Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome keeps changing proxy settings. Can't get rid off superfish.com adware


  • This topic is locked This topic is locked
10 replies to this topic

#1 Lykastos

Lykastos

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 22 September 2014 - 01:28 PM

Hi!

Like the topic explains i have a proxy situation with chrome as well as other browsers such as ie and mozilla firefox. I regularly scan my computer to deal with malicious softwares. For about a week or two i keep seeing superfish.com adware. However, i can't get rid off it and i tried lots of softwares like combofix, adwcleaner, malwarebytes anti-malware etc. I'm an average computer user and i think i can deal with this annoying situation with some help from you. Thanks in advance!

 

Ps: I used combofix, adwcleaner before i find your forum and read preparation guide. Sorry about that  :bubbles:

Attached Files


Edited by Lykastos, 22 September 2014 - 01:34 PM.


BC AdBot (Login to Remove)

 


m

#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:53 PM

Posted 22 September 2014 - 01:54 PM

Hi there,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 Lykastos

Lykastos
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 22 September 2014 - 02:00 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by Can (administrator) on CAN-PC on 22-09-2014 21:57:58
Running from C:\Users\Can\Downloads
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Windows\SysWOW64\ASGT.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Spotify Ltd) C:\Users\Can\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Octoshape ApS) C:\Users\Can\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Frontend.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Riot Games\League of Legends\rads\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\rads\projects\lol_launcher\releases\0.0.0.222\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\rads\projects\lol_patcher\releases\0.0.0.6\deploy\LoLPatcher.exe
() C:\Riot Games\League of Legends\rads\projects\lol_air_client\releases\0.0.1.110\deploy\LolClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Can\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213328 2012-10-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1233040 2012-10-16] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-06-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [831192 2014-07-03] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-1556255099-3776942839-3178126535-1000\...\Run: [Spotify Web Helper] => C:\Users\Can\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-10] (Spotify Ltd)
HKU\S-1-5-21-1556255099-3776942839-3178126535-1000\...\Run: [Octoshape Streaming Services] => C:\Users\Can\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS)
HKU\S-1-5-21-1556255099-3776942839-3178126535-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1563440 2014-06-14] (Samsung)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:32444
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC44BF0654CD3CF01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{05BD6906-B3C6-4683-A18F-08B7ECEBE1D6}: [NameServer] 208.67.222.222,208.67.220.220
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Can\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Can\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll (Octoshape ApS)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Can\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Can\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Can\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yandex-tr.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-06-25]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
 
