Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Too slow computer, need help!


  • This topic is locked This topic is locked
17 replies to this topic

#1 Prudencia

Prudencia

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 06 August 2015 - 12:35 PM

My computer started to work too slowly on normal mode, but it works correctly on safe mode. I did antivirus scan with HitmanPro but it couldn't find anything. Here is my Combofix log. Could anyone analyze it?

---

ComboFix 15-07-18.01 - Ece 06.08.2015  20:00:44.1.4 - x64 NETWORK
Microsoft Windows 7 Home Basic   6.1.7601.1.1254.90.1055.18.4010.3130 [GMT 3:00]
Running from: c:\users\Ece\Downloads\Sims 4 DL\ComboFix.15.7.18.1\ComboFix.15.7.18.1.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2015-07-06 to 2015-08-06  )))))))))))))))))))))))))))))))
.
.
2015-08-06 17:05 . 2015-08-06 17:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-06 17:00 . 2015-08-06 17:00 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B61E906B-8771-4AD7-BA8D-9953310ECAE0}\offreg.1140.dll
2015-08-06 15:54 . 2015-07-15 01:12 12222168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B61E906B-8771-4AD7-BA8D-9953310ECAE0}\mpengine.dll
2015-07-29 00:23 . 2015-07-29 00:23 -------- d-----w- C:\output
2015-07-29 00:23 . 2015-08-06 15:46 -------- d-----w- c:\users\Ece\AppData\Roaming\PhotoScape
2015-07-28 22:17 . 2015-07-28 22:17 -------- d-----w- c:\users\Ece\AppData\Local\Adobe
2015-07-28 22:11 . 2015-08-06 15:46 -------- d-----w- c:\program files (x86)\PhotoScape
2015-07-28 00:18 . 2015-08-01 22:20 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2015-07-22 11:21 . 2015-06-02 00:07 254976 ----a-w- c:\windows\system32\cewmdm.dll
2015-07-22 11:20 . 2015-06-25 08:57 3207168 ----a-w- c:\windows\system32\win32k.sys
2015-07-22 11:19 . 2015-06-17 17:47 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-07-22 11:19 . 2015-06-17 17:37 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-07-22 11:14 . 2015-07-04 18:07 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-22 11:14 . 2015-07-04 17:48 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
2015-07-22 11:14 . 2015-04-27 19:23 188416 ----a-w- c:\windows\system32\cryptsvc.dll
2015-07-22 11:14 . 2015-04-27 19:04 143872 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2015-07-22 11:14 . 2015-04-27 19:23 229376 ----a-w- c:\windows\system32\wintrust.dll
2015-07-22 11:14 . 2015-04-27 19:23 1480192 ----a-w- c:\windows\system32\crypt32.dll
2015-07-22 11:14 . 2015-04-27 19:23 140288 ----a-w- c:\windows\system32\cryptnet.dll
2015-07-22 11:14 . 2015-04-27 19:05 179200 ----a-w- c:\windows\SysWow64\wintrust.dll
2015-07-22 11:14 . 2015-04-27 19:04 1174528 ----a-w- c:\windows\SysWow64\crypt32.dll
2015-07-22 11:14 . 2015-04-27 19:04 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2015-07-10 19:00 . 2014-10-19 12:54 447752 ----a-w- c:\windows\SysWow64\vp6vfw.dll
2015-07-10 15:47 . 2015-07-10 15:47 -------- d-----w- c:\program files (x86)\Origin Games
2015-07-10 15:38 . 2015-07-10 16:42 -------- d-----w- c:\users\Ece\AppData\Roaming\Origin
2015-07-10 15:38 . 2015-07-10 15:47 -------- d-----w- c:\users\Ece\AppData\Local\Origin
2015-07-10 15:33 . 2015-07-10 16:42 -------- d-----w- c:\programdata\Origin
2015-07-10 15:33 . 2015-07-10 15:33 -------- d-----w- c:\programdata\Electronic Arts
2015-07-10 15:33 . 2015-07-10 15:38 -------- d-----w- c:\program files (x86)\Origin
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-06 16:39 . 2015-06-06 04:13 16056 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2015-07-08 12:31 . 2015-06-18 01:42 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-08 12:31 . 2015-06-18 01:42 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-23 10:30 . 2010-11-21 03:27 300704 ----a-w- c:\windows\system32\MpSigStub.exe
2015-06-17 23:07 . 2015-06-17 23:07 30264 ----a-w- c:\windows\system32\drivers\dtlitescsibus.sys
2015-06-13 22:20 . 2015-06-13 22:20 6076080 ----a-w- c:\windows\system32\MetaViewer64.dll
2015-06-12 19:56 . 2015-06-12 19:56 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2015-06-12 19:56 . 2015-06-12 19:56 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2015-06-12 19:56 . 2015-06-12 19:56 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2015-06-12 19:56 . 2015-06-12 19:56 235008 ----a-w- c:\windows\system32\elshyph.dll
2015-06-12 19:56 . 2015-06-12 19:56 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2015-06-12 19:56 . 2015-06-12 19:56 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2015-06-12 19:56 . 2015-06-12 19:56 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2015-06-12 19:56 . 2015-06-12 19:56 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2015-06-12 19:56 . 2015-06-12 19:56 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2015-06-12 19:56 . 2015-06-12 19:56 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2015-06-12 19:56 . 2015-06-12 19:56 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2015-06-12 19:56 . 2015-06-12 19:56 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2015-06-12 19:56 . 2015-06-12 19:56 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2015-06-12 19:56 . 2015-06-12 19:56 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2015-06-12 19:56 . 2015-06-12 19:56 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2015-06-12 19:56 . 2015-06-12 19:56 942592 ----a-w- c:\windows\system32\jsIntl.dll
2015-06-12 19:56 . 2015-06-12 19:56 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2015-06-12 19:56 . 2015-06-12 19:56 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2015-06-12 19:56 . 2015-06-12 19:56 247808 ----a-w- c:\windows\system32\msls31.dll
2015-06-12 19:56 . 2015-06-12 19:56 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2015-06-12 19:56 . 2015-06-12 19:56 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2015-06-12 19:56 . 2015-06-12 19:56 77312 ----a-w- c:\windows\system32\tdc.ocx
2015-06-12 19:56 . 2015-06-12 19:56 48640 ----a-w- c:\windows\system32\mshtmler.dll
2015-06-12 19:56 . 2015-06-12 19:56 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2015-06-12 19:56 . 2015-06-12 19:56 105984 ----a-w- c:\windows\system32\iesysprep.dll
2015-06-12 19:56 . 2015-06-12 19:56 81408 ----a-w- c:\windows\system32\icardie.dll
2015-06-12 19:56 . 2015-06-12 19:56 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2015-06-12 19:56 . 2015-06-12 19:56 235520 ----a-w- c:\windows\system32\url.dll
2015-06-12 19:56 . 2015-06-12 19:56 30208 ----a-w- c:\windows\system32\licmgr10.dll
2015-06-12 19:56 . 2015-06-12 19:56 243200 ----a-w- c:\windows\system32\webcheck.dll
2015-06-12 19:56 . 2015-06-12 19:56 101376 ----a-w- c:\windows\system32\inseng.dll
2015-06-12 19:56 . 2015-06-12 19:56 167424 ----a-w- c:\windows\system32\iexpress.exe
2015-06-12 19:56 . 2015-06-12 19:56 143872 ----a-w- c:\windows\system32\wextract.exe
2015-06-12 19:55 . 2015-06-12 19:55 62464 ----a-w- c:\windows\system32\pngfilt.dll
2015-06-12 19:55 . 2015-06-12 19:55 147968 ----a-w- c:\windows\system32\occache.dll
2015-06-12 19:55 . 2015-06-12 19:55 13824 ----a-w- c:\windows\system32\mshta.exe
2015-06-12 19:55 . 2015-06-12 19:55 48128 ----a-w- c:\windows\system32\imgutil.dll
2015-06-12 19:55 . 2015-06-12 19:55 135680 ----a-w- c:\windows\system32\iepeers.dll
2015-06-12 19:53 . 2015-06-12 19:53 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-06-12 19:53 . 2015-06-12 19:53 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-06-12 19:53 . 2015-06-12 19:53 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2015-06-12 19:53 . 2015-06-12 19:53 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2015-06-12 19:53 . 2015-06-12 19:53 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-06-12 19:53 . 2015-06-12 19:53 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-06-12 19:53 . 2015-06-12 19:53 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-06-12 19:53 . 2015-06-12 19:53 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-06-12 19:53 . 2015-06-12 19:53 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2015-06-12 19:53 . 2015-06-12 19:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-06-12 19:53 . 2015-06-12 19:53 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-06-12 19:53 . 2015-06-12 19:53 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2015-06-12 19:53 . 2015-06-12 19:53 363008 ----a-w- c:\windows\system32\dxgi.dll
2015-06-12 19:53 . 2015-06-12 19:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-06-12 19:53 . 2015-06-12 19:53 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-06-12 19:53 . 2015-06-12 19:53 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-06-12 19:53 . 2015-06-12 19:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2015-06-12 19:53 . 2015-06-12 19:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-06-12 19:53 . 2015-06-12 19:53 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-06-12 19:53 . 2015-06-12 19:53 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-06-12 19:53 . 2015-06-12 19:53 296960 ----a-w- c:\windows\system32\d3d10core.dll
2015-06-12 19:53 . 2015-06-12 19:53 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2015-06-12 19:53 . 2015-06-12 19:53 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-06-12 19:53 . 2015-06-12 19:53 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-06-12 19:53 . 2015-06-12 19:53 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2015-06-12 19:53 . 2015-06-12 19:53 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2015-06-12 19:53 . 2015-06-12 19:53 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2015-06-12 19:53 . 2015-06-12 19:53 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2015-06-12 19:53 . 2015-06-12 19:53 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2015-06-12 19:53 . 2015-06-12 19:53 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2015-06-12 19:53 . 2015-06-12 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2015-06-12 19:53 . 2015-06-12 19:53 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2015-06-12 19:53 . 2015-06-12 19:53 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2015-06-12 19:53 . 2015-06-12 19:53 1238528 ----a-w- c:\windows\system32\d3d10.dll
2015-06-12 19:53 . 2015-06-12 19:53 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2015-06-12 19:53 . 2015-06-12 19:53 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2015-06-12 19:53 . 2015-06-12 19:53 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-06-12 19:53 . 2015-06-12 19:53 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-06-06 04:18 . 2011-08-23 02:12 14848 ----a-w- c:\windows\system32\IntcDAuC.dll
2015-06-06 04:18 . 2012-01-10 11:37 90112 ----a-w- c:\windows\system32\igfxCoIn_v2622.dll
2015-06-06 04:18 . 2012-01-10 11:27 963884 ----a-w- c:\windows\system32\igkrng600.bin
2015-06-06 04:18 . 2012-01-10 10:20 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc
2015-06-06 04:18 . 2012-02-02 18:52 417560 ----a-w- c:\windows\system32\igfxpers.exe
2015-06-06 04:18 . 2012-01-10 11:27 221264 ----a-w- c:\windows\system32\igfcg600m.bin
2015-06-06 04:18 . 2012-01-10 11:12 581120 ----a-w- c:\windows\SysWow64\igdumdx32.dll
2015-06-06 04:18 . 2012-01-10 11:27 145804 ----a-w- c:\windows\system32\igcompkrng600.bin
2015-06-06 04:18 . 2012-02-02 18:52 392984 ----a-w- c:\windows\system32\hkcmd.exe
2015-06-06 04:18 . 2012-01-10 10:12 94208 ----a-w- c:\windows\system32\IccLibDll_x64.dll
2015-05-28 07:04 . 2015-06-10 22:35 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-05-28 07:04 . 2015-06-10 22:35 1571696 ----a-w- c:\windows\system32\nvspcap64.dll
2015-05-28 07:04 . 2015-06-10 22:35 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-05-28 07:04 . 2015-06-10 22:35 1320304 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-05-28 07:04 . 2015-06-10 22:17 52880 ----a-w- c:\windows\system32\nvaudcap64v.dll
2015-05-28 07:04 . 2015-06-10 22:17 38032 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2015-05-28 07:04 . 2015-06-10 22:17 48784 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2015-05-28 07:04 . 2015-06-10 22:17 17486856 ----a-w- c:\windows\system32\nvwgf2umx.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SlimCleaner Plus"="c:\program files\SlimCleaner Plus\SlimCleanerPlus.exe" [2015-05-26 26166552]
"DAEMON Tools Lite Automount"="c:\program files\DAEMON Tools Lite\DTAgent.exe" [2015-05-21 4471536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
R2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
R2 SlimService;SlimWare Utility Service Launcher;c:\program files\SlimService\SlimServiceFactory.exe;c:\program files\SlimService\SlimServiceFactory.exe [x]
R2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel® Ekran İçin Ses;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-25 22:41 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-25 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_203_pepper.exe [2015-07-08 12:31]
.
2015-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-06 03:56]
.
2015-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-06 03:56]
.
2015-07-26 c:\windows\Tasks\SlimCleaner Plus (Scheduled Scan - Ece).job
- c:\program files\SlimCleaner Plus\SlimCleanerPlus.exe [2015-05-26 08:32]
.
2015-08-06 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2015-02-27 05:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2015-02-04 173672]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2015-06-06 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2015-06-06 417560]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 13774040]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-05-28 2754704]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-05-28 1571696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Kepard - c:\program files (x86)\Kepard\Kepard.exe
AddRemove-VGhlU2ltczQ=_is1 - d:\sims 4 rl\The Sims 4\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-08-06  20:07:26
ComboFix-quarantined-files.txt  2015-08-06 17:07
.
Pre-Run: 110.263.304.192 bayt boş
Post-Run: 111.094.394.880 bayt boş
.
- - End Of File - - 0394ECC9A202409231318467BCC3D056
A36C5E4F47E84449FF07ED3517B43A31
 


