Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

gameharbor problem


  • This topic is locked This topic is locked
16 replies to this topic

#1 saenokda

saenokda

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 16 September 2014 - 02:58 PM

Hello,

Gameharbor's been bugging me for weeks, if not for months. I looked at the other topics about the same problem, and I guess I'm having exactly the same thing: gameharbor pops open on my browser at startup.

 

I've followed the instructions about how to get logs and post them. Please do tell me if I missed something.

 

Thank you for your time.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.67.2
Run by PC at 22:46:30 on 2014-09-16
Microsoft Windows 8 Single Language  6.2.9200.0.1254.90.1055.18.6036.4216 [GMT 3:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\rundll32.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\dashost.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Settings\sSettings.exe
C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\igfxext.exe
C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Samsung\S Agent\CommonAgent.exe
C:\Users\PC\AppData\Local\Akamai\netsession_win.exe
C:\Users\PC\AppData\Local\Akamai\netsession_win.exe
C:\Users\PC\AppData\Local\FluxSoftware\Flux\flux.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Raptr\raptr.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Raptr\raptr_im.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Raptr\raptr_ep64.exe
C:\windows\explorer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\SysWOW64\WerFault.exe
C:\Program Files\Samsung\Recovery\WCScheduler.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uDefault_Page_URL = www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Akamai NetSession Interface] "C:\Users\PC\AppData\Local\Akamai\netsession_win.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [f.lux] "C:\Users\PC\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [CMD] cmd.exe /c start http://extendedunlimited.org && exit
uRun: [Raptr] C:\Program Files (x86)\Raptr\raptrstub.exe --startup
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [AdobeCEPServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mExplorerRun: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
StartupFolder: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk - C:\Program Files\Rainmeter\Rainmeter.exe
mPolicies-System: DisableCAD = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
TCP: Interfaces\{0E200691-9D46-4C8C-AC07-C9FCA78B7F6F} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0E200691-9D46-4C8C-AC07-C9FCA78B7F6F}\14962745965637F514962753434333F553662313 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{0E200691-9D46-4C8C-AC07-C9FCA78B7F6F}\2494C47494D2E45647 : DHCPNameServer = 194.27.149.19 194.27.149.24
TCP: Interfaces\{0E200691-9D46-4C8C-AC07-C9FCA78B7F6F}\371656E6F6B64616 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{0E200691-9D46-4C8C-AC07-C9FCA78B7F6F}\4557E616F5E45647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{110682DF-F6E2-438A-814C-38B2893ED3EA} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BC85520C-45EC-4559-904F-512101DD9941} : DHCPNameServer = 172.20.10.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-Run: [Bitcasa] C:\Program Files\Bitcasa\Bitcasa.exe /startup
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-ExplorerRun: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-mPolicies-System: DisableCAD = dword:1
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\System32\CbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\System32\CbFsMntNtf3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\12jc7g7h.default\
FF - prefs.js: browser.search.selectedEngine - netmahal
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonEU\NGM\npnxgameEU.dll
FF - plugin: C:\Users\PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R?2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-3-19 364416]
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\windows\System32\Drivers\amdkmpfd.sys [2014-9-14 36608]
R0 aswRvrt;avast! Revert;C:\windows\System32\Drivers\aswRvrt.sys [2013-11-27 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\Drivers\aswVmm.sys [2013-11-27 224896]
R0 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\windows\System32\Drivers\btath_bus.sys [2014-9-13 35016]
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2014-9-13 633704]
R1 aswSnx;aswSnx;C:\windows\System32\Drivers\aswsnx.sys [2014-5-15 1041168]
R1 aswSP;aswSP;C:\windows\System32\Drivers\aswsp.sys [2014-7-13 427360]
R1 cbfs3;cbfs3;C:\windows\System32\Drivers\cbfs3.sys [2013-3-19 352456]
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2013-3-19 92536]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\Drivers\dtsoftbus01.sys [2013-10-13 283064]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2014-9-14 239616]
R2 aswHwid;avast! HardwareID;C:\windows\System32\Drivers\aswHwid.sys [2014-5-9 29208]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\Drivers\aswMonFlt.sys [2013-11-27 79184]
R2 aswStm;aswStm;C:\windows\System32\Drivers\aswstm.sys [2014-5-15 92008]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2014-1-7 318592]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-7-13 50344]
R2 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2014-1-24 3105144]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2014-5-21 2135232]
R2 Easy Launcher;Easy Launcher;C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [2014-1-29 1593152]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-3-19 14904]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-3-19 128896]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-3-19 165760]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-12-10 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-12-10 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-12-10 171416]
R2 StartMenuService;StartMenu8 Service;C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [2014-8-11 72992]
R2 SWUpdateService;SW Update Service;C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [2014-4-4 3020632]
R2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2014-1-7 323584]
R3 bcmsmbsp;SMBus Controller Service;C:\windows\System32\Drivers\bcmsmbsp.sys [2014-9-13 40152]
R3 IntcDAud;Intel® Ekran İçin Ses;C:\windows\System32\Drivers\IntcDAud.sys [2014-9-13 453872]
R3 RadioHIDMini;Radio HID Mini-driver;C:\windows\System32\Drivers\RadioHIDMini.sys [2012-11-13 23408]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2014-9-13 873688]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\windows\System32\Drivers\btath_flt.sys [2014-1-7 89800]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2014-1-6 49152]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\Drivers\btath_a2dp.sys [2014-1-7 338120]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\windows\System32\Drivers\btath_avdt.sys [2014-1-7 116424]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\Drivers\btath_hcrp.sys [2014-1-7 179432]
S3 BTATH_HID;Bluetooth HID Device;C:\windows\System32\Drivers\btath_hid.sys [2014-1-7 223432]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\Drivers\btath_lwflt.sys [2014-1-7 77464]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\Drivers\btath_rcp.sys [2014-1-7 137928]
S3 BtFilter;BtFilter;C:\windows\System32\Drivers\btfilter.sys [2014-1-7 597192]
S3 BthLEEnum;Bluetooth Düşük Enerji Sürücüsü;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2013-12-28 131912]
S3 intelkmd;intelkmd;C:\windows\System32\Drivers\igdpmd64.sys [2012-9-17 5338848]
S3 iumsvc;Intel® Update Manager;C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-2-28 174368]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\System32\Drivers\netaapl64.sys [2013-7-25 23040]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUVStor.sys [2013-3-19 315536]
S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2013-10-25 13480]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-09-16 17:41:02 33512 ----a-w- C:\windows\SysWow64\drivers\TrueSight.sys
2014-09-16 17:41:01 -------- d-----w- C:\ProgramData\RogueKiller
2014-09-15 06:58:44 -------- d-----w- C:\Program Files (x86)\Strife
2014-09-14 15:50:03 -------- d-----w- C:\Users\PC\AppData\Roaming\library_dir
2014-09-14 15:46:44 -------- d-----w- C:\Users\PC\AppData\Roaming\Raptr
2014-09-14 15:46:44 -------- d-----w- C:\Program Files (x86)\Raptr
2014-09-14 15:46:35 -------- d-----w- C:\ProgramData\AMD
2014-09-14 15:46:33 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2014-09-14 15:46:33 -------- d-----w- C:\Program Files (x86)\AMD AVT
2014-09-14 15:42:44 -------- d-----w- C:\Program Files\AMD
2014-09-13 23:01:52 13824 ----a-w- C:\windows\System32\ffnd.exe
2014-09-13 22:12:38 -------- d-----w- C:\Users\PC\AppData\Roaming\FreeFixer
2014-09-13 22:12:38 -------- d-----w- C:\Users\PC\AppData\Local\FreeFixer
2014-09-13 22:12:33 -------- d-----w- C:\Program Files\FreeFixer
2014-09-13 17:09:18 -------- d-----w- C:\Users\PC\AppData\Roaming\Launchy
2014-09-13 13:56:20 -------- d-----w- C:\Users\PC\AppData\Local\Clover
2014-09-13 07:28:58 -------- d-----w- C:\Program Files\x264vfw64
2014-09-13 07:27:59 3973120 ----a-w- C:\windows\System32\drivers\athw8x.sys
2014-09-13 07:27:29 453872 ----a-w- C:\windows\System32\drivers\IntcDAud.sys
2014-09-13 07:27:25 633704 ----a-w- C:\windows\System32\drivers\iaStorA.sys
2014-09-13 07:26:56 873688 ----a-w- C:\windows\System32\drivers\Rt630x64.sys
2014-09-13 07:26:56 73800 ----a-w- C:\windows\System32\RtNicProp64.dll
2014-09-13 07:26:31 -------- d-----w- C:\windows\LastGood.Tmp
2014-09-13 07:26:20 125952 ----a-w- C:\windows\System32\drivers\TeeDriverx64.sys
2014-09-13 07:26:19 40152 ----a-w- C:\windows\System32\drivers\bcmsmbsp.sys
2014-09-13 07:26:02 95096 ----a-w- C:\windows\System32\drivers\tosrfusb.sys
2014-09-13 07:26:00 35016 ----a-w- C:\windows\System32\drivers\btath_bus.sys
2014-09-13 07:25:59 40832 ----a-w- C:\windows\System32\drivers\TosBtCi.dll
2014-09-11 08:56:18 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-09-11 04:38:45 305832 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10246.bin
2014-09-10 19:59:31 705480 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-09-10 19:59:31 104904 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-10 01:48:58 875688 ----a-w- C:\windows\SysWow64\msvcr120_clr0400.dll
2014-09-10 01:48:57 869544 ----a-w- C:\windows\System32\msvcr120_clr0400.dll
2014-09-05 06:29:36 -------- d-----w- C:\windows\DEA314C409294250BC9298E4C105F28D.TMP
2014-09-05 06:16:56 -------- d-----w- C:\Program Files (x86)\WEBZEN
2014-09-04 09:54:16 -------- d-----w- C:\Program Files (x86)\Origin Games
2014-08-28 08:50:14 4036096 ----a-w- C:\windows\System32\win32k.sys
2014-08-25 14:03:31 536576 ----a-w- C:\windows\SysWow64\sqlite3.dll
2014-08-25 14:00:48 -------- d-----w- C:\AdwCleaner
2014-08-25 13:37:39 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-08-25 13:37:39 64216 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-08-25 13:37:39 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
.
==================== Find3M  ====================
.
2014-09-13 07:28:53 715038 ----a-w- C:\windows\unins000.exe
2014-09-09 17:42:28 10036224 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2014-09-02 15:22:10 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-08-28 06:05:35 35328 ----a-w- C:\windows\SysWow64\wuapp.exe
2014-08-28 06:05:17 86528 ----a-w- C:\windows\SysWow64\wudriver.dll
2014-08-28 06:05:17 128000 ----a-w- C:\windows\SysWow64\wuwebv.dll
2014-08-28 06:02:15 40448 ----a-w- C:\windows\System32\wuapp.exe
2014-08-28 06:01:45 253440 ----a-w- C:\windows\System32\WUSettingsProvider.dll
2014-08-28 06:01:45 144384 ----a-w- C:\windows\System32\wuwebv.dll
2014-08-28 06:01:45 100352 ----a-w- C:\windows\System32\wudriver.dll
2014-08-28 06:01:44 17920 ----a-w- C:\windows\System32\wuaext.dll
2014-08-28 06:01:44 1623552 ----a-w- C:\windows\System32\wucltux.dll
2014-08-28 06:01:15 176640 ----a-w- C:\windows\System32\storewuauth.dll
2014-08-16 09:34:19 2239488 ----a-w- C:\windows\System32\wininet.dll
2014-08-16 09:34:10 915968 ----a-w- C:\windows\System32\uxtheme.dll
2014-08-16 09:32:57 3959296 ----a-w- C:\windows\System32\jscript9.dll
2014-08-16 09:32:05 1508864 ----a-w- C:\windows\System32\inetcpl.cpl
2014-08-16 07:37:20 1766400 ----a-w- C:\windows\SysWow64\wininet.dll
2014-08-16 07:36:19 2861568 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-08-16 07:35:44 1440768 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-08-07 06:33:36 712192 ----a-w- C:\windows\System32\aepdu.dll
2014-08-07 03:09:52 556544 ----a-w- C:\windows\System32\aeinv.dll
2014-07-31 23:40:32 1287680 ----a-w- C:\windows\System32\schedsvc.dll
2014-07-18 07:22:29 2800344 ----a-w- C:\windows\System32\RltkAPO64.dll
2014-07-15 23:03:48 1300992 ----a-w- C:\windows\System32\gdi32.dll
2014-07-15 22:51:05 71168 ----a-w- C:\windows\System32\drivers\hdaudbus.sys
2014-07-13 19:57:14 92008 ----a-w- C:\windows\System32\drivers\aswstm.sys
2014-07-13 19:57:14 224896 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2014-07-13 19:57:13 93568 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2014-07-13 19:57:13 79184 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2014-07-13 19:57:13 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2014-07-13 19:57:13 43152 ----a-w- C:\windows\avastSS.scr
2014-07-13 19:57:13 29208 ----a-w- C:\windows\System32\drivers\aswHwid.sys
2014-07-13 19:57:13 1041168 ----a-w- C:\windows\System32\drivers\aswsnx.sys
2014-07-12 04:41:28 7168 ----a-w- C:\windows\System32\KBDYAK.DLL
2014-07-12 04:41:26 8704 ----a-w- C:\windows\System32\KBDRUM.DLL
2014-07-12 04:41:18 6656 ----a-w- C:\windows\System32\KBDBASH.DLL
2014-07-12 04:16:30 7168 ----a-w- C:\windows\SysWow64\KBDYAK.DLL
2014-07-12 04:16:23 8192 ----a-w- C:\windows\SysWow64\KBDRUM.DLL
2014-07-12 04:15:54 6144 ----a-w- C:\windows\SysWow64\KBDBASH.DLL
2014-07-12 02:36:04 1023488 ----a-w- C:\windows\SysWow64\gdi32.dll
2014-07-08 22:33:04 181248 ----a-w- C:\windows\System32\Defrag.exe
2014-07-08 22:32:55 1539584 ----a-w- C:\windows\System32\storagewmi.dll
2014-07-08 22:32:25 340480 ----a-w- C:\windows\System32\defragsvc.dll
2014-07-08 22:30:54 1220608 ----a-w- C:\windows\SysWow64\storagewmi.dll
2014-07-07 05:52:33 74752 ----a-w- C:\windows\System32\wcmcsp.dll
2014-07-07 05:52:33 263680 ----a-w- C:\windows\System32\wcmsvc.dll
2014-07-04 10:52:10 328000 ----a-w- C:\windows\System32\drivers\volsnap.sys
2014-07-03 01:59:28 1824784 ----a-w- C:\windows\System32\ntdll.dll
2014-07-03 00:30:17 1408952 ----a-w- C:\windows\SysWow64\ntdll.dll
2014-06-30 22:42:56 394240 ----a-w- C:\windows\System32\devinv.dll
2014-06-30 22:42:48 87552 ----a-w- C:\windows\System32\aepic.dll
2014-06-28 07:01:48 96768 ----a-w- C:\windows\SysWow64\dwmapi.dll
2014-06-28 06:57:15 209920 ----a-w- C:\windows\System32\profsvc.dll
2014-06-28 06:56:03 117248 ----a-w- C:\windows\System32\dwmapi.dll
2014-06-27 03:42:55 618496 ----a-w- C:\windows\System32\drivers\srv2.sys
2014-06-27 03:41:15 247296 ----a-w- C:\windows\System32\drivers\srvnet.sys
2014-06-25 07:09:25 733184 ----a-w- C:\windows\System32\win32spl.dll
2014-06-25 07:07:52 1023488 ----a-w- C:\windows\System32\localspl.dll
2014-06-24 07:36:07 703440 ----a-w- C:\windows\System32\NotificationUI.exe
2014-06-24 06:41:34 694784 ----a-w- C:\windows\System32\WSShared.dll
2014-06-24 06:41:34 163840 ----a-w- C:\windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-06-24 06:41:20 10115584 ----a-w- C:\windows\System32\twinui.dll
2014-06-24 06:40:27 125952 ----a-w- C:\windows\System32\WinSetupUI.dll
2014-06-24 06:39:40 2307072 ----a-w- C:\windows\System32\authui.dll
2014-06-24 06:39:31 2146304 ----a-w- C:\windows\System32\actxprxy.dll
2014-06-24 04:08:30 567808 ----a-w- C:\windows\SysWow64\WSShared.dll
2014-06-24 04:08:30 124928 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-06-24 04:08:21 8858624 ----a-w- C:\windows\SysWow64\twinui.dll
2014-06-24 04:06:56 2037760 ----a-w- C:\windows\SysWow64\authui.dll
2014-06-24 04:06:53 754176 ----a-w- C:\windows\SysWow64\actxprxy.dll
2014-06-19 23:35:37 1312768 ----a-w- C:\windows\System32\rpcrt4.dll
2014-06-19 22:24:17 694272 ----a-w- C:\windows\SysWow64\rpcrt4.dll
.
============= FINISH: 22:47:11,72 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 17 September 2014 - 08:59 AM