Chrome: 
=======
CHR Profile: C:\Users\Can\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Can\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Can\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-27]
CHR Extension: (YouTube) - C:\Users\Can\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-27]
CHR Extension: (Last updated at $time$ on $date$) - C:\Users\Can\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-22]
CHR Extension: (Google Search) - C:\Users\Can\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-27]
CHR Extension: (Google Wallet) - C:\Users\Can\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-27]
CHR Extension: (Gmail) - C:\Users\Can\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [405208 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [773848 2014-07-03] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-27] ()
S2 25ae9a8747fefbe420d88c1c2f45b3ef.exe; C:\Users\Can\AppData\Local\25ae9a8747fefbe420d88c1c2f45b3ef\25ae9a8747fefbe420d88c1c2f45b3ef.exe [X]
S2 ArchiveBIOSFreeware.exe; C:\Users\Can\AppData\Local\c0e54889fcac7ca239a6a129081b2657\ArchiveBIOSFreeware.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-03-08] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-07-03] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-04] (DT Soft Ltd)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-07-11] ()
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-23] (ASUSTeK Computer Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-03-08] ()
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC) [File not signed]
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [25600 2013-03-04] (Razer USA Ltd)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [22528 2013-03-04] (Razer USA Ltd)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz137; \??\C:\Users\Can\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-22 21:57 - 2014-09-22 21:58 - 00017017 _____ () C:\Users\Can\Downloads\FRST.txt
2014-09-22 21:57 - 2014-09-22 21:58 - 00000000 ____D () C:\FRST
2014-09-22 21:56 - 2014-09-22 21:57 - 02105856 _____ (Farbar) C:\Users\Can\Downloads\FRST64 (1).exe
2014-09-22 21:42 - 2014-09-22 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-09-22 21:42 - 2014-09-22 21:42 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-09-22 21:38 - 2014-09-22 21:40 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Can\Downloads\cbSetup.exe
2014-09-22 21:26 - 2014-09-22 21:27 - 00013635 _____ () C:\Users\Can\Desktop\attach.txt
2014-09-22 21:26 - 2014-09-22 21:26 - 00016457 _____ () C:\Users\Can\Desktop\dds.txt
2014-09-22 21:24 - 2014-09-22 21:24 - 00688992 ____R (Swearware) C:\Users\Can\Downloads\dds.com
2014-09-22 15:05 - 2014-09-22 15:05 - 00020120 _____ () C:\ComboFix.txt
2014-09-22 14:54 - 2011-06-26 09:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-22 14:54 - 2010-11-07 20:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-22 14:54 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-22 14:54 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-22 14:54 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-22 14:54 - 2000-08-31 03:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-22 14:54 - 2000-08-31 03:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-22 14:54 - 2000-08-31 03:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-22 14:50 - 2014-09-22 15:05 - 00000000 ____D () C:\Qoobox
2014-09-22 14:50 - 2014-09-22 15:04 - 00000000 ____D () C:\Windows\erdnt
2014-09-22 14:48 - 2014-09-22 14:49 - 05579290 ____R (Swearware) C:\Users\Can\Downloads\ComboFix.exe
2014-09-22 04:44 - 2014-09-22 04:44 - 02105856 _____ (Farbar) C:\Users\Can\Downloads\FRST64.exe
2014-09-22 04:44 - 2014-09-22 04:44 - 01373475 _____ () C:\Users\Can\Downloads\AdwCleaner.exe
2014-09-22 04:43 - 2014-09-22 04:43 - 00028909 _____ () C:\Users\Can\Downloads\dds.txt
2014-09-21 20:03 - 2014-09-21 20:03 - 00013045 _____ () C:\Users\Can\Downloads\1415guzlisans (4).xlsx
2014-09-18 17:27 - 2014-09-18 17:27 - 00013045 _____ () C:\Users\Can\Downloads\1415guzlisans (3).xlsx
2014-09-16 14:12 - 2014-09-16 14:12 - 00018018 _____ () C:\Users\Can\Downloads\[kickass.to]publicagent.e226.akasha.xxx.sd.mp4.rarbg.torrent
2014-09-16 13:57 - 2014-09-16 13:57 - 00013335 _____ () C:\Users\Can\Downloads\1415guzlisans (2).xlsx
2014-09-16 13:52 - 2014-09-16 13:52 - 00020201 _____ () C:\Users\Can\Downloads\[kickass.to]publicpickups.kitty.rich.sunbathing.beauty.gets.bleeped.mp4.torrent
2014-09-16 13:39 - 2014-09-16 13:39 - 00276944 _____ () C:\Windows\Minidump\091614-24772-01.dmp
2014-09-16 03:59 - 2014-09-16 03:59 - 05492736 _____ () C:\Users\Can\Downloads\Basketbol_Toplulugu.ppt
2014-09-16 01:42 - 2014-09-16 01:42 - 00031291 _____ () C:\Users\Can\Downloads\(335259)Edge_of_Tomorrow_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-15 20:59 - 2014-09-15 22:22 - 3768907254 ____R () C:\Users\Can\Downloads\Edge.of.Tomorrow.2014.1080p.WEB-DL.DD5.1.H264-RARBG.mkv
2014-09-15 20:59 - 2014-09-15 21:00 - 01016764 ____R () C:\Users\Can\Downloads\RARBG.com.mp4
2014-09-15 20:59 - 2014-09-15 21:00 - 00003394 ____R () C:\Users\Can\Downloads\Edge.of.Tomorrow.2014.1080p.WEB-DL.DD5.1.H264-RARBG.nfo
2014-09-15 20:59 - 2014-09-15 20:59 - 00019064 _____ () C:\Users\Can\Downloads\[kickass.to]edge.of.tomorrow.2014.1080p.web.dl.dd5.1.h264.rarbg.torrent
2014-09-15 13:30 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-09-15 13:30 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-09-15 13:30 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-09-15 13:29 - 2014-09-15 13:29 - 00023936 _____ () C:\Users\Can\Downloads\(335216)Sons_of_Anarchy_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.zip
2014-09-15 13:29 - 2014-09-15 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-09-15 13:25 - 2014-09-22 21:06 - 00000000 ____D () C:\Users\Can\AppData\Local\PMB Files
2014-09-15 13:25 - 2014-09-22 19:58 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-15 13:25 - 2014-09-15 13:25 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-09-15 13:24 - 2014-09-15 13:25 - 00000000 ____D () C:\Users\Can\AppData\Roaming\Riot Games
2014-09-15 13:23 - 2014-09-15 13:23 - 34888568 _____ (Riot Games) C:\Users\Can\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe
2014-09-15 02:39 - 2014-09-15 02:39 - 00021213 _____ () C:\Users\Can\Downloads\(35649)Princesas_25fps_1CD_English_SubRip_DiVXPlanet.rar
2014-09-15 02:37 - 2014-09-15 02:37 - 00021995 _____ () C:\Users\Can\Downloads\(37729)Princesas_25fps_1CD_English_SubRip_DiVXPlanet.rar
2014-09-15 02:36 - 2014-09-15 02:36 - 00033849 _____ () C:\Users\Can\Downloads\(50561)Princesas_25fps_2CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-15 02:36 - 2014-09-15 02:36 - 00031868 _____ () C:\Users\Can\Downloads\(50685)Princesas_25fps_1CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-15 02:07 - 2014-09-15 02:07 - 00276944 _____ () C:\Windows\Minidump\091514-20108-01.dmp
2014-09-14 20:35 - 2014-09-14 20:35 - 00013345 _____ () C:\Users\Can\Downloads\1415guzlisans (1).xlsx
2014-09-13 20:33 - 2014-09-13 21:44 - 00000000 ____D () C:\Users\Can\Desktop\WhatsApp Images
2014-09-12 01:58 - 2014-09-15 13:06 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-12 01:58 - 2014-09-15 13:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-12 01:38 - 2014-09-12 01:39 - 00286346 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-09-11 22:41 - 2014-09-11 22:41 - 00293518 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-09-11 22:41 - 2014-09-11 22:41 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-09-11 22:21 - 2014-09-11 22:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 22:21 - 2014-08-29 13:01 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 22:10 - 2011-04-09 09:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-09-11 22:10 - 2011-04-09 09:45 - 05509504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-09-11 22:10 - 2011-04-09 09:13 - 03957632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-09-11 22:10 - 2011-04-09 09:13 - 03901824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-09-11 22:10 - 2011-04-09 08:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-09-11 09:55 - 2014-09-11 10:57 - 00000000 ____D () C:\Users\Can\Downloads\Sons.of.Anarchy.S07E01.720p.HDTV.x264-KILLERS[et]
2014-09-11 09:54 - 2014-09-11 09:54 - 00218467 _____ () C:\Users\Can\Downloads\[kickass.to]sons.of.anarchy.s07e01.720p.hdtv.x264.killers.torrent
2014-09-11 02:40 - 2014-09-11 02:40 - 00173603 _____ () C:\Users\Can\Downloads\(334929)The_Last_Ship_23.976fps_10CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-11 02:26 - 2014-09-11 02:26 - 00025692 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e10.hdtv.x264.lol.ettv.torrent
2014-09-11 02:05 - 2014-09-11 02:05 - 00012831 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e08.hdtv.x264.lol.eztv.torrent
2014-09-11 02:05 - 2014-09-11 02:05 - 00012670 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e09.hdtv.x264.lol.eztv.torrent
2014-09-11 01:25 - 2014-09-11 01:25 - 00035832 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e07.hdtv.x264.lol.ettv.torrent
2014-09-11 01:08 - 2014-09-11 02:41 - 00000000 ____D () C:\Users\Can\Downloads\The Last Ship S01E06 HDTV x264-LOL[ettv]
2014-09-11 01:07 - 2014-09-11 01:07 - 00025072 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e06.hdtv.x264.lol.ettv.torrent
2014-09-11 00:57 - 2014-09-11 00:57 - 02164640 _____ () C:\Users\Can\Downloads\ttnet_toolbar (1).zip
2014-09-11 00:53 - 2014-09-11 00:53 - 00015188 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e05.hdtv.x264.lol.eztv.torrent
2014-09-10 20:42 - 2014-09-10 20:42 - 00244376 _____ () C:\Users\Can\Downloads\Firefox Setup Stub 32.0 (2).exe
2014-09-10 20:37 - 2014-09-10 20:37 - 00013305 _____ () C:\Users\Can\Downloads\1415guzlisans.xlsx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-22 21:58 - 2014-09-22 21:57 - 00017017 _____ () C:\Users\Can\Downloads\FRST.txt
2014-09-22 21:58 - 2014-09-22 21:57 - 00000000 ____D () C:\FRST
2014-09-22 21:57 - 2014-09-22 21:56 - 02105856 _____ (Farbar) C:\Users\Can\Downloads\FRST64 (1).exe
2014-09-22 21:42 - 2014-09-22 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-09-22 21:42 - 2014-09-22 21:42 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-09-22 21:40 - 2014-09-22 21:38 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Can\Downloads\cbSetup.exe
2014-09-22 21:32 - 2013-03-04 19:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-22 21:29 - 2013-03-05 00:04 - 01131042 _____ () C:\Windows\WindowsUpdate.log
2014-09-22 21:28 - 2014-06-27 13:23 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-22 21:28 - 2009-07-14 07:45 - 00010208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-22 21:28 - 2009-07-14 07:45 - 00010208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-22 21:27 - 2014-09-22 21:26 - 00013635 _____ () C:\Users\Can\Desktop\attach.txt
2014-09-22 21:26 - 2014-09-22 21:26 - 00016457 _____ () C:\Users\Can\Desktop\dds.txt
2014-09-22 21:24 - 2014-09-22 21:24 - 00688992 ____R (Swearware) C:\Users\Can\Downloads\dds.com
2014-09-22 21:06 - 2014-09-15 13:25 - 00000000 ____D () C:\Users\Can\AppData\Local\PMB Files
2014-09-22 19:58 - 2014-09-15 13:25 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-22 19:15 - 2014-06-27 13:23 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-22 19:15 - 2014-06-09 16:11 - 00026055 _____ () C:\Windows\setupact.log
2014-09-22 19:15 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-22 16:04 - 2013-04-26 15:59 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1556255099-3776942839-3178126535-1000UA.job
2014-09-22 16:04 - 2013-04-26 15:59 - 00000898 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1556255099-3776942839-3178126535-1000Core.job
2014-09-22 15:07 - 2014-06-29 23:03 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-22 15:05 - 2014-09-22 15:05 - 00020120 _____ () C:\ComboFix.txt
2014-09-22 15:05 - 2014-09-22 14:50 - 00000000 ____D () C:\Qoobox
2014-09-22 15:05 - 2009-07-14 06:20 - 00000000 __RHD () C:\Users\Default
2014-09-22 15:04 - 2014-09-22 14:50 - 00000000 ____D () C:\Windows\erdnt
2014-09-22 15:01 - 2014-06-09 16:59 - 00035420 _____ () C:\Windows\PFRO.log
2014-09-22 15:01 - 2009-07-14 05:34 - 65273856 _____ () C:\Windows\system32\config\software.bak
2014-09-22 15:01 - 2009-07-14 05:34 - 25952256 _____ () C:\Windows\system32\config\system.bak
2014-09-22 15:01 - 2009-07-14 05:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-09-22 15:01 - 2009-07-14 05:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-09-22 15:01 - 2009-07-14 05:34 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-09-22 15:01 - 2009-07-14 05:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-22 14:49 - 2014-09-22 14:48 - 05579290 ____R (Swearware) C:\Users\Can\Downloads\ComboFix.exe
2014-09-22 09:42 - 2013-03-05 00:20 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-22 04:46 - 2014-07-11 19:26 - 00000000 ____D () C:\AdwCleaner
2014-09-22 04:44 - 2014-09-22 04:44 - 02105856 _____ (Farbar) C:\Users\Can\Downloads\FRST64.exe
2014-09-22 04:44 - 2014-09-22 04:44 - 01373475 _____ () C:\Users\Can\Downloads\AdwCleaner.exe
2014-09-22 04:43 - 2014-09-22 04:43 - 00028909 _____ () C:\Users\Can\Downloads\dds.txt
2014-09-22 04:39 - 2013-03-08 17:43 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-09-22 04:39 - 2013-03-05 00:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-22 04:39 - 2009-07-14 08:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-21 20:03 - 2014-09-21 20:03 - 00013045 _____ () C:\Users\Can\Downloads\1415guzlisans (4).xlsx
2014-09-19 19:53 - 2013-12-15 22:46 - 00000000 ____D () C:\Users\Can\AppData\Local\Battle.net
2014-09-19 12:21 - 2009-07-14 08:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-19 03:41 - 2014-01-09 12:52 - 00000000 ____D () C:\Users\Can\AppData\Roaming\Spotify
2014-09-18 17:27 - 2014-09-18 17:27 - 00013045 _____ () C:\Users\Can\Downloads\1415guzlisans (3).xlsx
2014-09-16 19:23 - 2013-06-22 11:30 - 00000000 ____D () C:\Program Files (x86)\Valve
2014-09-16 19:14 - 2014-01-09 12:53 - 00000000 ____D () C:\Users\Can\AppData\Local\Spotify
2014-09-16 14:29 - 2013-03-05 11:13 - 00000000 ____D () C:\Users\Can\AppData\Roaming\uTorrent
2014-09-16 14:12 - 2014-09-16 14:12 - 00018018 _____ () C:\Users\Can\Downloads\[kickass.to]publicagent.e226.akasha.xxx.sd.mp4.rarbg.torrent
2014-09-16 13:57 - 2014-09-16 13:57 - 00013335 _____ () C:\Users\Can\Downloads\1415guzlisans (2).xlsx
2014-09-16 13:52 - 2014-09-16 13:52 - 00020201 _____ () C:\Users\Can\Downloads\[kickass.to]publicpickups.kitty.rich.sunbathing.beauty.gets.bleeped.mp4.torrent
2014-09-16 13:39 - 2014-09-16 13:39 - 00276944 _____ () C:\Windows\Minidump\091614-24772-01.dmp
2014-09-16 13:39 - 2014-06-09 18:14 - 1013414484 _____ () C:\Windows\MEMORY.DMP
2014-09-16 13:39 - 2013-03-14 01:12 - 00000000 ____D () C:\Windows\Minidump
2014-09-16 03:59 - 2014-09-16 03:59 - 05492736 _____ () C:\Users\Can\Downloads\Basketbol_Toplulugu.ppt
2014-09-16 02:54 - 2013-12-15 22:46 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-09-16 01:42 - 2014-09-16 01:42 - 00031291 _____ () C:\Users\Can\Downloads\(335259)Edge_of_Tomorrow_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-15 22:22 - 2014-09-15 20:59 - 3768907254 ____R () C:\Users\Can\Downloads\Edge.of.Tomorrow.2014.1080p.WEB-DL.DD5.1.H264-RARBG.mkv
2014-09-15 21:00 - 2014-09-15 20:59 - 01016764 ____R () C:\Users\Can\Downloads\RARBG.com.mp4
2014-09-15 21:00 - 2014-09-15 20:59 - 00003394 ____R () C:\Users\Can\Downloads\Edge.of.Tomorrow.2014.1080p.WEB-DL.DD5.1.H264-RARBG.nfo
2014-09-15 21:00 - 2014-06-02 17:37 - 00000034 ____R () C:\Users\Can\Downloads\RARBG.com.txt
2014-09-15 20:59 - 2014-09-15 20:59 - 00019064 _____ () C:\Users\Can\Downloads\[kickass.to]edge.of.tomorrow.2014.1080p.web.dl.dd5.1.h264.rarbg.torrent
2014-09-15 13:30 - 2013-10-15 07:13 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-09-15 13:29 - 2014-09-15 13:29 - 00023936 _____ () C:\Users\Can\Downloads\(335216)Sons_of_Anarchy_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.zip
2014-09-15 13:29 - 2014-09-15 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-09-15 13:25 - 2014-09-15 13:25 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-09-15 13:25 - 2014-09-15 13:24 - 00000000 ____D () C:\Users\Can\AppData\Roaming\Riot Games
2014-09-15 13:23 - 2014-09-15 13:23 - 34888568 _____ (Riot Games) C:\Users\Can\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe
2014-09-15 13:06 - 2014-09-12 01:58 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-15 13:06 - 2014-09-12 01:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-15 13:06 - 2014-06-27 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-15 13:06 - 2013-12-15 22:46 - 00000000 ____D () C:\Users\Can\AppData\Roaming\Battle.net
2014-09-15 13:06 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\registration
2014-09-15 13:06 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\AppCompat
2014-09-15 13:05 - 2014-01-19 01:12 - 00000000 ____D () C:\Users\Can\AppData\Local\Google
2014-09-15 12:29 - 2014-06-27 13:24 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-15 02:39 - 2014-09-15 02:39 - 00021213 _____ () C:\Users\Can\Downloads\(35649)Princesas_25fps_1CD_English_SubRip_DiVXPlanet.rar
2014-09-15 02:37 - 2014-09-15 02:37 - 00021995 _____ () C:\Users\Can\Downloads\(37729)Princesas_25fps_1CD_English_SubRip_DiVXPlanet.rar
2014-09-15 02:36 - 2014-09-15 02:36 - 00033849 _____ () C:\Users\Can\Downloads\(50561)Princesas_25fps_2CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-15 02:36 - 2014-09-15 02:36 - 00031868 _____ () C:\Users\Can\Downloads\(50685)Princesas_25fps_1CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-15 02:07 - 2014-09-15 02:07 - 00276944 _____ () C:\Windows\Minidump\091514-20108-01.dmp
2014-09-15 02:07 - 2013-03-05 00:01 - 00000000 ____D () C:\Users\Can
2014-09-14 20:35 - 2014-09-14 20:35 - 00013345 _____ () C:\Users\Can\Downloads\1415guzlisans (1).xlsx
2014-09-13 21:44 - 2014-09-13 20:33 - 00000000 ____D () C:\Users\Can\Desktop\WhatsApp Images
2014-09-12 01:45 - 2013-03-10 20:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-12 01:39 - 2014-09-12 01:38 - 00286346 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-09-12 01:37 - 2013-03-13 20:12 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-12 01:30 - 2009-07-14 10:46 - 00000000 ____D () C:\Windows\ShellNew
2014-09-11 22:41 - 2014-09-11 22:41 - 00293518 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-09-11 22:41 - 2014-09-11 22:41 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-09-11 22:41 - 2013-07-09 15:52 - 00002057 _____ () C:\Windows\epplauncher.mif
2014-09-11 22:40 - 2013-03-10 20:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-09-11 22:30 - 2013-07-09 15:52 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-11 22:30 - 2013-07-09 15:52 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-11 22:30 - 2013-07-09 15:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-11 22:29 - 2014-09-11 22:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 22:16 - 2009-07-14 05:34 - 00000478 _____ () C:\Windows\win.ini
2014-09-11 10:57 - 2014-09-11 09:55 - 00000000 ____D () C:\Users\Can\Downloads\Sons.of.Anarchy.S07E01.720p.HDTV.x264-KILLERS[et]
2014-09-11 09:54 - 2014-09-11 09:54 - 00218467 _____ () C:\Users\Can\Downloads\[kickass.to]sons.of.anarchy.s07e01.720p.hdtv.x264.killers.torrent
2014-09-11 09:13 - 2013-03-04 19:51 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-11 09:13 - 2013-03-04 19:51 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-11 09:13 - 2013-03-04 19:51 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-11 03:33 - 2014-04-09 22:59 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-09-11 03:06 - 2013-12-15 22:50 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-09-11 02:41 - 2014-09-11 01:08 - 00000000 ____D () C:\Users\Can\Downloads\The Last Ship S01E06 HDTV x264-LOL[ettv]
2014-09-11 02:40 - 2014-09-11 02:40 - 00173603 _____ () C:\Users\Can\Downloads\(334929)The_Last_Ship_23.976fps_10CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-11 02:26 - 2014-09-11 02:26 - 00025692 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e10.hdtv.x264.lol.ettv.torrent
2014-09-11 02:05 - 2014-09-11 02:05 - 00012831 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e08.hdtv.x264.lol.eztv.torrent
2014-09-11 02:05 - 2014-09-11 02:05 - 00012670 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e09.hdtv.x264.lol.eztv.torrent
2014-09-11 01:25 - 2014-09-11 01:25 - 00035832 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e07.hdtv.x264.lol.ettv.torrent
2014-09-11 01:07 - 2014-09-11 01:07 - 00025072 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e06.hdtv.x264.lol.ettv.torrent
2014-09-11 00:57 - 2014-09-11 00:57 - 02164640 _____ () C:\Users\Can\Downloads\ttnet_toolbar (1).zip
2014-09-11 00:53 - 2014-09-11 00:53 - 00015188 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e05.hdtv.x264.lol.eztv.torrent
2014-09-10 20:47 - 2014-06-25 21:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-10 20:42 - 2014-09-10 20:42 - 00244376 _____ () C:\Users\Can\Downloads\Firefox Setup Stub 32.0 (2).exe
2014-09-10 20:37 - 2014-09-10 20:37 - 00013305 _____ () C:\Users\Can\Downloads\1415guzlisans.xlsx
2014-08-29 13:01 - 2014-09-11 22:21 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-17 18:50
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2014 01
Ran by Can at 2014-09-22 21:58:35
Running from C:\Users\Can\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
"Tropico 4" (HKLM-x32\...\{C276D408-F88A-4E69-9CE3-B785CFA276BD}_is1) (Version:  - )
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30888 - BitTorrent Inc.)
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AIDA64 Extreme Edition v3.00 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 3.00 - FinalWire Ltd.)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 2.06.0000 - AMD) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.2.8.1 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.2.8.1 - ASUSTek COMPUTER INC.) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BioShock Infinite (HKLM-x32\...\BioShock Infinite_is1) (Version:  - )
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.12.3119 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{1AFACC2A-9A60-43EF-ABDB-2CEECA5EA77F}) (Version: 0.8.12.3119 - BlueStack Systems, Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Combined Community Codec Pack 2011-11-11 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.11.11.0 - CCCP Project)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.1.0.0 - Electronic Arts)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - )
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
Europa Universalis III (HKLM-x32\...\{59C80C5E-8C92-40FF-B910-2BB5C7281F61}) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Far Cry 3 (HKLM-x32\...\Far Cry 3_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.220 - SurfRight B.V.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.3.0 - www.leaguereplays.com)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
ManyCam 3.1.59 (HKLM-x32\...\ManyCam) (Version: 3.1.59 - ManyCam LLC)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden
Octoshape Streaming Services (HKCU\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.10.3.23642 - Grinding Gear Games)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.1.6-1.0.4843.7 - raidcall.com)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.8.14 - Razer USA Ltd.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6761 - Realtek Semiconductor Corp.)
RIFT (HKCU\...\RIFT) (Version:  - Trion Worlds, Inc.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.10 - TeamSpeak Systems GmbH)
The Elder Scrolls V Skyrim Dragonborn © Bethesda Softworks version 1 (HKLM-x32\...\The Elder Scrolls V Skyrim Dragonborn © Bethes~300CD4A2_is1) (Version: 1 - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XSplit Broadcaster (HKLM-x32\...\{4BC33FAB-4249-44D7-88A3-22682C577EE3}) (Version: 1.3.1310.1103 - SplitMediaLabs)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1556255099-3776942839-3178126535-1000_Classes\CLSID\{0ad99b85-5ff1-4ad7-a5ed-61f73c8e8600}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
18-09-2014 13:45:43 Windows Update
21-09-2014 17:05:34 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 05:34 - 2014-09-22 15:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05C3F311-78EA-4BDC-8554-B48D0A9A294C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1556255099-3776942839-3178126535-1000UA => C:\Users\Can\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-26] (Facebook Inc.)
Task: {11E9D6BC-69FA-426B-B630-E76DB206E20B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1556255099-3776942839-3178126535-1000Core => C:\Users\Can\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-26] (Facebook Inc.)
Task: {28D92AA3-6D33-4DA3-96FA-9B3B290C3863} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-27] (Google Inc.)
Task: {4C539EBF-0ED6-4131-8CA2-B04042DEB788} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-01] (Piriform Ltd)
Task: {9F77447B-4DAF-4AF6-A7B4-A3688C289B0E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-11] (Adobe Systems Incorporated)
Task: {B532BB47-E058-46A0-B47D-E3CD14F5CDEF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-27] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1556255099-3776942839-3178126535-1000Core.job => C:\Users\Can\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1556255099-3776942839-3178126535-1000UA.job => C:\Users\Can\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-12-06 17:06 - 2013-12-06 17:06 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-07-26 06:59 - 2013-07-26 06:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-07-26 06:59 - 2013-07-26 06:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2012-01-17 12:24 - 2012-01-17 12:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2014-06-27 22:42 - 2014-06-27 22:42 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-12-06 17:06 - 2013-12-06 17:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-06-12 18:11 - 2014-09-15 13:30 - 01294336 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2014-09-15 13:30 - 2014-09-15 13:30 - 02454008 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.222\deploy\LoLLauncher.exe
2014-09-15 13:31 - 2014-09-15 13:31 - 04070904 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.6\deploy\LoLPatcher.exe
2014-09-15 13:43 - 2014-09-15 13:43 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.110\deploy\LolClient.exe
2014-09-15 12:29 - 2014-09-04 06:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-15 12:29 - 2014-09-04 06:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-15 12:29 - 2014-09-04 06:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-15 12:29 - 2014-09-04 06:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-15 12:29 - 2014-09-04 06:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2014-09-15 12:29 - 2014-09-04 06:01 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll
2014-09-15 13:31 - 2014-09-15 13:31 - 01636856 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.6\deploy\RiotLauncher.dll
2014-09-15 13:31 - 2014-09-15 13:31 - 42975744 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.6\deploy\libcef.dll
2014-09-15 13:31 - 2014-09-15 13:31 - 01559552 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.6\deploy\icui18n.dll
2014-09-15 13:31 - 2014-09-15 13:31 - 01241088 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.6\deploy\icuuc.dll
2014-09-15 13:31 - 2014-09-15 13:31 - 04945408 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.6\deploy\v8.dll
2014-09-15 13:31 - 2014-09-15 13:31 - 01712128 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.6\deploy\RiotRadsIO.dll
2014-09-15 13:42 - 2014-09-15 13:42 - 04774248 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.110\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Can\Downloads\Some questions about the flat.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Driver Genius => 
MSCONFIG\startupreg: Facebook Update => "C:\Users\Can\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
MSCONFIG\startupreg: KiesPDLR.exe => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: Octoshape Streaming Services => "C:\Users\Can\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
MSCONFIG\startupreg: RaidCall => C:\Program Files (x86)\RaidCall\raidcall.exe
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\Can\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Can\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/22/2014 03:03:13 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (09/11/2014 10:41:41 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: Can-PC)
Description: HRESULT:0x8004FF06
Description:Microsoft Security Essentials is already installed. A newer version of Security Essentials is already installed on your computer. Error code:0x8004FF06.
 