BC AdBot (Login to Remove)

 


#2 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:51 AM

Posted 07 August 2015 - 02:03 PM

Hello Prudencia,

Welcome to Bleeping Computer! :welcome:

My name is Cody and I'll be helping you clean up your computer. :)

I will reply to your posts as soon as possible -- typically within 24 hours. In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.

Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.

==========================================================================

Some points for you to keep in mind:
  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.
==========================================================================

Farbar Recovery Scan Tool (FRST)
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop.
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should.
  • Double click the icon.
  • Click Yes to the disclaimer.
  • Make sure the Addition.txt box is checked.
  • Click Scan and allow the program to run.
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen.
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
==========================================================================

Also, so you know for the future - ComboFix should only be used while under the supervision of someone trained to use it.

I have seen a number of cases where after ComboFix is run on a machine, something was removed improperly and the machine becomes un-bootable.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#3 Prudencia

Prudencia
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 08 August 2015 - 05:30 PM

Here is my FRST results:

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-08-2015 01
Ran by Ece (2015-08-09 01:28:07)
Running from C:\Users\Ece\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1301287419-663054695-3114238220-500 - Administrator - Disabled)
Ece (S-1-5-21-1301287419-663054695-3114238220-1000 - Administrator - Enabled) => C:\Users\Ece
Guest (S-1-5-21-1301287419-663054695-3114238220-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1301287419-663054695-3114238220-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Turkish (HKLM-x32\...\{AC76BA86-7AD7-1055-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.0.0.0054 - Disc Soft Ltd)
DC Universe Online Live (HKU\S-1-5-21-1301287419-663054695-3114238220-1000\...\SOE-DC Universe Online Live) (Version:  - Sony Online Entertainment)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.242 - SurfRight B.V.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4101 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Life Is Strange (HKLM-x32\...\Life Is Strange_is1) (Version:  - )
Life is Strange EP2 1.00 (HKLM-x32\...\Life is Strange EP2 1.00) (Version: 1.00 - Taner Saydam)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Genişletilmiş TRK Dil Paketi (HKLM\...\Microsoft .NET Framework 4 Extended TRK Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 İstemci Profili TRK Dil Paketi (HKLM\...\Microsoft .NET Framework 4 Client Profile TRK Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
NVIDIA GeForce Experience 2.4.5.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.28 - NVIDIA Corporation)
NVIDIA Grafik Sürücüsü 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.06 - NVIDIA Corporation)
NVIDIA PhysX Sistem Yazılımı 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.20.5318 - Electronic Arts, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7378 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.28 - NVIDIA Corporation) Hidden
SlimCleaner Plus (HKLM\...\{C5A62BD3-AF28-47C5-A5BD-5B0F92A94F5A}) (Version: 1.4.1 - SlimWare Utilities, Inc.)
SlimDrivers (HKLM-x32\...\{5AD12E7A-D739-4451-9BD1-3610EC56D8F5}) (Version: 2.2.45206 - SlimWare Utilities, Inc.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
The Sims 4 (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - )
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 05:34 - 2015-08-06 20:05 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1365A1F8-B766-495B-9C12-17954E4E2F0D} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2015-02-27] (SlimWare Utilities, Inc.)
Task: {2F90CA8D-CE56-4226-AF73-AB0E1C03CE64} - System32\Tasks\{2C251BA0-8C4E-4C97-BDBA-21F41F04B6B0} => pcalua.exe -a D:\PhotoshopPortable\PhotoshopPortable\PhotoshopPortable.exe -d D:\PhotoshopPortable\PhotoshopPortable
Task: {519FBD91-4C82-409F-8027-3A6FF91F0AC5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-06] (Google Inc.)
Task: {67F58533-5181-4E99-A5F2-2506CC533446} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Ece) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [2015-05-26] (SlimWare Utilities, Inc.)
Task: {7848E926-4172-4399-9673-10DC65C3B589} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-06] (Google Inc.)
Task: {8FE45918-4827-4935-B4E3-E6566BAEB336} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {D194B8A0-92AC-40C4-943E-D6F51FA07F6F} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_203_pepper.exe [2015-07-08] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_203_pepper.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Ece).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-06-06 07:13 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Ece\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-06-06 07:13 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Ece\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1301287419-663054695-3114238220-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1301287419-663054695-3114238220-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1301287419-663054695-3114238220-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1301287419-663054695-3114238220-1000\...\sony.com -> sony.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1301287419-663054695-3114238220-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ece\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{AC8904D5-8F48-49EF-B8F8-AF565EE365A7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{22D371C8-318B-47D6-94C2-8C34584BF82F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2CD8BB69-3DFB-48C4-B726-D4330EA115AD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{77361F08-863F-45DC-B2D5-1A39EE6BCE4D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{4DCFCE14-787F-4680-A24B-4F4C2C000BCB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C04BAD95-9339-4718-A840-2F688B7DD3CC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{970C7BDB-40FB-41A5-9FD4-A493A837C7F4}D:\ffoutput\unreal3\binaries\win32\dcgame.exe] => (Allow) D:\ffoutput\unreal3\binaries\win32\dcgame.exe
FirewallRules: [UDP Query User{8894A10E-F9A3-4BCE-946D-F1DC4B34ED36}D:\ffoutput\unreal3\binaries\win32\dcgame.exe] => (Allow) D:\ffoutput\unreal3\binaries\win32\dcgame.exe
FirewallRules: [{72278218-CC64-4D8E-A0B3-B2082CE1C791}] => (Allow) C:\Users\Ece\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F018FFD8-A8F0-44F8-9D92-17369FFB7A2E}] => (Allow) C:\Users\Ece\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{C35F4F49-F091-4B4E-A344-6FC3495C0241}C:\program files (x86)\bethesda softworks\hunted the demons forge\binaries\win32\p4dftre.dll] => (Allow) C:\program files (x86)\bethesda softworks\hunted the demons forge\binaries\win32\p4dftre.dll
FirewallRules: [UDP Query User{C31BB8F2-0BA3-4EE4-9D96-9ABD38C7B817}C:\program files (x86)\bethesda softworks\hunted the demons forge\binaries\win32\p4dftre.dll] => (Allow) C:\program files (x86)\bethesda softworks\hunted the demons forge\binaries\win32\p4dftre.dll
FirewallRules: [{6EF5AFC6-D64B-43A4-9306-8E8B13C24688}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{E477E95E-9425-4717-B334-2EA1404E84DB}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{C4F1EFF0-3D9F-4373-99B2-49C9C8EA02D7}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{64F20458-EBF9-4012-8483-4FC3C5313989}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{01B14729-6A15-4AB3-880A-25DE0867AE33}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{DA9D8913-4446-4273-B1B9-D89D0208889B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{6C007E06-F4EE-40EE-9B69-D0959D6E40AF}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{17537DC4-AC85-4F65-BF59-B0210830BEF0}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{F4B09094-33CC-4869-9A20-9A7EAD8E0579}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: PCI Basit İletişim Denetleyicisi
Description: PCI Basit İletişim Denetleyicisi
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Ethernet Denetleyicisi
Description: Ethernet Denetleyicisi
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/09/2015 01:25:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/07/2015 01:46:37 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: Şifreleme Hizmetleri hizmeti VSS yedek "Sistem Yazıcısı" nesnesini başlatamadı.
 
