Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gameharbor virus caught me too :(


  • This topic is locked This topic is locked
15 replies to this topic

#1 Dogusmen

Dogusmen

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 14 September 2014 - 12:39 PM

Hello,This site opens everytime when i start computer :( this is my FRST log please help me :(

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014

Ran by Win7 (administrator) on WIN7-BILGISAYAR on 14-09-2014 20:31:47
Running from C:\Users\Win7\Downloads
Platform: Windows 7 Ultimate (X64) OS Language: Türkçe (Türkiye)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Skillbrains) C:\Users\Win7\AppData\Local\Skillbrains\lightshot\5.1.2.5\Lightshot.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
() C:\Users\Win7\AppData\Roaming\DRPSu\DrvUpdater.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10396440 2014-04-15] (Logitech Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-08-07] (Realtek Semiconductor)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3813712 2014-02-04] (LogMeIn Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-14] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3082891877-3912192116-947350551-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1939136 2014-08-28] (Valve Corporation)
HKU\S-1-5-21-3082891877-3912192116-947350551-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-3082891877-3912192116-947350551-1000\...\Run: [LightShot] => C:\Users\Win7\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226592 2014-03-06] ()
HKU\S-1-5-21-3082891877-3912192116-947350551-1000\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2281248 2014-08-22] (IObit)
HKU\S-1-5-21-3082891877-3912192116-947350551-1000\...\Run: [Facebook Update] => C:\Users\Win7\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-06-10] (Facebook Inc.)
HKU\S-1-5-21-3082891877-3912192116-947350551-1000\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-08-20] (Raptr, Inc)
HKU\S-1-5-21-3082891877-3912192116-947350551-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3600216 2014-08-30] (Electronic Arts)
HKU\S-1-5-21-3082891877-3912192116-947350551-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
HKU\S-1-5-21-3082891877-3912192116-947350551-1000\...\Run: [DrvUpdater] => C:\Users\Win7\AppData\Roaming\DRPSu\DrvUpdater.exe [195256 2012-12-23] ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.us.com/?guid={22F71459-11F1-4B04-A30D-F07699CF1B3B}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://tr.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBBF8B146944ECF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = tr-TR
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {2E6227F1-7E8C-457C-9573-CE7DD99F8A4C} URL = http://search.us.com/serp?guid={22F71459-11F1-4B04-A30D-F07699CF1B3B}&k={searchTerms}
SearchScopes: HKCU - {C7663EA4-E833-4D34-94E5-3173D185CC53} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10583
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft hesabı Oturum Açma Yardım Aracı -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.3.1
Tcpip\..\Interfaces\{A8386A40-5C83-4484-8B21-5521033D29AD}: [NameServer] 77.88.8.8,77.88.8.1
 