Hello saenokda and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

 

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.
 

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.

 

  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks

---------------------------------------------------------------------------------------------------------

 

I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.

 

Are you still with us?   :hello:

 

Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 saenokda

saenokda
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 17 September 2014 - 09:11 AM

Thanks for the quick response, I really appreciate it

I'll be waiting for the fix



#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 17 September 2014 - 10:12 AM

Hello saenokda,

 

Uninstall/remove all entries related to 10Bit  that program has dubious history..

Personally I would not trust installing any software from a company that resorts to stealing someone's technology to sell their product. Please see the following links and make up your own mind if you want to keep this on your system. If needed I can help you remove it.

IOBit Steals Malwarebytes' Intellectual Property
IOBit's Denial of Theft Unconvincing
IOBit Theft Conclusion
IObit: Trusting Your Antivirus Vendor
Malwarebytes: IObit Stole Our Signatures Database
IObit accused of stealing from Malwarebytes
http://shanegowland....-sucky-company/
 
-----------------------------------------------------------------
 
Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

 

IObit\Driver Booster

uTorrent
Pando Networks
FreeFixer
Driver Booster
Mozilla Maintenance Service

 

Please uninstall the following applications:

 

C:\Program Files (x86)\Pando Networks
C:\Program Files (x86)\IObit
C:\Program Files\FreeFixer

 

 

 

Step1:

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step2:

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step3:

 

Please be sure to run our tools with administrator rights.

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 saenokda

saenokda
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 17 September 2014 - 11:18 AM

AdwCleaner[S1].txt

 

# AdwCleaner v3.310 - Rapor olusturuldu 17/09/2014 tarihinde 18:27:39
# Guncellendi 12/09/2014 tarafindan Xplode
# Isletim sistemi : Windows 8 Single Language  (64 bits)
# Kullanici adi : PC - SAEROS
# Adwcleaner konumu : C:\Users\PC\Desktop\adwcleaner_3.310.exe
# Tarama turu : Temizle
 
***** [ Servisler ] *****
 
 
***** [ Dosyalar / Klasorler ] *****
 
Klasor Silindi : C:\Program Files\FreeFixer
Klasor Silindi : C:\Users\PC\AppData\Local\FreeFixer
Klasor Silindi : C:\Users\PC\AppData\Roaming\FreeFixer
Dosya Silindi : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
Dosya Silindi : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
 
***** [ Görevler ] *****
 
 
***** [ Kisayollar ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Tarayicilar ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Mozilla Firefox v31.0 (x86 en-GB)
 
[ Dosya : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\12jc7g7h.default\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.120
 
[ Dosya : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1972 octets] - [25/08/2014 17:03:37]
AdwCleaner[R1].txt - [1496 octets] - [17/09/2014 18:22:28]
AdwCleaner[S0].txt - [1983 octets] - [25/08/2014 17:04:43]
AdwCleaner[S1].txt - [1419 octets] - [17/09/2014 18:27:39]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1479 octets] ##########
 

 

 

 

JRT.txt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.5 (09.16.2014:1)
OS: Windows 8 Single Language x64
Ran by PC on €ar 17.09.2014 at 18:38:37,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\12jc7g7h.default\minidumps [3 files]
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on €ar 17.09.2014 at 18:44:17,09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 
 

ComboFix.txt

 