Error: (08/16/2014 01:04:15 PM) (Source: Google Update) (EventID: 20) (User: Can-PC)
Description: Network Request Error.
Error: 0x80072f78. Http status code: 0.
Trying config: source=IE, named proxy=http=127.0.0.1:22644, bypass=<local>;*origin.com;*ea.com;*akamaihd.net.
trying CUP:WinHTTP.
Send request returned 0x80072f78. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, named prox
 
Error: (08/14/2014 02:23:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Monitor.exe, version: 1.1.1.0, time stamp: 0x5063c294
Faulting module name: Monitor.exe, version: 1.1.1.0, time stamp: 0x5063c294
Exception code: 0xc0000005
Fault offset: 0x000040e4
Faulting process id: 0x62c
Faulting application start time: 0xMonitor.exe0
Faulting application path: Monitor.exe1
Faulting module path: Monitor.exe2
Report Id: Monitor.exe3
 
Error: (08/13/2014 04:04:15 AM) (Source: Google Update) (EventID: 20) (User: Can-PC)
Description: Network Request Error.
Error: 0x80072f78. Http status code: 0.
Trying config: source=IE, named proxy=http=127.0.0.1:23182, bypass=<local>;*origin.com;*ea.com;*akamaihd.net.
trying CUP:WinHTTP.
Send request returned 0x80072f78. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, named prox
 
Error: (08/13/2014 01:04:15 AM) (Source: Google Update) (EventID: 20) (User: Can-PC)
Description: Network Request Error.
Error: 0x80072f78. Http status code: 0.
Trying config: source=IE, named proxy=http=127.0.0.1:23182, bypass=<local>;*origin.com;*ea.com;*akamaihd.net.
trying CUP:WinHTTP.
Send request returned 0x80072f78. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, named prox
 
Error: (08/12/2014 10:49:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mpc-hc.exe, version: 1.5.3.3819, time stamp: 0x4ebc2a94
Faulting module name: mpc-hc.exe, version: 1.5.3.3819, time stamp: 0x4ebc2a94
Exception code: 0xc0000005
Fault offset: 0x0032268e
Faulting process id: 0x1528
Faulting application start time: 0xmpc-hc.exe0
Faulting application path: mpc-hc.exe1
Faulting module path: mpc-hc.exe2
Report Id: mpc-hc.exe3
 
Error: (08/12/2014 10:04:05 PM) (Source: Google Update) (EventID: 20) (User: Can-PC)
Description: Network Request Error.
Error: 0x80072f78. Http status code: 0.
Trying config: source=IE, named proxy=http=127.0.0.1:23182, bypass=<local>;*origin.com;*ea.com;*akamaihd.net.
trying CUP:WinHTTP.
Send request returned 0x80072f78. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, named prox
 
Error: (08/10/2014 03:25:53 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (08/10/2014 00:50:44 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
 
System errors:
=============
Error: (09/22/2014 07:17:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RgFltX64 service failed to start due to the following error: 
%%2
 
Error: (09/22/2014 07:17:08 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
 
Error: (09/22/2014 07:15:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ArchiveBIOSFreeware.exe service failed to start due to the following error: 
%%2
 
Error: (09/22/2014 07:15:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The 25ae9a8747fefbe420d88c1c2f45b3ef.exe service failed to start due to the following error: 
%%2
 
Error: (09/22/2014 03:04:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RgFltX64 service failed to start due to the following error: 
%%2
 
Error: (09/22/2014 03:04:33 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
 
Error: (09/22/2014 03:03:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (09/22/2014 03:01:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ArchiveBIOSFreeware.exe service failed to start due to the following error: 
%%2
 
Error: (09/22/2014 03:01:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The 25ae9a8747fefbe420d88c1c2f45b3ef.exe service failed to start due to the following error: 
%%2
 
Error: (09/22/2014 03:00:54 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-09-22 15:00:24.443
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-09-22 15:00:24.428
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-01 18:38:58.077
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Can\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-01 18:38:58.073
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Can\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-01 18:38:57.804
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Can\AppData\Local\Temp\Rar$EXa0.872\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-01 18:38:57.801
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Can\AppData\Local\Temp\Rar$EXa0.872\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-8320 Eight-Core Processor 
Percentage of memory in use: 54%
Total physical RAM: 8173.24 MB
Available physical RAM: 3686.39 MB
Total Pagefile: 16344.63 MB
Available Pagefile: 10826.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:220.15 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 686E938A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:53 PM

Posted 22 September 2014 - 02:43 PM

Ok, let's read out some data first:


Please download this attached Attached File  fixlist.txt   846bytes   5 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#5 Lykastos

Lykastos
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 22 September 2014 - 02:45 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-09-2014 01
Ran by Can at 2014-09-22 22:44:25 Run:1
Running from C:\Users\Can\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
REG: reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" 
REG: reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" 
REG: reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" 
REG: reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" 
REG: reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" 
REG: reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" 
REG: reg query "HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" 
REG: reg query "HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" 
REG: reg query "HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters" /s
 
*****************
 
 
========= reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" =========
 
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
    EnablePunycode    REG_DWORD    0x1
    CodeBaseSearchPath    REG_SZ    CODEBASE
    WarnOnIntranet    REG_DWORD    0x1
    MinorVersion    REG_SZ    0
    ActiveXCache    REG_SZ    C:\Windows\Downloaded Program Files
    WarnOnPost    REG_BINARY    01000000
    WarnonBadCertRecving    REG_DWORD    0x1
    WarnOnPostRedirect    REG_DWORD    0x0
    WarnOnZoneCrossing    REG_DWORD    0x1
    WarnOnHTTPSToHTTPRedirect    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ApprovedActiveXInstallSites
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
 
 
========= End of Reg: =========
 
 
========= reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" =========
 
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    WinHttpSettings    REG_BINARY    1800000000000000010000000000000000000000
 
 
 
========= End of Reg: =========
 
 
========= reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" =========
 
 
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings
    EnablePunycode    REG_DWORD    0x1
    CodeBaseSearchPath    REG_SZ    CODEBASE
    WarnOnIntranet    REG_DWORD    0x1
    MinorVersion    REG_SZ    0
    ActiveXCache    REG_SZ    C:\Windows\Downloaded Program Files
    UrlEncoding    REG_DWORD    0x0
    SecureProtocols    REG_DWORD    0xa0
    EnableHttp1_1    REG_DWORD    0x1
    ProxyHttp1.1    REG_DWORD    0x1
    ShowPunycode    REG_DWORD    0x0
    CreateUriCacheSize    REG_DWORD    0x50
    CoInternetCombineIUriCacheSize    REG_DWORD    0x50
    SecurityIdIUriCacheSize    REG_DWORD    0x1e
    SpecialFoldersCacheSize    REG_DWORD    0x8
    DisableCachingOfSSLPages    REG_DWORD    0x0
    ProxyRemoved    REG_SZ    True
 
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Activities
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Passport
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\PluggableProtocols
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SO
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Unattend
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
 
 
========= End of Reg: =========
 
 
========= reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" =========
 
 
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    WinHttpSettings    REG_BINARY    1800000000000000010000000000000000000000
 
 
 
========= End of Reg: =========
 
 
========= reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" =========
 
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
    IE5_UA_Backup_Flag    REG_SZ    5.0
    User Agent    REG_SZ    Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    EmailName    REG_SZ    IEUser@
    PrivDiscUiShown    REG_DWORD    0x1
    EnableHttp1_1    REG_DWORD    0x1
    WarnOnIntranet    REG_DWORD    0x1
    MimeExclusionListForCache    REG_SZ    multipart/mixed multipart/x-mixed-replace multipart/x-byteranges 
    AutoConfigProxy    REG_SZ    wininet.dll
    UseSchannelDirectly    REG_BINARY    01000000
    WarnOnPost    REG_BINARY    01000000
    UrlEncoding    REG_DWORD    0x0
    SecureProtocols    REG_DWORD    0xa0
    PrivacyAdvanced    REG_DWORD    0x0
    ZonesSecurityUpgrade    REG_BINARY    30D9A39E1B19CE01
    DisableCachingOfSSLPages    REG_DWORD    0x0
    WarnonZoneCrossing    REG_DWORD    0x1
    CertificateRevocation    REG_DWORD    0x1
    EnableNegotiate    REG_DWORD    0x1
    ProxyEnable    REG_DWORD    0x1
    MigrateProxy    REG_DWORD    0x1
    EnableAutodial    REG_DWORD    0x0
    NoNetAutodial    REG_DWORD    0x0
    ProxyHttp1.1    REG_DWORD    0x1
    EnablePunycode    REG_DWORD    0x1
    ShowPunycode    REG_DWORD    0x0
    CreateUriCacheSize    REG_DWORD    0x50
    CoInternetCombineIUriCacheSize    REG_DWORD    0x50
    SecurityIdIUriCacheSize    REG_DWORD    0x1e
    SpecialFoldersCacheSize    REG_DWORD    0x8
    GlobalUserOffline    REG_DWORD    0x0
    ProxyOverride    REG_SZ    <local>;*origin.com;*ea.com;*akamaihd.net
    ProxyServer    REG_SZ    http=127.0.0.1:32444
    WarnonBadCertRecving    REG_DWORD    0x1
    WarnOnPostRedirect    REG_DWORD    0x0
    WarnOnHTTPSToHTTPRedirect    REG_DWORD    0x1
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Activities
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\CACHE
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
 