FireFox:
========
FF ProfilePath: C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\clxx9rch.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Win7\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Win7\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\clxx9rch.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yandex-tr.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\clxx9rch.default\Extensions\ascsurfingprotection@iobit.com [2014-09-08]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com [2014-01-21]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2013-12-23]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-19]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> B17FF304FA71156B2AD7465B5FAE0230945B4657981C7C4B7E70B653495261D6
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ZenMate) - C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-09-14]
CHR Extension: (avast! Online Security) - C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-14]
CHR Extension: (Skype Click to Call) - C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-22]
CHR Extension: (Google Cüzdan) - C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-14] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-18] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed]
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-04] (LogMeIn, Inc.)
S4 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-14] ()
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2014-07-03] (Intel Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3073752 2014-07-03] (Realtek Semiconductor Corporation                           )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-09-24] (Duplex Secure Ltd.)
S3 SRS_HDAL_Service; C:\Windows\System32\drivers\SRS_HDAL_amd64.sys [525040 2010-07-02] ()
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-10-16] (Anchorfree Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
U3 adr3s3rt; C:\Windows\System32\Drivers\adr3s3rt.sys [0 ] (Advanced Micro Devices)
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-14 20:31 - 2014-09-14 20:31 - 00018828 _____ () C:\Users\Win7\Downloads\FRST.txt
2014-09-14 20:14 - 2014-09-14 20:31 - 00000000 ____D () C:\FRST
2014-09-14 20:13 - 2014-09-14 20:13 - 02105856 _____ (Farbar) C:\Users\Win7\Downloads\FRST64.exe
2014-09-14 19:53 - 2014-09-14 19:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-13 20:46 - 2014-09-13 20:46 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2014-09-13 20:18 - 2014-09-13 20:18 - 00000000 _____ () C:\autoexec.bat
2014-09-13 20:16 - 2014-09-13 20:16 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-13 14:30 - 2014-09-13 14:30 - 00000000 ____D () C:\Users\Win7\Documents\CAPCOM
2014-09-13 14:30 - 2014-09-13 14:30 - 00000000 ____D () C:\Users\Win7\AppData\Local\CAPCOM
2014-09-13 14:09 - 2014-09-13 14:09 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-13 14:09 - 2014-09-13 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-13 14:09 - 2014-09-13 14:09 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-13 14:09 - 2014-09-13 14:09 - 00000000 ____D () C:\Program Files\iTunes
2014-09-13 14:09 - 2014-09-13 14:09 - 00000000 ____D () C:\Program Files\iPod
2014-09-13 14:09 - 2014-09-13 14:09 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-13 06:46 - 2014-09-13 06:46 - 00281200 _____ () C:\Windows\Minidump\091314-11419-01.dmp
2014-09-09 12:52 - 2014-09-13 14:13 - 00246976 _____ () C:\Windows\DirectX.log
2014-09-08 15:58 - 2014-09-14 20:30 - 00002352 _____ () C:\Windows\setupact.log
2014-09-08 15:58 - 2014-09-14 20:24 - 00060382 _____ () C:\Windows\PFRO.log
2014-09-08 15:58 - 2014-09-08 15:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-06 17:51 - 2014-09-06 17:51 - 00000663 _____ () C:\Users\Win7\Desktop\Müzikler - Kısayol.lnk
2014-09-06 17:25 - 2014-09-06 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-06 17:25 - 2014-09-06 17:25 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-06 17:25 - 2014-09-06 17:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-06 04:37 - 2014-09-06 04:37 - 05500776 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-09-06 04:37 - 2014-09-06 04:37 - 03957608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-09-06 04:37 - 2014-09-06 04:37 - 03902312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-09-06 04:36 - 2014-09-06 04:36 - 03150848 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-06 04:36 - 2014-09-06 04:36 - 02003968 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-09-06 04:36 - 2014-09-06 04:36 - 01880064 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-09-06 04:36 - 2014-09-06 04:36 - 01656688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-09-06 04:36 - 2014-09-06 04:36 - 01389568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-09-06 04:36 - 2014-09-06 04:36 - 01236992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-09-06 04:36 - 2014-09-06 04:36 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-06 04:36 - 2014-09-06 04:36 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-06 04:35 - 2014-09-06 04:35 - 01895280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-09-06 04:35 - 2014-09-06 04:35 - 01837568 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-06 04:35 - 2014-09-06 04:35 - 01541120 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-09-06 04:35 - 2014-09-06 04:35 - 01460224 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-09-06 04:35 - 2014-09-06 04:35 - 01170944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-06 04:35 - 2014-09-06 04:35 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-09-06 04:35 - 2014-09-06 04:35 - 01074176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-09-06 04:35 - 2014-09-06 04:35 - 00902656 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-09-06 04:35 - 2014-09-06 04:35 - 00739840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-09-06 04:35 - 2014-09-06 04:35 - 00320512 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-09-06 04:35 - 2014-09-06 04:35 - 00218624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-09-06 04:35 - 2014-09-06 04:35 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-09-06 04:35 - 2014-09-06 04:35 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-09-06 04:35 - 2014-09-06 04:35 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-09-06 04:35 - 2014-09-06 04:35 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-09-06 04:35 - 2014-09-06 04:35 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-09-06 04:35 - 2014-09-06 04:35 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-09-06 04:35 - 2014-09-06 04:35 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-09-06 04:34 - 2014-09-06 04:34 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-09-06 04:34 - 2014-09-06 04:34 - 00861184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-09-06 04:34 - 2014-09-06 04:34 - 00740864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-09-06 04:34 - 2014-09-06 04:34 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-09-06 04:34 - 2014-09-06 04:34 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-09-06 04:34 - 2014-09-06 04:34 - 00367104 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-09-06 04:34 - 2014-09-06 04:34 - 00294912 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-09-06 04:34 - 2014-09-06 04:34 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-09-06 04:34 - 2014-09-06 04:34 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-09-06 04:34 - 2014-09-06 04:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The SIMS 4 Deluxe Edition
2014-09-06 04:33 - 2014-09-06 04:33 - 00714752 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-06 04:33 - 2014-09-06 04:33 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-06 04:33 - 2014-09-06 04:33 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-09-06 04:33 - 2014-09-06 04:33 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-09-06 04:33 - 2014-09-06 04:33 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2014-09-06 04:33 - 2014-09-06 04:33 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-09-06 04:33 - 2014-09-06 04:33 - 00314368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2014-09-06 04:33 - 2014-09-06 04:33 - 00286720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-09-06 04:33 - 2014-09-06 04:33 - 00224256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-09-06 04:33 - 2014-09-06 04:33 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-09-06 04:33 - 2014-09-06 04:33 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-09-06 04:33 - 2014-09-06 04:33 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-09-06 04:33 - 2014-09-06 04:33 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-09-06 04:33 - 2014-09-06 04:33 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-09-05 18:52 - 2014-09-05 18:52 - 00000000 ____D () C:\Users\Win7\AppData\Roaming\MonoDevelop-Unity-4.0
2014-09-04 00:15 - 2014-09-05 20:04 - 00000000 ____D () C:\Users\Win7\Desktop\sanic