ComboFix 14-09-16.01 - PC 17.09.2014  18:54:26.1.4 - x64
Microsoft Windows 8 Single Language  6.2.9200.0.1254.90.1055.18.6036.4540 [GMT 3:00]
Running from: c:\users\PC\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
G:\autorun.inf
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-17 to 2014-09-17  )))))))))))))))))))))))))))))))
.
.
2014-09-17 15:38 . 2014-09-17 15:38 -------- d-----w- c:\windows\ERUNT
2014-09-17 07:46 . 2014-09-17 07:46 -------- d-----w- C:\ArcheAge
2014-09-16 20:15 . 2014-09-16 20:17 -------- d-----w- c:\program files (x86)\Glyph
2014-09-16 17:41 . 2014-09-16 17:41 33512 ----a-w- c:\windows\SysWow64\drivers\TrueSight.sys
2014-09-16 17:41 . 2014-09-16 17:41 -------- d-----w- c:\programdata\RogueKiller
2014-09-15 06:58 . 2014-09-15 07:01 -------- d-----w- c:\program files (x86)\Strife
2014-09-14 16:03 . 2014-09-14 16:03 -------- d-----w- c:\programdata\ATI
2014-09-14 15:50 . 2014-09-14 15:50 -------- d-----w- c:\users\PC\AppData\Roaming\library_dir
2014-09-14 15:46 . 2014-09-17 15:31 -------- d-----w- c:\users\PC\AppData\Roaming\Raptr
2014-09-14 15:46 . 2014-09-14 15:50 -------- d-----w- c:\program files (x86)\Raptr
2014-09-14 15:46 . 2014-09-14 15:46 -------- d-----w- c:\programdata\AMD
2014-09-14 15:46 . 2014-09-14 15:46 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2014-09-14 15:46 . 2014-09-14 15:46 -------- d-----w- c:\program files (x86)\AMD AVT
2014-09-14 15:42 . 2014-09-14 15:42 -------- d-----w- c:\program files\AMD
2014-09-13 23:01 . 2010-03-08 10:10 13824 ----a-w- c:\windows\system32\ffnd.exe
2014-09-13 17:09 . 2014-09-13 17:11 -------- d-----w- c:\users\PC\AppData\Roaming\Launchy
2014-09-13 13:56 . 2014-09-13 13:56 -------- d-----w- c:\users\PC\AppData\Local\Clover
2014-09-13 07:30 . 2014-09-13 07:30 -------- d-----w- c:\program files\Microsoft Silverlight
2014-09-13 07:30 . 2014-09-13 07:30 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-09-13 07:28 . 2014-09-13 07:28 -------- d-----w- c:\program files\x264vfw64
2014-09-13 07:27 . 2014-03-13 21:59 3973120 ----a-w- c:\windows\system32\drivers\athw8x.sys
2014-09-13 07:27 . 2014-08-20 07:15 453872 ----a-w- c:\windows\system32\drivers\IntcDAud.sys
2014-09-13 07:27 . 2014-04-24 14:34 633704 ----a-w- c:\windows\system32\drivers\iaStorA.sys
2014-09-13 07:26 . 2014-06-17 16:14 873688 ----a-w- c:\windows\system32\drivers\Rt630x64.sys
2014-09-13 07:26 . 2014-06-17 16:14 73800 ----a-w- c:\windows\system32\RtNicProp64.dll
2014-09-13 07:26 . 2014-09-14 15:42 -------- d-----w- c:\windows\LastGood.Tmp
2014-09-13 07:26 . 2014-06-24 14:07 125952 ----a-w- c:\windows\system32\drivers\TeeDriverx64.sys
2014-09-13 07:26 . 2013-09-09 13:45 40152 ----a-w- c:\windows\system32\drivers\bcmsmbsp.sys
2014-09-13 07:26 . 2014-06-22 14:57 95096 ----a-w- c:\windows\system32\drivers\tosrfusb.sys
2014-09-13 07:26 . 2014-06-17 04:05 35016 ----a-w- c:\windows\system32\drivers\btath_bus.sys
2014-09-13 07:25 . 2009-06-18 17:42 40832 ----a-w- c:\windows\system32\drivers\TosBtCi.dll
2014-09-11 08:56 . 2014-09-11 08:56 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-09-11 08:56 . 2014-09-11 08:56 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-09-11 04:38 . 2014-09-11 04:38 305832 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10246.bin
2014-09-10 19:59 . 2014-09-02 19:32 705480 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-10 19:59 . 2014-09-02 19:32 104904 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-10 01:48 . 2014-07-24 03:33 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-09-10 01:48 . 2014-07-24 03:33 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-09-05 06:29 . 2014-09-05 06:29 -------- d-----w- c:\windows\DEA314C409294250BC9298E4C105F28D.TMP
2014-09-05 06:16 . 2014-09-05 06:16 -------- d-----w- c:\program files (x86)\WEBZEN
2014-09-04 09:54 . 2014-09-04 09:54 -------- d-----w- c:\program files (x86)\Origin Games
2014-09-01 06:31 . 2014-09-01 06:31 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-08-28 08:50 . 2014-08-23 06:47 4036096 ----a-w- c:\windows\system32\win32k.sys
2014-08-25 14:03 . 2010-08-30 05:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-08-25 14:00 . 2014-09-17 15:28 -------- d-----w- C:\AdwCleaner
2014-08-25 13:37 . 2014-05-12 04:26 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-25 13:37 . 2014-05-12 04:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-25 13:37 . 2014-05-12 04:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-12 01:57 . 2013-10-13 16:44 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-09-09 17:42 . 2014-07-08 16:42 10036224 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-09-02 15:22 . 2014-05-08 14:58 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-29 00:00 . 2012-07-26 08:13 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-07 06:33 . 2014-08-14 21:44 712192 ----a-w- c:\windows\system32\aepdu.dll
2014-08-07 03:09 . 2014-08-14 21:44 556544 ----a-w- c:\windows\system32\aeinv.dll
2014-07-18 07:22 . 2014-07-18 07:22 2800344 ----a-w- c:\windows\system32\RltkAPO64.dll
2014-07-15 23:03 . 2014-08-14 19:33 1300992 ----a-w- c:\windows\system32\gdi32.dll
2014-07-15 22:51 . 2014-08-14 19:32 71168 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2014-07-13 19:57 . 2014-07-13 19:57 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-07-13 19:57 . 2014-05-15 11:09 92008 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-07-13 19:57 . 2013-11-27 11:17 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-13 19:57 . 2014-07-13 19:57 43152 ----a-w- c:\windows\avastSS.scr
2014-07-13 19:57 . 2014-05-15 11:09 1041168 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-07-13 19:57 . 2014-05-08 23:08 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-13 19:57 . 2013-11-27 11:17 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-07-13 19:57 . 2013-11-27 11:17 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-13 19:57 . 2013-11-27 11:17 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-13 19:57 . 2013-11-27 11:17 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-07-12 04:41 . 2014-08-14 21:45 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-07-12 04:41 . 2014-08-14 21:45 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-07-12 04:41 . 2014-08-14 21:45 8704 ----a-w- c:\windows\system32\KBDRUM.DLL
2014-07-12 04:41 . 2014-08-14 21:45 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-07-12 04:41 . 2014-08-14 21:45 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-07-12 04:41 . 2014-08-14 21:45 6656 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-07-12 04:16 . 2014-08-14 21:45 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-07-12 04:16 . 2014-08-14 21:45 8192 ----a-w- c:\windows\SysWow64\KBDRUM.DLL
2014-07-12 04:15 . 2014-08-14 21:45 6144 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-07-12 02:36 . 2014-08-14 19:33 1023488 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-07-08 22:33 . 2014-08-14 21:45 181248 ----a-w- c:\windows\system32\Defrag.exe
2014-07-08 22:32 . 2014-08-14 21:45 1539584 ----a-w- c:\windows\system32\storagewmi.dll
2014-07-08 22:32 . 2014-08-14 21:45 340480 ----a-w- c:\windows\system32\defragsvc.dll
2014-07-08 22:30 . 2014-08-14 21:45 1220608 ----a-w- c:\windows\SysWow64\storagewmi.dll
2014-07-07 05:52 . 2014-08-14 21:45 263680 ----a-w- c:\windows\system32\wcmsvc.dll
2014-07-07 05:52 . 2014-08-14 21:45 74752 ----a-w- c:\windows\system32\wcmcsp.dll
2014-07-04 10:52 . 2014-08-14 21:45 328000 ----a-w- c:\windows\system32\drivers\volsnap.sys
2014-07-03 01:59 . 2014-08-14 21:46 1824784 ----a-w- c:\windows\system32\ntdll.dll
2014-07-03 00:30 . 2014-08-14 21:45 1408952 ----a-w- c:\windows\SysWow64\ntdll.dll
2014-06-30 22:42 . 2014-08-14 21:44 394240 ----a-w- c:\windows\system32\devinv.dll
2014-06-30 22:42 . 2014-08-14 21:44 87552 ----a-w- c:\windows\system32\aepic.dll
2014-06-28 07:01 . 2014-08-14 21:45 96768 ----a-w- c:\windows\SysWow64\dwmapi.dll
2014-06-28 06:57 . 2014-08-14 21:45 209920 ----a-w- c:\windows\system32\profsvc.dll
2014-06-28 06:56 . 2014-08-14 21:45 117248 ----a-w- c:\windows\system32\dwmapi.dll
2014-06-27 03:42 . 2014-08-14 21:45 618496 ----a-w- c:\windows\system32\drivers\srv2.sys
2014-06-27 03:41 . 2014-08-14 21:45 247296 ----a-w- c:\windows\system32\drivers\srvnet.sys
2014-06-25 07:09 . 2014-08-14 21:45 733184 ----a-w- c:\windows\system32\win32spl.dll
2014-06-25 07:07 . 2014-08-14 21:46 1023488 ----a-w- c:\windows\system32\localspl.dll
2014-06-24 07:36 . 2014-08-14 21:45 703440 ----a-w- c:\windows\system32\NotificationUI.exe
2014-06-24 06:41 . 2014-08-14 21:45 694784 ----a-w- c:\windows\system32\WSShared.dll
2014-06-24 06:41 . 2014-08-14 21:45 163840 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-06-24 06:41 . 2014-08-14 21:45 10115584 ----a-w- c:\windows\system32\twinui.dll
2014-06-24 06:40 . 2014-08-14 21:45 125952 ----a-w- c:\windows\system32\WinSetupUI.dll
2014-06-24 06:39 . 2014-08-14 21:45 2307072 ----a-w- c:\windows\system32\authui.dll
2014-06-24 06:39 . 2014-08-14 21:45 2146304 ----a-w- c:\windows\system32\actxprxy.dll
2014-06-24 04:08 . 2014-08-14 21:45 567808 ----a-w- c:\windows\SysWow64\WSShared.dll
2014-06-24 04:08 . 2014-08-14 21:45 124928 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-06-24 04:08 . 2014-08-14 21:45 8858624 ----a-w- c:\windows\SysWow64\twinui.dll
2014-06-24 04:06 . 2014-08-14 21:45 2037760 ----a-w- c:\windows\SysWow64\authui.dll
2014-06-24 04:06 . 2014-08-14 21:45 754176 ----a-w- c:\windows\SysWow64\actxprxy.dll
2014-06-22 12:02 . 2014-06-22 12:02 567296 ----a-w- c:\windows\SysWow64\raac.dll
2014-06-22 12:02 . 2014-06-22 12:02 567296 ----a-w- c:\windows\system32\raac.dll
2014-06-22 12:02 . 2014-06-22 12:02 94720 ----a-w- c:\windows\SysWow64\drv1.dll
2014-06-22 12:02 . 2014-06-22 12:02 94720 ----a-w- c:\windows\system32\drv1.dll
2014-06-22 12:02 . 2014-06-22 12:02 84480 ----a-w- c:\windows\SysWow64\Cook.dll
2014-06-22 12:02 . 2014-06-22 12:02 84480 ----a-w- c:\windows\system32\Cook.dll
2014-06-22 12:02 . 2014-06-22 12:02 62464 ----a-w- c:\windows\SysWow64\Rv20.dll
2014-06-22 12:02 . 2014-06-22 12:02 62464 ----a-w- c:\windows\system32\Rv20.dll
2014-06-22 12:02 . 2014-06-22 12:02 57344 ----a-w- c:\windows\SysWow64\Rv30.dll
2014-06-22 12:02 . 2014-06-22 12:02 57344 ----a-w- c:\windows\SysWow64\Rv10.dll
2014-06-22 12:02 . 2014-06-22 12:02 57344 ----a-w- c:\windows\system32\Rv30.dll
2014-06-22 12:02 . 2014-06-22 12:02 57344 ----a-w- c:\windows\system32\Rv10.dll
2014-06-22 12:02 . 2014-06-22 12:02 56832 ----a-w- c:\windows\SysWow64\Rv40.dll
2014-06-22 12:02 . 2014-06-22 12:02 56832 ----a-w- c:\windows\system32\Rv40.dll
2014-06-22 12:02 . 2014-06-22 12:02 281088 ----a-w- c:\windows\SysWow64\Drvc.dll
2014-06-22 12:02 . 2014-06-22 12:02 281088 ----a-w- c:\windows\system32\Drvc.dll
2014-06-22 12:02 . 2014-06-22 12:02 278600 ----a-w- c:\windows\system32\pncrt.dll
2014-06-22 12:02 . 2014-06-22 12:02 172544 ----a-w- c:\windows\SysWow64\drv2.dll
2014-06-22 12:02 . 2014-06-22 12:02 172544 ----a-w- c:\windows\system32\drv2.dll
2014-06-22 12:02 . 2014-06-22 12:02 155648 ----a-w- c:\windows\SysWow64\Sipr.dll
2014-06-22 12:02 . 2014-06-22 12:02 155648 ----a-w- c:\windows\system32\Sipr.dll
2014-06-22 12:02 . 2014-06-22 12:02 104960 ----a-w- c:\windows\SysWow64\Atrc.dll
2014-06-22 12:02 . 2014-06-22 12:02 104960 ----a-w- c:\windows\system32\Atrc.dll
2014-06-19 23:35 . 2014-08-14 21:45 1312768 ----a-w- c:\windows\system32\rpcrt4.dll
2014-06-19 22:24 . 2014-08-14 21:45 694272 ----a-w- c:\windows\SysWow64\rpcrt4.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{9F5DA8C5-722D-44FA-AA2A-44EE2F60081D}"
[HKEY_CLASSES_ROOT\CLSID\{9F5DA8C5-722D-44FA-AA2A-44EE2F60081D}]
2012-08-06 03:41 158224 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-08-06 03:41 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CMD"="start http://extendedunlimited.org && exit" [X]
"Akamai NetSession Interface"="c:\users\PC\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-08-01 3673696]
"f.lux"="c:\users\PC\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-07-24 21650016]
"Raptr"="c:\program files (x86)\Raptr\raptrstub.exe" [2014-08-20 55568]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2014-07-25 399736]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2014-04-17 1967616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-08-15 97392]
"CLMLServer_For_P2G8"="c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [2012-06-08 111120]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-12 491120]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-07-13 155488]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-09-30 152392]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-31 4085896]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"AdobeCEPServiceManager"="c:\program files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" [2013-03-13 1039248]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-17 767200]
.
c:\users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2014-5-25 36536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0sdnclean64.exe
.
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
R3 BTATH_HID;Bluetooth HID Device;c:\windows\system32\DRIVERS\btath_hid.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hid.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 BthLEEnum;Bluetooth Düşük Enerji Sürücüsü;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
R3 iumsvc;Intel® Update Manager;c:\program files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\System32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys;c:\windows\SYSNATIVE\drivers\cbfs3.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [x]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
S2 Easy Launcher;Easy Launcher;c:\program files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe;c:\program files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 SWUpdateService;SW Update Service;c:\programdata\Samsung\SW Update Service\SWMAgent.exe;c:\programdata\Samsung\SW Update Service\SWMAgent.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 bcmsmbsp;SMBus Controller Service;c:\windows\System32\drivers\bcmsmbsp.sys;c:\windows\SYSNATIVE\drivers\bcmsmbsp.sys [x]
S3 IntcDAud;Intel® Ekran İçin Ses;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RadioHIDMini;Radio HID Mini-driver;c:\windows\System32\drivers\RadioHIDMini.sys;c:\windows\SYSNATIVE\drivers\RadioHIDMini.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-11 09:17 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-09-05 14:04 215416 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-12 17:42]
.
2014-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-11 09:04]
.
2014-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-11 09:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-13 19:57 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{9F5DA8C5-722D-44FA-AA2A-44EE2F60081D}"
[HKEY_CLASSES_ROOT\CLSID\{9F5DA8C5-722D-44FA-AA2A-44EE2F60081D}]
2012-08-06 03:42 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-08-06 03:42 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bitcasa"="c:\program files\Bitcasa\Bitcasa.exe" [2012-11-27 3952128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-09-17 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-09-17 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-09-17 441888]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 3933496]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office\Office15\EXCEL.EXE/3000
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{110682DF-F6E2-438A-814C-38B2893ED3EA}: NameServer = 209.244.0.3,209.244.0.4
FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\12jc7g7h.default\
FF - prefs.js: browser.search.selectedEngine - netmahal
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{E056AFDD-03E9-4D73-8D33-8FCCBCA73438} - (value not set)
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CLVirtualDrive]
"ImagePath"="\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys"
"ImagePath:"="c:\users\PC\Downloads\DRP_14.9.iso"
"ImagePath"="\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys"
"ImagePath:"="c:\users\PC\Downloads\DRP_14.9.iso"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
c:\program files (x86)\Samsung\Settings\sSettings.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Raptr\raptr.exe
c:\program files (x86)\Raptr\raptr_im.exe
c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-09-17  19:08:53 - machine was rebooted
ComboFix-quarantined-files.txt  2014-09-17 16:08
.
Pre-Run: 389.239.255.040 bytes free
Post-Run: 389.093.924.864 bytes free
.
- - End Of File - - 1B224890B809DCF71868D3292419CD02
5FB38429D5D77768867C76DCBDB35194
 

 

 



#6 saenokda

saenokda
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 17 September 2014 - 11:52 AM

also I think combofix sort of broke my icons in the taskbar

you know those icons to the right of the taskbar?

i have several applications running but I can't see their icons in there.

 

this is how it looks like at the moment:

http://i.imgur.com/D9nPpvs.png

 

There should be avast, spybot, steam, skype and more in there, but that's all of it.

 

it's OK after a reboot, please disregard this post.


Edited by saenokda, 17 September 2014 - 02:00 PM.