 
========= End of Reg: =========
 
 
========= reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" =========
 
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings    REG_BINARY    460000004C0400000300000014000000687474703D3132372E302E302E313A3332343434290000003C6C6F63616C3E3B2A6F726967696E2E636F6D3B2A65612E636F6D3B2A616B616D616968642E6E6574000000000200000000000000F078CF36F083CF01000000000000000000000000020000001700000000000000FE80000000000000C074352B15ED790E0B000000000000001700000000000000FE80000000000000C074352B15ED790E0B000000000000001C00000000000000000000000000000000000000000000000000000000000000170000000000000000000000000000000000FFFFC0A80276000000000000000002000000C0A802760000000000000000000000000000000000000000000000000C00000C2BBD000060796C00D8DB6E00000000000400000000000000010000000300000000000000A89D64000000000000000000B89D6400FEFFFFFFC89B64000C00000002000000010000000000000080000000000000000000000000000000
    SavedLegacySettings    REG_BINARY    46000000CE1D00000300000014000000687474703D3132372E302E302E313A3332343434290000003C6C6F63616C3E3B2A6F726967696E2E636F6D3B2A65612E636F6D3B2A616B616D616968642E6E6574000000000200000000000000F078CF36F083CF01000000000000000000000000020000001700000000000000FE80000000000000C074352B15ED790E0B000000000000001700000000000000FE80000000000000C074352B15ED790E0B000000000000001C00000000000000000000000000000000000000000000000000000000000000170000000000000000000000000000000000FFFFC0A80276000000000000000002000000C0A802760000000000000000000000000000000000000000000000000C00000C2BBD000060796C00D8DB6E00000000000400000000000000010000000300000000000000A89D64000000000000000000B89D6400FEFFFFFFC89B64000C00000002000000010000000000000080000000000000000000000000000000
 
 
 
========= End of Reg: =========
 
 
========= reg query "HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg query "HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg query "HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters" /s =========
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters
    ServiceDll    REG_EXPAND_SZ    %SystemRoot%\System32\nlasvc.dll
    ServiceDllUnloadOnStop    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet
    PassivePollPeriod    REG_DWORD    0x5
    StaleThreshold    REG_DWORD    0x1e
    WebTimeout    REG_DWORD    0x23
    EnableActiveProbing    REG_DWORD    0x1
    ActiveWebProbeHost    REG_SZ    www.msftncsi.com
    ActiveWebProbePath    REG_SZ    ncsi.txt
    ActiveWebProbeContent    REG_SZ    Microsoft NCSI
    ActiveDnsProbeHost    REG_SZ    dns.msftncsi.com
    ActiveDnsProbeContent    REG_SZ    131.107.255.255
    OpportunisticInternetGatewaysV4    REG_SZ    00-1c-a8-ab-f1-06 151104
    KnownProxylessGateways    REG_SZ    00-1c-a8-ab-f1-06 151005
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies
 
 
 
========= End of Reg: =========
 
 
==== End of Fixlog ====
 
There you go.


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:53 PM

Posted 22 September 2014 - 02:58 PM

Ok, now please do the following steps:


Step 1

Please download this attached Attached File  fixlist.txt   1.28KB   4 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#7 Lykastos

Lykastos
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 22 September 2014 - 03:07 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-09-2014 01
Ran by Can at 2014-09-22 23:01:01 Run:2
Running from C:\Users\Can\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:32444
S2 25ae9a8747fefbe420d88c1c2f45b3ef.exe; C:\Users\Can\AppData\Local\25ae9a8747fefbe420d88c1c2f45b3ef\25ae9a8747fefbe420d88c1c2f45b3ef.exe [X]
C:\Users\Can\AppData\Local\25ae9a8747fefbe420d88c1c2f45b3ef
S2 ArchiveBIOSFreeware.exe; C:\Users\Can\AppData\Local\c0e54889fcac7ca239a6a129081b2657\ArchiveBIOSFreeware.exe [X]
C:\Users\Can\AppData\Local\c0e54889fcac7ca239a6a129081b2657
REG: reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
REG: reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
REG: reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v MigrateProxy /f
REG: reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f
REG: reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f
REG: reg delete "HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f
EmptyTemp:
 
*****************
 
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
25ae9a8747fefbe420d88c1c2f45b3ef.exe => Service deleted successfully.
"C:\Users\Can\AppData\Local\25ae9a8747fefbe420d88c1c2f45b3ef" => File/Directory not found.
ArchiveBIOSFreeware.exe => Service deleted successfully.
"C:\Users\Can\AppData\Local\c0e54889fcac7ca239a6a129081b2657" => File/Directory not found.
 
========= reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v MigrateProxy /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
EmptyTemp: => Removed 523.6 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by Can (administrator) on CAN-PC on 22-09-2014 23:05:37
Running from C:\Users\Can\Downloads
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Windows\SysWOW64\ASGT.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Spotify Ltd) C:\Users\Can\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Octoshape ApS) C:\Users\Can\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Farbar) C:\Users\Can\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213328 2012-10-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1233040 2012-10-16] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-06-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [831192 2014-07-03] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-1556255099-3776942839-3178126535-1000\...\Run: [Spotify Web Helper] => C:\Users\Can\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-10] (Spotify Ltd)
HKU\S-1-5-21-1556255099-3776942839-3178126535-1000\...\Run: [Octoshape Streaming Services] => C:\Users\Can\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS)
HKU\S-1-5-21-1556255099-3776942839-3178126535-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1563440 2014-06-14] (Samsung)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:33974
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC44BF0654CD3CF01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{05BD6906-B3C6-4683-A18F-08B7ECEBE1D6}: [NameServer] 208.67.222.222,208.67.220.220
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Can\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Can\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll (Octoshape ApS)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Can\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Can\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Can\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yandex-tr.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-06-25]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
 