2014-09-03 15:57 - 2014-09-09 13:20 - 00000222 _____ () C:\Users\Win7\BullseyeCoverageError.txt
2014-09-03 15:56 - 2014-09-03 15:56 - 00000655 _____ () C:\Users\Public\Desktop\Unity.lnk
2014-08-30 17:10 - 2014-08-30 17:10 - 00000000 ____D () C:\Users\Win7\AppData\Local\DOSBox
2014-08-30 17:06 - 2014-08-30 17:13 - 00000000 ____D () C:\Program Files (x86)\DOSBox-0.74
2014-08-30 17:06 - 2014-08-30 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
2014-08-29 22:33 - 2014-08-29 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu!
2014-08-29 03:02 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe
2014-08-28 23:01 - 2014-08-28 23:01 - 00000523 _____ () C:\Windows\0000000000000000_crash.json
2014-08-28 13:37 - 2014-08-28 13:37 - 00941272 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-08-28 13:37 - 2014-08-28 13:37 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-08-25 10:45 - 2014-08-25 10:45 - 00000862 _____ () C:\Windows\SysWOW64\2014-08-25_10-45-32_League of Legends.log
2014-08-25 10:45 - 2014-08-25 10:45 - 00000862 _____ () C:\Windows\SysWOW64\2014-08-25_10-45-23_League of Legends.log
2014-08-25 10:45 - 2014-08-25 10:45 - 00000523 _____ () C:\Windows\SysWOW64\0000000000000000_crash.json
2014-08-20 21:41 - 2014-08-20 21:42 - 00005120 _____ () C:\Users\Win7\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-20 21:39 - 2014-08-20 21:40 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-08-20 21:39 - 2014-08-20 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-08-20 21:32 - 2014-08-20 21:32 - 00356352 _____ (eSellerate Inc.) C:\Windows\eSellerateEngine.dll
2014-08-20 21:31 - 2001-02-20 03:47 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.OCX
2014-08-18 04:21 - 2014-08-18 04:21 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-08-18 04:08 - 2014-09-06 13:07 - 00000000 ____D () C:\Users\Win7\Documents\Electronic Arts
2014-08-17 21:50 - 2014-08-17 21:50 - 00000000 ____D () C:\Users\Win7\AppData\Local\EA Games
2014-08-17 13:25 - 2014-08-17 13:25 - 00000000 ____D () C:\Users\Win7\Documents\Wolverine
2014-08-17 13:22 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-08-17 13:22 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-08-17 13:22 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-08-17 13:22 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-08-17 13:22 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-08-17 13:22 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-08-17 13:05 - 2014-08-17 13:05 - 00000000 __SHD () C:\Windows\ftpcache
2014-08-15 15:30 - 2014-08-15 15:30 - 00000000 ____D () C:\ProgramData\Rockstar Games
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-14 20:31 - 2014-09-14 20:31 - 00018828 _____ () C:\Users\Win7\Downloads\FRST.txt
2014-09-14 20:31 - 2014-09-14 20:14 - 00000000 ____D () C:\FRST
2014-09-14 20:31 - 2014-06-11 13:31 - 00000000 ____D () C:\Users\Win7\AppData\Roaming\Raptr
2014-09-14 20:31 - 2013-12-09 17:12 - 00000000 ____D () C:\Users\Win7\AppData\Local\LogMeIn Hamachi
2014-09-14 20:31 - 2013-10-13 16:49 - 00000000 ____D () C:\ProgramData\Origin
2014-09-14 20:31 - 2013-07-19 15:47 - 00001012 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-14 20:30 - 2014-09-08 15:58 - 00002352 _____ () C:\Windows\setupact.log
2014-09-14 20:30 - 2013-09-15 21:26 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-14 20:30 - 2013-07-19 15:16 - 01485235 _____ () C:\Windows\WindowsUpdate.log
2014-09-14 20:30 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-14 20:30 - 2009-07-14 07:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-14 20:30 - 2009-07-14 07:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-14 20:28 - 2013-09-14 22:54 - 00000814 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-14 20:24 - 2014-09-08 15:58 - 00060382 _____ () C:\Windows\PFRO.log
2014-09-14 20:24 - 2013-10-13 16:49 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-14 20:13 - 2014-09-14 20:13 - 02105856 _____ (Farbar) C:\Users\Win7\Downloads\FRST64.exe
2014-09-14 20:12 - 2009-07-14 15:45 - 00659700 _____ () C:\Windows\system32\perfh01F.dat
2014-09-14 20:12 - 2009-07-14 15:45 - 00141370 _____ () C:\Windows\system32\perfc01F.dat
2014-09-14 20:12 - 2009-07-14 08:13 - 01578844 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-14 20:06 - 2013-07-19 16:36 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-09-14 20:06 - 2009-07-14 08:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-09-14 19:53 - 2014-09-14 19:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-14 19:39 - 2013-07-19 15:47 - 00001016 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-14 19:27 - 2014-03-19 22:33 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2014-09-14 19:27 - 2013-10-19 05:59 - 00000386 _____ () C:\Windows\Tasks\update-sys.job
2014-09-14 18:53 - 2014-06-10 15:48 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3082891877-3912192116-947350551-1000UA.job
2014-09-14 18:34 - 2014-05-27 16:24 - 00000000 ____D () C:\ProgramData\ProductData
2014-09-14 01:07 - 2013-10-19 05:59 - 00000386 _____ () C:\Windows\Tasks\update-S-1-5-21-3082891877-3912192116-947350551-1000.job
2014-09-13 22:29 - 2013-09-14 22:54 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-13 22:29 - 2013-09-14 22:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-13 22:29 - 2013-09-14 22:54 - 00003752 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-13 20:46 - 2014-09-13 20:46 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2014-09-13 20:18 - 2014-09-13 20:18 - 00000000 _____ () C:\autoexec.bat
2014-09-13 20:16 - 2014-09-13 20:16 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-13 20:08 - 2014-05-21 23:08 - 00000000 ____D () C:\Program Files (x86)\MKV Player
2014-09-13 15:10 - 2013-09-15 01:54 - 00000000 ____D () C:\Users\Win7\Desktop\Oyunlar
2014-09-13 14:30 - 2014-09-13 14:30 - 00000000 ____D () C:\Users\Win7\Documents\CAPCOM
2014-09-13 14:30 - 2014-09-13 14:30 - 00000000 ____D () C:\Users\Win7\AppData\Local\CAPCOM
2014-09-13 14:21 - 2009-07-14 08:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-13 14:13 - 2014-09-09 12:52 - 00246976 _____ () C:\Windows\DirectX.log
2014-09-13 14:10 - 2013-09-23 19:51 - 00000000 ____D () C:\Users\Win7\AppData\Roaming\uTorrent
2014-09-13 14:09 - 2014-09-13 14:09 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-13 14:09 - 2014-09-13 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-13 14:09 - 2014-09-13 14:09 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-13 14:09 - 2014-09-13 14:09 - 00000000 ____D () C:\Program Files\iTunes
2014-09-13 14:09 - 2014-09-13 14:09 - 00000000 ____D () C:\Program Files\iPod
2014-09-13 14:09 - 2014-09-13 14:09 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-13 06:46 - 2014-09-13 06:46 - 00281200 _____ () C:\Windows\Minidump\091314-11419-01.dmp
2014-09-13 06:46 - 2014-01-18 14:49 - 00000000 ____D () C:\Windows\Minidump
2014-09-12 20:41 - 2013-07-19 15:56 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-12 02:20 - 2014-08-14 16:29 - 00000000 ____D () C:\Users\Win7\Documents\Max Payne 2 Savegames
2014-09-11 22:05 - 2013-09-25 15:42 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-11 21:59 - 2014-08-14 15:44 - 00000000 ____D () C:\Users\Win7\Documents\Max Payne Savegames
2014-09-11 15:53 - 2014-06-10 15:48 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3082891877-3912192116-947350551-1000Core.job
2014-09-11 02:30 - 2014-03-05 21:42 - 00000000 ____D () C:\Users\Win7\Desktop\eskiler ve mal mal selfieler
2014-09-11 02:27 - 2013-10-12 10:29 - 00000000 ____D () C:\Users\Win7\Desktop\Miimler
2014-09-09 14:30 - 2013-07-19 15:47 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-09 13:20 - 2014-09-03 15:57 - 00000222 _____ () C:\Users\Win7\BullseyeCoverageError.txt
2014-09-09 01:06 - 2013-07-19 16:05 - 00000000 ____D () C:\Users\Win7\AppData\Roaming\Skype
2014-09-08 17:12 - 2013-09-22 22:33 - 00000000 ____D () C:\Users\Win7\Desktop\Kullanılmayan kısa yollar
2014-09-08 17:09 - 2014-05-27 16:24 - 00003092 _____ () C:\Windows\System32\Tasks\ASC7_PerformanceMonitor
2014-09-08 17:09 - 2014-05-27 16:24 - 00002884 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-09-08 17:09 - 2014-05-27 16:24 - 00002852 _____ () C:\Windows\System32\Tasks\ASC7_SkipUac_Win7
2014-09-08 17:09 - 2014-05-27 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-09-08 17:08 - 2013-09-22 22:27 - 00000000 ____D () C:\Users\Win7\Desktop\piççırs
2014-09-08 15:58 - 2014-09-08 15:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-08 03:28 - 2014-07-18 02:42 - 00000000 ____D () C:\Users\Win7\Desktop\Yazılarım
2014-09-07 04:57 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\rescache
2014-09-06 20:44 - 2009-07-14 07:45 - 00416688 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-06 19:27 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-09-06 19:27 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-09-06 17:51 - 2014-09-06 17:51 - 00000663 _____ () C:\Users\Win7\Desktop\Müzikler - Kısayol.lnk