Details:
Could not query the status of the EventSystem service.
 
System Error:
Sistem kapatma işlemi sürüyor.
.
 
Error: (08/07/2015 01:14:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/07/2015 01:03:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/07/2015 12:22:04 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows aşağıdakilerden biri nedeniyle C:\Windows\System32\webio.dll dosyasına erişemiyor: 
Ağ bağlantısında, dosyanın depolandığı diskte veya bu bilgisayara yüklenmiş
depolama sürücülerinde bir sorun var; ya da disk yok. 
Windows bu hata yüzünden Windows Hizmetleri için Ana Bilgisayar İşlemi programını kapattı.
 
Program: Windows Hizmetleri için Ana Bilgisayar İşlemi
Dosya: C:\Windows\System32\webio.dll
 
Hata değeri Ek Veriler bölümünde listelendi.
Kullanıcı Eylemi
1. Dosyayı yeniden açın. 
Bu durum, program yeniden çalıştırıldığında kendiliğinden düzelen geçici bir sorun olabilir.
2. 
Dosyaya yine ulaşılamıyorsa ve:
- Dosya, ağ üzerindeyse, 
ağ yöneticinizin ağda bir sorun olmadığını ve sunucuyla iletişim kurulabildiğini doğrulaması gerekir.
- Dosya, disket veya CD-ROM gibi çıkarılabilir bir diskteyse, diskin bilgisayara düzgün biçimde yerleştirildiğini doğrulayın.
3. CHKDSK komutunu çalıştırarak dosya sistemini denetleyin ve onarın. CHKDSK komutunu çalıştırmak için sırasıyla Başlat'ı, Çalıştır'ı tıklatın, CMD yazın ve Tamam'ı tıklatın. Komut isteminde, CHKDSK /F yazın ve ENTER tuşuna basın.
4. Sorun devam ederse, dosyayı yedek kopyasından geri yükleyin.
5. Aynı diskteki diğer dosyaların açılıp açılmadığını belirleyin. Açılmıyorsa, disk bozulmuş olabilir. Bu bir sabit diskse, daha fazla yardım için yöneticinize veya bilgisayar donanımı 
satıcınıza başvurun.
 
Ek Veriler
Hata değeri: C0000185
Disk türü: 3
 
Error: (08/07/2015 12:22:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Hatalı uygulama adı: svchost.exe_CryptSvc, sürüm: 6.1.7600.16385, zaman damgası: 0x4a5bc3c1
Hatalı modül adı: webio.dll, sürüm: 6.1.7601.17725, zaman damgası: 0x4ec4aa96
Özel durum kodu: 0xc0000006
Hata uzaklığı 0x0000000000024c23
Hatalı işlem kimliği: 0x2b0
Uygulama başlangıç zamanı: 0xsvchost.exe_CryptSvc0
Hatalı uygulama yolu: svchost.exe_CryptSvc1
Hatalı modül yolu: svchost.exe_CryptSvc2
Rapor kimliği: svchost.exe_CryptSvc3
 
Error: (08/06/2015 11:55:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/06/2015 09:50:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/06/2015 09:17:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/06/2015 09:02:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (08/09/2015 01:26:39 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084NVSvc{DCAB0989-1301-4319-BE5F-ADE89F88581C}
 
Error: (08/09/2015 01:24:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Ev Grubu Sağlayıcısı hizmeti, şu hata nedeniyle başlatılamayan İşlev Bulma Sağlayıcısı Ana Hizmeti hizmetine bağımlıdır: 
%%1068
 
Error: (08/09/2015 01:24:40 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (08/09/2015 01:24:40 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (08/09/2015 01:24:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Bilgisayar Tarayıcısı hizmeti, şu hata nedeniyle başlatılamayan Sunucu hizmetine bağımlıdır: 
%%1068
 
Error: (08/09/2015 01:24:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Bilgisayar Tarayıcısı hizmeti, şu hata nedeniyle başlatılamayan Sunucu hizmetine bağımlıdır: 
%%1068
 
Error: (08/09/2015 01:24:33 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (08/09/2015 01:24:25 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (08/09/2015 01:23:55 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Aşağıdaki önyükleme başlatma veya sistem başlatma sürücüsü (sürücüleri) yüklenemedi: 
discache
spldr
Wanarpv6
 
Error: (08/07/2015 01:13:57 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Ev Grubu Sağlayıcısı hizmeti, şu hata nedeniyle başlatılamayan İşlev Bulma Sağlayıcısı Ana Hizmeti hizmetine bağımlıdır: 
%%1068
 
 
Microsoft Office:
=========================
Error: (08/09/2015 01:25:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/07/2015 01:46:37 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: Details:
Could not query the status of the EventSystem service.
 
System Error:
Sistem kapatma işlemi sürüyor.
 
Error: (08/07/2015 01:14:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/07/2015 01:03:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/07/2015 12:22:04 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Windows\System32\webio.dllWindows Hizmetleri için Ana Bilgisayar İşlemiC00001853
 
Error: (08/07/2015 12:22:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_CryptSvc6.1.7600.163854a5bc3c1webio.dll6.1.7601.177254ec4aa96c00000060000000000024c232b001d0d089fdec720aC:\Windows\system32\svchost.exec:\windows\system32\webio.dll41b636d2-3c7f-11e5-ba49-dca9716abec6
 
Error: (08/06/2015 11:55:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/06/2015 09:50:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/06/2015 09:17:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/06/2015 09:02:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity:
===================================
  Date: 2015-08-06 20:04:56.781
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix.15.7.18.1\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-08-06 20:04:56.766
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix.15.7.18.1\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 25%
Total physical RAM: 4009.55 MB
Available physical RAM: 2996.56 MB
Total Virtual: 8017.3 MB
Available Virtual: 7021.12 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:179 GB) (Free:103.96 GB) NTFS
Drive d: () (Fixed) (Total:266.24 GB) (Free:113.13 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CEE9A796)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=179 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=266.2 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=20.4 GB) - (Type=27)
 
==================== End of log ============================

 