Chrome: 
=======
CHR Profile: C:\Users\Can\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Can\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Can\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-27]
CHR Extension: (YouTube) - C:\Users\Can\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-27]
CHR Extension: (Last updated at $time$ on $date$) - C:\Users\Can\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-22]
CHR Extension: (Google Search) - C:\Users\Can\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-27]
CHR Extension: (Google Wallet) - C:\Users\Can\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-27]
CHR Extension: (Gmail) - C:\Users\Can\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [405208 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [773848 2014-07-03] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-27] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-03-08] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-07-03] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-04] (DT Soft Ltd)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-07-11] ()
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-23] (ASUSTeK Computer Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-03-08] ()
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC) [File not signed]
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [25600 2013-03-04] (Razer USA Ltd)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [22528 2013-03-04] (Razer USA Ltd)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz137; \??\C:\Users\Can\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-22 21:58 - 2014-09-22 21:58 - 00042255 _____ () C:\Users\Can\Downloads\Addition.txt
2014-09-22 21:57 - 2014-09-22 23:05 - 00015796 _____ () C:\Users\Can\Downloads\FRST.txt
2014-09-22 21:57 - 2014-09-22 23:05 - 00000000 ____D () C:\FRST
2014-09-22 21:56 - 2014-09-22 21:57 - 02105856 _____ (Farbar) C:\Users\Can\Downloads\FRST64 (1).exe
2014-09-22 21:42 - 2014-09-22 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-09-22 21:42 - 2014-09-22 21:42 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-09-22 21:38 - 2014-09-22 21:40 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Can\Downloads\cbSetup.exe
2014-09-22 21:26 - 2014-09-22 21:27 - 00013635 _____ () C:\Users\Can\Desktop\attach.txt
2014-09-22 21:26 - 2014-09-22 21:26 - 00016457 _____ () C:\Users\Can\Desktop\dds.txt
2014-09-22 21:24 - 2014-09-22 21:24 - 00688992 ____R (Swearware) C:\Users\Can\Downloads\dds.com
2014-09-22 15:05 - 2014-09-22 15:05 - 00020120 _____ () C:\ComboFix.txt
2014-09-22 14:54 - 2011-06-26 09:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-22 14:54 - 2010-11-07 20:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-22 14:54 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-22 14:54 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-22 14:54 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-22 14:54 - 2000-08-31 03:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-22 14:54 - 2000-08-31 03:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-22 14:54 - 2000-08-31 03:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-22 14:50 - 2014-09-22 15:05 - 00000000 ____D () C:\Qoobox
2014-09-22 14:50 - 2014-09-22 15:04 - 00000000 ____D () C:\Windows\erdnt
2014-09-22 14:48 - 2014-09-22 14:49 - 05579290 ____R (Swearware) C:\Users\Can\Downloads\ComboFix.exe
2014-09-22 04:44 - 2014-09-22 04:44 - 02105856 _____ (Farbar) C:\Users\Can\Downloads\FRST64.exe
2014-09-22 04:44 - 2014-09-22 04:44 - 01373475 _____ () C:\Users\Can\Downloads\AdwCleaner.exe
2014-09-22 04:43 - 2014-09-22 04:43 - 00028909 _____ () C:\Users\Can\Downloads\dds.txt
2014-09-21 20:03 - 2014-09-21 20:03 - 00013045 _____ () C:\Users\Can\Downloads\1415guzlisans (4).xlsx
2014-09-18 17:27 - 2014-09-18 17:27 - 00013045 _____ () C:\Users\Can\Downloads\1415guzlisans (3).xlsx
2014-09-16 14:12 - 2014-09-16 14:12 - 00018018 _____ () C:\Users\Can\Downloads\[kickass.to]publicagent.e226.akasha.xxx.sd.mp4.rarbg.torrent
2014-09-16 13:57 - 2014-09-16 13:57 - 00013335 _____ () C:\Users\Can\Downloads\1415guzlisans (2).xlsx
2014-09-16 13:52 - 2014-09-16 13:52 - 00020201 _____ () C:\Users\Can\Downloads\[kickass.to]publicpickups.kitty.rich.sunbathing.beauty.gets.bleeped.mp4.torrent
2014-09-16 13:39 - 2014-09-16 13:39 - 00276944 _____ () C:\Windows\Minidump\091614-24772-01.dmp
2014-09-16 03:59 - 2014-09-16 03:59 - 05492736 _____ () C:\Users\Can\Downloads\Basketbol_Toplulugu.ppt
2014-09-16 01:42 - 2014-09-16 01:42 - 00031291 _____ () C:\Users\Can\Downloads\(335259)Edge_of_Tomorrow_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-15 20:59 - 2014-09-15 22:22 - 3768907254 ____R () C:\Users\Can\Downloads\Edge.of.Tomorrow.2014.1080p.WEB-DL.DD5.1.H264-RARBG.mkv
2014-09-15 20:59 - 2014-09-15 21:00 - 01016764 ____R () C:\Users\Can\Downloads\RARBG.com.mp4
2014-09-15 20:59 - 2014-09-15 21:00 - 00003394 ____R () C:\Users\Can\Downloads\Edge.of.Tomorrow.2014.1080p.WEB-DL.DD5.1.H264-RARBG.nfo
2014-09-15 20:59 - 2014-09-15 20:59 - 00019064 _____ () C:\Users\Can\Downloads\[kickass.to]edge.of.tomorrow.2014.1080p.web.dl.dd5.1.h264.rarbg.torrent
2014-09-15 13:30 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-09-15 13:30 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-09-15 13:30 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-09-15 13:29 - 2014-09-15 13:29 - 00023936 _____ () C:\Users\Can\Downloads\(335216)Sons_of_Anarchy_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.zip
2014-09-15 13:29 - 2014-09-15 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-09-15 13:25 - 2014-09-22 21:06 - 00000000 ____D () C:\Users\Can\AppData\Local\PMB Files
2014-09-15 13:25 - 2014-09-22 19:58 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-15 13:25 - 2014-09-15 13:25 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-09-15 13:24 - 2014-09-15 13:25 - 00000000 ____D () C:\Users\Can\AppData\Roaming\Riot Games
2014-09-15 13:23 - 2014-09-15 13:23 - 34888568 _____ (Riot Games) C:\Users\Can\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe
2014-09-15 02:39 - 2014-09-15 02:39 - 00021213 _____ () C:\Users\Can\Downloads\(35649)Princesas_25fps_1CD_English_SubRip_DiVXPlanet.rar
2014-09-15 02:37 - 2014-09-15 02:37 - 00021995 _____ () C:\Users\Can\Downloads\(37729)Princesas_25fps_1CD_English_SubRip_DiVXPlanet.rar
2014-09-15 02:36 - 2014-09-15 02:36 - 00033849 _____ () C:\Users\Can\Downloads\(50561)Princesas_25fps_2CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-15 02:36 - 2014-09-15 02:36 - 00031868 _____ () C:\Users\Can\Downloads\(50685)Princesas_25fps_1CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-15 02:07 - 2014-09-15 02:07 - 00276944 _____ () C:\Windows\Minidump\091514-20108-01.dmp
2014-09-14 20:35 - 2014-09-14 20:35 - 00013345 _____ () C:\Users\Can\Downloads\1415guzlisans (1).xlsx
2014-09-13 20:33 - 2014-09-13 21:44 - 00000000 ____D () C:\Users\Can\Desktop\WhatsApp Images
2014-09-12 01:58 - 2014-09-15 13:06 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-12 01:58 - 2014-09-15 13:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-12 01:38 - 2014-09-12 01:39 - 00286346 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-09-11 22:41 - 2014-09-11 22:41 - 00293518 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-09-11 22:41 - 2014-09-11 22:41 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-09-11 22:21 - 2014-09-11 22:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 22:21 - 2014-08-29 13:01 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 22:10 - 2011-04-09 09:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-09-11 22:10 - 2011-04-09 09:45 - 05509504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-09-11 22:10 - 2011-04-09 09:13 - 03957632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-09-11 22:10 - 2011-04-09 09:13 - 03901824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-09-11 22:10 - 2011-04-09 08:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-09-11 09:55 - 2014-09-11 10:57 - 00000000 ____D () C:\Users\Can\Downloads\Sons.of.Anarchy.S07E01.720p.HDTV.x264-KILLERS[et]
2014-09-11 09:54 - 2014-09-11 09:54 - 00218467 _____ () C:\Users\Can\Downloads\[kickass.to]sons.of.anarchy.s07e01.720p.hdtv.x264.killers.torrent
2014-09-11 02:40 - 2014-09-11 02:40 - 00173603 _____ () C:\Users\Can\Downloads\(334929)The_Last_Ship_23.976fps_10CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-11 02:26 - 2014-09-11 02:26 - 00025692 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e10.hdtv.x264.lol.ettv.torrent
2014-09-11 02:05 - 2014-09-11 02:05 - 00012831 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e08.hdtv.x264.lol.eztv.torrent
2014-09-11 02:05 - 2014-09-11 02:05 - 00012670 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e09.hdtv.x264.lol.eztv.torrent
2014-09-11 01:25 - 2014-09-11 01:25 - 00035832 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e07.hdtv.x264.lol.ettv.torrent
2014-09-11 01:08 - 2014-09-11 02:41 - 00000000 ____D () C:\Users\Can\Downloads\The Last Ship S01E06 HDTV x264-LOL[ettv]
2014-09-11 01:07 - 2014-09-11 01:07 - 00025072 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e06.hdtv.x264.lol.ettv.torrent
2014-09-11 00:57 - 2014-09-11 00:57 - 02164640 _____ () C:\Users\Can\Downloads\ttnet_toolbar (1).zip
2014-09-11 00:53 - 2014-09-11 00:53 - 00015188 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e05.hdtv.x264.lol.eztv.torrent
2014-09-10 20:42 - 2014-09-10 20:42 - 00244376 _____ () C:\Users\Can\Downloads\Firefox Setup Stub 32.0 (2).exe
2014-09-10 20:37 - 2014-09-10 20:37 - 00013305 _____ () C:\Users\Can\Downloads\1415guzlisans.xlsx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-22 23:05 - 2014-09-22 21:57 - 00015796 _____ () C:\Users\Can\Downloads\FRST.txt
2014-09-22 23:05 - 2014-09-22 21:57 - 00000000 ____D () C:\FRST
2014-09-22 23:02 - 2014-06-27 13:23 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-22 23:02 - 2014-06-09 16:59 - 00038394 _____ () C:\Windows\PFRO.log
2014-09-22 23:02 - 2014-06-09 16:36 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-09-22 23:02 - 2014-06-09 16:11 - 00026111 _____ () C:\Windows\setupact.log
2014-09-22 23:02 - 2013-05-01 18:51 - 00000000 ____D () C:\Users\Can\AppData\Local\Apps\2.0
2014-09-22 23:02 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-22 23:01 - 2013-03-05 00:04 - 01132811 _____ () C:\Windows\WindowsUpdate.log
2014-09-22 23:01 - 2009-07-14 06:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-22 22:32 - 2013-03-04 19:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-22 22:28 - 2014-06-27 13:23 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-22 22:04 - 2013-04-26 15:59 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1556255099-3776942839-3178126535-1000UA.job
2014-09-22 21:58 - 2014-09-22 21:58 - 00042255 _____ () C:\Users\Can\Downloads\Addition.txt
2014-09-22 21:57 - 2014-09-22 21:56 - 02105856 _____ (Farbar) C:\Users\Can\Downloads\FRST64 (1).exe
2014-09-22 21:42 - 2014-09-22 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-09-22 21:42 - 2014-09-22 21:42 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-09-22 21:40 - 2014-09-22 21:38 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Can\Downloads\cbSetup.exe
2014-09-22 21:28 - 2009-07-14 07:45 - 00010208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-22 21:28 - 2009-07-14 07:45 - 00010208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-22 21:27 - 2014-09-22 21:26 - 00013635 _____ () C:\Users\Can\Desktop\attach.txt
2014-09-22 21:26 - 2014-09-22 21:26 - 00016457 _____ () C:\Users\Can\Desktop\dds.txt
2014-09-22 21:24 - 2014-09-22 21:24 - 00688992 ____R (Swearware) C:\Users\Can\Downloads\dds.com
2014-09-22 21:06 - 2014-09-15 13:25 - 00000000 ____D () C:\Users\Can\AppData\Local\PMB Files
2014-09-22 19:58 - 2014-09-15 13:25 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-22 16:04 - 2013-04-26 15:59 - 00000898 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1556255099-3776942839-3178126535-1000Core.job
2014-09-22 15:07 - 2014-06-29 23:03 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-22 15:05 - 2014-09-22 15:05 - 00020120 _____ () C:\ComboFix.txt
2014-09-22 15:05 - 2014-09-22 14:50 - 00000000 ____D () C:\Qoobox
2014-09-22 15:05 - 2009-07-14 06:20 - 00000000 __RHD () C:\Users\Default
2014-09-22 15:04 - 2014-09-22 14:50 - 00000000 ____D () C:\Windows\erdnt
2014-09-22 15:01 - 2009-07-14 05:34 - 65273856 _____ () C:\Windows\system32\config\software.bak
2014-09-22 15:01 - 2009-07-14 05:34 - 25952256 _____ () C:\Windows\system32\config\system.bak
2014-09-22 15:01 - 2009-07-14 05:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-09-22 15:01 - 2009-07-14 05:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-09-22 15:01 - 2009-07-14 05:34 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-09-22 15:01 - 2009-07-14 05:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-22 14:49 - 2014-09-22 14:48 - 05579290 ____R (Swearware) C:\Users\Can\Downloads\ComboFix.exe
2014-09-22 09:42 - 2013-03-05 00:20 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-22 04:46 - 2014-07-11 19:26 - 00000000 ____D () C:\AdwCleaner
2014-09-22 04:44 - 2014-09-22 04:44 - 02105856 _____ (Farbar) C:\Users\Can\Downloads\FRST64.exe
2014-09-22 04:44 - 2014-09-22 04:44 - 01373475 _____ () C:\Users\Can\Downloads\AdwCleaner.exe
2014-09-22 04:43 - 2014-09-22 04:43 - 00028909 _____ () C:\Users\Can\Downloads\dds.txt
2014-09-22 04:39 - 2013-03-08 17:43 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-09-22 04:39 - 2013-03-05 00:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-22 04:39 - 2009-07-14 08:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-21 20:03 - 2014-09-21 20:03 - 00013045 _____ () C:\Users\Can\Downloads\1415guzlisans (4).xlsx
2014-09-19 19:53 - 2013-12-15 22:46 - 00000000 ____D () C:\Users\Can\AppData\Local\Battle.net
2014-09-19 12:21 - 2009-07-14 08:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-19 03:41 - 2014-01-09 12:52 - 00000000 ____D () C:\Users\Can\AppData\Roaming\Spotify
2014-09-18 17:27 - 2014-09-18 17:27 - 00013045 _____ () C:\Users\Can\Downloads\1415guzlisans (3).xlsx
2014-09-16 19:23 - 2013-06-22 11:30 - 00000000 ____D () C:\Program Files (x86)\Valve
2014-09-16 19:14 - 2014-01-09 12:53 - 00000000 ____D () C:\Users\Can\AppData\Local\Spotify
2014-09-16 14:29 - 2013-03-05 11:13 - 00000000 ____D () C:\Users\Can\AppData\Roaming\uTorrent
2014-09-16 14:12 - 2014-09-16 14:12 - 00018018 _____ () C:\Users\Can\Downloads\[kickass.to]publicagent.e226.akasha.xxx.sd.mp4.rarbg.torrent
2014-09-16 13:57 - 2014-09-16 13:57 - 00013335 _____ () C:\Users\Can\Downloads\1415guzlisans (2).xlsx
2014-09-16 13:52 - 2014-09-16 13:52 - 00020201 _____ () C:\Users\Can\Downloads\[kickass.to]publicpickups.kitty.rich.sunbathing.beauty.gets.bleeped.mp4.torrent
2014-09-16 13:39 - 2014-09-16 13:39 - 00276944 _____ () C:\Windows\Minidump\091614-24772-01.dmp
2014-09-16 13:39 - 2014-06-09 18:14 - 1013414484 _____ () C:\Windows\MEMORY.DMP
2014-09-16 13:39 - 2013-03-14 01:12 - 00000000 ____D () C:\Windows\Minidump
2014-09-16 03:59 - 2014-09-16 03:59 - 05492736 _____ () C:\Users\Can\Downloads\Basketbol_Toplulugu.ppt
2014-09-16 02:54 - 2013-12-15 22:46 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-09-16 01:42 - 2014-09-16 01:42 - 00031291 _____ () C:\Users\Can\Downloads\(335259)Edge_of_Tomorrow_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-15 22:22 - 2014-09-15 20:59 - 3768907254 ____R () C:\Users\Can\Downloads\Edge.of.Tomorrow.2014.1080p.WEB-DL.DD5.1.H264-RARBG.mkv
2014-09-15 21:00 - 2014-09-15 20:59 - 01016764 ____R () C:\Users\Can\Downloads\RARBG.com.mp4
2014-09-15 21:00 - 2014-09-15 20:59 - 00003394 ____R () C:\Users\Can\Downloads\Edge.of.Tomorrow.2014.1080p.WEB-DL.DD5.1.H264-RARBG.nfo
2014-09-15 21:00 - 2014-06-02 17:37 - 00000034 ____R () C:\Users\Can\Downloads\RARBG.com.txt
2014-09-15 20:59 - 2014-09-15 20:59 - 00019064 _____ () C:\Users\Can\Downloads\[kickass.to]edge.of.tomorrow.2014.1080p.web.dl.dd5.1.h264.rarbg.torrent
2014-09-15 13:30 - 2013-10-15 07:13 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-09-15 13:29 - 2014-09-15 13:29 - 00023936 _____ () C:\Users\Can\Downloads\(335216)Sons_of_Anarchy_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.zip
2014-09-15 13:29 - 2014-09-15 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-09-15 13:25 - 2014-09-15 13:25 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-09-15 13:25 - 2014-09-15 13:24 - 00000000 ____D () C:\Users\Can\AppData\Roaming\Riot Games
2014-09-15 13:23 - 2014-09-15 13:23 - 34888568 _____ (Riot Games) C:\Users\Can\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe
2014-09-15 13:06 - 2014-09-12 01:58 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-15 13:06 - 2014-09-12 01:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-15 13:06 - 2014-06-27 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-15 13:06 - 2013-12-15 22:46 - 00000000 ____D () C:\Users\Can\AppData\Roaming\Battle.net
2014-09-15 13:06 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\registration
2014-09-15 13:06 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\AppCompat
2014-09-15 13:05 - 2014-01-19 01:12 - 00000000 ____D () C:\Users\Can\AppData\Local\Google
2014-09-15 12:29 - 2014-06-27 13:24 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-15 02:39 - 2014-09-15 02:39 - 00021213 _____ () C:\Users\Can\Downloads\(35649)Princesas_25fps_1CD_English_SubRip_DiVXPlanet.rar
2014-09-15 02:37 - 2014-09-15 02:37 - 00021995 _____ () C:\Users\Can\Downloads\(37729)Princesas_25fps_1CD_English_SubRip_DiVXPlanet.rar
2014-09-15 02:36 - 2014-09-15 02:36 - 00033849 _____ () C:\Users\Can\Downloads\(50561)Princesas_25fps_2CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-15 02:36 - 2014-09-15 02:36 - 00031868 _____ () C:\Users\Can\Downloads\(50685)Princesas_25fps_1CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-15 02:07 - 2014-09-15 02:07 - 00276944 _____ () C:\Windows\Minidump\091514-20108-01.dmp
2014-09-15 02:07 - 2013-03-05 00:01 - 00000000 ____D () C:\Users\Can
2014-09-14 20:35 - 2014-09-14 20:35 - 00013345 _____ () C:\Users\Can\Downloads\1415guzlisans (1).xlsx
2014-09-13 21:44 - 2014-09-13 20:33 - 00000000 ____D () C:\Users\Can\Desktop\WhatsApp Images
2014-09-12 01:45 - 2013-03-10 20:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-12 01:39 - 2014-09-12 01:38 - 00286346 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-09-12 01:37 - 2013-03-13 20:12 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-12 01:30 - 2009-07-14 10:46 - 00000000 ____D () C:\Windows\ShellNew
2014-09-11 22:41 - 2014-09-11 22:41 - 00293518 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-09-11 22:41 - 2014-09-11 22:41 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-09-11 22:41 - 2013-07-09 15:52 - 00002057 _____ () C:\Windows\epplauncher.mif
2014-09-11 22:40 - 2013-03-10 20:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-09-11 22:30 - 2013-07-09 15:52 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-11 22:30 - 2013-07-09 15:52 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-11 22:30 - 2013-07-09 15:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-11 22:29 - 2014-09-11 22:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 22:16 - 2009-07-14 05:34 - 00000478 _____ () C:\Windows\win.ini
2014-09-11 10:57 - 2014-09-11 09:55 - 00000000 ____D () C:\Users\Can\Downloads\Sons.of.Anarchy.S07E01.720p.HDTV.x264-KILLERS[et]
2014-09-11 09:54 - 2014-09-11 09:54 - 00218467 _____ () C:\Users\Can\Downloads\[kickass.to]sons.of.anarchy.s07e01.720p.hdtv.x264.killers.torrent
2014-09-11 09:13 - 2013-03-04 19:51 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-11 09:13 - 2013-03-04 19:51 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-11 09:13 - 2013-03-04 19:51 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-11 03:33 - 2014-04-09 22:59 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-09-11 03:06 - 2013-12-15 22:50 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-09-11 02:41 - 2014-09-11 01:08 - 00000000 ____D () C:\Users\Can\Downloads\The Last Ship S01E06 HDTV x264-LOL[ettv]
2014-09-11 02:40 - 2014-09-11 02:40 - 00173603 _____ () C:\Users\Can\Downloads\(334929)The_Last_Ship_23.976fps_10CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-11 02:26 - 2014-09-11 02:26 - 00025692 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e10.hdtv.x264.lol.ettv.torrent
2014-09-11 02:05 - 2014-09-11 02:05 - 00012831 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e08.hdtv.x264.lol.eztv.torrent
2014-09-11 02:05 - 2014-09-11 02:05 - 00012670 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e09.hdtv.x264.lol.eztv.torrent
2014-09-11 01:25 - 2014-09-11 01:25 - 00035832 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e07.hdtv.x264.lol.ettv.torrent
2014-09-11 01:07 - 2014-09-11 01:07 - 00025072 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e06.hdtv.x264.lol.ettv.torrent
2014-09-11 00:57 - 2014-09-11 00:57 - 02164640 _____ () C:\Users\Can\Downloads\ttnet_toolbar (1).zip
2014-09-11 00:53 - 2014-09-11 00:53 - 00015188 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e05.hdtv.x264.lol.eztv.torrent
2014-09-10 20:47 - 2014-06-25 21:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-10 20:42 - 2014-09-10 20:42 - 00244376 _____ () C:\Users\Can\Downloads\Firefox Setup Stub 32.0 (2).exe
2014-09-10 20:37 - 2014-09-10 20:37 - 00013305 _____ () C:\Users\Can\Downloads\1415guzlisans.xlsx
2014-08-29 13:01 - 2014-09-11 22:21 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-17 18:50
 