2014-09-06 17:25 - 2014-09-06 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-06 17:25 - 2014-09-06 17:25 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-06 17:25 - 2014-09-06 17:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-06 16:57 - 2013-09-14 22:58 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-09-06 14:07 - 2013-09-16 18:08 - 00000000 ____D () C:\Users\Win7\Documents\My Games
2014-09-06 13:07 - 2014-08-18 04:08 - 00000000 ____D () C:\Users\Win7\Documents\Electronic Arts
2014-09-06 12:50 - 2013-10-13 16:49 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-09-06 12:48 - 2013-09-24 15:48 - 00000000 ____D () C:\Users\Win7\AppData\Roaming\DAEMON Tools Lite
2014-09-06 04:37 - 2014-09-06 04:37 - 05500776 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-09-06 04:37 - 2014-09-06 04:37 - 03957608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-09-06 04:37 - 2014-09-06 04:37 - 03902312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-09-06 04:36 - 2014-09-06 04:36 - 03150848 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-06 04:36 - 2014-09-06 04:36 - 02003968 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-09-06 04:36 - 2014-09-06 04:36 - 01880064 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-09-06 04:36 - 2014-09-06 04:36 - 01656688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-09-06 04:36 - 2014-09-06 04:36 - 01389568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-09-06 04:36 - 2014-09-06 04:36 - 01236992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-09-06 04:36 - 2014-09-06 04:36 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-06 04:36 - 2014-09-06 04:36 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-06 04:35 - 2014-09-06 04:35 - 01895280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-09-06 04:35 - 2014-09-06 04:35 - 01837568 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-06 04:35 - 2014-09-06 04:35 - 01541120 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-09-06 04:35 - 2014-09-06 04:35 - 01460224 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-09-06 04:35 - 2014-09-06 04:35 - 01170944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-06 04:35 - 2014-09-06 04:35 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-09-06 04:35 - 2014-09-06 04:35 - 01074176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-09-06 04:35 - 2014-09-06 04:35 - 00902656 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-09-06 04:35 - 2014-09-06 04:35 - 00739840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-09-06 04:35 - 2014-09-06 04:35 - 00320512 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-09-06 04:35 - 2014-09-06 04:35 - 00218624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-09-06 04:35 - 2014-09-06 04:35 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-09-06 04:35 - 2014-09-06 04:35 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-09-06 04:35 - 2014-09-06 04:35 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-09-06 04:35 - 2014-09-06 04:35 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-09-06 04:35 - 2014-09-06 04:35 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-09-06 04:35 - 2014-09-06 04:35 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-09-06 04:35 - 2014-09-06 04:35 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-09-06 04:34 - 2014-09-06 04:34 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-09-06 04:34 - 2014-09-06 04:34 - 00861184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-09-06 04:34 - 2014-09-06 04:34 - 00740864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-09-06 04:34 - 2014-09-06 04:34 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-09-06 04:34 - 2014-09-06 04:34 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-09-06 04:34 - 2014-09-06 04:34 - 00367104 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-09-06 04:34 - 2014-09-06 04:34 - 00294912 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-09-06 04:34 - 2014-09-06 04:34 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-09-06 04:34 - 2014-09-06 04:34 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-09-06 04:34 - 2014-09-06 04:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The SIMS 4 Deluxe Edition
2014-09-06 04:33 - 2014-09-06 04:33 - 00714752 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-06 04:33 - 2014-09-06 04:33 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-06 04:33 - 2014-09-06 04:33 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-09-06 04:33 - 2014-09-06 04:33 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-09-06 04:33 - 2014-09-06 04:33 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2014-09-06 04:33 - 2014-09-06 04:33 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-09-06 04:33 - 2014-09-06 04:33 - 00314368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2014-09-06 04:33 - 2014-09-06 04:33 - 00286720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-09-06 04:33 - 2014-09-06 04:33 - 00224256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-09-06 04:33 - 2014-09-06 04:33 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-09-06 04:33 - 2014-09-06 04:33 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-09-06 04:33 - 2014-09-06 04:33 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-09-06 04:33 - 2014-09-06 04:33 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-09-06 04:33 - 2014-09-06 04:33 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-09-05 20:04 - 2014-09-04 00:15 - 00000000 ____D () C:\Users\Win7\Desktop\sanic
2014-09-05 18:52 - 2014-09-05 18:52 - 00000000 ____D () C:\Users\Win7\AppData\Roaming\MonoDevelop-Unity-4.0
2014-09-05 18:06 - 2014-05-11 19:16 - 00000000 ____D () C:\ProgramData\Unity
2014-09-04 00:40 - 2014-07-04 20:19 - 00000000 ____D () C:\Users\Win7\AppData\Local\Adobe
2014-09-04 00:40 - 2014-03-16 12:24 - 00000132 _____ () C:\Users\Win7\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-09-04 00:25 - 2014-05-11 19:24 - 00000000 ____D () C:\Users\Win7\Desktop\Tasarım programları
2014-09-03 15:57 - 2013-09-26 21:25 - 00000000 ____D () C:\Users\Win7\AppData\Local\Unity
2014-09-03 15:57 - 2013-07-19 15:14 - 00000000 ____D () C:\Users\Win7
2014-09-03 15:56 - 2014-09-03 15:56 - 00000655 _____ () C:\Users\Public\Desktop\Unity.lnk
2014-09-03 15:56 - 2014-05-11 18:01 - 00000000 ____D () C:\Users\Public\Documents\Unity Projects
2014-09-03 15:56 - 2014-05-11 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity
2014-09-02 13:40 - 2014-05-04 23:38 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-08-30 17:13 - 2014-08-30 17:06 - 00000000 ____D () C:\Program Files (x86)\DOSBox-0.74
2014-08-30 17:10 - 2014-08-30 17:10 - 00000000 ____D () C:\Users\Win7\AppData\Local\DOSBox
2014-08-30 17:06 - 2014-08-30 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
2014-08-29 22:33 - 2014-08-29 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu!
2014-08-28 23:01 - 2014-08-28 23:01 - 00000523 _____ () C:\Windows\0000000000000000_crash.json
2014-08-28 13:37 - 2014-08-28 13:37 - 00941272 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-08-28 13:37 - 2014-08-28 13:37 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-08-28 13:37 - 2013-07-19 15:20 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2014-08-28 13:27 - 2009-07-14 08:08 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-25 10:45 - 2014-08-25 10:45 - 00000862 _____ () C:\Windows\SysWOW64\2014-08-25_10-45-32_League of Legends.log
2014-08-25 10:45 - 2014-08-25 10:45 - 00000862 _____ () C:\Windows\SysWOW64\2014-08-25_10-45-23_League of Legends.log
2014-08-25 10:45 - 2014-08-25 10:45 - 00000523 _____ () C:\Windows\SysWOW64\0000000000000000_crash.json
2014-08-21 17:58 - 2014-08-14 15:14 - 00000000 ____D () C:\Users\Win7\AppData\Local\Quickscope_Simulator
2014-08-21 13:34 - 2014-06-11 13:31 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-08-20 21:42 - 2014-08-20 21:41 - 00005120 _____ () C:\Users\Win7\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-20 21:40 - 2014-08-20 21:39 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-08-20 21:39 - 2014-08-20 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-08-20 21:32 - 2014-08-20 21:32 - 00356352 _____ (eSellerate Inc.) C:\Windows\eSellerateEngine.dll
2014-08-18 04:21 - 2014-08-18 04:21 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-08-18 03:29 - 2014-06-09 20:36 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-18 00:01 - 2014-02-11 17:12 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-08-17 21:51 - 2013-10-14 02:10 - 00000000 ____D () C:\Users\Win7\Documents\EA Games
2014-08-17 21:50 - 2014-08-17 21:50 - 00000000 ____D () C:\Users\Win7\AppData\Local\EA Games
2014-08-17 13:25 - 2014-08-17 13:25 - 00000000 ____D () C:\Users\Win7\Documents\Wolverine
2014-08-17 13:05 - 2014-08-17 13:05 - 00000000 __SHD () C:\Windows\ftpcache
2014-08-15 15:30 - 2014-08-15 15:30 - 00000000 ____D () C:\ProgramData\Rockstar Games
2014-08-15 15:30 - 2014-07-06 17:46 - 00000000 ____D () C:\Users\Win7\Documents\Rockstar Games
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-06 05:00
 