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-08-2015 01
Ran by Ece (administrator) on ECE-BILGISAYAR (09-08-2015 01:27:16)
Running from C:\Users\Ece\Desktop
Loaded Profiles: Ece (Available Profiles: Ece)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Language: Türkçe (Türkiye)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13774040 2000-01-01] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1301287419-663054695-3114238220-1000\...\Run: [SlimCleaner Plus] => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [26166552 2015-05-26] (SlimWare Utilities, Inc.)
HKU\S-1-5-21-1301287419-663054695-3114238220-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4471536 2015-05-21] (Disc Soft Ltd)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [175880 2015-05-28] (NVIDIA Corporation)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175880 2015-05-28] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [154256 2015-05-28] (NVIDIA Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1301287419-663054695-3114238220-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1301287419-663054695-3114238220-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{5917D0A2-DD95-491D-BE0F-73B18678DEE5}: [DhcpNameServer] 192.168.1.1 0.0.0.0
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-22] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Ece\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Ece\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ece\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-06]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272560 2015-05-21] (Disc Soft Ltd)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-28] (NVIDIA Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-28] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-28] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-10] (Electronic Arts)
S2 SlimService; C:\Program Files\SlimService\SlimServiceFactory.exe [244504 2015-05-26] (SlimWare Utilities, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-06-18] (Disc Soft Ltd)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-28] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-05-28] (NVIDIA Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16056 2015-08-07] (SlimWare Utilities, Inc.)
U3 Winsock; no ImagePath
S3 catchme; \??\C:\ComboFix.15.7.18.1\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-09 01:27 - 2015-08-09 01:27 - 00006696 _____ C:\Users\Ece\Desktop\FRST.txt
2015-08-09 01:26 - 2015-08-09 01:27 - 00000000 ____D C:\FRST
2015-08-09 01:26 - 2015-08-09 01:26 - 02169856 _____ (Farbar) C:\Users\Ece\Desktop\FRST64.exe
2015-08-06 20:07 - 2015-08-06 20:07 - 00019666 _____ C:\ComboFix.txt
2015-08-06 19:50 - 2015-08-06 20:07 - 00000000 ____D C:\Qoobox
2015-08-06 19:50 - 2015-08-06 20:06 - 00000000 ____D C:\Windows\erdnt
2015-08-06 19:50 - 2011-06-26 09:45 - 00256000 _____ C:\Windows\PEV.exe
2015-08-06 19:50 - 2010-11-07 20:20 - 00208896 _____ C:\Windows\MBR.exe
2015-08-06 19:50 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-08-06 19:50 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-08-06 19:50 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-08-06 19:50 - 2000-08-31 03:00 - 00098816 _____ C:\Windows\sed.exe
2015-08-06 19:50 - 2000-08-31 03:00 - 00080412 _____ C:\Windows\grep.exe
2015-08-06 19:50 - 2000-08-31 03:00 - 00068096 _____ C:\Windows\zip.exe
2015-08-06 17:56 - 2015-08-06 18:03 - 00000000 ____D C:\Users\Ece\Downloads\Life.Is.Strange.Episode.4.Only-ALI213
2015-07-29 03:23 - 2015-08-06 18:46 - 00000000 ____D C:\Users\Ece\AppData\Roaming\PhotoScape
2015-07-29 03:23 - 2015-07-29 03:23 - 00000000 ____D C:\output
2015-07-29 01:17 - 2015-07-29 01:17 - 00000000 ____D C:\Users\Ece\AppData\Local\Adobe
2015-07-29 01:11 - 2015-08-06 18:46 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2015-07-23 03:09 - 2015-07-03 00:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-23 03:09 - 2015-07-03 00:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-23 03:09 - 2015-07-02 23:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-23 03:09 - 2015-07-02 23:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-23 03:09 - 2015-07-02 23:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-23 03:09 - 2015-07-02 23:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-23 03:09 - 2015-07-02 23:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-23 03:09 - 2015-07-02 23:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-23 03:09 - 2015-07-02 23:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-23 03:09 - 2015-07-02 22:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-23 03:09 - 2015-07-02 22:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-23 03:09 - 2015-07-02 21:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-23 03:09 - 2015-06-27 05:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-23 03:09 - 2015-06-27 05:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-23 03:09 - 2015-06-27 04:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-23 03:09 - 2015-06-27 04:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-22 17:26 - 2015-07-22 17:26 - 00002311 _____ C:\Users\Ece\Desktop\Chrome Uygulama Başlatıcı.lnk
2015-07-22 17:26 - 2015-07-22 17:26 - 00000000 ____D C:\Users\Ece\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-22 14:21 - 2015-07-15 06:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-22 14:21 - 2015-07-15 06:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-22 14:21 - 2015-07-15 06:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-22 14:21 - 2015-07-15 06:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-22 14:21 - 2015-07-15 05:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-22 14:21 - 2015-07-15 05:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-22 14:21 - 2015-07-15 05:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-22 14:21 - 2015-07-15 05:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-22 14:21 - 2015-07-15 04:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-22 14:21 - 2015-07-15 04:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-22 14:21 - 2015-07-09 20:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-22 14:21 - 2015-07-09 20:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-22 14:21 - 2015-07-09 20:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-22 14:21 - 2015-07-09 20:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-22 14:21 - 2015-07-09 20:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-22 14:21 - 2015-07-09 20:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-22 14:21 - 2015-07-09 20:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-22 14:21 - 2015-06-02 03:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-22 14:21 - 2015-06-02 02:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-22 14:20 - 2015-06-25 11:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-22 14:19 - 2015-06-17 20:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-22 14:19 - 2015-06-17 20:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-22 14:17 - 2015-06-25 21:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-22 14:17 - 2015-06-25 20:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-22 14:17 - 2015-06-20 23:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-22 14:17 - 2015-06-20 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-22 14:17 - 2015-06-20 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-22 14:17 - 2015-06-20 22:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-22 14:17 - 2015-06-20 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-22 14:17 - 2015-06-20 22:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-22 14:17 - 2015-06-20 22:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-22 14:17 - 2015-06-20 22:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-22 14:17 - 2015-06-20 22:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-22 14:17 - 2015-06-20 22:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-22 14:17 - 2015-06-20 22:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-22 14:17 - 2015-06-20 22:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-22 14:17 - 2015-06-20 22:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-22 14:17 - 2015-06-20 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-22 14:17 - 2015-06-20 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-22 14:17 - 2015-06-20 22:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-22 14:17 - 2015-06-20 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-22 14:17 - 2015-06-20 21:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-22 14:17 - 2015-06-20 21:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-22 14:17 - 2015-06-20 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-22 14:17 - 2015-06-20 21:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-22 14:17 - 2015-06-20 21:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-22 14:17 - 2015-06-20 21:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-22 14:17 - 2015-06-19 21:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-22 14:17 - 2015-06-19 21:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-22 14:17 - 2015-06-19 21:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-22 14:17 - 2015-06-19 21:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-22 14:17 - 2015-06-19 21:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-22 14:17 - 2015-06-19 21:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-22 14:17 - 2015-06-19 21:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-22 14:17 - 2015-06-19 21:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-22 14:17 - 2015-06-19 21:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-22 14:17 - 2015-06-19 21:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-22 14:17 - 2015-06-19 20:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-22 14:17 - 2015-06-19 20:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-22 14:17 - 2015-06-19 20:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-22 14:17 - 2015-06-19 20:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-22 14:17 - 2015-06-19 20:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-22 14:17 - 2015-06-19 20:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-22 14:17 - 2015-06-19 20:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-22 14:17 - 2015-06-19 20:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-22 14:17 - 2015-06-19 20:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-22 14:14 - 2015-07-04 21:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-22 14:14 - 2015-07-04 20:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-22 14:14 - 2015-04-27 22:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-22 14:14 - 2015-04-27 22:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-22 14:14 - 2015-04-27 22:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-22 14:14 - 2015-04-27 22:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-22 14:14 - 2015-04-27 22:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-22 14:14 - 2015-04-27 22:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-22 14:14 - 2015-04-27 22:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-22 14:14 - 2015-04-27 22:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-22 14:13 - 2015-07-09 20:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-22 14:13 - 2015-07-09 20:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-22 14:13 - 2015-07-09 20:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-22 14:13 - 2015-07-09 20:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-22 14:13 - 2015-07-09 20:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-22 14:13 - 2015-07-09 20:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-22 14:13 - 2015-07-09 20:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-22 14:13 - 2015-07-09 20:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-22 14:13 - 2015-07-01 23:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-22 14:13 - 2015-07-01 23:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-22 14:13 - 2015-07-01 23:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-22 14:13 - 2015-07-01 23:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-22 14:13 - 2015-07-01 23:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-22 14:13 - 2015-07-01 23:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-22 14:13 - 2015-07-01 23:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-22 14:13 - 2015-07-01 23:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-22 14:13 - 2015-07-01 23:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-22 14:13 - 2015-07-01 23:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-22 14:13 - 2015-07-01 23:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-22 14:13 - 2015-07-01 23:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-22 14:13 - 2015-07-01 23:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-22 14:13 - 2015-07-01 23:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-22 14:13 - 2015-07-01 23:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-22 14:13 - 2015-07-01 23:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-22 14:13 - 2015-07-01 22:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-22 14:13 - 2015-07-01 22:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-22 14:13 - 2015-07-01 22:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-22 14:13 - 2015-06-16 00:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-22 14:13 - 2015-06-16 00:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-22 14:13 - 2015-06-16 00:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-22 14:13 - 2015-06-16 00:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-22 14:13 - 2015-06-16 00:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-22 14:13 - 2015-06-16 00:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-22 14:13 - 2015-06-16 00:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-22 14:13 - 2015-06-16 00:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-22 14:13 - 2015-06-16 00:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-22 14:13 - 2015-06-16 00:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-22 14:13 - 2015-06-16 00:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-22 14:13 - 2015-06-16 00:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-13 21:36 - 2015-07-13 21:54 - 00000490 _____ C:\Users\Ece\Desktop\Yeni Metin Belgesi (2).txt
2015-07-10 22:00 - 2014-10-19 15:54 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2015-07-10 20:02 - 2015-08-09 01:26 - 00000000 ____D C:\Users\Ece\Downloads\Sims 4 DL
2015-07-10 19:43 - 2015-07-10 19:43 - 00001275 _____ C:\Users\Ece\Desktop\TS4 - Kısayol.lnk
2015-07-10 19:12 - 2015-07-10 19:15 - 00000000 ____D C:\Users\Ece\Downloads\The_Sims_4_fix_TORRENT-VERSION
2015-07-10 18:57 - 2015-07-10 19:11 - 1605465784 ____R C:\Users\Ece\Downloads\The_Sims_4_fix_TORRENT-VERSION.rar
2015-07-10 18:56 - 2015-07-10 18:56 - 00017053 _____ C:\Users\Ece\Downloads\The_Sims_4_fix_TORRENT-VERSION.rar.torrent
2015-07-10 18:51 - 2015-07-10 18:52 - 00000000 ____D C:\Users\Ece\Downloads\The.Sims.4-RELOADED[rarbg]
2015-07-10 18:47 - 2015-07-10 18:47 - 00000000 ____D C:\Program Files (x86)\Origin Games
2015-07-10 18:38 - 2015-07-10 19:42 - 00000000 ____D C:\Users\Ece\AppData\Roaming\Origin
2015-07-10 18:38 - 2015-07-10 18:47 - 00000000 ____D C:\Users\Ece\AppData\Local\Origin
2015-07-10 18:33 - 2015-07-10 19:42 - 00000000 ____D C:\ProgramData\Origin
2015-07-10 18:33 - 2015-07-10 18:38 - 00000000 ____D C:\Program Files (x86)\Origin
2015-07-10 18:33 - 2015-07-10 18:33 - 00000979 _____ C:\Users\Public\Desktop\Origin.lnk
2015-07-10 18:33 - 2015-07-10 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-07-10 18:33 - 2015-07-10 18:33 - 00000000 ____D C:\ProgramData\Electronic Arts
2015-07-10 18:32 - 2015-07-10 18:32 - 17116168 _____ (Electronic Arts, Inc.) C:\Users\Ece\Downloads\OriginThinSetup.exe
2015-07-10 18:21 - 2015-07-10 18:21 - 00000000 ____D C:\Users\Ece\Documents\Electronic Arts
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-09 01:22 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-09 01:22 - 2009-07-14 07:51 - 00045628 _____ C:\Windows\setupact.log
2015-08-07 01:09 - 2009-07-14 07:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-07 01:09 - 2009-07-14 07:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-07 01:03 - 2015-06-06 07:14 - 00002828 _____ C:\Windows\System32\Tasks\SlimDrivers Startup
2015-08-07 01:03 - 2015-06-06 07:14 - 00000406 _____ C:\Windows\Tasks\SlimDrivers Startup.job
2015-08-07 01:03 - 2015-06-06 07:13 - 00016056 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys
2015-08-07 01:02 - 2015-06-06 06:56 - 00001016 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-06 20:14 - 2015-06-06 06:23 - 01973764 _____ C:\Windows\WindowsUpdate.log
2015-08-06 20:10 - 2015-06-06 06:56 - 00001020 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-06 20:09 - 2010-11-21 06:47 - 00009436 _____ C:\Windows\PFRO.log
2015-08-06 20:05 - 2009-07-14 05:34 - 00000215 _____ C:\Windows\system.ini
2015-08-06 19:28 - 2015-06-11 01:37 - 00000000 ____D C:\Users\Ece\AppData\Local\NVIDIA Corporation
2015-08-06 19:28 - 2015-06-11 01:36 - 00000000 ____D C:\Users\Ece\AppData\Local\NVIDIA
2015-08-06 18:48 - 2015-06-06 06:39 - 00000000 ____D C:\Users\Ece
2015-08-06 18:46 - 2015-07-02 03:36 - 00000000 ____D C:\Users\Ece\AppData\Roaming\Adobe
2015-08-06 18:46 - 2015-07-02 03:35 - 00000000 ____D C:\ProgramData\Adobe
2015-08-06 18:46 - 2015-06-18 00:30 - 00000000 ____D C:\Users\Ece\AppData\Roaming\uTorrent
2015-08-06 18:46 - 2015-06-14 03:27 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-06 18:46 - 2015-06-11 07:02 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-06 18:46 - 2015-06-06 06:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-06 18:46 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\registration
2015-08-01 01:02 - 2015-06-06 06:55 - 00058432 _____ C:\Users\Ece\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-27 23:31 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache
2015-07-26 07:22 - 2015-06-06 07:22 - 00000362 _____ C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Ece).job
2015-07-26 02:08 - 2015-06-18 04:42 - 00000876 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-07-26 01:42 - 2015-06-06 06:56 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-24 00:11 - 2009-07-14 07:45 - 00268440 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-24 00:09 - 2015-06-14 03:27 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-24 00:09 - 2015-06-11 07:02 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-24 00:09 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2015-07-24 00:09 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\tr-TR
2015-07-24 00:09 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-22 14:39 - 2015-07-03 18:46 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-22 14:35 - 2015-06-06 06:56 - 00004016 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-22 14:35 - 2015-06-06 06:56 - 00003764 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-22 14:22 - 2015-07-04 05:31 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-10 22:04 - 2009-07-14 08:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-10 22:02 - 2015-06-18 06:55 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-10 19:45 - 2015-06-12 23:53 - 00000000 ____D C:\Users\Ece\Documents\My Games
 