==================== End Of Log ============================
 
Here is what you asked. Thanks a lot for helping me.


#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:53 PM

Posted 22 September 2014 - 03:24 PM

Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.
hitman.gif

#9 Lykastos

Lykastos
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 22 September 2014 - 03:31 PM

Hey aharonov!

I can't scan my computer with hitman pro because it crashes abruptly when it starts scanning. Usually when it finds a trace. What should i do now? Do you have any other solution?



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:53 PM

Posted 24 September 2014 - 09:08 AM

Did you try to scan with HitmanPro more than once? If no then please try again now.
Otherwise repeat these steps.

#11 Lykastos

Lykastos
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 24 September 2014 - 09:45 AM

I did try to scan multiple times. 

Here is fixlog and frst.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-09-2014
Ran by Can at 2014-09-24 17:38:47 Run:3
Running from C:\Users\Can\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:32444
S2 25ae9a8747fefbe420d88c1c2f45b3ef.exe; C:\Users\Can\AppData\Local\25ae9a8747fefbe420d88c1c2f45b3ef\25ae9a8747fefbe420d88c1c2f45b3ef.exe [X]
C:\Users\Can\AppData\Local\25ae9a8747fefbe420d88c1c2f45b3ef
S2 ArchiveBIOSFreeware.exe; C:\Users\Can\AppData\Local\c0e54889fcac7ca239a6a129081b2657\ArchiveBIOSFreeware.exe [X]
C:\Users\Can\AppData\Local\c0e54889fcac7ca239a6a129081b2657
REG: reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
REG: reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
REG: reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v MigrateProxy /f
REG: reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f
REG: reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f
REG: reg delete "HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f
EmptyTemp:
 
*****************
 
Processes closed successfully.
"C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
25ae9a8747fefbe420d88c1c2f45b3ef.exe => Service not found.
"C:\Users\Can\AppData\Local\25ae9a8747fefbe420d88c1c2f45b3ef" => File/Directory not found.
ArchiveBIOSFreeware.exe => Service not found.
"C:\Users\Can\AppData\Local\c0e54889fcac7ca239a6a129081b2657" => File/Directory not found.
 
========= reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v MigrateProxy /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
EmptyTemp: => Removed 188.7 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2014
Ran by Can (administrator) on CAN-PC on 24-09-2014 17:43:58
Running from C:\Users\Can\Downloads
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Windows\SysWOW64\ASGT.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Spotify Ltd) C:\Users\Can\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Octoshape ApS) C:\Users\Can\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213328 2012-10-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1233040 2012-10-16] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-06-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [831192 2014-07-03] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-1556255099-3776942839-3178126535-1000\...\Run: [Spotify Web Helper] => C:\Users\Can\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-23] (Spotify Ltd)
HKU\S-1-5-21-1556255099-3776942839-3178126535-1000\...\Run: [Octoshape Streaming Services] => C:\Users\Can\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS)
HKU\S-1-5-21-1556255099-3776942839-3178126535-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1563440 2014-06-14] (Samsung)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:38058
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC44BF0654CD3CF01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{05BD6906-B3C6-4683-A18F-08B7ECEBE1D6}: [NameServer] 208.67.222.222,208.67.220.220
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Can\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Can\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll (Octoshape ApS)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Can\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Can\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Can\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yandex-tr.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-06-25]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
 