==================== End Of Log ============================

 

Attached Files

  • Attached File  FRST.txt   48.14KB   2 downloads


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 AM

Posted 14 September 2014 - 03:30 PM

Hello  Dogusmen and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

 

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.
 

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.

 

  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks

 

---------------------------------------------------------------------------------------------------------------------------------------

 

Not the addition.txt

Addition.txt is produced only the first time FRST is run. FRST saves its logs in this location:

C:\FRST\Logs\

See if Addition.txt is saved there. If yes, please attach it.

If not, run FRST again, when the console opens check Addition.txt box only, and click scan. It should produce the Addition.txt.

 

 

Sincerely

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 Dogusmen

Dogusmen
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 14 September 2014 - 03:42 PM

Dear Yılmaz,I am Turkish too if you can help me from private message that would be great :D,anyways this is my addition.txt

Attached Files



#4 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 AM

Posted 14 September 2014 - 03:53 PM

Hi Dogusmen

OK. I understand

I am reviewing your logfiles and I'll write tomorrow answer.


Sincerely

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 AM

Posted 15 September 2014 - 05:36 AM

Hi Dogusmen,
 

127.0.0.1 mpa.one.microsoft.com
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe

I'm sorry but this computer is actively running software designed to steal and pirate software from Microsoft.
 
--------------------------------------------------
 
Uninstall/remove all entries related to 10Bit or Advanced System Care, that program has dubious history..

Personally I would not trust installing any software from a company that resorts to stealing someone's technology to sell their product. Please see the following links and make up your own mind if you want to keep this on your system. If needed I can help you remove it.

IOBit Steals Malwarebytes' Intellectual Property
IOBit's Denial of Theft Unconvincing
IOBit Theft Conclusion
IObit: Trusting Your Antivirus Vendor
Malwarebytes: IObit Stole Our Signatures Database
IObit accused of stealing from Malwarebytes
http://shanegowland....-sucky-company/
 
-----------------------------------------------------------------
 
Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

 

IObit\Driver Booster
IObit Apps Toolbar
IObit Uninstaller
Advanced SystemCare
Hotspot Shield
Mozilla Maintenance Service

--------------
 
Uninstalling a Program:

  • Click "start" on the taskbar and then click on the "Control Panel" icon.
  • Please double-click the "Add or Remove Programs" icon.
  • A list of programs installed will be "populated", this may take a bit of time.
  • If they exist, uninstall the following by clicking on the following entries and selecting "remove":

----------------------------------------------------------------------------------------------------------------------------------------------
 
Please do the following,
 
Step 1:
 