==================== Files in the root of some directories =======
 
2015-06-11 01:06 - 2015-06-11 01:06 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-23 04:47
 
==================== End of log ============================


#4 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:51 AM

Posted 10 August 2015 - 08:24 AM

Hello Prudencia,

I apologize for the delay. I have our next steps below. :)

Please consider/perform the following in order.

======================================================

goGMWSt.gifP2P Warning

I see you have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent). I advise you avoid P2P file sharing programs; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infested with malware - worms, backdoor Trojans, IRCBots, and rootkits propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install malware. The best way to reduce the risk of infection is to avoid these types of web sites and P2P programs. Please read the following articles for more information.Your P2P software can be removed by following the instructions below.
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the aforementioned program(s), right-click and click Uninstall. Follow the prompts.
If you choose not to, please refrain from using the program(s) during this process.

======================================================

Registry Cleaner Response

BleepingComputer DOES NOT recommend the use of registry cleaners/optimizers (SlimCleaner Plus) or the registry cleaner component of software for several reasons:
  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.
    • The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
  • Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.
If you persist in using a registry cleaner you should always backup the registry before doing so.

If you have regularly been using the registry cleaner component of SlimCleaner Plus, it may be responsible for the majority of your computer's symptoms.

======================================================

Uninstall Programs Using Programs and Features
  • Press and hold the Windows key + R on your keyboard.
  • In the Run box type appwiz.cpl and hit Enter.
  • Select the following programs and click Uninstall.
    • SlimCleaner Plus
  • Reboot your computer.
======================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1301287419-663054695-3114238220-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Ece).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16056 2015-08-07] (SlimWare Utilities, Inc.)
2015-06-11 01:06 - 2015-06-11 01:06 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
======================================================

Try the following in Windows normally. If the system is still too slow, go back to Safe Mode With Networking.

Farbar Recovery Scan Tool (FRST)
  • Launch FRST.
  • Click the Scan button.
  • A new FRST.txt log will be produced. Include the contents of this log in your next post.
======================================================

Status Report

How is your computer doing now? What symptoms remain?

======================================================

What I'd like to see in your next post:
  • Decision regarding uTorrent.
  • Decision regarding SlimCleaner Plus.
  • Fixlog.txt
  • FRST.txt
  • Status Report

Edited by TheShooter93, 10 August 2015 - 08:50 AM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#5 Prudencia

Prudencia
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 10 August 2015 - 06:17 PM

Hi again! 

I decided not to remove uTorrent, but I decided to remove SlimCleaner Plus. When I tried to remove it, it gave an error. It was "The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance." So, I couldn't remove it from my computer. Also, I have never launched this application. Whatever, I applied fixlist.txt to my computer and I started Windows normally. It was okay at first but when i try to launch something, it always freezes. My mouse pointer always showing a blue circle and stops responding. I don't know what to do. 

 

Here is my Fixlog.txt 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:09-08-2015

Ran by Ece (2015-08-11 01:52:55) Run:1
Running from C:\Users\Ece\Desktop
Loaded Profiles: Ece (Available Profiles: Ece)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1301287419-663054695-3114238220-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Ece).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16056 2015-08-07] (SlimWare Utilities, Inc.)
2015-06-11 01:06 - 2015-06-11 01:06 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
*****************
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
"HKU\S-1-5-21-1301287419-663054695-3114238220-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Ece).job => moved successfully.
C:\Windows\Tasks\SlimDrivers Startup.job => moved successfully.
SWDUMon => service removed successfully
C:\ProgramData\DP45977C.lfl => moved successfully.
 