#7 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 17 September 2014 - 06:24 PM

Hi saenokda,

 

Step 1:
 
CF-SCRIPT
-------------
We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
DDS::  
uRun: [CMD] cmd.exe /c start http://extendedunlimited.org && exit

FireFox:: 
FF - ProfilePath - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\12jc7g7h.default\
FF - prefs.js: browser.search.selectedEngine - netmahal
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CMD"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
 
Step 2:

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

 

Step 3:

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 saenokda

saenokda
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 17 September 2014 - 07:19 PM

ComboFix.txt

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 18.9.2014
Scan Time: 02:57:14
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.17.10
Rootkit Database: v2014.09.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: PC
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 374327
Time Elapsed: 14 min, 1 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

 

 

Malwarebytes Anti-Malware Scan Log

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 18.9.2014
Scan Time: 02:57:14
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.17.10
Rootkit Database: v2014.09.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: PC
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 374327
Time Elapsed: 14 min, 1 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

 

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by PC (administrator) on SAEROS on 18-09-2014 03:14:23
Running from C:\Users\PC\Downloads
Platform: Windows 8 Single Language (X64) OS Language: Türkçe (Türkiye)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Akamai Technologies, Inc.) C:\Users\PC\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\PC\AppData\Local\Akamai\netsession_win.exe
(Flux Software LLC) C:\Users\PC\AppData\Local\FluxSoftware\Flux\flux.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [3952128 2012-11-27] (Bitcasa, Inc)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-658388628-963396013-1546228948-1001\...\Run: [Akamai NetSession Interface] => C:\Users\PC\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-658388628-963396013-1546228948-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKU\S-1-5-21-658388628-963396013-1546228948-1001\...\Run: [f.lux] => C:\Users\PC\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-658388628-963396013-1546228948-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-658388628-963396013-1546228948-1001\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-08-20] (Raptr, Inc)
HKU\S-1-5-21-658388628-963396013-1546228948-1001\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [399736 2014-07-25] (BitTorrent, Inc.)
HKU\S-1-5-21-658388628-963396013-1546228948-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-658388628-963396013-1546228948-1001\...\Policies\system: [DisableLockWorkstation] 0
Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: 1EldosIconOverlay -> {9F5DA8C5-722D-44FA-AA2A-44EE2F60081D} => C:\windows\SYSTEM32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: ExplorerEx -> {E056AFDD-03E9-4D73-8D33-8FCCBCA73438} =>  No File
ShellIconOverlayIdentifiers-x32: 1EldosIconOverlay -> {9F5DA8C5-722D-44FA-AA2A-44EE2F60081D} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {FDF9514E-C00E-4E71-90DC-5FFDC2EA961C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {FDF9514E-C00E-4E71-90DC-5FFDC2EA961C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{110682DF-F6E2-438A-814C-38B2893ED3EA}: [NameServer] 209.244.0.3,209.244.0.4
 