Run FRST fixlist
 
Please open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
Save it to the Desktop, and name it: fixlist.txt
 

start
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015
Task: {9051B197-C8C5-4251-9390-EA8995E1313E} - \AutoKMS No Task File <==== ATTENTION
Task: {F5AEB049-7550-4043-8ADF-3D507B50B9B0} - \AutoKMSDaily No Task File <==== ATTENTION
HKU\S-1-5-21-3082891877-3912192116-947350551-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.us.com/?guid={22F71459-11F1-4B04-A30D-F07699CF1B3B}
SearchScopes: HKCU - {2E6227F1-7E8C-457C-9573-CE7DD99F8A4C} URL = http://search.us.com/serp?guid={22F71459-11F1-4B04-A30D-F07699CF1B3B}&k={searchTerms}
SearchScopes: HKCU - {A4572DD2-BCED-49CD-925D-CAA85D413500} URL = http://search.us.com/serp?guid={758565E0-9A8B-4D02-904A-381629AA75D1}&action=default_search&serpv=5&k={searchTerms}
SearchScopes: HKCU - {C7663EA4-E833-4D34-94E5-3173D185CC53} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10583
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF ProfilePath: C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\clxx9rch.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF user.js: detected! => C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\clxx9rch.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yandex-tr.xml
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com [2014-01-21]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2013-12-23]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
CHR HomePage: Default -> B17FF304FA71156B2AD7465B5FAE0230945B4657981C7C4B7E70B653495261D6
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe
CMD: netsh advfirewall reset /c
CMD: netsh advfirewall set allprofiles state ON /c
CMD: ipconfig /flushdns /c
CMD: netsh winsock reset catalog /c
CMD: netsh int ip reset c:\resetlog.txt  /c
CMD: ipconfig /release /c
CMD: ipconfig /renew /c
Emptytemp:
Hosts:
End

NOTICE: This script is written specifically for this computer!!!
Running this on another computer may cause damage to the Operating System.

Now, please run FRST, and press the Fix button, just once, and wait.

When done, the tool creates a report on the Desktop called: Fixlog.txt

>> Please post the Fixlog.txt in your reply.
 
Step 2:
 
Scan with Malwarebytes Antimalware

  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard, then click on Scan Now to start the scan.
  • If Malware or Potentially Unwanted Programs ''PUPs'' are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.
  • A window with an option to view the detailed log will appear. Click on "View Detailed Log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 Dogusmen

Dogusmen
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 15 September 2014 - 07:40 AM

Dear Yılmaz,Thanks for helping me your code worked well,Actually i didnt installed windows,i gave to my friend he did format for me :/,and i was using torrent to download games for my PS2 there are no places selling too much PS2 games :( anyways i removed Hotspot and mozilla.Thanks again ^_^



#7 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 AM

Posted 15 September 2014 - 08:31 AM

OK. Thank you for information.

 

Please run FRST script and MlawareBytes.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 Dogusmen

Dogusmen
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 15 September 2014 - 09:30 AM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 15.09.2014
Scan Time: 17:19:53
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.15.07
Rootkit Database: v2014.09.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7
CPU: x64
File System: NTFS
User: Win7
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 317978
Time Elapsed: 8 min, 10 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Attached Files



#9 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 AM

Posted 15 September 2014 - 10:28 AM

Hi Dogusmen,

 

Please do the following.

 

Please be sure to run our tools with administrator rights.

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 Dogusmen

Dogusmen
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 15 September 2014 - 12:55 PM