==== End of Fixlog 01:52:55 ====
 
And here is the new FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-08-2015
Ran by Ece (administrator) on ECE-BILGISAYAR (11-08-2015 02:16:10)
Running from C:\Users\Ece\Desktop
Loaded Profiles: Ece (Available Profiles: Ece)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Language: Türkçe (Türkiye)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13774040 2000-01-01] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Kepard] => "C:\Program Files (x86)\Kepard\Kepard.exe" tray
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1301287419-663054695-3114238220-1000\...\Run: [SlimCleaner Plus] => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [26166552 2015-05-26] (SlimWare Utilities, Inc.)
HKU\S-1-5-21-1301287419-663054695-3114238220-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4471536 2015-05-21] (Disc Soft Ltd)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175880 2015-05-28] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [154256 2015-05-28] (NVIDIA Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1301287419-663054695-3114238220-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{5917D0A2-DD95-491D-BE0F-73B18678DEE5}: [DhcpNameServer] 192.168.1.1 0.0.0.0
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-22] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Ece\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Ece\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ece\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-06]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272560 2015-05-21] (Disc Soft Ltd)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-28] (NVIDIA Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-28] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-28] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-10] (Electronic Arts)
S2 SlimService; C:\Program Files\SlimService\SlimServiceFactory.exe [244504 2015-05-26] (SlimWare Utilities, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" [X]
S2 MBAMService; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-06-18] (Disc Soft Ltd)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-28] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-05-28] (NVIDIA Corporation)
S3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-11 02:15 - 2015-08-11 02:15 - 00002158 _____ C:\Users\Ece\Desktop\Yeni Metin Belgesi (3).txt
2015-08-11 01:52 - 2015-08-11 01:52 - 00000000 ____D C:\Users\Ece\Desktop\FRST-OlderVersion
2015-08-09 01:28 - 2015-08-09 01:28 - 00026336 _____ C:\Users\Ece\Desktop\Addition.txt
2015-08-09 01:27 - 2015-08-11 02:16 - 00002997 _____ C:\Users\Ece\Desktop\FRST.txt
2015-08-09 01:26 - 2015-08-11 02:16 - 00000000 ____D C:\FRST
2015-08-09 01:26 - 2015-08-11 01:52 - 02171392 _____ (Farbar) C:\Users\Ece\Desktop\FRST64.exe
2015-08-06 20:07 - 2015-08-06 20:07 - 00019666 _____ C:\ComboFix.txt
2015-08-06 19:50 - 2015-08-06 20:07 - 00000000 ____D C:\Qoobox
2015-08-06 19:50 - 2015-08-06 20:06 - 00000000 ____D C:\Windows\erdnt
2015-08-06 19:50 - 2011-06-26 09:45 - 00256000 _____ C:\Windows\PEV.exe
2015-08-06 19:50 - 2010-11-07 20:20 - 00208896 _____ C:\Windows\MBR.exe
2015-08-06 19:50 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-08-06 19:50 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-08-06 19:50 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-08-06 19:50 - 2000-08-31 03:00 - 00098816 _____ C:\Windows\sed.exe
2015-08-06 19:50 - 2000-08-31 03:00 - 00080412 _____ C:\Windows\grep.exe
2015-08-06 19:50 - 2000-08-31 03:00 - 00068096 _____ C:\Windows\zip.exe
2015-08-06 17:56 - 2015-08-06 18:03 - 00000000 ____D C:\Users\Ece\Downloads\Life.Is.Strange.Episode.4.Only-ALI213
2015-07-29 03:23 - 2015-08-06 18:46 - 00000000 ____D C:\Users\Ece\AppData\Roaming\PhotoScape
2015-07-29 03:23 - 2015-07-29 03:23 - 00000000 ____D C:\output
2015-07-29 01:17 - 2015-07-29 01:17 - 00000000 ____D C:\Users\Ece\AppData\Local\Adobe
2015-07-29 01:11 - 2015-08-06 18:46 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2015-07-23 03:09 - 2015-07-03 00:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-23 03:09 - 2015-07-03 00:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-23 03:09 - 2015-07-02 23:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-23 03:09 - 2015-07-02 23:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-23 03:09 - 2015-07-02 23:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-23 03:09 - 2015-07-02 23:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-23 03:09 - 2015-07-02 23:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-23 03:09 - 2015-07-02 23:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-23 03:09 - 2015-07-02 23:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-23 03:09 - 2015-07-02 22:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-23 03:09 - 2015-07-02 22:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-23 03:09 - 2015-07-02 21:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-23 03:09 - 2015-06-27 05:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-23 03:09 - 2015-06-27 05:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-23 03:09 - 2015-06-27 04:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-23 03:09 - 2015-06-27 04:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-22 17:26 - 2015-07-22 17:26 - 00002311 _____ C:\Users\Ece\Desktop\Chrome Uygulama Başlatıcı.lnk
2015-07-22 17:26 - 2015-07-22 17:26 - 00000000 ____D C:\Users\Ece\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-22 14:21 - 2015-07-15 06:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-22 14:21 - 2015-07-15 06:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-22 14:21 - 2015-07-15 06:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-22 14:21 - 2015-07-15 06:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-22 14:21 - 2015-07-15 05:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-22 14:21 - 2015-07-15 05:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-22 14:21 - 2015-07-15 05:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-22 14:21 - 2015-07-15 05:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-22 14:21 - 2015-07-15 04:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-22 14:21 - 2015-07-15 04:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-22 14:21 - 2015-07-09 20:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-22 14:21 - 2015-07-09 20:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-22 14:21 - 2015-07-09 20:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-22 14:21 - 2015-07-09 20:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-22 14:21 - 2015-07-09 20:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-22 14:21 - 2015-07-09 20:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-22 14:21 - 2015-07-09 20:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-22 14:21 - 2015-06-02 03:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-22 14:21 - 2015-06-02 02:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-22 14:20 - 2015-06-25 11:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-22 14:19 - 2015-06-17 20:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-22 14:19 - 2015-06-17 20:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-22 14:17 - 2015-06-25 21:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-22 14:17 - 2015-06-25 20:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-22 14:17 - 2015-06-20 23:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-22 14:17 - 2015-06-20 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-22 14:17 - 2015-06-20 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-22 14:17 - 2015-06-20 22:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-22 14:17 - 2015-06-20 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-22 14:17 - 2015-06-20 22:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-22 14:17 - 2015-06-20 22:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-22 14:17 - 2015-06-20 22:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-22 14:17 - 2015-06-20 22:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-22 14:17 - 2015-06-20 22:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-22 14:17 - 2015-06-20 22:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-22 14:17 - 2015-06-20 22:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-22 14:17 - 2015-06-20 22:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-22 14:17 - 2015-06-20 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-22 14:17 - 2015-06-20 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-22 14:17 - 2015-06-20 22:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-22 14:17 - 2015-06-20 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-22 14:17 - 2015-06-20 21:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-22 14:17 - 2015-06-20 21:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-22 14:17 - 2015-06-20 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-22 14:17 - 2015-06-20 21:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-22 14:17 - 2015-06-20 21:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-22 14:17 - 2015-06-20 21:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-22 14:17 - 2015-06-19 21:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-22 14:17 - 2015-06-19 21:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-22 14:17 - 2015-06-19 21:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-22 14:17 - 2015-06-19 21:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-22 14:17 - 2015-06-19 21:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-22 14:17 - 2015-06-19 21:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-22 14:17 - 2015-06-19 21:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-22 14:17 - 2015-06-19 21:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-22 14:17 - 2015-06-19 21:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-22 14:17 - 2015-06-19 21:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-22 14:17 - 2015-06-19 20:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-22 14:17 - 2015-06-19 20:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-22 14:17 - 2015-06-19 20:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-22 14:17 - 2015-06-19 20:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-22 14:17 - 2015-06-19 20:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-22 14:17 - 2015-06-19 20:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-22 14:17 - 2015-06-19 20:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-22 14:17 - 2015-06-19 20:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-22 14:17 - 2015-06-19 20:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-22 14:14 - 2015-07-04 21:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-22 14:14 - 2015-07-04 20:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-22 14:14 - 2015-04-27 22:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-22 14:14 - 2015-04-27 22:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-22 14:14 - 2015-04-27 22:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-22 14:14 - 2015-04-27 22:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-22 14:14 - 2015-04-27 22:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-22 14:14 - 2015-04-27 22:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-22 14:14 - 2015-04-27 22:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-22 14:14 - 2015-04-27 22:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-22 14:13 - 2015-07-09 20:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-22 14:13 - 2015-07-09 20:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-22 14:13 - 2015-07-09 20:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-22 14:13 - 2015-07-09 20:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-22 14:13 - 2015-07-09 20:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-22 14:13 - 2015-07-09 20:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-22 14:13 - 2015-07-09 20:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-22 14:13 - 2015-07-09 20:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-22 14:13 - 2015-07-01 23:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-22 14:13 - 2015-07-01 23:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-22 14:13 - 2015-07-01 23:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-22 14:13 - 2015-07-01 23:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-22 14:13 - 2015-07-01 23:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-22 14:13 - 2015-07-01 23:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-22 14:13 - 2015-07-01 23:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-22 14:13 - 2015-07-01 23:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-22 14:13 - 2015-07-01 23:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-22 14:13 - 2015-07-01 23:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-22 14:13 - 2015-07-01 23:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-22 14:13 - 2015-07-01 23:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-22 14:13 - 2015-07-01 23:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-22 14:13 - 2015-07-01 23:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-22 14:13 - 2015-07-01 23:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-22 14:13 - 2015-07-01 23:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-22 14:13 - 2015-07-01 22:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-22 14:13 - 2015-07-01 22:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-22 14:13 - 2015-07-01 22:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-22 14:13 - 2015-06-16 00:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-22 14:13 - 2015-06-16 00:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-22 14:13 - 2015-06-16 00:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-22 14:13 - 2015-06-16 00:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-22 14:13 - 2015-06-16 00:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-22 14:13 - 2015-06-16 00:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-22 14:13 - 2015-06-16 00:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-22 14:13 - 2015-06-16 00:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-22 14:13 - 2015-06-16 00:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-22 14:13 - 2015-06-16 00:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-22 14:13 - 2015-06-16 00:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-22 14:13 - 2015-06-16 00:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-13 21:36 - 2015-07-13 21:54 - 00000490 _____ C:\Users\Ece\Desktop\Yeni Metin Belgesi (2).txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-11 01:55 - 2015-06-06 06:56 - 00001016 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-11 01:55 - 2009-07-14 07:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-11 01:55 - 2009-07-14 07:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-11 01:54 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-11 01:54 - 2009-07-14 07:51 - 00046132 _____ C:\Windows\setupact.log
2015-08-11 01:44 - 2010-11-21 06:47 - 00009770 _____ C:\Windows\PFRO.log
2015-08-09 07:19 - 2010-11-21 15:35 - 00654646 _____ C:\Windows\system32\perfh01F.dat
2015-08-09 07:19 - 2010-11-21 15:35 - 00138902 _____ C:\Windows\system32\perfc01F.dat
2015-08-09 07:19 - 2009-07-14 08:13 - 01564450 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-09 07:12 - 2015-06-06 07:14 - 00002828 _____ C:\Windows\System32\Tasks\SlimDrivers Startup
2015-08-09 07:12 - 2015-06-06 06:55 - 00058016 _____ C:\Users\Ece\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-09 07:11 - 2015-06-06 07:13 - 00016056 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys
2015-08-09 01:26 - 2015-07-10 20:02 - 00000000 ____D C:\Users\Ece\Downloads\Sims 4 DL
2015-08-06 20:14 - 2015-06-06 06:23 - 01973764 _____ C:\Windows\WindowsUpdate.log
2015-08-06 20:10 - 2015-06-06 06:56 - 00001020 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-06 20:05 - 2009-07-14 05:34 - 00000215 _____ C:\Windows\system.ini
2015-08-06 19:28 - 2015-06-11 01:37 - 00000000 ____D C:\Users\Ece\AppData\Local\NVIDIA Corporation
2015-08-06 19:28 - 2015-06-11 01:36 - 00000000 ____D C:\Users\Ece\AppData\Local\NVIDIA
2015-08-06 18:48 - 2015-06-06 06:39 - 00000000 ____D C:\Users\Ece
2015-08-06 18:46 - 2015-07-02 03:36 - 00000000 ____D C:\Users\Ece\AppData\Roaming\Adobe
2015-08-06 18:46 - 2015-07-02 03:35 - 00000000 ____D C:\ProgramData\Adobe
2015-08-06 18:46 - 2015-06-18 00:30 - 00000000 ____D C:\Users\Ece\AppData\Roaming\uTorrent
2015-08-06 18:46 - 2015-06-14 03:27 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-06 18:46 - 2015-06-11 07:02 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-06 18:46 - 2015-06-06 06:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-06 18:46 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\registration
2015-07-27 23:31 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache
2015-07-26 02:08 - 2015-06-18 04:42 - 00000876 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-07-26 01:42 - 2015-06-06 06:56 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-24 00:11 - 2009-07-14 07:45 - 00268440 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-24 00:09 - 2015-06-14 03:27 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-24 00:09 - 2015-06-11 07:02 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-24 00:09 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2015-07-24 00:09 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\tr-TR
2015-07-24 00:09 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-22 14:39 - 2015-07-03 18:46 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-22 14:35 - 2015-06-06 06:56 - 00004016 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-22 14:35 - 2015-06-06 06:56 - 00003764 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-22 14:22 - 2015-07-04 05:31 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-23 04:47
 