FireFox:
========
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\12jc7g7h.default
FF NewTab: chrome://easy_tab/content/index.html
FF DefaultSearchEngine: netmahal
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npnxgameEU.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\netmahal.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: Easy Tab - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\12jc7g7h.default\Extensions\newtabff@gmail.com [2014-08-25]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [newtabff@gmail.com] - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\12jc7g7h.default\extensions\newtabff@gmail.com
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Polycraft @ turbulenz.com) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\agmbldmkkdelpflgfadnegaapddjekee [2014-09-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-11]
CHR Extension: (Paticik.com ModeZ Eklentisi) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blhnlphjcilbhjepodldhpdaggknkneb [2014-09-12]
CHR Extension: (Link Unclogger) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmbakledanjibbaoghnnockckaobgimp [2014-09-10]
CHR Extension: (Last updated at $time$ on $date$) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-07-18]
CHR Extension: (AdBlock Plus) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\epobbohpidjaekdhfbbdhgcfeciciejf [2014-06-07]
CHR Extension: (Stylish) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-09-12]
CHR Extension: (Avira Browser Safety) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-06-06]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2014-01-07] (Windows ® Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-13] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-06] () [File not signed]
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-05-21] ()
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593152 2014-01-29] (Samsung Electronics CO., LTD.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
S4 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2014-04-16] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-01-07] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-13] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-11-26] ()
R3 bcmsmbsp; C:\Windows\System32\drivers\bcmsmbsp.sys [40152 2013-09-09] (Broadcom Corporation.)
S3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [223432 2014-01-07] (Qualcomm Atheros)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-10-13] (Disc Soft Ltd)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-11-26] ()
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [125952 2014-06-24] (Intel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13480 2013-10-25] ()
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-09-16] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 xhunter1; \??\C:\windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-18 03:14 - 2014-09-18 03:14 - 00021851 _____ () C:\Users\PC\Downloads\FRST.txt
2014-09-18 03:14 - 2014-09-18 03:14 - 00000000 ____D () C:\FRST
2014-09-18 03:06 - 2014-09-18 03:07 - 02105856 _____ (Farbar) C:\Users\PC\Downloads\FRST64.exe
2014-09-18 02:51 - 2014-09-18 02:51 - 00028906 _____ () C:\Users\PC\Desktop\ComboFix.txt
2014-09-18 02:45 - 2014-09-18 02:45 - 00000000 ____H () C:\ProgramData\cm-lock
2014-09-17 19:32 - 2014-09-17 19:32 - 00000000 ____D () C:\Users\PC\Desktop\Yeni klasör (2)
2014-09-17 18:53 - 2011-06-26 09:45 - 00256000 _____ () C:\windows\PEV.exe
2014-09-17 18:53 - 2010-11-07 20:20 - 00208896 _____ () C:\windows\MBR.exe
2014-09-17 18:53 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-09-17 18:53 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-09-17 18:53 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-09-17 18:53 - 2000-08-31 03:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe
2014-09-17 18:53 - 2000-08-31 03:00 - 00098816 _____ () C:\windows\sed.exe
2014-09-17 18:53 - 2000-08-31 03:00 - 00080412 _____ () C:\windows\grep.exe
2014-09-17 18:53 - 2000-08-31 03:00 - 00068096 _____ () C:\windows\zip.exe
2014-09-17 18:51 - 2014-09-18 02:51 - 00000000 ____D () C:\Qoobox
2014-09-17 18:51 - 2014-09-17 19:07 - 00000000 ____D () C:\windows\erdnt
2014-09-17 18:38 - 2014-09-17 18:38 - 00000000 ____D () C:\windows\ERUNT
2014-09-17 13:43 - 2014-09-17 13:43 - 16995328 _____ () C:\Users\PC\Downloads\mumble-1.2.8.msi
2014-09-17 13:41 - 2014-09-18 02:53 - 00000000 ____D () C:\Users\PC\Desktop\Yeni klasör
2014-09-17 10:46 - 2014-09-17 10:46 - 00000000 ____D () C:\ArcheAge
2014-09-16 23:15 - 2014-09-16 23:17 - 00000000 ____D () C:\Program Files (x86)\Glyph
2014-09-16 23:15 - 2014-09-16 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-09-16 20:47 - 2014-09-16 20:47 - 00688992 ____R (Swearware) C:\Users\PC\Downloads\dds.com
2014-09-16 20:41 - 2014-09-16 20:41 - 00033512 _____ () C:\windows\SysWOW64\Drivers\TrueSight.sys
2014-09-16 20:41 - 2014-09-16 20:41 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-15 23:38 - 2014-09-15 23:38 - 00022951 _____ () C:\Users\PC\Downloads\[kickass.to]horriblesubs.sword.art.online.720p.torrent
2014-09-15 23:12 - 2014-09-15 23:12 - 03066102 _____ () C:\Users\PC\Downloads\rainmeter___elegance_2_by_lilshizzy-d41hrge.rmskin
2014-09-15 23:12 - 2014-09-15 23:12 - 01478447 _____ () C:\Users\PC\Downloads\skyrim_rainmeter_suite_v2_by_axerron-d4oz6t1.zip
2014-09-15 10:22 - 2014-09-15 10:22 - 00000000 ____D () C:\Users\PC\Documents\Strife
2014-09-15 10:01 - 2014-09-15 10:01 - 00006000 _____ () C:\windows\DirectX.log
2014-09-15 10:01 - 2014-09-15 10:01 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strife
2014-09-15 10:01 - 2014-09-15 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strife
2014-09-15 09:58 - 2014-09-15 10:01 - 00000000 ____D () C:\Program Files (x86)\Strife
2014-09-15 08:08 - 2014-09-15 09:48 - 1778598272 _____ () C:\Users\PC\Downloads\StrifeWindows-0.4.0.7.exe
2014-09-15 05:30 - 2014-09-15 05:30 - 00001095 _____ () C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downloads.lnk
2014-09-15 05:29 - 2014-09-15 05:29 - 00000878 _____ () C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\İndirilenler.lnk
2014-09-15 03:41 - 2014-09-15 03:41 - 00008790 _____ () C:\Users\PC\Downloads\The_Rover_2014_720p.torrent
2014-09-15 03:40 - 2014-09-15 03:40 - 00009996 _____ () C:\Users\PC\Downloads\Third_Person_2013_720p.torrent
2014-09-15 03:39 - 2014-09-15 03:39 - 00007710 _____ () C:\Users\PC\Downloads\Coherence_2013_720p.torrent
2014-09-14 19:03 - 2014-09-14 19:03 - 00000000 ____D () C:\ProgramData\ATI
2014-09-14 18:50 - 2014-09-14 18:50 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-09-14 18:50 - 2014-09-14 18:50 - 00000000 ____D () C:\Users\PC\AppData\Roaming\library_dir
2014-09-14 18:46 - 2014-09-18 02:47 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Raptr
2014-09-14 18:46 - 2014-09-14 18:50 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-09-14 18:46 - 2014-09-14 18:46 - 00056788 _____ () C:\windows\SysWOW64\CCCInstall_201409141846258725.log
2014-09-14 18:46 - 2014-09-14 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-09-14 18:46 - 2014-09-14 18:46 - 00000000 ____D () C:\ProgramData\AMD
2014-09-14 18:46 - 2014-09-14 18:46 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-09-14 18:42 - 2014-09-14 18:42 - 00000000 ____D () C:\Program Files\AMD
2014-09-14 18:39 - 2014-09-14 18:39 - 00026820 _____ () C:\Users\PC\Downloads\[HorribleSubs] Haikyuu!! - 24 [720p].mkv.torrent
2014-09-14 18:38 - 2014-09-14 18:46 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-09-14 18:38 - 2014-04-18 05:43 - 00143304 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atiuxp64.dll
2014-09-14 18:38 - 2014-04-18 05:43 - 00127872 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\amdhcp64.dll
2014-09-14 18:38 - 2014-04-18 05:43 - 00117560 _____ (Advanced Micro Devices, Inc.) C:\windows\SysWOW64\amdhcp32.dll
2014-09-14 18:38 - 2014-04-18 05:43 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atimpc64.dll
2014-09-14 18:38 - 2014-04-18 05:43 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\amdpcom64.dll
2014-09-14 18:38 - 2014-04-18 05:43 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\atimpc32.dll
2014-09-14 18:38 - 2014-04-18 05:43 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\amdpcom32.dll
2014-09-14 18:38 - 2014-04-18 05:42 - 10335208 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atidxx64.dll
2014-09-14 18:38 - 2014-04-18 05:42 - 08866928 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\atidxx32.dll
2014-09-14 18:38 - 2014-04-18 05:42 - 08010968 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atiumd64.dll
2014-09-14 18:38 - 2014-04-18 05:42 - 07520200 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atiumd6a.dll
2014-09-14 18:38 - 2014-04-18 05:42 - 06799688 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\atiumdag.dll
2014-09-14 18:38 - 2014-04-18 05:42 - 06796592 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\atiumdva.dll
2014-09-14 18:38 - 2014-04-18 05:42 - 01343272 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\aticfx64.dll
2014-09-14 18:38 - 2014-04-18 05:42 - 01117184 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\aticfx32.dll
2014-09-14 18:38 - 2014-04-18 05:42 - 00126336 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\atiuxpag.dll
2014-09-14 18:38 - 2014-04-18 05:42 - 00117584 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atiu9p64.dll
2014-09-14 18:38 - 2014-04-18 05:42 - 00099520 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\atiu9pag.dll
2014-09-14 18:38 - 2014-04-18 05:36 - 15376384 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\Drivers\atikmdag.sys
2014-09-14 18:38 - 2014-04-18 05:23 - 00231424 _____ () C:\windows\system32\clinfo.exe
2014-09-14 18:38 - 2014-04-18 05:22 - 28685824 _____ (Advanced Micro Devices Inc.) C:\windows\system32\amdocl64.dll
2014-09-14 18:38 - 2014-04-18 05:22 - 01187342 _____ () C:\windows\system32\amdocl_as64.exe
2014-09-14 18:38 - 2014-04-18 05:22 - 01061902 _____ () C:\windows\system32\amdocl_ld64.exe
2014-09-14 18:38 - 2014-04-18 05:22 - 00995342 _____ () C:\windows\SysWOW64\amdocl_as32.exe
2014-09-14 18:38 - 2014-04-18 05:22 - 00798734 _____ () C:\windows\SysWOW64\amdocl_ld32.exe
2014-09-14 18:38 - 2014-04-18 05:22 - 00098816 _____ (Advanced Micro Devices Inc.) C:\windows\system32\OpenVideo64.dll
2014-09-14 18:38 - 2014-04-18 05:22 - 00086528 _____ (Advanced Micro Devices Inc.) C:\windows\system32\OVDecode64.dll
2014-09-14 18:38 - 2014-04-18 05:22 - 00083456 _____ (Advanced Micro Devices Inc.) C:\windows\SysWOW64\OpenVideo.dll
2014-09-14 18:38 - 2014-04-18 05:22 - 00073216 _____ (Advanced Micro Devices Inc.) C:\windows\SysWOW64\OVDecode.dll
2014-09-14 18:38 - 2014-04-18 05:19 - 24107520 _____ (Advanced Micro Devices Inc.) C:\windows\SysWOW64\amdocl.dll
2014-09-14 18:38 - 2014-04-18 05:17 - 00065024 _____ (Khronos Group) C:\windows\system32\OpenCL.dll
2014-09-14 18:38 - 2014-04-18 05:17 - 00058880 _____ (Khronos Group) C:\windows\SysWOW64\OpenCL.dll
2014-09-14 18:38 - 2014-04-18 05:13 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\mantle64.dll
2014-09-14 18:38 - 2014-04-18 05:13 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\mantle32.dll
2014-09-14 18:38 - 2014-04-18 05:12 - 27907584 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\atio6axx.dll
2014-09-14 18:38 - 2014-04-18 05:12 - 05442048 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\amdmantle64.dll
2014-09-14 18:38 - 2014-04-18 04:58 - 04358656 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\amdmantle32.dll
2014-09-14 18:38 - 2014-04-18 04:51 - 23409152 _____ (Advanced Micro Devices, Inc.) C:\windows\SysWOW64\atioglxx.dll
2014-09-14 18:38 - 2014-04-18 04:46 - 15716352 _____ (Advanced Micro Devices Inc.) C:\windows\system32\aticaldd64.dll
2014-09-14 18:38 - 2014-04-18 04:46 - 00580816 _____ () C:\windows\SysWOW64\atiapfxx.blb
2014-09-14 18:38 - 2014-04-18 04:46 - 00580816 _____ () C:\windows\system32\atiapfxx.blb
2014-09-14 18:38 - 2014-04-18 04:46 - 00368128 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\atiapfxx.exe
2014-09-14 18:38 - 2014-04-18 04:46 - 00062464 _____ (Advanced Micro Devices Inc.) C:\windows\system32\aticalrt64.dll
2014-09-14 18:38 - 2014-04-18 04:46 - 00055808 _____ (Advanced Micro Devices Inc.) C:\windows\system32\aticalcl64.dll
2014-09-14 18:38 - 2014-04-18 04:46 - 00052224 _____ (Advanced Micro Devices Inc.) C:\windows\SysWOW64\aticalrt.dll
2014-09-14 18:38 - 2014-04-18 04:46 - 00049152 _____ (Advanced Micro Devices Inc.) C:\windows\SysWOW64\aticalcl.dll
2014-09-14 18:38 - 2014-04-18 04:45 - 00091136 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\mantleaxl64.dll
2014-09-14 18:38 - 2014-04-18 04:45 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\mantleaxl32.dll
2014-09-14 18:38 - 2014-04-18 04:42 - 14302208 _____ (Advanced Micro Devices Inc.) C:\windows\SysWOW64\aticaldd.dll
2014-09-14 18:38 - 2014-04-18 04:33 - 00048128 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\amdmmcl6.dll
2014-09-14 18:38 - 2014-04-18 04:33 - 00037888 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\amdmmcl.dll
2014-09-14 18:38 - 2014-04-18 04:30 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\atidemgy.dll
2014-09-14 18:38 - 2014-04-18 04:30 - 00031232 _____ (AMD) C:\windows\system32\atimuixx.dll
2014-09-14 18:38 - 2014-04-18 04:29 - 00586240 _____ (AMD) C:\windows\system32\atieclxx.exe
2014-09-14 18:38 - 2014-04-18 04:29 - 00239616 _____ (AMD) C:\windows\system32\atiesrxx.exe
2014-09-14 18:38 - 2014-04-18 04:28 - 03437632 _____ () C:\windows\system32\atiumd6a.cap
2014-09-14 18:38 - 2014-04-18 04:28 - 00190976 _____ (AMD) C:\windows\system32\atitmm64.dll
2014-09-14 18:38 - 2014-04-18 04:21 - 00806912 _____ (AMD) C:\windows\system32\coinst_14.100.dll
2014-09-14 18:38 - 2014-04-18 04:17 - 03471376 _____ () C:\windows\SysWOW64\atiumdva.cap
2014-09-14 18:38 - 2014-04-18 04:09 - 01177600 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\atiadlxx.dll
2014-09-14 18:38 - 2014-04-18 04:09 - 00848896 _____ (Advanced Micro Devices, Inc.) C:\windows\SysWOW64\atiadlxy.dll
2014-09-14 18:38 - 2014-04-18 04:08 - 00095744 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\amdave64.dll
2014-09-14 18:38 - 2014-04-18 04:08 - 00090112 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\amdave32.dll
2014-09-14 18:38 - 2014-04-18 04:08 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atisamu64.dll
2014-09-14 18:38 - 2014-04-18 04:08 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\atisamu32.dll
2014-09-14 18:38 - 2014-04-18 04:07 - 00638976 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\Drivers\atikmpag.sys
2014-09-14 18:38 - 2014-04-18 04:07 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atig6txx.dll
2014-09-14 18:38 - 2014-04-18 04:07 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\atigktxx.dll
2014-09-14 18:38 - 2014-04-18 04:07 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atig6pxx.dll
2014-09-14 18:38 - 2014-04-18 04:07 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\atiglpxx.dll
2014-09-14 18:38 - 2014-04-18 04:07 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atiglpxx.dll
2014-09-14 18:38 - 2014-04-18 04:04 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\Drivers\ati2erec.dll
2014-09-14 18:38 - 2014-04-10 20:58 - 00082128 _____ () C:\windows\system32\ativce02.dat
2014-09-14 18:38 - 2014-04-01 01:06 - 00234804 _____ () C:\windows\system32\ativvaxy_cik.dat
2014-09-14 18:38 - 2014-04-01 01:04 - 00233008 _____ () C:\windows\system32\ativvaxy_cik_nd.dat
2014-09-14 18:38 - 2014-03-06 19:31 - 00042544 _____ () C:\windows\system32\kapp_ci.sbin
2014-09-14 18:38 - 2014-03-06 19:31 - 00035408 _____ () C:\windows\system32\kapp_si.sbin
2014-09-14 18:38 - 2014-02-06 18:45 - 00134192 _____ () C:\windows\system32\ativce03.dat
2014-09-14 18:38 - 2014-01-16 20:00 - 00273712 _____ () C:\windows\system32\ativvaxy_vi_nd.dat
2014-09-14 18:38 - 2014-01-16 19:59 - 00275124 _____ () C:\windows\system32\ativvaxy_vi.dat
2014-09-14 18:38 - 2014-01-16 11:34 - 00723841 _____ () C:\windows\system32\atiicdxx.dat
2014-09-14 18:38 - 2013-12-13 23:00 - 00036608 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\Drivers\amdkmpfd.sys
2014-09-14 18:38 - 2013-12-12 16:53 - 00138832 _____ () C:\windows\system32\samu_krnl_isv_ci.sbin
2014-09-14 18:38 - 2013-12-12 16:53 - 00138832 _____ () C:\windows\system32\samu_krnl_ci.sbin
2014-09-14 18:38 - 2013-04-10 18:34 - 00332800 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\ATIODE.exe
2014-09-14 18:38 - 2013-04-10 18:34 - 00051200 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\ATIODCLI.exe
2014-09-14 16:54 - 2014-09-14 16:54 - 00163857 _____ () C:\Users\PC\Downloads\[kickass.to]parks.and.recreation.seasons.1.6.complete.720p.02.18.2014.torrent
2014-09-14 10:41 - 2014-09-14 10:41 - 00025360 _____ () C:\Users\PC\Downloads\[HorribleSubs] Barakamon - 10 [720p].mkv.torrent
2014-09-14 02:01 - 2010-03-08 13:10 - 00013824 _____ (Kephyr) C:\windows\system32\ffnd.exe
2014-09-13 20:09 - 2014-09-13 20:11 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Launchy
2014-09-13 16:56 - 2014-09-13 16:56 - 00000000 ____D () C:\Users\PC\AppData\Local\Clover
2014-09-13 10:31 - 2014-09-13 10:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-13 10:30 - 2014-09-13 10:30 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-13 10:30 - 2014-09-13 10:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-13 10:29 - 2014-09-13 10:29 - 00000000 ____D () C:\Program Files\Xvid