Chrome: 
=======
CHR Profile: C:\Users\Can\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Can\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Can\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-27]
CHR Extension: (YouTube) - C:\Users\Can\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-27]
CHR Extension: (Last updated at $time$ on $date$) - C:\Users\Can\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-22]
CHR Extension: (Google Search) - C:\Users\Can\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-27]
CHR Extension: (Google Wallet) - C:\Users\Can\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-27]
CHR Extension: (Gmail) - C:\Users\Can\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [405208 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-07-03] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [773848 2014-07-03] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-27] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-03-08] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-07-03] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-04] (DT Soft Ltd)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-09-24] ()
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-23] (ASUSTeK Computer Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-03-08] ()
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC) [File not signed]
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [25600 2013-03-04] (Razer USA Ltd)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [22528 2013-03-04] (Razer USA Ltd)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz137; \??\C:\Users\Can\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-24 17:37 - 2014-09-24 17:37 - 02106880 _____ (Farbar) C:\Users\Can\Downloads\FRST64.exe
2014-09-24 17:37 - 2014-09-24 17:37 - 00000000 ____D () C:\Users\Can\Downloads\FRST-OlderVersion
2014-09-24 16:52 - 2014-09-24 16:52 - 00028213 _____ () C:\Users\Can\Downloads\(336326)The_Strain_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-24 15:08 - 2014-09-24 15:08 - 00012034 _____ () C:\Users\Can\Downloads\(336017)The_Strain_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-24 12:46 - 2014-09-24 12:46 - 00012516 _____ () C:\Users\Can\Downloads\(334911)The_Strain_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-24 00:22 - 2014-09-24 00:35 - 00000000 ____D () C:\Users\Can\Downloads\The Strain S01E11 WEB-DL x264-FUM[ettv]
2014-09-24 00:22 - 2014-09-24 00:22 - 00021680 _____ () C:\Users\Can\Downloads\[kickass.to]the.strain.s01e11.web.dl.x264.fum.ettv.torrent
2014-09-24 00:21 - 2014-09-24 00:21 - 00013927 _____ () C:\Users\Can\Downloads\(334212)The_Strain_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-23 23:54 - 2014-09-23 23:58 - 00000000 ____D () C:\Users\Can\Downloads\The Strain S01E10 WEB-DL x264-FUM[ettv]
2014-09-23 23:54 - 2014-09-23 23:54 - 00020526 _____ () C:\Users\Can\Downloads\[kickass.to]the.strain.s01e10.web.dl.x264.fum.ettv.torrent
2014-09-23 23:30 - 2014-09-23 23:30 - 00016018 _____ () C:\Users\Can\Downloads\(333454)The_Strain_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-23 23:24 - 2014-09-23 23:32 - 00000000 ____D () C:\Users\Can\Downloads\The Strain S01E09 WEB-DL x264-FUM[ettv]
2014-09-23 23:23 - 2014-09-23 23:23 - 00020549 _____ () C:\Users\Can\Downloads\[kickass.to]the.strain.s01e09.web.dl.x264.fum.ettv.torrent
2014-09-23 22:47 - 2014-09-23 22:47 - 00014809 _____ () C:\Users\Can\Downloads\(332624)The_Strain_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-23 21:52 - 2014-09-23 21:52 - 00014259 _____ () C:\Users\Can\Downloads\(331765)The_Strain_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-23 20:29 - 2014-09-23 20:29 - 00276944 _____ () C:\Windows\Minidump\092314-15256-01.dmp
2014-09-23 18:28 - 2014-09-23 18:28 - 00014946 _____ () C:\Users\Can\Downloads\(330779)The_Strain_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-23 16:23 - 2014-09-23 16:23 - 00014002 _____ () C:\Users\Can\Downloads\(330018)The_Strain_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-23 16:22 - 2014-09-23 18:18 - 312231493 ____R () C:\Users\Can\Downloads\The.Strain.S01E08.HDTV.x264-2HD.mp4
2014-09-23 16:22 - 2014-09-23 16:27 - 00000000 ____D () C:\Users\Can\Downloads\The Strain S01E07 WEB-DL x264-FUM[ettv]
2014-09-23 16:22 - 2014-09-23 16:22 - 00021312 _____ () C:\Users\Can\Downloads\[kickass.to]the.strain.s01e07.web.dl.x264.fum.ettv.torrent
2014-09-23 16:22 - 2014-09-23 16:22 - 00012415 _____ () C:\Users\Can\Downloads\[kickass.to]the.strain.s01e08.hdtv.x264.2hd.eztv.torrent
2014-09-23 15:28 - 2014-09-23 15:39 - 00000000 ____D () C:\Users\Can\Downloads\The Strain S01E06 WEB-DL x264-FUM[ettv]
2014-09-23 15:28 - 2014-09-23 15:28 - 00024451 _____ () C:\Users\Can\Downloads\[kickass.to]the.strain.s01e06.web.dl.x264.fum.ettv.torrent
2014-09-23 15:28 - 2014-09-23 15:28 - 00018281 _____ () C:\Users\Can\Downloads\(329120)The_Strain_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-23 15:28 - 2014-09-23 15:28 - 00011955 _____ () C:\Users\Can\Downloads\[kickass.to]the.strain.s01e05.proper.hdtv.x264.2hd.eztv.torrent
2014-09-23 03:17 - 2014-09-23 03:52 - 00000000 ____D () C:\Users\Can\Downloads\The Strain S01E04 HDTV x264-ASAP[ettv]
2014-09-23 03:16 - 2014-09-23 03:33 - 00000000 ____D () C:\Users\Can\Downloads\The Strain S01E03 HDTV x264-KILLERS[ettv]
2014-09-23 03:16 - 2014-09-23 03:16 - 00025516 _____ () C:\Users\Can\Downloads\[kickass.to]the.strain.s01e04.hdtv.x264.asap.ettv.torrent
2014-09-23 03:16 - 2014-09-23 03:16 - 00023822 _____ () C:\Users\Can\Downloads\[kickass.to]the.strain.s01e03.hdtv.x264.killers.ettv.torrent
2014-09-23 03:12 - 2014-09-23 03:12 - 00025564 _____ () C:\Users\Can\Downloads\(328107)The_Strain_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-23 02:53 - 2014-09-23 02:58 - 00000000 ____D () C:\Users\Can\Downloads\The Strain S01E02 HDTV x264-KILLERS[ettv]
2014-09-23 02:52 - 2014-09-23 02:52 - 00023739 _____ () C:\Users\Can\Downloads\[kickass.to]the.strain.s01e02.hdtv.x264.killers.ettv.torrent
2014-09-23 02:05 - 2014-09-23 02:06 - 00000000 ____D () C:\Users\Can\Downloads\The Strain S01E01 HDTV x264-2HD[ettv]
2014-09-23 02:04 - 2014-09-23 02:04 - 00045311 _____ () C:\Users\Can\Downloads\[kickass.to]the.strain.s01e01.hdtv.x264.2hd.ettv.torrent
2014-09-22 21:58 - 2014-09-22 21:58 - 00042255 _____ () C:\Users\Can\Downloads\Addition.txt
2014-09-22 21:57 - 2014-09-24 17:43 - 00015741 _____ () C:\Users\Can\Downloads\FRST.txt
2014-09-22 21:57 - 2014-09-24 17:43 - 00000000 ____D () C:\FRST
2014-09-22 21:42 - 2014-09-22 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-09-22 21:42 - 2014-09-22 21:42 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-09-22 21:38 - 2014-09-22 21:40 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Can\Downloads\cbSetup.exe
2014-09-22 21:26 - 2014-09-22 21:27 - 00013635 _____ () C:\Users\Can\Desktop\attach.txt
2014-09-22 21:26 - 2014-09-22 21:26 - 00016457 _____ () C:\Users\Can\Desktop\dds.txt
2014-09-22 21:24 - 2014-09-22 21:24 - 00688992 ____R (Swearware) C:\Users\Can\Downloads\dds.com
2014-09-22 15:05 - 2014-09-22 15:05 - 00020120 _____ () C:\ComboFix.txt
2014-09-22 14:54 - 2011-06-26 09:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-22 14:54 - 2010-11-07 20:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-22 14:54 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-22 14:54 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-22 14:54 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-22 14:54 - 2000-08-31 03:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-22 14:54 - 2000-08-31 03:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-22 14:54 - 2000-08-31 03:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-22 14:50 - 2014-09-22 15:05 - 00000000 ____D () C:\Qoobox
2014-09-22 14:50 - 2014-09-22 15:04 - 00000000 ____D () C:\Windows\erdnt
2014-09-22 14:48 - 2014-09-22 14:49 - 05579290 ____R (Swearware) C:\Users\Can\Downloads\ComboFix.exe
2014-09-22 04:44 - 2014-09-22 04:44 - 01373475 _____ () C:\Users\Can\Downloads\AdwCleaner.exe
2014-09-22 04:43 - 2014-09-22 04:43 - 00028909 _____ () C:\Users\Can\Downloads\dds.txt
2014-09-21 20:03 - 2014-09-21 20:03 - 00013045 _____ () C:\Users\Can\Downloads\1415guzlisans (4).xlsx
2014-09-18 17:27 - 2014-09-18 17:27 - 00013045 _____ () C:\Users\Can\Downloads\1415guzlisans (3).xlsx
2014-09-16 13:57 - 2014-09-16 13:57 - 00013335 _____ () C:\Users\Can\Downloads\1415guzlisans (2).xlsx
2014-09-16 13:39 - 2014-09-16 13:39 - 00276944 _____ () C:\Windows\Minidump\091614-24772-01.dmp
2014-09-16 03:59 - 2014-09-16 03:59 - 05492736 _____ () C:\Users\Can\Downloads\Basketbol_Toplulugu.ppt
2014-09-16 01:42 - 2014-09-16 01:42 - 00031291 _____ () C:\Users\Can\Downloads\(335259)Edge_of_Tomorrow_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-15 20:59 - 2014-09-15 22:22 - 3768907254 ____R () C:\Users\Can\Downloads\Edge.of.Tomorrow.2014.1080p.WEB-DL.DD5.1.H264-RARBG.mkv
2014-09-15 20:59 - 2014-09-15 21:00 - 01016764 ____R () C:\Users\Can\Downloads\RARBG.com.mp4
2014-09-15 20:59 - 2014-09-15 21:00 - 00003394 ____R () C:\Users\Can\Downloads\Edge.of.Tomorrow.2014.1080p.WEB-DL.DD5.1.H264-RARBG.nfo
2014-09-15 20:59 - 2014-09-15 20:59 - 00019064 _____ () C:\Users\Can\Downloads\[kickass.to]edge.of.tomorrow.2014.1080p.web.dl.dd5.1.h264.rarbg.torrent
2014-09-15 13:30 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-09-15 13:30 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-09-15 13:30 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-09-15 13:29 - 2014-09-15 13:29 - 00023936 _____ () C:\Users\Can\Downloads\(335216)Sons_of_Anarchy_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.zip
2014-09-15 13:29 - 2014-09-15 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-09-15 13:25 - 2014-09-24 12:18 - 00000000 ____D () C:\Users\Can\AppData\Local\PMB Files
2014-09-15 13:25 - 2014-09-24 11:48 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-15 13:25 - 2014-09-15 13:25 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-09-15 13:24 - 2014-09-15 13:25 - 00000000 ____D () C:\Users\Can\AppData\Roaming\Riot Games
2014-09-15 13:23 - 2014-09-15 13:23 - 34888568 _____ (Riot Games) C:\Users\Can\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe
2014-09-15 02:39 - 2014-09-15 02:39 - 00021213 _____ () C:\Users\Can\Downloads\(35649)Princesas_25fps_1CD_English_SubRip_DiVXPlanet.rar
2014-09-15 02:37 - 2014-09-15 02:37 - 00021995 _____ () C:\Users\Can\Downloads\(37729)Princesas_25fps_1CD_English_SubRip_DiVXPlanet.rar
2014-09-15 02:36 - 2014-09-15 02:36 - 00033849 _____ () C:\Users\Can\Downloads\(50561)Princesas_25fps_2CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-15 02:36 - 2014-09-15 02:36 - 00031868 _____ () C:\Users\Can\Downloads\(50685)Princesas_25fps_1CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-15 02:07 - 2014-09-15 02:07 - 00276944 _____ () C:\Windows\Minidump\091514-20108-01.dmp
2014-09-14 20:35 - 2014-09-14 20:35 - 00013345 _____ () C:\Users\Can\Downloads\1415guzlisans (1).xlsx
2014-09-13 20:33 - 2014-09-13 21:44 - 00000000 ____D () C:\Users\Can\Desktop\WhatsApp Images
2014-09-12 01:58 - 2014-09-15 13:06 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-12 01:58 - 2014-09-15 13:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-12 01:38 - 2014-09-12 01:39 - 00286346 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-09-11 22:41 - 2014-09-11 22:41 - 00293518 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-09-11 22:41 - 2014-09-11 22:41 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-09-11 22:21 - 2014-09-11 22:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 22:21 - 2014-08-29 13:01 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 22:10 - 2011-04-09 09:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-09-11 22:10 - 2011-04-09 09:45 - 05509504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-09-11 22:10 - 2011-04-09 09:13 - 03957632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-09-11 22:10 - 2011-04-09 09:13 - 03901824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-09-11 22:10 - 2011-04-09 08:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-09-11 09:55 - 2014-09-11 10:57 - 00000000 ____D () C:\Users\Can\Downloads\Sons.of.Anarchy.S07E01.720p.HDTV.x264-KILLERS[et]
2014-09-11 09:54 - 2014-09-11 09:54 - 00218467 _____ () C:\Users\Can\Downloads\[kickass.to]sons.of.anarchy.s07e01.720p.hdtv.x264.killers.torrent
2014-09-11 02:40 - 2014-09-11 02:40 - 00173603 _____ () C:\Users\Can\Downloads\(334929)The_Last_Ship_23.976fps_10CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-11 02:26 - 2014-09-11 02:26 - 00025692 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e10.hdtv.x264.lol.ettv.torrent
2014-09-11 02:05 - 2014-09-11 02:05 - 00012831 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e08.hdtv.x264.lol.eztv.torrent
2014-09-11 02:05 - 2014-09-11 02:05 - 00012670 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e09.hdtv.x264.lol.eztv.torrent
2014-09-11 01:25 - 2014-09-11 01:25 - 00035832 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e07.hdtv.x264.lol.ettv.torrent
2014-09-11 01:08 - 2014-09-11 02:41 - 00000000 ____D () C:\Users\Can\Downloads\The Last Ship S01E06 HDTV x264-LOL[ettv]
2014-09-11 01:07 - 2014-09-11 01:07 - 00025072 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e06.hdtv.x264.lol.ettv.torrent
2014-09-11 00:57 - 2014-09-11 00:57 - 02164640 _____ () C:\Users\Can\Downloads\ttnet_toolbar (1).zip
2014-09-11 00:53 - 2014-09-11 00:53 - 00015188 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e05.hdtv.x264.lol.eztv.torrent
2014-09-10 20:42 - 2014-09-10 20:42 - 00244376 _____ () C:\Users\Can\Downloads\Firefox Setup Stub 32.0 (2).exe
2014-09-10 20:37 - 2014-09-10 20:37 - 00013305 _____ () C:\Users\Can\Downloads\1415guzlisans.xlsx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-24 17:44 - 2014-09-22 21:57 - 00015741 _____ () C:\Users\Can\Downloads\FRST.txt
2014-09-24 17:43 - 2014-09-22 21:57 - 00000000 ____D () C:\FRST
2014-09-24 17:40 - 2014-06-27 13:23 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-24 17:40 - 2014-06-09 16:11 - 00026335 _____ () C:\Windows\setupact.log
2014-09-24 17:40 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-24 17:39 - 2014-06-09 16:59 - 00039266 _____ () C:\Windows\PFRO.log
2014-09-24 17:39 - 2013-03-05 00:04 - 01247012 _____ () C:\Windows\WindowsUpdate.log
2014-09-24 17:37 - 2014-09-24 17:37 - 02106880 _____ (Farbar) C:\Users\Can\Downloads\FRST64.exe
2014-09-24 17:37 - 2014-09-24 17:37 - 00000000 ____D () C:\Users\Can\Downloads\FRST-OlderVersion
2014-09-24 17:33 - 2014-07-11 19:25 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-09-24 17:32 - 2013-03-04 19:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-24 17:28 - 2014-06-27 13:23 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-24 16:52 - 2014-09-24 16:52 - 00028213 _____ () C:\Users\Can\Downloads\(336326)The_Strain_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-24 16:04 - 2013-04-26 15:59 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1556255099-3776942839-3178126535-1000UA.job
