela ciro prim 20.08.2014.xls
2014-09-03 02:38 - 2014-09-02 23:48 - 00020912 _____ () C:\Users\Bob Marley\Downloads\TUNÇER- A-USTOS (1).xlsx
2014-09-02 23:52 - 2014-03-18 13:15 - 00233912 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-09-02 23:48 - 2014-09-02 23:47 - 00018466 _____ () C:\Users\Bob Marley\Downloads\TUNÇER- A-USTOS.xlsx
2014-09-02 23:48 - 2014-05-15 05:12 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-09-02 23:06 - 2013-08-22 18:38 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-02 23:06 - 2013-08-22 18:38 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-23 03:42 - 2014-09-02 23:54 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-16 05:40 - 2014-09-11 04:49 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-16 05:04 - 2014-09-11 04:49 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-16 05:00 - 2014-09-11 04:49 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-16 05:00 - 2014-09-11 04:49 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-16 04:56 - 2014-09-11 04:49 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-16 04:54 - 2014-09-11 04:49 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-16 04:45 - 2014-09-11 04:49 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-16 04:43 - 2014-09-11 04:49 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-16 04:32 - 2014-09-11 04:49 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-16 04:25 - 2014-09-11 04:49 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-16 04:22 - 2014-09-11 04:49 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-16 04:20 - 2014-09-11 04:49 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-16 04:19 - 2014-09-11 04:49 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-16 04:18 - 2014-09-11 04:49 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-16 04:18 - 2014-09-11 04:49 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-16 04:11 - 2014-09-11 04:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-16 04:06 - 2014-09-11 04:49 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-16 04:05 - 2014-09-11 04:49 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-16 04:05 - 2014-09-11 04:49 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-16 04:03 - 2014-09-11 04:49 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-16 04:03 - 2014-09-11 04:49 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-16 03:58 - 2014-09-11 04:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-16 03:56 - 2014-09-11 04:49 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-16 03:53 - 2014-09-11 04:49 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-16 03:53 - 2014-09-11 04:49 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-16 03:53 - 2014-09-11 04:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-16 03:51 - 2014-09-11 04:49 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-16 03:45 - 2014-09-11 04:49 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-16 03:44 - 2014-09-11 04:49 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-16 03:44 - 2014-09-11 04:49 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-16 03:34 - 2014-09-11 04:49 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-16 03:20 - 2014-09-11 04:49 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-16 03:18 - 2014-09-11 04:49 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-16 03:14 - 2014-09-11 04:49 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-16 03:12 - 2014-09-11 04:49 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\Bob Marley\AppData\Local\Temp\Uninstall.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-06 18:13

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 AM

Posted 13 September 2014 - 11:34 AM

Hi,

does this fix the problem?


Please download this attached Attached File  fixlist.txt   151bytes   3 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#3 alemindedesi

alemindedesi
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 AM

Posted 14 September 2014 - 09:01 AM

Wow it helped thank you very very much !  :bounce:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Bob Marley at 2014-09-14 16:56:54 Run:2
Running from C:\Users\Bob Marley\Downloads\frst
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-3772674326-1853479937-3607070029-1001\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
EmptyTemp:
*****************
 
HKU\S-1-5-21-3772674326-1853479937-3607070029-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully.
EmptyTemp: => Removed 201.9 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 AM

Posted 14 September 2014 - 11:15 AM

You're welcome.

My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!

#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 AM

Posted 19 September 2014 - 03:33 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users