2014-09-13 10:29 - 2014-04-08 06:26 - 01177088 _____ (The OpenSSL Project, http://www.openssl.org/) C:\windows\SysWOW64\libeay32.dll
2014-09-13 10:29 - 2014-04-08 06:26 - 00270336 _____ (The OpenSSL Project, http://www.openssl.org/) C:\windows\SysWOW64\ssleay32.dll
2014-09-13 10:29 - 2014-04-08 06:26 - 00270336 _____ (The OpenSSL Project, http://www.openssl.org/) C:\windows\SysWOW64\libssl32.dll
2014-09-13 10:29 - 2012-08-29 16:45 - 00258560 _____ () C:\windows\system32\xvidvfw.dll
2014-09-13 10:29 - 2012-08-29 16:44 - 00243200 _____ () C:\windows\SysWOW64\xvidvfw.dll
2014-09-13 10:29 - 2012-08-29 16:43 - 00174592 _____ () C:\windows\system32\xvid.ax
2014-09-13 10:29 - 2012-08-29 16:41 - 00153600 _____ () C:\windows\SysWOW64\xvid.ax
2014-09-13 10:29 - 2012-08-29 16:37 - 00650752 _____ () C:\windows\SysWOW64\xvidcore.dll
2014-09-13 10:29 - 2012-08-29 16:34 - 00704000 _____ () C:\windows\system32\xvidcore.dll
2014-09-13 10:29 - 2011-11-04 05:13 - 01070352 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscomctl.ocx
2014-09-13 10:29 - 2009-07-11 23:51 - 01053696 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFC71u.dll
2014-09-13 10:29 - 2009-07-11 23:40 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFC71DEU.DLL
2014-09-13 10:29 - 2009-07-11 23:40 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFC71ITA.DLL
2014-09-13 10:29 - 2009-07-11 23:40 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFC71FRA.DLL
2014-09-13 10:29 - 2009-07-11 23:40 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFC71ESP.DLL
2014-09-13 10:29 - 2009-07-11 23:40 - 00057344 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFC71ENU.DLL
2014-09-13 10:29 - 2009-07-11 23:40 - 00049152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFC71KOR.DLL
2014-09-13 10:29 - 2009-07-11 23:40 - 00049152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFC71JPN.DLL
2014-09-13 10:29 - 2009-07-11 23:40 - 00045056 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFC71CHT.DLL
2014-09-13 10:29 - 2009-07-11 23:40 - 00040960 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFC71CHS.DLL
2014-09-13 10:29 - 2009-07-11 23:07 - 00090112 _____ (Microsoft Corporation) C:\windows\SysWOW64\atl71.dll
2014-09-13 10:29 - 2009-03-24 07:52 - 00659264 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscomct2.ocx
2014-09-13 10:29 - 2009-03-24 07:52 - 00614992 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.ocx
2014-09-13 10:29 - 2009-03-24 07:52 - 00443488 _____ (Microsoft Corporation) C:\windows\SysWOW64\MShflxgd.ocx
2014-09-13 10:29 - 2009-03-24 07:52 - 00415552 _____ (Microsoft Corporation ) C:\windows\SysWOW64\comct332.ocx
2014-09-13 10:29 - 2009-03-24 07:52 - 00278352 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdatgrd.ocx
2014-09-13 10:29 - 2009-03-24 07:52 - 00258880 _____ (Microsoft Corporation) C:\windows\SysWOW64\msflxgrd.ocx
2014-09-13 10:29 - 2009-03-24 07:52 - 00252240 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdatlst.ocx
2014-09-13 10:29 - 2009-03-24 07:52 - 00222528 _____ (Microsoft Corporation) C:\windows\SysWOW64\dblist32.ocx
2014-09-13 10:29 - 2009-03-24 07:52 - 00218432 _____ (Microsoft Corporation) C:\windows\SysWOW64\richtx32.ocx
2014-09-13 10:29 - 2009-03-24 07:52 - 00215880 _____ (Microsoft Corporation) C:\windows\SysWOW64\mci32.ocx
2014-09-13 10:29 - 2009-03-24 07:52 - 00178512 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmask32.ocx
2014-09-13 10:29 - 2009-03-24 07:52 - 00170080 _____ (Microsoft Corporation) C:\windows\SysWOW64\comct232.ocx
2014-09-13 10:29 - 2009-03-24 07:52 - 00155984 _____ (Microsoft Corporation) C:\windows\SysWOW64\comdlg32.ocx
2014-09-13 10:29 - 2009-03-24 07:52 - 00129872 _____ (Microsoft Corporation) C:\windows\SysWOW64\msstdfmt.dll
2014-09-13 10:29 - 2009-03-24 07:52 - 00119616 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscomm32.ocx
2014-09-13 10:29 - 2009-03-24 07:52 - 00107840 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSSTKPRP.DLL
2014-09-13 10:29 - 2009-03-24 07:52 - 00100160 _____ (Microsoft Corporation) C:\windows\SysWOW64\picclp32.ocx
2014-09-13 10:29 - 2009-03-24 07:52 - 00080208 _____ (Microsoft Corporation) C:\windows\SysWOW64\sysinfo.ocx
2014-09-13 10:29 - 2007-01-30 19:04 - 00339968 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr70.dll
2014-09-13 10:29 - 2006-08-25 23:28 - 01017344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc70u.dll
2014-09-13 10:29 - 2006-08-25 23:15 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc70ita.dll
2014-09-13 10:29 - 2006-08-25 23:15 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc70fra.dll
2014-09-13 10:29 - 2006-08-25 23:15 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc70esp.dll
2014-09-13 10:29 - 2006-08-25 23:15 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc70deu.dll
2014-09-13 10:29 - 2006-08-25 23:15 - 00057344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc70enu.dll
2014-09-13 10:29 - 2006-08-25 23:15 - 00049152 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc70kor.dll
2014-09-13 10:29 - 2006-08-25 23:15 - 00049152 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc70jpn.dll
2014-09-13 10:29 - 2006-08-25 23:15 - 00045056 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc70cht.dll
2014-09-13 10:29 - 2006-08-25 23:15 - 00040960 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc70chs.dll
2014-09-13 10:29 - 2006-08-25 23:07 - 01024000 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc70.dll
2014-09-13 10:29 - 2006-08-25 22:17 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\atl70.dll
2014-09-13 10:29 - 2006-04-10 23:41 - 01066176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSCOMCTL32.OCX
2014-09-13 10:29 - 2005-01-20 18:25 - 00054784 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvci70.dll
2014-09-13 10:29 - 2002-01-05 04:40 - 00487424 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSVCP70.DLL
2014-09-13 10:29 - 1996-01-12 03:00 - 00935632 _____ (Microsoft Corporation) C:\windows\SysWOW64\Vb40016.dll
2014-09-13 10:29 - 1996-01-12 03:00 - 00722192 _____ (Microsoft Corporation) C:\windows\SysWOW64\Vb40032.dll
2014-09-13 10:29 - 1994-11-18 00:00 - 00210944 _____ () C:\windows\SysWOW64\msvcrt10.dll
2014-09-13 10:29 - 1993-05-11 20:00 - 00398416 _____ (Microsoft Corporation) C:\windows\SysWOW64\Vbrun300.dll
2014-09-13 10:29 - 1992-10-21 01:00 - 00356992 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbrun200.dll
2014-09-13 10:29 - 1991-05-10 02:00 - 00271264 _____ () C:\windows\SysWOW64\vbrun100.dll
2014-09-13 10:28 - 2014-09-13 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAM CoDeC Pack
2014-09-13 10:28 - 2014-09-13 10:29 - 00000000 ____D () C:\Program Files\SAM CoDeC Pack
2014-09-13 10:28 - 2014-09-13 10:29 - 00000000 ____D () C:\Program Files (x86)\SAM CoDeC Pack
2014-09-13 10:28 - 2014-09-13 10:28 - 00715038 _____ () C:\windows\unins000.exe
2014-09-13 10:28 - 2014-09-13 10:28 - 00001986 _____ () C:\windows\unins000.dat
2014-09-13 10:28 - 2014-09-13 10:28 - 00000000 ____D () C:\windows\SysWOW64\Backup
2014-09-13 10:28 - 2014-09-13 10:28 - 00000000 ____D () C:\windows\system32\Backup
2014-09-13 10:28 - 2014-09-13 10:28 - 00000000 ____D () C:\Program Files\x264vfw64
2014-09-13 10:28 - 2014-09-13 10:28 - 00000000 ____D () C:\Program Files\utvideo
2014-09-13 10:28 - 2014-09-13 10:28 - 00000000 ____D () C:\Program Files (x86)\x264vfw
2014-09-13 10:28 - 2014-06-10 23:37 - 00272896 _____ () C:\windows\system32\utv_core.dll
2014-09-13 10:28 - 2014-06-10 23:37 - 00200704 _____ () C:\windows\SysWOW64\utv_core.dll
2014-09-13 10:28 - 2014-06-10 23:37 - 00185344 _____ (TODO: <会社名>) C:\windows\system32\utv_mft.dll
2014-09-13 10:28 - 2014-06-10 23:37 - 00183296 _____ (TODO: <会社名>) C:\windows\system32\utv_dmo.dll
2014-09-13 10:28 - 2014-06-10 23:37 - 00151552 _____ (TODO: <会社名>) C:\windows\SysWOW64\utv_mft.dll
2014-09-13 10:28 - 2014-06-10 23:37 - 00151552 _____ (TODO: <会社名>) C:\windows\SysWOW64\utv_dmo.dll
2014-09-13 10:28 - 2014-06-10 23:37 - 00069632 _____ () C:\windows\SysWOW64\utv_vcm.dll
2014-09-13 10:28 - 2014-06-10 23:37 - 00067584 _____ () C:\windows\system32\utv_vcm.dll
2014-09-13 10:28 - 2011-12-07 19:37 - 00148992 _____ ( ) C:\windows\system32\lagarith.dll
2014-09-13 10:28 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\windows\SysWOW64\lagarith.dll
2014-09-13 10:27 - 2014-08-20 10:15 - 00453872 _____ (Intel® Corporation) C:\windows\system32\Drivers\IntcDAud.sys
2014-09-13 10:27 - 2014-04-24 17:34 - 00633704 _____ (Intel Corporation) C:\windows\system32\Drivers\iaStorA.sys
2014-09-13 10:27 - 2014-03-14 00:59 - 03973120 _____ (Qualcomm Atheros Communications, Inc.) C:\windows\system32\Drivers\athw8x.sys
2014-09-13 10:26 - 2014-09-14 18:42 - 00000000 ____D () C:\windows\LastGood.Tmp
2014-09-13 10:26 - 2014-06-24 17:07 - 00125952 _____ (Intel Corporation) C:\windows\system32\Drivers\TeeDriverx64.sys
2014-09-13 10:26 - 2014-06-22 17:57 - 00095096 _____ (TOSHIBA CORPORATION) C:\windows\system32\Drivers\tosrfusb.sys
2014-09-13 10:26 - 2014-06-17 19:14 - 00873688 _____ (Realtek ) C:\windows\system32\Drivers\Rt630x64.sys
2014-09-13 10:26 - 2014-06-17 19:14 - 00073800 _____ (Realtek Semiconductor Corporation) C:\windows\system32\RtNicProp64.dll
2014-09-13 10:26 - 2014-06-17 07:05 - 00035016 _____ (Qualcomm Atheros) C:\windows\system32\Drivers\btath_bus.sys
2014-09-13 10:26 - 2013-09-09 16:45 - 00040152 _____ (Broadcom Corporation.) C:\windows\system32\Drivers\bcmsmbsp.sys
2014-09-13 10:25 - 2009-06-18 20:42 - 00040832 _____ (TOSHIBA CORPORATION.) C:\windows\system32\Drivers\TosBtCi.dll
2014-09-12 21:49 - 2014-09-12 21:50 - 15987589 _____ () C:\Users\PC\Downloads\lucid__icons_by_leechiahan-d1q0uog.7z
2014-09-12 21:22 - 2014-09-12 21:23 - 24765737 _____ () C:\Users\PC\Downloads\John Wick - Trailer #1.mp4
2014-09-12 13:16 - 2014-09-13 09:41 - 4194009088 _____ () C:\Users\PC\Downloads\DRP_14.9.iso
2014-09-11 12:18 - 2014-09-11 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-11 12:04 - 2014-09-18 03:09 - 00000906 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-11 12:04 - 2014-09-18 02:45 - 00000902 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-11 12:04 - 2014-09-11 12:04 - 00003878 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-11 12:04 - 2014-09-11 12:04 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-11 11:56 - 2014-09-11 11:56 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-09-11 11:56 - 2014-09-11 11:56 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-09-11 11:56 - 2014-09-11 11:56 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-09-11 11:56 - 2014-09-11 11:56 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-11 11:56 - 2014-09-11 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-11 03:40 - 2014-09-16 19:37 - 00000218 _____ () C:\Users\PC\BullseyeCoverageError.txt
2014-09-10 22:59 - 2014-09-02 22:32 - 00705480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 22:59 - 2014-09-02 22:32 - 00104904 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 07:01 - 2014-08-16 12:34 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-10 07:01 - 2014-08-16 12:34 - 01407488 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-10 07:01 - 2014-08-16 12:34 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-09-10 07:01 - 2014-08-16 12:34 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-10 07:01 - 2014-08-16 12:33 - 19280384 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-10 07:01 - 2014-08-16 12:33 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-10 07:01 - 2014-08-16 12:33 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-10 07:01 - 2014-08-16 12:32 - 15399424 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-10 07:01 - 2014-08-16 12:32 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-10 07:01 - 2014-08-16 12:32 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-10 07:01 - 2014-08-16 12:32 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-10 07:01 - 2014-08-16 12:32 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-09-10 07:01 - 2014-08-16 12:32 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-10 07:01 - 2014-08-16 12:32 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-10 07:01 - 2014-08-16 12:32 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-10 07:01 - 2014-08-16 10:37 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-10 07:01 - 2014-08-16 10:37 - 01180672 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-10 07:01 - 2014-08-16 10:36 - 13757440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-10 07:01 - 2014-08-16 10:36 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-10 07:01 - 2014-08-16 10:36 - 02055168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-10 07:01 - 2014-08-16 10:36 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-09-10 07:01 - 2014-08-16 10:36 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-10 07:01 - 2014-08-16 10:36 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-10 07:01 - 2014-08-16 10:36 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-10 07:01 - 2014-08-16 10:36 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-10 07:01 - 2014-08-16 10:36 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-10 07:01 - 2014-08-16 10:35 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-10 07:01 - 2014-03-07 03:47 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-10 07:01 - 2013-05-16 01:37 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-09-10 07:01 - 2013-05-16 01:35 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-09-10 07:01 - 2013-05-14 16:14 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-10 07:01 - 2013-05-14 12:23 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-10 07:01 - 2013-02-21 13:29 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-09-10 07:01 - 2013-02-21 13:29 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-10 07:01 - 2013-02-21 13:29 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-10 07:01 - 2013-02-21 13:29 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-10 07:01 - 2013-02-21 13:14 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-09-10 07:01 - 2013-02-21 13:14 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-10 07:01 - 2013-02-19 12:53 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-09-10 07:01 - 2012-11-08 07:20 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-10 07:01 - 2012-11-08 07:20 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-10 07:01 - 2012-07-26 06:06 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-10 07:00 - 2014-08-16 10:36 - 14369280 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-10 04:49 - 2014-08-28 14:34 - 00059400 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-09-10 04:49 - 2014-08-28 09:05 - 00630272 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-09-10 04:49 - 2014-08-28 09:05 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-09-10 04:49 - 2014-08-28 09:05 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-09-10 04:49 - 2014-08-28 09:05 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-09-10 04:49 - 2014-08-28 09:02 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-09-10 04:49 - 2014-08-28 09:01 - 03285504 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-09-10 04:49 - 2014-08-28 09:01 - 01623552 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-09-10 04:49 - 2014-08-28 09:01 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-09-10 04:49 - 2014-08-28 09:01 - 00253440 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2014-09-10 04:49 - 2014-08-28 09:01 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2014-09-10 04:49 - 2014-08-28 09:01 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-09-10 04:49 - 2014-08-28 09:01 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-09-10 04:49 - 2014-08-28 09:01 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\wuaext.dll
2014-09-10 04:49 - 2014-08-01 02:40 - 01287680 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2014-09-10 04:49 - 2014-06-05 04:12 - 00678600 _____ (Microsoft Corporation) C:\windows\system32\msvcp120_clr0400.dll
2014-09-10 04:49 - 2014-06-04 02:12 - 00536776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp120_clr0400.dll
2014-09-10 04:48 - 2014-07-24 06:33 - 00875688 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr120_clr0400.dll
2014-09-10 04:48 - 2014-07-24 06:33 - 00869544 _____ (Microsoft Corporation) C:\windows\system32\msvcr120_clr0400.dll
2014-09-06 17:40 - 2014-09-13 10:27 - 00000400 _____ () C:\windows\setupact.log
2014-09-06 17:40 - 2014-09-06 17:40 - 00000000 _____ () C:\windows\setuperr.log
2014-09-05 10:38 - 2014-09-05 10:39 - 00000000 ____D () C:\Users\PC\Documents\C9
2014-09-05 09:29 - 2014-09-05 09:29 - 00000000 ____D () C:\windows\DEA314C409294250BC9298E4C105F28D.TMP
2014-09-05 09:29 - 2014-09-05 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\C9
2014-09-05 09:16 - 2014-09-05 09:16 - 00000000 ____D () C:\Program Files (x86)\WEBZEN
2014-09-04 15:48 - 2014-09-18 02:44 - 00007750 _____ () C:\windows\PFRO.log
2014-09-04 12:54 - 2014-09-04 12:54 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-03 22:34 - 2014-09-18 02:58 - 01851372 _____ () C:\windows\WindowsUpdate.log
2014-09-03 17:59 - 2014-09-03 18:20 - 219350948 _____ () C:\Users\PC\Downloads\Louie.s03e11.720p.hdtv.x264-dimension.mp4
2014-09-02 20:11 - 2014-09-03 22:36 - 00000000 ____D () C:\Users\PC\Documents\iTools
2014-09-02 20:10 - 2014-09-02 20:11 - 03492429 _____ () C:\Users\PC\Downloads\iTools0520E.zip
2014-09-02 09:38 - 2014-09-02 09:38 - 00000000 ____D () C:\Users\PC\Documents\Almost Human