2014-09-24 16:04 - 2013-04-26 15:59 - 00000898 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1556255099-3776942839-3178126535-1000Core.job
2014-09-24 15:08 - 2014-09-24 15:08 - 00012034 _____ () C:\Users\Can\Downloads\(336017)The_Strain_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-24 14:38 - 2014-01-09 12:52 - 00000000 ____D () C:\Users\Can\AppData\Roaming\Spotify
2014-09-24 12:46 - 2014-09-24 12:46 - 00012516 _____ () C:\Users\Can\Downloads\(334911)The_Strain_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-24 12:18 - 2014-09-15 13:25 - 00000000 ____D () C:\Users\Can\AppData\Local\PMB Files
2014-09-24 11:58 - 2014-01-09 12:53 - 00000000 ____D () C:\Users\Can\AppData\Local\Spotify
2014-09-24 11:48 - 2014-09-15 13:25 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-24 11:25 - 2009-07-14 07:45 - 00010208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-24 11:25 - 2009-07-14 07:45 - 00010208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-24 01:08 - 2013-03-05 11:13 - 00000000 ____D () C:\Users\Can\AppData\Roaming\uTorrent
2014-09-24 00:35 - 2014-09-24 00:22 - 00000000 ____D () C:\Users\Can\Downloads\The Strain S01E11 WEB-DL x264-FUM[ettv]
2014-09-24 00:22 - 2014-09-24 00:22 - 00021680 _____ () C:\Users\Can\Downloads\[kickass.to]the.strain.s01e11.web.dl.x264.fum.ettv.torrent
2014-09-24 00:21 - 2014-09-24 00:21 - 00013927 _____ () C:\Users\Can\Downloads\(334212)The_Strain_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-23 23:58 - 2014-09-23 23:54 - 00000000 ____D () C:\Users\Can\Downloads\The Strain S01E10 WEB-DL x264-FUM[ettv]
2014-09-23 23:54 - 2014-09-23 23:54 - 00020526 _____ () C:\Users\Can\Downloads\[kickass.to]the.strain.s01e10.web.dl.x264.fum.ettv.torrent
2014-09-23 23:32 - 2014-09-23 23:24 - 00000000 ____D () C:\Users\Can\Downloads\The Strain S01E09 WEB-DL x264-FUM[ettv]
2014-09-23 23:30 - 2014-09-23 23:30 - 00016018 _____ () C:\Users\Can\Downloads\(333454)The_Strain_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-23 23:23 - 2014-09-23 23:23 - 00020549 _____ () C:\Users\Can\Downloads\[kickass.to]the.strain.s01e09.web.dl.x264.fum.ettv.torrent
2014-09-23 22:47 - 2014-09-23 22:47 - 00014809 _____ () C:\Users\Can\Downloads\(332624)The_Strain_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-23 21:52 - 2014-09-23 21:52 - 00014259 _____ () C:\Users\Can\Downloads\(331765)The_Strain_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-23 20:29 - 2014-09-23 20:29 - 00276944 _____ () C:\Windows\Minidump\092314-15256-01.dmp
2014-09-23 20:29 - 2014-06-09 18:14 - 1014700628 _____ () C:\Windows\MEMORY.DMP
2014-09-23 20:29 - 2013-03-14 01:12 - 00000000 ____D () C:\Windows\Minidump
2014-09-23 19:49 - 2013-12-15 22:50 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-09-23 19:48 - 2013-12-15 22:46 - 00000000 ____D () C:\Users\Can\AppData\Local\Battle.net
2014-09-23 18:28 - 2014-09-23 18:28 - 00014946 _____ () C:\Users\Can\Downloads\(330779)The_Strain_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-23 18:18 - 2014-09-23 16:22 - 312231493 ____R () C:\Users\Can\Downloads\The.Strain.S01E08.HDTV.x264-2HD.mp4
2014-09-23 16:27 - 2014-09-23 16:22 - 00000000 ____D () C:\Users\Can\Downloads\The Strain S01E07 WEB-DL x264-FUM[ettv]
2014-09-23 16:23 - 2014-09-23 16:23 - 00014002 _____ () C:\Users\Can\Downloads\(330018)The_Strain_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-23 16:22 - 2014-09-23 16:22 - 00021312 _____ () C:\Users\Can\Downloads\[kickass.to]the.strain.s01e07.web.dl.x264.fum.ettv.torrent
2014-09-23 16:22 - 2014-09-23 16:22 - 00012415 _____ () C:\Users\Can\Downloads\[kickass.to]the.strain.s01e08.hdtv.x264.2hd.eztv.torrent
2014-09-23 15:39 - 2014-09-23 15:28 - 00000000 ____D () C:\Users\Can\Downloads\The Strain S01E06 WEB-DL x264-FUM[ettv]
2014-09-23 15:28 - 2014-09-23 15:28 - 00024451 _____ () C:\Users\Can\Downloads\[kickass.to]the.strain.s01e06.web.dl.x264.fum.ettv.torrent
2014-09-23 15:28 - 2014-09-23 15:28 - 00018281 _____ () C:\Users\Can\Downloads\(329120)The_Strain_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-23 15:28 - 2014-09-23 15:28 - 00011955 _____ () C:\Users\Can\Downloads\[kickass.to]the.strain.s01e05.proper.hdtv.x264.2hd.eztv.torrent
2014-09-23 03:52 - 2014-09-23 03:17 - 00000000 ____D () C:\Users\Can\Downloads\The Strain S01E04 HDTV x264-ASAP[ettv]
2014-09-23 03:33 - 2014-09-23 03:16 - 00000000 ____D () C:\Users\Can\Downloads\The Strain S01E03 HDTV x264-KILLERS[ettv]
2014-09-23 03:16 - 2014-09-23 03:16 - 00025516 _____ () C:\Users\Can\Downloads\[kickass.to]the.strain.s01e04.hdtv.x264.asap.ettv.torrent
2014-09-23 03:16 - 2014-09-23 03:16 - 00023822 _____ () C:\Users\Can\Downloads\[kickass.to]the.strain.s01e03.hdtv.x264.killers.ettv.torrent
2014-09-23 03:12 - 2014-09-23 03:12 - 00025564 _____ () C:\Users\Can\Downloads\(328107)The_Strain_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-23 02:58 - 2014-09-23 02:53 - 00000000 ____D () C:\Users\Can\Downloads\The Strain S01E02 HDTV x264-KILLERS[ettv]
2014-09-23 02:52 - 2014-09-23 02:52 - 00023739 _____ () C:\Users\Can\Downloads\[kickass.to]the.strain.s01e02.hdtv.x264.killers.ettv.torrent
2014-09-23 02:06 - 2014-09-23 02:05 - 00000000 ____D () C:\Users\Can\Downloads\The Strain S01E01 HDTV x264-2HD[ettv]
2014-09-23 02:04 - 2014-09-23 02:04 - 00045311 _____ () C:\Users\Can\Downloads\[kickass.to]the.strain.s01e01.hdtv.x264.2hd.ettv.torrent
2014-09-22 23:26 - 2014-07-11 19:24 - 11194928 _____ (SurfRight B.V.) C:\Users\Can\Downloads\HitmanPro_x64.exe
2014-09-22 23:02 - 2014-06-09 16:36 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-09-22 23:02 - 2013-05-01 18:51 - 00000000 ____D () C:\Users\Can\AppData\Local\Apps\2.0
2014-09-22 23:01 - 2009-07-14 06:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-22 21:58 - 2014-09-22 21:58 - 00042255 _____ () C:\Users\Can\Downloads\Addition.txt
2014-09-22 21:42 - 2014-09-22 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-09-22 21:42 - 2014-09-22 21:42 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-09-22 21:40 - 2014-09-22 21:38 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Can\Downloads\cbSetup.exe
2014-09-22 21:27 - 2014-09-22 21:26 - 00013635 _____ () C:\Users\Can\Desktop\attach.txt
2014-09-22 21:26 - 2014-09-22 21:26 - 00016457 _____ () C:\Users\Can\Desktop\dds.txt
2014-09-22 21:24 - 2014-09-22 21:24 - 00688992 ____R (Swearware) C:\Users\Can\Downloads\dds.com
2014-09-22 15:07 - 2014-06-29 23:03 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-22 15:05 - 2014-09-22 15:05 - 00020120 _____ () C:\ComboFix.txt
2014-09-22 15:05 - 2014-09-22 14:50 - 00000000 ____D () C:\Qoobox
2014-09-22 15:05 - 2009-07-14 06:20 - 00000000 __RHD () C:\Users\Default
2014-09-22 15:04 - 2014-09-22 14:50 - 00000000 ____D () C:\Windows\erdnt
2014-09-22 15:01 - 2009-07-14 05:34 - 65273856 _____ () C:\Windows\system32\config\software.bak
2014-09-22 15:01 - 2009-07-14 05:34 - 25952256 _____ () C:\Windows\system32\config\system.bak
2014-09-22 15:01 - 2009-07-14 05:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-09-22 15:01 - 2009-07-14 05:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-09-22 15:01 - 2009-07-14 05:34 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-09-22 15:01 - 2009-07-14 05:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-22 14:49 - 2014-09-22 14:48 - 05579290 ____R (Swearware) C:\Users\Can\Downloads\ComboFix.exe
2014-09-22 09:42 - 2013-03-05 00:20 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-22 04:46 - 2014-07-11 19:26 - 00000000 ____D () C:\AdwCleaner
2014-09-22 04:44 - 2014-09-22 04:44 - 01373475 _____ () C:\Users\Can\Downloads\AdwCleaner.exe
2014-09-22 04:43 - 2014-09-22 04:43 - 00028909 _____ () C:\Users\Can\Downloads\dds.txt
2014-09-22 04:39 - 2013-03-08 17:43 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-09-22 04:39 - 2013-03-05 00:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-22 04:39 - 2009-07-14 08:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-21 20:03 - 2014-09-21 20:03 - 00013045 _____ () C:\Users\Can\Downloads\1415guzlisans (4).xlsx
2014-09-19 12:21 - 2009-07-14 08:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-18 17:27 - 2014-09-18 17:27 - 00013045 _____ () C:\Users\Can\Downloads\1415guzlisans (3).xlsx
2014-09-16 19:23 - 2013-06-22 11:30 - 00000000 ____D () C:\Program Files (x86)\Valve
2014-09-16 13:57 - 2014-09-16 13:57 - 00013335 _____ () C:\Users\Can\Downloads\1415guzlisans (2).xlsx
2014-09-16 13:39 - 2014-09-16 13:39 - 00276944 _____ () C:\Windows\Minidump\091614-24772-01.dmp
2014-09-16 03:59 - 2014-09-16 03:59 - 05492736 _____ () C:\Users\Can\Downloads\Basketbol_Toplulugu.ppt
2014-09-16 02:54 - 2013-12-15 22:46 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-09-16 01:42 - 2014-09-16 01:42 - 00031291 _____ () C:\Users\Can\Downloads\(335259)Edge_of_Tomorrow_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-15 22:22 - 2014-09-15 20:59 - 3768907254 ____R () C:\Users\Can\Downloads\Edge.of.Tomorrow.2014.1080p.WEB-DL.DD5.1.H264-RARBG.mkv
2014-09-15 21:00 - 2014-09-15 20:59 - 01016764 ____R () C:\Users\Can\Downloads\RARBG.com.mp4
2014-09-15 21:00 - 2014-09-15 20:59 - 00003394 ____R () C:\Users\Can\Downloads\Edge.of.Tomorrow.2014.1080p.WEB-DL.DD5.1.H264-RARBG.nfo
2014-09-15 21:00 - 2014-06-02 17:37 - 00000034 ____R () C:\Users\Can\Downloads\RARBG.com.txt
2014-09-15 20:59 - 2014-09-15 20:59 - 00019064 _____ () C:\Users\Can\Downloads\[kickass.to]edge.of.tomorrow.2014.1080p.web.dl.dd5.1.h264.rarbg.torrent
2014-09-15 13:30 - 2013-10-15 07:13 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-09-15 13:29 - 2014-09-15 13:29 - 00023936 _____ () C:\Users\Can\Downloads\(335216)Sons_of_Anarchy_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.zip
2014-09-15 13:29 - 2014-09-15 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-09-15 13:25 - 2014-09-15 13:25 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-09-15 13:25 - 2014-09-15 13:24 - 00000000 ____D () C:\Users\Can\AppData\Roaming\Riot Games
2014-09-15 13:23 - 2014-09-15 13:23 - 34888568 _____ (Riot Games) C:\Users\Can\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe
2014-09-15 13:06 - 2014-09-12 01:58 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-15 13:06 - 2014-09-12 01:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-15 13:06 - 2014-06-27 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-15 13:06 - 2013-12-15 22:46 - 00000000 ____D () C:\Users\Can\AppData\Roaming\Battle.net
2014-09-15 13:06 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\registration
2014-09-15 13:06 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\AppCompat
2014-09-15 13:05 - 2014-01-19 01:12 - 00000000 ____D () C:\Users\Can\AppData\Local\Google
2014-09-15 12:29 - 2014-06-27 13:24 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-15 02:39 - 2014-09-15 02:39 - 00021213 _____ () C:\Users\Can\Downloads\(35649)Princesas_25fps_1CD_English_SubRip_DiVXPlanet.rar
2014-09-15 02:37 - 2014-09-15 02:37 - 00021995 _____ () C:\Users\Can\Downloads\(37729)Princesas_25fps_1CD_English_SubRip_DiVXPlanet.rar
2014-09-15 02:36 - 2014-09-15 02:36 - 00033849 _____ () C:\Users\Can\Downloads\(50561)Princesas_25fps_2CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-15 02:36 - 2014-09-15 02:36 - 00031868 _____ () C:\Users\Can\Downloads\(50685)Princesas_25fps_1CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-15 02:07 - 2014-09-15 02:07 - 00276944 _____ () C:\Windows\Minidump\091514-20108-01.dmp
2014-09-15 02:07 - 2013-03-05 00:01 - 00000000 ____D () C:\Users\Can
2014-09-14 20:35 - 2014-09-14 20:35 - 00013345 _____ () C:\Users\Can\Downloads\1415guzlisans (1).xlsx
2014-09-13 21:44 - 2014-09-13 20:33 - 00000000 ____D () C:\Users\Can\Desktop\WhatsApp Images
2014-09-12 01:45 - 2013-03-10 20:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-12 01:39 - 2014-09-12 01:38 - 00286346 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-09-12 01:37 - 2013-03-13 20:12 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-12 01:30 - 2009-07-14 10:46 - 00000000 ____D () C:\Windows\ShellNew
2014-09-11 22:41 - 2014-09-11 22:41 - 00293518 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-09-11 22:41 - 2014-09-11 22:41 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-09-11 22:41 - 2013-07-09 15:52 - 00002057 _____ () C:\Windows\epplauncher.mif
2014-09-11 22:40 - 2013-03-10 20:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-09-11 22:30 - 2013-07-09 15:52 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-11 22:30 - 2013-07-09 15:52 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-11 22:30 - 2013-07-09 15:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-11 22:29 - 2014-09-11 22:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 22:16 - 2009-07-14 05:34 - 00000478 _____ () C:\Windows\win.ini
2014-09-11 10:57 - 2014-09-11 09:55 - 00000000 ____D () C:\Users\Can\Downloads\Sons.of.Anarchy.S07E01.720p.HDTV.x264-KILLERS[et]
2014-09-11 09:54 - 2014-09-11 09:54 - 00218467 _____ () C:\Users\Can\Downloads\[kickass.to]sons.of.anarchy.s07e01.720p.hdtv.x264.killers.torrent
2014-09-11 09:13 - 2013-03-04 19:51 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-11 09:13 - 2013-03-04 19:51 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-11 09:13 - 2013-03-04 19:51 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-11 03:33 - 2014-04-09 22:59 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-09-11 02:41 - 2014-09-11 01:08 - 00000000 ____D () C:\Users\Can\Downloads\The Last Ship S01E06 HDTV x264-LOL[ettv]
2014-09-11 02:40 - 2014-09-11 02:40 - 00173603 _____ () C:\Users\Can\Downloads\(334929)The_Last_Ship_23.976fps_10CD_Turkce_SubRip_DiVXPlanet.rar
2014-09-11 02:26 - 2014-09-11 02:26 - 00025692 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e10.hdtv.x264.lol.ettv.torrent
2014-09-11 02:05 - 2014-09-11 02:05 - 00012831 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e08.hdtv.x264.lol.eztv.torrent
2014-09-11 02:05 - 2014-09-11 02:05 - 00012670 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e09.hdtv.x264.lol.eztv.torrent
2014-09-11 01:25 - 2014-09-11 01:25 - 00035832 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e07.hdtv.x264.lol.ettv.torrent
2014-09-11 01:07 - 2014-09-11 01:07 - 00025072 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e06.hdtv.x264.lol.ettv.torrent
2014-09-11 00:57 - 2014-09-11 00:57 - 02164640 _____ () C:\Users\Can\Downloads\ttnet_toolbar (1).zip
2014-09-11 00:53 - 2014-09-11 00:53 - 00015188 _____ () C:\Users\Can\Downloads\[kickass.to]the.last.ship.s01e05.hdtv.x264.lol.eztv.torrent
2014-09-10 20:47 - 2014-06-25 21:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-10 20:42 - 2014-09-10 20:42 - 00244376 _____ () C:\Users\Can\Downloads\Firefox Setup Stub 32.0 (2).exe
2014-09-10 20:37 - 2014-09-10 20:37 - 00013305 _____ () C:\Users\Can\Downloads\1415guzlisans.xlsx
2014-08-29 13:01 - 2014-09-11 22:21 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-17 18:50
 
==================== End Of Log ============================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users