ComboFix 14-09-16.01 - Win7 15.09.2014  20:46:46.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1254.90.1055.18.8081.6107 [GMT 3:00]
Running from: c:\users\Win7\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-15 to 2014-09-15  )))))))))))))))))))))))))))))))
.
.
2014-09-15 17:51 . 2014-09-15 17:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-14 17:14 . 2014-09-15 13:51 -------- d-----w- C:\FRST
2014-09-14 16:53 . 2014-09-14 16:53 -------- d-----w- c:\programdata\Malwarebytes
2014-09-13 17:46 . 2014-09-13 17:46 -------- d-----w- c:\program files (x86)\Enigma Software Group
2014-09-13 17:16 . 2014-09-13 17:16 -------- d-----w- c:\program files\Enigma Software Group
2014-09-13 11:30 . 2014-09-13 11:30 -------- d-----w- c:\users\Win7\AppData\Local\CAPCOM
2014-09-13 11:09 . 2014-09-13 11:09 -------- d-----w- c:\program files\iPod
2014-09-13 11:09 . 2014-09-13 11:09 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-13 11:09 . 2014-09-13 11:09 -------- d-----w- c:\program files\iTunes
2014-09-13 11:09 . 2014-09-13 11:09 -------- d-----w- c:\program files (x86)\iTunes
2014-09-13 02:14 . 2014-09-13 02:14 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1025CF53-7E0F-46AF-83F8-D444B1B6E8E8}\offreg.dll
2014-09-06 14:25 . 2014-09-06 14:25 -------- d-----w- c:\program files\Microsoft Silverlight
2014-09-06 14:25 . 2014-09-06 14:25 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-09-06 01:37 . 2014-09-06 01:37 5500776 ----a-w- c:\windows\system32\ntoskrnl.exe
2014-09-06 01:37 . 2014-09-06 01:37 3957608 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2014-09-06 01:37 . 2014-09-06 01:37 3902312 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2014-09-06 01:36 . 2014-09-06 01:36 3150848 ----a-w- c:\windows\system32\win32k.sys
2014-09-06 01:36 . 2014-09-06 01:36 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-06 01:36 . 2014-09-06 01:36 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-06 01:36 . 2014-09-06 01:36 1656688 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-09-06 01:36 . 2014-09-06 01:36 2003968 ----a-w- c:\windows\system32\msxml6.dll
2014-09-06 01:36 . 2014-09-06 01:36 1880064 ----a-w- c:\windows\system32\msxml3.dll
2014-09-06 01:36 . 2014-09-06 01:36 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2014-09-06 01:36 . 2014-09-06 01:36 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-09-06 01:34 . 2014-09-06 01:34 499712 ----a-w- c:\windows\system32\drivers\afd.sys
2014-09-06 01:34 . 2014-09-06 01:34 861184 ----a-w- c:\windows\system32\oleaut32.dll
2014-09-06 01:34 . 2014-09-06 01:34 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-09-06 01:34 . 2014-09-06 01:34 46080 ----a-w- c:\windows\system32\atmlib.dll
2014-09-06 01:34 . 2014-09-06 01:34 367104 ----a-w- c:\windows\system32\atmfd.dll
2014-09-06 01:34 . 2014-09-06 01:34 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2014-09-06 01:34 . 2014-09-06 01:34 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2014-09-06 01:34 . 2014-09-06 01:34 976896 ----a-w- c:\windows\system32\inetcomm.dll
2014-09-06 01:34 . 2014-09-06 01:34 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2014-09-05 15:52 . 2014-09-05 15:52 -------- d-----w- c:\users\Win7\AppData\Roaming\MonoDevelop-Unity-4.0
2014-09-01 02:13 . 2014-09-01 02:13 -------- d-----w- c:\users\Win7\AppData\Roaming\HeroesAndGeneralsDesktop
2014-08-30 14:10 . 2014-08-30 14:10 -------- d-----w- c:\users\Win7\AppData\Local\DOSBox
2014-08-30 14:06 . 2014-08-30 14:13 -------- d-----w- c:\program files (x86)\DOSBox-0.74
2014-08-29 00:02 . 2014-06-04 12:17 34080 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2014-08-28 10:37 . 2014-08-28 10:37 941272 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2014-08-28 10:37 . 2014-08-28 10:37 73800 ----a-w- c:\windows\system32\RtNicProp64.dll
2014-08-20 18:40 . 2014-08-20 18:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2014-08-20 18:40 . 2014-08-20 18:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2014-08-20 18:40 . 2014-08-20 18:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2014-08-20 18:40 . 2014-08-20 18:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2014-08-20 18:40 . 2014-08-20 18:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2014-08-20 18:39 . 2014-08-20 18:40 -------- d-----w- c:\program files (x86)\QuickTime
2014-08-20 18:32 . 2014-08-20 18:32 356352 ----a-w- c:\windows\eSellerateEngine.dll
2014-08-20 18:31 . 2001-02-20 00:47 140288 ----a-w- c:\windows\SysWow64\COMDLG32.OCX
2014-08-18 01:21 . 2014-08-18 01:21 -------- d-----w- c:\program files (x86)\Origin Games
2014-08-17 18:50 . 2014-08-17 18:50 -------- d-----w- c:\users\Win7\AppData\Local\EA Games
2014-08-17 10:22 . 2008-07-12 05:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2014-08-17 10:22 . 2008-07-12 05:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2014-08-17 10:22 . 2008-07-12 05:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
2014-08-17 10:22 . 2008-07-12 05:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2014-08-17 10:22 . 2008-07-12 05:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2014-08-17 10:22 . 2008-07-12 05:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2014-08-17 10:05 . 2014-08-17 10:05 -------- d-sh--w- c:\windows\ftpcache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-13 19:29 . 2013-09-14 19:54 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-13 19:29 . 2013-09-14 19:54 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-28 10:37 . 2013-07-19 12:20 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2014-08-19 19:22 . 2012-07-17 11:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-14 20:20 . 2013-07-19 12:47 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-08-14 20:20 . 2014-08-14 20:20 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-14 20:20 . 2014-08-14 20:20 43152 ----a-w- c:\windows\avastSS.scr
2014-08-14 20:20 . 2014-03-23 22:08 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-08-14 20:20 . 2013-07-19 12:47 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-08-14 20:20 . 2013-07-19 12:47 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-14 20:20 . 2013-07-19 12:47 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-14 20:20 . 2013-07-19 12:47 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-08-14 20:20 . 2013-07-19 12:47 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-14 20:20 . 2013-07-19 12:47 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-08-14 11:09 . 2014-08-14 11:09 581248 ----a-w- c:\windows\flashax.exe
2014-08-14 11:09 . 2014-08-14 11:09 12288 ----a-w- c:\windows\impborl.dll
2014-08-09 10:31 . 2014-08-09 10:31 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-07 20:33 . 2014-08-07 20:33 2101848 ----a-w- c:\windows\system32\WavesGUILib64.dll
2014-08-07 20:33 . 2014-08-07 20:33 628952 ----a-w- c:\windows\system32\RtDataProc64.dll
2014-08-07 20:33 . 2014-08-07 20:33 3962840 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2014-08-07 20:33 . 2014-08-07 20:33 2834648 ----a-w- c:\windows\system32\RtPgEx64.dll
2014-08-07 20:33 . 2014-08-07 20:33 1959128 ----a-w- c:\windows\system32\RTSnMg64.cpl
2014-08-07 20:33 . 2014-08-07 20:33 1022168 ----a-w- c:\windows\system32\RtkApi64.dll
2014-08-07 20:33 . 2014-08-07 20:33 2800344 ----a-w- c:\windows\system32\RltkAPO64.dll
2014-08-07 20:33 . 2014-08-07 20:33 60636160 ----a-w- c:\windows\system32\RCoRes64.dat
2014-08-07 20:33 . 2014-08-07 20:33 948952 ----a-w- c:\windows\system32\RCoInstII64.dll
2014-08-07 20:33 . 2014-08-07 20:33 1934424 ----a-w- c:\windows\system32\MaxxAudioRealtek264.dll
2014-08-07 20:33 . 2014-08-07 20:33 14863448 ----a-w- c:\windows\system32\MaxxAudioRealtek64.dll
2014-08-07 20:33 . 2014-08-07 20:33 2041432 ----a-w- c:\windows\system32\MaxxAudioEQ64.dll
2014-08-07 20:33 . 2014-08-07 20:33 1063512 ----a-w- c:\windows\system32\MaxxAudioAPOShell64.dll
2014-08-07 20:33 . 2014-08-07 20:33 6218072 ----a-w- c:\windows\system32\DDPP64A.dll
2014-08-07 20:33 . 2014-08-07 20:33 315736 ----a-w- c:\windows\system32\DDPO64A.dll
2014-08-07 20:33 . 2014-08-07 20:33 261464 ----a-w- c:\windows\system32\DDPA64.dll
2014-08-07 20:33 . 2014-08-07 20:33 1939800 ----a-w- c:\windows\system32\DDPD64A.dll
2014-07-06 14:44 . 2014-07-06 14:44 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2014-07-05 12:08 . 2014-07-05 12:08 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2014-07-03 00:59 . 2014-07-03 00:59 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2014-07-03 00:58 . 2014-07-03 00:58 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-07-03 00:58 . 2014-07-03 00:58 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-07-03 00:58 . 2014-07-03 00:58 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-07-03 00:58 . 2014-07-03 00:58 424960 ----a-w- c:\windows\system32\KernelBase.dll
2014-07-03 00:58 . 2014-07-03 00:58 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-07-03 00:58 . 2014-07-03 00:58 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 338432 ----a-w- c:\windows\system32\conhost.exe
2014-07-03 00:58 . 2014-07-03 00:58 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-07-03 00:58 . 2014-07-03 00:58 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2009-07-14 . E573BD9AB55C8E333C202B9E255F972E . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2013-07-19 . 2C9CC9F492CA596B1B9FC1AE5E916356 . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-08-28 1939136]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"LightShot"="c:\users\Win7\AppData\Local\Skillbrains\lightshot\Lightshot.exe" [2014-06-18 226560]
"Advanced SystemCare 7"="c:\program files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" [2014-08-22 2281248]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2014-08-20 55568]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2014-08-30 3600216]
"DrvUpdater"="c:\users\Win7\AppData\Roaming\DRPSu\DrvUpdater.exe" [2012-12-23 195256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-02-04 3813712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-14 4085896]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 esgiguard;esgiguard;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
R3 SRS_HDAL_Service;HD Audio Lab;c:\windows\system32\drivers\SRS_HDAL_amd64.sys;c:\windows\SYSNATIVE\drivers\SRS_HDAL_amd64.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S3 iusb3hub;Intel® USB 3.0 Hub Sürücüsü;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 Genişletilebilir Ana Bilgisayar Denetleyici Sürücüsü;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-12 17:39 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-14 19:29]
.
2014-09-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3082891877-3912192116-947350551-1000Core.job
- c:\users\Win7\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-10 12:48]
.
2014-09-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3082891877-3912192116-947350551-1000UA.job
- c:\users\Win7\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-10 12:48]
.
2014-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-19 12:47]
.
2014-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-19 12:47]
.
2014-09-15 c:\windows\Tasks\update-S-1-5-21-3082891877-3912192116-947350551-1000.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2013-10-19 15:44]
.
2014-09-15 c:\windows\Tasks\update-sys.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2013-10-19 15:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-09-08 14:09 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-14 20:20 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-04-15 10396440]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-08-07 13672152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Microsoft Excel'e &Ver - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: OneNote'a G&önder - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{A8386A40-5C83-4484-8B21-5521033D29AD}: NameServer = 77.88.8.8,77.88.8.1
TCP: Interfaces\{A8386A40-5C83-4484-8B21-5521033D29AD}\0516D657B6B616C6560233530205B402034303: NameServer = 77.88.8.8,77.88.8.1
TCP: Interfaces\{A8386A40-5C83-4484-8B21-5521033D29AD}\245435B41425445435C45425: NameServer = 77.88.8.8,77.88.8.1
TCP: Interfaces\{A8386A40-5C83-4484-8B21-5521033D29AD}\34544594E4B4149514: NameServer = 77.88.8.8,77.88.8.1
TCP: Interfaces\{A8386A40-5C83-4484-8B21-5521033D29AD}\6696271647: NameServer = 77.88.8.8,77.88.8.1
FF - ProfilePath - 
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3082891877-3912192116-947350551-1000\Software\SecuROM\License information*]
"datasecu"=hex:32,d0,a8,87,95,69,ad,2b,6a,ef,3e,86,c6,a8,c5,df,2a,10,f8,9f,7a,
   d0,62,4e,7f,25,d5,c0,34,30,fc,a9,b7,3a,54,e2,63,87,eb,af,36,a9,94,82,54,f6,\
"rkeysecu"=hex:f6,3b,13,83,78,39,ca,8f,05,c0,ea,50,a0,97,ad,66
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
c:\users\Win7\AppData\Local\Skillbrains\lightshot\5.1.4.9\Lightshot.exe
c:\program files (x86)\Steam\bin\steamwebhelper.exe
.
**************************************************************************
.
Completion time: 2014-09-15  20:54:07 - machine was rebooted
ComboFix-quarantined-files.txt  2014-09-15 17:54
.
Pre-Run: 9.025.327.104 bayt boş
Post-Run: 8.701.550.592 bayt boş
.
- - End Of File - - BB9B83BD2B2017BAE3FEC738AA57E227
A36C5E4F47E84449FF07ED3517B43A31
 