==================== End of log ============================


#6 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:51 AM

Posted 11 August 2015 - 11:47 AM

Hi Prudencia,

Let's try another program to uninstall SlimCleaner Plus, and attempt to repair Windows.  :warrior: 
 
======================================================

Uninstalling Programs Using Revo Uninstaller Free

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
SlimCleaner Plus
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Click on Select all then click Delete
  • When prompted select Yes then Next
  • Once done click Finish.
======================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-1301287419-663054695-3114238220-1000\...\Run: [SlimCleaner Plus] => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [26166552 2015-05-26] (SlimWare Utilities, Inc.)
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
======================================================

Malwarebytes Antimalware

GUZVCQN.jpg Please download Malwarebytes Anti-Malware to your desktop.
  • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
  • At the end, remove the checkmark next to Enable free trial of Malwarebytes Anti-Malware Premium and keep the checkmark next to Launch Malwarebytes Anti-Malware, then click Finish.
  • Once launched it will automatically scan for updates. If an update is found, it will download and install the latest version.
  • Once the program has loaded, click the Scan tab at the top.
  • Select Threat Scan and click Scan Now >>.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
======================================================

Tweaking.com - Windows Repair All-In-One (Portable)

- Download Windows Repair All-In-One (Portable Version) from here.

- Extract tweaking.com_windows_repair_aio.zip to your Desktop.

- Disable all your antivirus and antimalware software - see how to do that here.
- Right click on QfBzvq1.png and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.
(Windows Vista/7/8 users: Accept UAC warning if it is enabled.)

- A window will appear. Click Step 2.
2f8o60N.png

- Click the Open Pre-Scan button, then click Start Scan. Wait for Windows Repair to finish scanning.

- Depending on which error Windows Repair found, click Repair Reparse Point or Repair Environment Variable accordingly. When the button changes to "Done!", click the close button to return to Windows Repair.

- Go to Step 3, then click Check in the See If Check Disk Is Needed.

- If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next Boot. Reboot the computer to let Windows check the disk.
Ymy7crZ.png

- Go to Step 4, then click Do It.
zDtdN75.png

- Go to Step 5. Under System Restore click Create.
f7lEe1N.png

- Go to Repairs and click Open Repairs. Leave all checkmarks as they are, then click Start Repairs.
PGv2vtD.png

- By default Windows Repair All-In-One will create a "Logs" folder in its folder on the Desktop. Please post the contents of the log in your next reply.
 
======================================================

Status Report

What symptoms remain? Are you able to login to Windows normally?

======================================================
 
What I'd like to see in your next post:
  • Did Revo Uninstaller successfully uninstall SlimCleaner Plus?
  • Fixlog.txt
  • Malwarebytes Antimalware log.
  • Windows Repair Tool log.
  • Status Report

Edited by TheShooter93, 11 August 2015 - 11:54 AM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#7 Prudencia

Prudencia
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 11 August 2015 - 10:25 PM

Hi Cody,
I tried to remove SlimCleaner Plus by using Revo Uninstaller Free, but it wasn't on the list. So, i deleted it(at least i tried) from my program files and regedit. (I shouldn't have done this actually but I really fed up with it.) Also, I saw a file whose name is 'Program Fileas' but it was empty. It sounded fake to me. I followed your steps and here is my Fixlog.
 
Fix result of Farbar Recovery Scan Tool (x64) Version:11-08-2015 02
Ran by Ece (2015-08-12 02:47:41) Run:2
Running from C:\Users\Ece\Desktop
Loaded Profiles: Ece (Available Profiles: Ece)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
HKU\S-1-5-21-1301287419-663054695-3114238220-1000\...\Run: [SlimCleaner Plus] => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [26166552 2015-05-26] (SlimWare Utilities, Inc.)
*****************
 
HKU\S-1-5-21-1301287419-663054695-3114238220-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SlimCleaner Plus => value removed successfully
 
==== End of Fixlog 02:47:41 ====
 
 
Here is my MAM result:
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12.08.2015
Scan Time: 02:49
Logfile: MAMH.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.08.11.07
Rootkit Database: v2015.08.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ece
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 341356
Time Elapsed: 10 min, 24 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.RiskWare.Patcher, C:\Users\Ece\Downloads\HitmanPro.3.7.9.241 so.rar, , [6c270403791240f63ea953767d84d32d], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
I downloaded Windows Repair All-In-One and i followed your steps. Now, my computer works well on normal mode. I found Logs folder but it has so many files in it. I don't know which one I should post here but here is my Windows Repair Log. I think, we don't need it anymore. I really appreciate all the help you've given me. Thanks for everything. 
 
Tweaking.com - Windows Repair v3.4.1
--------------------------------------------------------------------------------
 
System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Home Basic
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: ECE-BILGISAYAR
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Ece
Current Profile SID: S-1-5-21-1301287419-663054695-3114238220-1000
Current Profile Classes: S-1-5-21-1301287419-663054695-3114238220-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Ece\AppData\Local
--------------------------------------------------------------------------------
 
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 01:04:52
 
Process Count: 40
Commit Total: 1,65 GB
Commit Limit: 7,83 GB
Commit Peak: 2,19 GB
Handle Count: 10589
Kernel Total: 301,28 MB
Kernel Paged: 244,93 MB
Kernel Non Paged: 56,35 MB
System Cache: 2,50 GB
Thread Count: 452
--------------------------------------------------------------------------------
 
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3,92 GB
Memory Used: 1,56 GB(39,8592%)
Memory Avail.: 2,35 GB
--------------------------------------------------------------------------------
 
Cleaning Memory Before Starting Repairs...
 
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3,92 GB
Memory Used: 1,25 GB(31,868%)
Memory Avail.: 2,67 GB
--------------------------------------------------------------------------------
 
Starting Repairs...
   Started at (12.08.2015 03:32:26)
 
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 45
 
01 - Reset Registry Permissions
   Restore Windows 7/8/10 Default Registry Permissions
   Start (12.08.2015 03:32:29)
 
 
Decompressing & Updating Windows Permission File C:\Users\Ece\Desktop\Tweaking.com - Windows Repair\files\permissions\7\hkud.7z
Done,  0,23 seconds.
 
 
Decompressing & Updating Windows Permission File C:\Users\Ece\Desktop\Tweaking.com - Windows Repair\files\permissions\7\hkcu.7z
Done,  0,19 seconds.
 
 
Decompressing & Updating Windows Permission File C:\Users\Ece\Desktop\Tweaking.com - Windows Repair\files\permissions\7\hkcr.7z
Done,  0,61 seconds.
 
 
Decompressing & Updating Windows Permission File C:\Users\Ece\Desktop\Tweaking.com - Windows Repair\files\permissions\7\hklm.7z
Done,  3,09 seconds.
 
   Running Repair Under System Account
   Running Repair Under Current User Account
   Done (12.08.2015 04:38:19)
 
02 - Reset File Permissions: C:
   C: & Sub Folders
   Start (12.08.2015 04:38:19)
 
   Trying To Run Repair As Trusted Installer.
   This Repair Is Hidden By Windows Itself.
   You Can See The Repair Working In The Task Manager.
   Running Repair As Trusted Installer
   Done (12.08.2015 04:41:50)
 
02 - Reset File Permissions
   Restore Windows 7/8/10 Default File Permissions
   Start (12.08.2015 04:41:50)
 
 
Decompressing & Updating Windows Permission File C:\Users\Ece\Desktop\Tweaking.com - Windows Repair\files\permissions\7\default.7z
Done,  0,17 seconds.
 
 
Decompressing & Updating Windows Permission File C:\Users\Ece\Desktop\Tweaking.com - Windows Repair\files\permissions\7\profile.7z
Done,  0,17 seconds.
 
 
Decompressing & Updating Windows Permission File C:\Users\Ece\Desktop\Tweaking.com - Windows Repair\files\permissions\7\program_files.7z
Done,  0,19 seconds.
 
 
Decompressing & Updating Windows Permission File C:\Users\Ece\Desktop\Tweaking.com - Windows Repair\files\permissions\7\program_files_x86.7z
Done,  0,16 seconds.
 
 
Decompressing & Updating Windows Permission File C:\Users\Ece\Desktop\Tweaking.com - Windows Repair\files\permissions\7\programdata.7z
Done,  0,33 seconds.
 
 
Decompressing & Updating Windows Permission File C:\Users\Ece\Desktop\Tweaking.com - Windows Repair\files\permissions\7\windows.7z
Done,  1,47 seconds.
 
   Running Repair Under System Account
   Done (12.08.2015 04:44:33)
 
02 - Reset File Permissions: Cleanup
   Repairing Restricted Folders Permissions To Avoid Infinite Loops
   Start (12.08.2015 04:44:33)
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12.08.2015 04:44:37)
 
03 - Reset Service Permissions
   Start (12.08.2015 04:44:37)
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12.08.2015 04:45:26)
 
04 - Register System Files
   Start (12.08.2015 04:45:26)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12.08.2015 04:45:55)
 
05 - Repair WMI
   Start (12.08.2015 04:45:55)
 
   Starting Security Center So We Can Export The Security Info.
 
   Exporting Antivirus Info...
   No Antivirus Products Reported.
 
   Exporting AntiSpyware Info...
   Windows Defender Exported.
 
   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.
 