2014-08-28 21:49 - 2014-08-28 21:50 - 00000000 ____D () C:\Users\PC\Documents\CyberLink
2014-08-28 11:50 - 2014-08-23 09:47 - 04036096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-25 17:41 - 2014-08-25 17:41 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-08-25 17:03 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-08-25 17:00 - 2014-09-17 18:28 - 00000000 ____D () C:\AdwCleaner
2014-08-25 16:37 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-08-25 16:37 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-08-25 16:37 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-08-24 21:24 - 2014-08-24 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery Professional
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-18 03:14 - 2014-09-18 03:14 - 00021851 _____ () C:\Users\PC\Downloads\FRST.txt
2014-09-18 03:14 - 2014-09-18 03:14 - 00000000 ____D () C:\FRST
2014-09-18 03:09 - 2014-09-11 12:04 - 00000906 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-18 03:07 - 2014-09-18 03:06 - 02105856 _____ (Farbar) C:\Users\PC\Downloads\FRST64.exe
2014-09-18 03:00 - 2012-07-26 11:12 - 00000000 ____D () C:\windows\system32\sru
2014-09-18 02:58 - 2014-09-03 22:34 - 01851372 _____ () C:\windows\WindowsUpdate.log
2014-09-18 02:54 - 2014-05-08 17:58 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-18 02:53 - 2014-09-17 13:41 - 00000000 ____D () C:\Users\PC\Desktop\Yeni klasör
2014-09-18 02:51 - 2014-09-18 02:51 - 00028906 _____ () C:\Users\PC\Desktop\ComboFix.txt
2014-09-18 02:51 - 2014-09-17 18:51 - 00000000 ____D () C:\Qoobox
2014-09-18 02:50 - 2013-03-19 08:19 - 00000000 ____D () C:\ProgramData\WinClon
2014-09-18 02:47 - 2014-09-14 18:46 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Raptr
2014-09-18 02:46 - 2012-07-26 08:26 - 00000215 _____ () C:\windows\system.ini
2014-09-18 02:45 - 2014-09-18 02:45 - 00000000 ____H () C:\ProgramData\cm-lock
2014-09-18 02:45 - 2014-09-11 12:04 - 00000902 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-18 02:45 - 2012-07-26 10:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-18 02:44 - 2014-09-04 15:48 - 00007750 _____ () C:\windows\PFRO.log
2014-09-18 02:41 - 2013-10-12 17:00 - 00000814 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-18 02:39 - 2013-10-12 15:23 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Skype
2014-09-18 02:00 - 2013-10-12 13:14 - 00000000 ____D () C:\Users\PC\AppData\Local\Adobe
2014-09-18 01:09 - 2013-12-26 23:37 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Mumble
2014-09-17 23:00 - 2013-10-12 15:45 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-17 22:55 - 2013-11-02 11:48 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-09-17 21:05 - 2013-10-12 13:19 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-658388628-963396013-1546228948-1001
2014-09-17 19:40 - 2013-10-14 09:38 - 00000000 ____D () C:\Users\PC\Documents\Utilities
2014-09-17 19:32 - 2014-09-17 19:32 - 00000000 ____D () C:\Users\PC\Desktop\Yeni klasör (2)
2014-09-17 19:31 - 2013-12-08 01:21 - 00000000 ____D () C:\Users\PC\AppData\Roaming\TS3Client
2014-09-17 19:08 - 2013-03-19 08:09 - 00000000 ____D () C:\Users\EasySurvey
2014-09-17 19:08 - 2012-07-26 08:37 - 00000000 __RHD () C:\Users\Default
2014-09-17 19:07 - 2014-09-17 18:51 - 00000000 ____D () C:\windows\erdnt
2014-09-17 18:38 - 2014-09-17 18:38 - 00000000 ____D () C:\windows\ERUNT
2014-09-17 18:28 - 2014-08-25 17:00 - 00000000 ____D () C:\AdwCleaner
2014-09-17 18:10 - 2013-10-22 18:46 - 00000000 ____D () C:\Users\PC\Documents\Notes
2014-09-17 13:45 - 2013-12-26 23:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
2014-09-17 13:45 - 2013-12-26 23:35 - 00000000 ____D () C:\Program Files (x86)\Mumble
2014-09-17 13:43 - 2014-09-17 13:43 - 16995328 _____ () C:\Users\PC\Downloads\mumble-1.2.8.msi
2014-09-17 12:44 - 2014-01-17 11:50 - 00000000 ____D () C:\Users\PC\AppData\Local\Last.fm
2014-09-17 11:37 - 2014-07-30 21:55 - 00000000 ____D () C:\Users\PC\Documents\ArcheAge
2014-09-17 10:46 - 2014-09-17 10:46 - 00000000 ____D () C:\ArcheAge
2014-09-17 05:05 - 2014-07-25 23:48 - 00000000 ____D () C:\Users\PC\AppData\Roaming\uTorrent
2014-09-17 02:22 - 2013-03-19 22:29 - 00720830 _____ () C:\windows\system32\perfh01F.dat
2014-09-17 02:22 - 2013-03-19 22:29 - 00151828 _____ () C:\windows\system32\perfc01F.dat
2014-09-17 02:22 - 2012-07-26 10:28 - 01726172 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-16 23:17 - 2014-09-16 23:15 - 00000000 ____D () C:\Program Files (x86)\Glyph
2014-09-16 23:15 - 2014-09-16 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-09-16 23:15 - 2014-07-29 03:15 - 00000000 ____D () C:\Users\PC\AppData\Local\Glyph
2014-09-16 22:34 - 2013-10-22 18:51 - 00000000 ____D () C:\Users\PC\Downloads\Show
2014-09-16 21:32 - 2013-10-12 13:18 - 00000000 ____D () C:\Program Files (x86)\GRETECH
2014-09-16 21:18 - 2013-10-22 18:50 - 00000000 ____D () C:\Users\PC\Downloads\Movies
2014-09-16 21:03 - 2013-10-22 18:49 - 00000000 ____D () C:\Users\PC\Downloads\Games
2014-09-16 20:47 - 2014-09-16 20:47 - 00688992 ____R (Swearware) C:\Users\PC\Downloads\dds.com
2014-09-16 20:41 - 2014-09-16 20:41 - 00033512 _____ () C:\windows\SysWOW64\Drivers\TrueSight.sys
2014-09-16 20:41 - 2014-09-16 20:41 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-16 20:34 - 2013-10-22 18:51 - 00000000 ____D () C:\Users\PC\Downloads\Anime
2014-09-16 19:37 - 2014-09-11 03:40 - 00000218 _____ () C:\Users\PC\BullseyeCoverageError.txt
2014-09-16 19:15 - 2014-03-20 13:33 - 00000356 _____ () C:\Users\PC\d3d_antilag.log
2014-09-16 18:08 - 2013-10-13 23:00 - 00000000 ____D () C:\Users\PC\AppData\Local\CrashDumps
2014-09-16 16:11 - 2012-07-26 11:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-09-15 23:38 - 2014-09-15 23:38 - 00022951 _____ () C:\Users\PC\Downloads\[kickass.to]horriblesubs.sword.art.online.720p.torrent
2014-09-15 23:37 - 2014-01-29 19:16 - 00000000 ____D () C:\Users\PC\AppData\Local\Warframe
2014-09-15 23:12 - 2014-09-15 23:12 - 03066102 _____ () C:\Users\PC\Downloads\rainmeter___elegance_2_by_lilshizzy-d41hrge.rmskin
2014-09-15 23:12 - 2014-09-15 23:12 - 01478447 _____ () C:\Users\PC\Downloads\skyrim_rainmeter_suite_v2_by_axerron-d4oz6t1.zip
2014-09-15 10:22 - 2014-09-15 10:22 - 00000000 ____D () C:\Users\PC\Documents\Strife
2014-09-15 10:01 - 2014-09-15 10:01 - 00006000 _____ () C:\windows\DirectX.log
2014-09-15 10:01 - 2014-09-15 10:01 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strife
2014-09-15 10:01 - 2014-09-15 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strife
2014-09-15 10:01 - 2014-09-15 09:58 - 00000000 ____D () C:\Program Files (x86)\Strife
2014-09-15 09:48 - 2014-09-15 08:08 - 1778598272 _____ () C:\Users\PC\Downloads\StrifeWindows-0.4.0.7.exe
2014-09-15 05:30 - 2014-09-15 05:30 - 00001095 _____ () C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downloads.lnk
2014-09-15 05:29 - 2014-09-15 05:29 - 00000878 _____ () C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\İndirilenler.lnk
2014-09-15 03:41 - 2014-09-15 03:41 - 00008790 _____ () C:\Users\PC\Downloads\The_Rover_2014_720p.torrent
2014-09-15 03:40 - 2014-09-15 03:40 - 00009996 _____ () C:\Users\PC\Downloads\Third_Person_2013_720p.torrent
2014-09-15 03:39 - 2014-09-15 03:39 - 00007710 _____ () C:\Users\PC\Downloads\Coherence_2013_720p.torrent
2014-09-14 22:10 - 2014-07-20 12:24 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-09-14 22:07 - 2012-07-26 08:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-09-14 19:03 - 2014-09-14 19:03 - 00000000 ____D () C:\ProgramData\ATI
2014-09-14 18:50 - 2014-09-14 18:50 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-09-14 18:50 - 2014-09-14 18:50 - 00000000 ____D () C:\Users\PC\AppData\Roaming\library_dir
2014-09-14 18:50 - 2014-09-14 18:46 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-09-14 18:46 - 2014-09-14 18:46 - 00056788 _____ () C:\windows\SysWOW64\CCCInstall_201409141846258725.log
2014-09-14 18:46 - 2014-09-14 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-09-14 18:46 - 2014-09-14 18:46 - 00000000 ____D () C:\ProgramData\AMD
2014-09-14 18:46 - 2014-09-14 18:46 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-09-14 18:46 - 2014-09-14 18:38 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-09-14 18:46 - 2013-03-19 07:58 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-09-14 18:42 - 2014-09-14 18:42 - 00000000 ____D () C:\Program Files\AMD
2014-09-14 18:42 - 2014-09-13 10:26 - 00000000 ____D () C:\windows\LastGood.Tmp
2014-09-14 18:39 - 2014-09-14 18:39 - 00026820 _____ () C:\Users\PC\Downloads\[HorribleSubs] Haikyuu!! - 24 [720p].mkv.torrent
2014-09-14 18:39 - 2013-11-11 16:30 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-14 18:22 - 2013-10-14 01:12 - 00000000 ____D () C:\AMD
2014-09-14 16:54 - 2014-09-14 16:54 - 00163857 _____ () C:\Users\PC\Downloads\[kickass.to]parks.and.recreation.seasons.1.6.complete.720p.02.18.2014.torrent
2014-09-14 10:41 - 2014-09-14 10:41 - 00025360 _____ () C:\Users\PC\Downloads\[HorribleSubs] Barakamon - 10 [720p].mkv.torrent
2014-09-13 20:11 - 2014-09-13 20:09 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Launchy
2014-09-13 17:02 - 2013-12-05 21:41 - 00005632 _____ () C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-13 16:56 - 2014-09-13 16:56 - 00000000 ____D () C:\Users\PC\AppData\Local\Clover
2014-09-13 10:55 - 2013-11-28 06:17 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Winamp
2014-09-13 10:31 - 2014-09-13 10:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-13 10:30 - 2014-09-13 10:30 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-13 10:30 - 2014-09-13 10:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-13 10:29 - 2014-09-13 10:29 - 00000000 ____D () C:\Program Files\Xvid
2014-09-13 10:29 - 2014-09-13 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAM CoDeC Pack
2014-09-13 10:29 - 2014-09-13 10:28 - 00000000 ____D () C:\Program Files\SAM CoDeC Pack
2014-09-13 10:29 - 2014-09-13 10:28 - 00000000 ____D () C:\Program Files (x86)\SAM CoDeC Pack
2014-09-13 10:29 - 2014-06-27 00:49 - 00000000 ____D () C:\Program Files (x86)\Xvid
2014-09-13 10:28 - 2014-09-13 10:28 - 00715038 _____ () C:\windows\unins000.exe
2014-09-13 10:28 - 2014-09-13 10:28 - 00001986 _____ () C:\windows\unins000.dat
2014-09-13 10:28 - 2014-09-13 10:28 - 00000000 ____D () C:\windows\SysWOW64\Backup
2014-09-13 10:28 - 2014-09-13 10:28 - 00000000 ____D () C:\windows\system32\Backup
2014-09-13 10:28 - 2014-09-13 10:28 - 00000000 ____D () C:\Program Files\x264vfw64
2014-09-13 10:28 - 2014-09-13 10:28 - 00000000 ____D () C:\Program Files\utvideo
2014-09-13 10:28 - 2014-09-13 10:28 - 00000000 ____D () C:\Program Files (x86)\x264vfw
2014-09-13 10:27 - 2014-09-06 17:40 - 00000400 _____ () C:\windows\setupact.log
2014-09-13 10:26 - 2013-10-12 13:15 - 00000000 ____D () C:\Users\PC\Documents\Bluetooth Folder
2014-09-13 09:41 - 2014-09-12 13:16 - 4194009088 _____ () C:\Users\PC\Downloads\DRP_14.9.iso
2014-09-12 23:18 - 2014-04-01 15:03 - 00000132 _____ () C:\Users\PC\AppData\Roaming\Adobe PNG Format CC Prefs
2014-09-12 21:50 - 2014-09-12 21:49 - 15987589 _____ () C:\Users\PC\Downloads\lucid__icons_by_leechiahan-d1q0uog.7z
2014-09-12 21:23 - 2014-09-12 21:22 - 24765737 _____ () C:\Users\PC\Downloads\John Wick - Trailer #1.mp4
2014-09-12 05:06 - 2013-10-13 19:44 - 00000000 ____D () C:\windows\system32\MRT
2014-09-12 04:57 - 2013-10-13 19:44 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-12 04:22 - 2013-10-22 18:49 - 00000000 ____D () C:\Users\PC\Downloads\Video
2014-09-12 02:50 - 2013-10-18 23:58 - 00000000 ____D () C:\Program Files\Webfin
2014-09-11 12:18 - 2014-09-11 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-11 12:17 - 2013-10-12 13:19 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-11 12:04 - 2014-09-11 12:04 - 00003878 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-11 12:04 - 2014-09-11 12:04 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-11 11:56 - 2014-09-11 11:56 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-09-11 11:56 - 2014-09-11 11:56 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-09-11 11:56 - 2014-09-11 11:56 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-09-11 11:56 - 2014-09-11 11:56 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-11 11:56 - 2014-09-11 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-11 11:56 - 2014-01-29 21:31 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-11 04:04 - 2012-07-26 11:12 - 00000000 ____D () C:\windows\rescache
2014-09-11 03:40 - 2013-10-12 13:12 - 00000000 ____D () C:\Users\PC
2014-09-11 01:51 - 2014-07-06 00:01 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-10 07:05 - 2012-07-26 10:59 - 00000000 ____D () C:\windows\CbsTemp
2014-09-09 20:42 - 2014-07-08 19:42 - 10036224 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-09 20:42 - 2013-10-12 17:00 - 00003702 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-07 09:42 - 2012-07-26 11:12 - 00000000 ____D () C:\windows\system32\NDF
2014-09-06 17:40 - 2014-09-06 17:40 - 00000000 _____ () C:\windows\setuperr.log
2014-09-06 01:12 - 2013-10-12 20:27 - 00000000 ____D () C:\Users\PC\AppData\Roaming\IrfanView
2014-09-05 10:39 - 2014-09-05 10:38 - 00000000 ____D () C:\Users\PC\Documents\C9
2014-09-05 09:29 - 2014-09-05 09:29 - 00000000 ____D () C:\windows\DEA314C409294250BC9298E4C105F28D.TMP
2014-09-05 09:29 - 2014-09-05 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\C9
2014-09-05 09:16 - 2014-09-05 09:16 - 00000000 ____D () C:\Program Files (x86)\WEBZEN
2014-09-04 19:44 - 2014-07-06 00:01 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-09-04 19:44 - 2013-11-15 19:50 - 00000000 ____D () C:\Users\PC\Documents\Electronic Arts
2014-09-04 19:36 - 2014-07-06 00:01 - 00000000 ____D () C:\ProgramData\Origin
2014-09-04 17:47 - 2013-10-13 16:13 - 00000000 ____D () C:\Games
2014-09-04 12:54 - 2014-09-04 12:54 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-04 12:54 - 2014-07-06 00:03 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Origin
2014-09-03 22:36 - 2014-09-02 20:11 - 00000000 ____D () C:\Users\PC\Documents\iTools
2014-09-03 18:20 - 2014-09-03 17:59 - 219350948 _____ () C:\Users\PC\Downloads\Louie.s03e11.720p.hdtv.x264-dimension.mp4
2014-09-03 17:05 - 2013-12-15 17:06 - 00000000 ____D () C:\Users\PC\AppData\Local\Battle.net
2014-09-03 16:03 - 2013-10-13 15:49 - 00000000 ____D () C:\Users\PC\AppData\Roaming\DAEMON Tools Lite
2014-09-03 16:02 - 2014-01-08 17:03 - 00000000 ____D () C:\windows\Minidump
2014-09-02 22:32 - 2014-09-10 22:59 - 00705480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-02 22:32 - 2014-09-10 22:59 - 00104904 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-02 20:11 - 2014-09-02 20:10 - 03492429 _____ () C:\Users\PC\Downloads\iTools0520E.zip
2014-09-02 09:38 - 2014-09-02 09:38 - 00000000 ____D () C:\Users\PC\Documents\Almost Human
2014-09-02 00:53 - 2013-03-19 06:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-01 09:31 - 2013-10-12 13:19 - 00000000 ____D () C:\ProgramData\Skype
2014-08-30 10:32 - 2014-08-17 00:30 - 05076480 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-28 21:50 - 2014-08-28 21:49 - 00000000 ____D () C:\Users\PC\Documents\CyberLink
2014-08-28 21:50 - 2014-07-25 19:24 - 00000000 ____D () C:\Users\PC\AppData\Roaming\CyberLink
2014-08-28 14:34 - 2014-09-10 04:49 - 00059400 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-28 13:45 - 2013-10-12 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-28 13:45 - 2013-10-12 13:19 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-28 09:05 - 2014-09-10 04:49 - 00630272 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-28 09:05 - 2014-09-10 04:49 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-28 09:05 - 2014-09-10 04:49 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-28 09:05 - 2014-09-10 04:49 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-08-28 09:02 - 2014-09-10 04:49 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-28 09:01 - 2014-09-10 04:49 - 03285504 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-28 09:01 - 2014-09-10 04:49 - 01623552 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-28 09:01 - 2014-09-10 04:49 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-28 09:01 - 2014-09-10 04:49 - 00253440 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2014-08-28 09:01 - 2014-09-10 04:49 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2014-08-28 09:01 - 2014-09-10 04:49 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-28 09:01 - 2014-09-10 04:49 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-28 09:01 - 2014-09-10 04:49 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\wuaext.dll
2014-08-25 17:45 - 2014-05-27 21:37 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-25 17:41 - 2014-08-25 17:41 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-08-25 16:57 - 2014-06-27 01:03 - 00000000 ____D () C:\windows\RegisteredPackages
2014-08-25 16:55 - 2014-07-23 03:59 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portforward.com
2014-08-25 16:37 - 2014-05-08 17:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-25 16:37 - 2014-05-08 17:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-24 21:24 - 2014-08-24 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery Professional
2014-08-23 09:47 - 2014-08-28 11:50 - 04036096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-20 10:15 - 2014-09-13 10:27 - 00453872 _____ (Intel® Corporation) C:\windows\system32\Drivers\IntcDAud.sys
 
Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-14 11:25
 
==================== End Of Log ============================

 

 

 

Attached Files



#9 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 18 September 2014 - 04:52 AM

Hi saenokda,

 

Step 1:
 

Run FRST fixlist

 

Please open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
Save it to the Desktop, and name it: fixlist.txt


start
ShellIconOverlayIdentifiers: ExplorerEx -> {E056AFDD-03E9-4D73-8D33-8FCCBCA73438} =>  No File
SearchScopes: HKLM - {FDF9514E-C00E-4E71-90DC-5FFDC2EA961C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {FDF9514E-C00E-4E71-90DC-5FFDC2EA961C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\12jc7g7h.default
FF DefaultSearchEngine: netmahal
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\netmahal.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
CHR Extension: (Avira Browser Safety) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk 
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
Task: {FD35C43A-6091-4B8C-A63F-668A05DA16DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
end

NOTICE: This script is written specifically for this computer!!!
Running this on another computer may cause damage to the Operating System.

Now, please run FRST, and press the Fix button, just once, and wait.

When done, the tool creates a report on the Desktop called: Fixlog.txt

>> Please post the Fixlog.txt in your reply.

 

Step 2:

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 saenokda

saenokda
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 18 September 2014 - 07:28 AM

I really appreciate your continous attention. Here are the latest logs:

 

 

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by PC at 2014-09-18 13:04:03 Run:1
Running from C:\Users\PC\Desktop\Yeni klasör (2)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
ShellIconOverlayIdentifiers: ExplorerEx -> {E056AFDD-03E9-4D73-8D33-8FCCBCA73438} =>  No File
SearchScopes: HKLM - {FDF9514E-C00E-4E71-90DC-5FFDC2EA961C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {FDF9514E-C00E-4E71-90DC-5FFDC2EA961C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\12jc7g7h.default
FF DefaultSearchEngine: netmahal
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\netmahal.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
CHR Extension: (Avira Browser Safety) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk 
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
Task: {FD35C43A-6091-4B8C-A63F-668A05DA16DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
end
*****************
 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ExplorerEx" => Key deleted successfully.
"HKCR\CLSID\{E056AFDD-03E9-4D73-8D33-8FCCBCA73438}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FDF9514E-C00E-4E71-90DC-5FFDC2EA961C}" => Key deleted successfully.
"HKCR\CLSID\{FDF9514E-C00E-4E71-90DC-5FFDC2EA961C}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{FDF9514E-C00E-4E71-90DC-5FFDC2EA961C}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{FDF9514E-C00E-4E71-90DC-5FFDC2EA961C}" => Key not found.
 => Should not be moved.
Firefox DefaultSearchEngine deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\netmahal.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml => Moved successfully.
CHR Extension: (Avira Browser Safety) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk directory not found.
C:\ProgramData\MakeMarkerFile.exe => Moved successfully.
C:\Users\EasySurvey\EasySurvey.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FD35C43A-6091-4B8C-A63F-668A05DA16DE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD35C43A-6091-4B8C-A63F-668A05DA16DE}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key deleted successfully.
C:\windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
 
==== End of Fixlog ====

 

 

 

ESET.txt

 


C:\Program Files (x86)\The Walking Dead\steam_api.dll a variant of Win32/HackTool.Crack.CC potentially unsafe application
C:\Program Files (x86)\Warlock - Master of the Arcane\steam_api.dll a variant of Win32/HackTool.Crack.BQ potentially unsafe application
C:\Users\PC\AppData\Roaming\0F1L1I1P0H1L1E1E1F\uTorrent Packages\uninstaller.exe Win32/InstallCore.PC potentially unwanted application
G:\oyun\ar?iv\Age Of Empires 2 & The Conquerors Expansion - Full Game\Age Of Empires 2 & The Conquerors Expansion - Full Game.exe a variant of Win32/Hupigon.NWG trojan
G:\torrent downloadlar?\Warlock- Master of the arcane\rld-wrlock\steam_api.dll a variant of Win32/HackTool.Crack.BQ potentially unsafe application
 

 

 

 

Also, looks like the gameharbor is gone for now (after the combofix solution).



#11 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 18 September 2014 - 07:50 PM

Hi saenokda,

Also, looks like the gameharbor is gone for now (after the combofix solution).

Right. I've delete with Combofix.

 

-----------------------------------------------------------------

I Would like you to do the following.

 

Delete files:

  • Copy all text in the code box (below)...to Notepad.
@echo off
rd /s /q "C:\AdwCleaner\"
del /f /s /q "G:\torrent downloadlar?\Warlock- Master of the arcane\rld-wrlock\steam_api.dll"
del /f /s /q "C:\Users\PC\AppData\Roaming\0F1L1I1P0H1L1E1E1F\uTorrent Packages\uninstaller.exe"
del %0 
  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
  • It should look like this: batfileicon.gif<--XPvista_bat_icon.png<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

------------------------------------------------------------------

 

Thank you for your patience. Please do the following:

 
''Congratulations! You now appear clean!''
 
 
In any case please download delfix to your desktop.

  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

You can do fllowing:
 
The easiest and safest way to do this is:

  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

to remove all but the most recently created Restore Point.

  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.
  •  

:step1: Internet Explorer. Even if you don't use it as your main browser it should be kept up-to-date because that is the browser Windows uses for updates.

Make your Internet Explorer more secure - This can be done by following these simple instructions:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

:step2:  FireFox. If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure:
 
NoScript
AdBlock Plus

:step3:  Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:

  • Open Internet Explorer
  • Click on Tools > Internet Options
  • Press Security tab
  • Select Internet zone then place check next to Enable Protected Mode if not already done
  • Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
  • Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.

:step4:  Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
 
:step5: One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:step6: ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

 

Sincerely

 

:hello:


Edited by olgun52, 18 September 2014 - 07:52 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 saenokda

saenokda
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 19 September 2014 - 01:30 AM

When I try to start internet explorer I get an error saying that I can't run it on this version of windows. Is it because I haven't updated my windows to 8.1?



#13 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 19 September 2014 - 08:13 AM

When I try to start internet explorer I get an error saying that I can't run it on this version of windows. Is it because I haven't updated my windows to 8.1?

 

Operating system Microsoft Windows 8 Single

 

Please do the following.

 

First I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737


Then I want you to do the following
 

  • Start Internet Explorer.
  • click on "safety"
  • click on "Delete Browsing History"
  • make sure all boxes are checked
  • click on "Delete"
  • click on "Tools",
  • click "Internet Options".
  • On the "Advanced" tab, click "Reset"
  • put a check mark next to "Delete Personal Settings"
  • click "Reset" to confirm
  • when complete click the "Close" button
  • restart IE

-------------------------------------------------------

 

Step 1:

 

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

 

Step 2:

 

Next please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure that all options are checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 saenokda

saenokda
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 19 September 2014 - 08:16 AM

FixIt also doesn't work. Should I do the rest of the steps anyway?



#15 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 19 September 2014 - 09:43 AM

FixIt also doesn't work. Should I do the rest of the steps anyway?

 

 

Hıımm. OK.

Open Internet Explorer as an administrator and run.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users