#11 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 AM

Posted 15 September 2014 - 01:51 PM

Hi Dogusmen,

Step1:

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step2:

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step3:

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

Sincerely


Edited by olgun52, 02 October 2015 - 07:51 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 Dogusmen

Dogusmen
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 16 September 2014 - 09:41 AM

These are my logs,And i dont have s1 log for adwcleaner :(

Attached Files



#13 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 AM

Posted 16 September 2014 - 10:35 AM

Hi Dogusmen,

 

Delete files:

  • Copy all text in the code box (below)...to Notepad.
@echo off
rd /s /q "C:\AdwCleaner\"
del /f /s /q "C:\ProgramData\IObit\ASCDownloader\ASCSetup.exe"
del /f /s /q "C:\Users\All Users\IObit\ASCDownloader\ASCSetup.exe"
del /f /s /q "C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000"
del /f /s /q "C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000"
del /f /s /q "C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000000"
del /f /s /q "C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000000	"
del %0  
  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
  • It should look like this: batfileicon.gif<--XPvista_bat_icon.png<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

-------------------------------------------------------------------------------------------

 

How is the system running now and  any problems?


Edited by olgun52, 16 September 2014 - 10:35 AM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 Dogusmen

Dogusmen
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 16 September 2014 - 11:40 AM

No more virüs and runnig fast,Thanks to you ^_^ You helped me and teach me a lot Thanks !



#15 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 AM

Posted 16 September 2014 - 05:39 PM

Hi Dogusmen,

 

Thank you for your patience
 
Please do the following:

 
''Congratulations! You now appear clean!''
 
 
In any case please download delfix to your desktop.

  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

You can do fllowing:
 
The easiest and safest way to do this is:

  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

to remove all but the most recently created Restore Point.

  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.
  •  

:step1: Internet Explorer. Even if you don't use it as your main browser it should be kept up-to-date because that is the browser Windows uses for updates.

Make your Internet Explorer more secure - This can be done by following these simple instructions:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

:step2:  FireFox. If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure:
 
NoScript
AdBlock Plus

:step3:  Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:

  • Open Internet Explorer
  • Click on Tools > Internet Options
  • Press Security tab
  • Select Internet zone then place check next to Enable Protected Mode if not already done
  • Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
  • Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.

:step4:  Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
 
:step5: One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:step6: ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

 

 

Best regards - Selamlar.

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users