   Running Repair Under Current User Account
   Done (12.08.2015 04:48:22)
 
06 - Repair Windows Firewall
   Start (12.08.2015 04:48:22)
 
Decompressing & Updating Windows Permission File C:\Users\Ece\Desktop\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done,  0,14 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12.08.2015 04:48:51)
 
07 - Repair Internet Explorer
   Start (12.08.2015 04:48:51)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12.08.2015 04:49:03)
 
08 - Repair MDAC/MS Jet
   Start (12.08.2015 04:49:03)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12.08.2015 04:49:08)
 
09 - Repair Hosts File
   Start (12.08.2015 04:49:08)
   Running Repair Under System Account
   Done (12.08.2015 04:49:09)
 
10 - Remove Policies Set By Infections
   Start (12.08.2015 04:49:09)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12.08.2015 04:49:14)
 
11 - Repair Start Menu Icons Removed By Infections
   Start (12.08.2015 04:49:14)
   Running Repair Under System Account
   Done (12.08.2015 04:49:15)
 
12 - Repair Icons
   Start (12.08.2015 04:49:15)
   Running Repair Under Current User Account
   Done (12.08.2015 04:49:16)
 
13 - Repair Network
   Start (12.08.2015 04:49:17)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12.08.2015 04:49:39)
 
14 - Remove Temp Files
   Start (12.08.2015 04:49:39)
   Running Repair Under System Account
   Done (12.08.2015 04:49:41)
 
15 - Repair Proxy Settings
   Start (12.08.2015 04:49:41)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12.08.2015 04:49:44)
 
17 - Repair Windows Updates
   Start (12.08.2015 04:49:44)
 
Decompressing & Updating Windows Permission File C:\Users\Ece\Desktop\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done,  0,14 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (12.08.2015 04:50:13)
 
18 - Repair CD/DVD Missing/Not Working
   Start (12.08.2015 04:50:13)
   iTunes not found, not applying UpperFilters iTunes Reg Key
   Done (12.08.2015 04:50:13)
 
19 - Repair Volume Shadow Copy Service
   Start (12.08.2015 04:50:13)
 
Decompressing & Updating Windows Permission File C:\Users\Ece\Desktop\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done,  0,13 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12.08.2015 04:50:59)
 
20 - Repair Windows Sidebar/Gadgets
   Start (12.08.2015 04:50:59)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12.08.2015 04:51:03)
 
21 - Repair MSI (Windows Installer)
   Start (12.08.2015 04:51:03)
 
Decompressing & Updating Windows Permission File C:\Users\Ece\Desktop\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done,  0,14 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12.08.2015 04:51:13)
 
22 - Repair Windows Snipping Tool
   Start (12.08.2015 04:51:13)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12.08.2015 04:51:15)
 
23.01 - Repair bat Association
   Start (12.08.2015 04:51:15)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12.08.2015 04:51:18)
 
23.02 - Repair cmd Association
   Start (12.08.2015 04:51:18)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12.08.2015 04:51:20)
 
23.03 - Repair com Association
   Start (12.08.2015 04:51:20)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12.08.2015 04:51:22)
 
23.04 - Repair Directory Association
   Start (12.08.2015 04:51:22)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12.08.2015 04:51:25)
 
23.05 - Repair Drive Association
   Start (12.08.2015 04:51:25)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12.08.2015 04:51:27)
 
23.06 - Repair exe Association
   Start (12.08.2015 04:51:27)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12.08.2015 04:51:29)
 
23.07 - Repair Folder Association
   Start (12.08.2015 04:51:29)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12.08.2015 04:51:31)
 
23.08 - Repair inf Association
   Start (12.08.2015 04:51:31)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12.08.2015 04:51:34)
 
23.09 - Repair lnk (Shortcuts) Association
   Start (12.08.2015 04:51:34)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12.08.2015 04:51:36)
 
23.10 - Repair msc Association
   Start (12.08.2015 04:51:36)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12.08.2015 04:51:38)
 
23.11 - Repair reg Association
   Start (12.08.2015 04:51:38)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12.08.2015 04:51:40)
 
23.12 - Repair scr Association
   Start (12.08.2015 04:51:40)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12.08.2015 04:51:42)
 
24 - Repair Windows Safe Mode
   Start (12.08.2015 04:51:42)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12.08.2015 04:51:44)
 
25 - Repair Print Spooler
   Start (12.08.2015 04:51:44)
 
Decompressing & Updating Windows Permission File C:\Users\Ece\Desktop\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done,  0,14 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12.08.2015 04:51:50)
 
26 - Restore Important Windows Services
   Start (12.08.2015 04:51:50)
 
Decompressing & Updating Windows Permission File C:\Users\Ece\Desktop\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done,  0,14 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12.08.2015 04:51:56)
 
27 - Set Windows Services To Default Startup
   Start (12.08.2015 04:51:56)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12.08.2015 04:52:09)
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1
 
31 - Repair Windows 'New' Submenu
   Start (12.08.2015 04:52:09)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12.08.2015 04:52:11)
 
32 - Restore UAC (User Account Control) Settings
   Start (12.08.2015 04:52:11)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12.08.2015 04:52:13)
 
33 - Repair Performance Counters
   Start (12.08.2015 04:52:13)
   Running Repair Under Current User Account
   Done (12.08.2015 04:52:30)
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done at (12.08.2015 04:52:30)
   Total Repair Time: 01:20:06
 
 
...YOU MUST RESTART YOUR SYSTEM...
 


#8 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:51 AM

Posted 12 August 2015 - 02:06 PM

Hi Prudencia,

 

Glad to hear you are able to boot into Windows normally.  :thumbup2:

 

We're now on the homestretch - please do the following. :)

 

========================================================

 

ESET Online Scanner

 

Please download the eset.pngESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!

 

========================================================

Fresh FRST & Addition Logs
 

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checkedaddition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

========================================================

 

Status Report

 

How is your computer now? What symptoms remain (if any)?

 

========================================================

 

What I'd like to see in your next post:  :thumbup2:

  • ESET log.
  • FRST.txt.
  • Addition.txt.
  • Status report.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#9 Prudencia

Prudencia
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 15 August 2015 - 06:59 AM

Hi Cody,

I said that everything is okay, but it didn't go on like that. When I started my computer in normal mode, it didn't give respond and started to freeze. I mean it was okay at first 1 minute, but later... I followed your steps again and here is my ESET log:

 ESETSmartInstaller@High as downloader log:

all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=5c8b63adf3d73a4f950f896b8e729870
# end=init
# utc_time=2015-08-15 09:41:54
# local_time=2015-08-15 12:41:54 (+0200, GTB Yaz Saati)
# country="Turkey"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 25289
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=5c8b63adf3d73a4f950f896b8e729870
# end=updated
# utc_time=2015-08-15 09:43:24
# local_time=2015-08-15 12:43:24 (+0200, GTB Yaz Saati)
# country="Turkey"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=5c8b63adf3d73a4f950f896b8e729870
# engine=25289
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-08-15 11:52:25
# local_time=2015-08-15 02:52:25 (+0200, GTB Yaz Saati)
# country="Turkey"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 191269395 0 0
# scanned=184904
# found=17
# cleaned=0
# scan_time=7740
sh=C3EB68821E4A811137A32F2582A504F20A88FBDA ft=1 fh=c838f18768b7b9d4 vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\Ece\AppData\Roaming\uTorrent\uTorrent.exe"
sh=C3EB68821E4A811137A32F2582A504F20A88FBDA ft=1 fh=c838f18768b7b9d4 vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\Ece\AppData\Roaming\uTorrent\updates\3.4.3_40298.exe"
sh=11ED3851BBE63EC9E73149BAB21C4E69D208C196 ft=0 fh=0000000000000000 vn="Win32/HackTool.Patcher.AD potentially unsafe application" ac=I fn="C:\Users\Ece\Downloads\HitmanPro.3.7.9.241 so.rar"
sh=BF7C2AFE29610405E9EE4D5D74E56CF78123BAF3 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Crack.DH potentially unsafe application" ac=I fn="C:\Users\Ece\Downloads\The_Sims_4_fix_TORRENT-VERSION.rar"
sh=C3EB68821E4A811137A32F2582A504F20A88FBDA ft=1 fh=c838f18768b7b9d4 vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\Ece\Downloads\uTorrent.exe"
sh=5261453D05D731BFF07CA1D49C0A4EAE807891F4 ft=1 fh=c40dbcd5a86537a4 vn="Win32/HackTool.Patcher.AD potentially unsafe application" ac=I fn="C:\Users\Ece\Downloads\HitmanPro.3.7.9.241 so\HitmanPro.3.7.9.241\hitmanpro.3.7.x-patch\hitmanpro.3.7.x-patch.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/HackTool.Crack.CY potentially unsafe application" ac=I fn="C:\Users\Ece\Downloads\The.Sims.4-RELOADED[rarbg]\rld-thesims4.iso"
sh=5020E959131101BA5B4CBCD5543F332C31431C46 ft=1 fh=2196be9e3d5eff70 vn="a variant of Win32/HackTool.Crack.DH potentially unsafe application" ac=I fn="C:\Users\Ece\Downloads\The_Sims_4_fix_TORRENT-VERSION\Game\Bin\RldOrigin.dll"
sh=7C3BC7BDC1AB50941157E663D19AE598D05717C1 ft=1 fh=b784d3d8f9ccf636 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="D:\KMPlayer_3.6.0.87_00_20130701000000.exe"
sh=057C95466AAD91380F7CA08599FEDDAEF90677A0 ft=1 fh=5e3edb1b062ef6d5 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="D:\PhotoScape3.6.5-tamindir.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Keygen.GU potentially unsafe application" ac=I fn="D:\Oyun & Film & Dizi\Oyunlar\Sims 3\The.Sims.3-Razor1911\The.Sims.3-Razor1911.iso"
sh=4B53B153F0871589126A05D1FBDF682E3CE98620 ft=1 fh=4589b8c6e9f4ba26 vn="a variant of Win32/HackTool.Crack.CX potentially unsafe application" ac=I fn="D:\Sims 4\SC-TS-41874V22-\Crack\Game\Bin\3dmgame.dll"
sh=120924C86162C5039CFF7FCF3A3C335B6A8EE4D0 ft=1 fh=a786b15dd66a23eb vn="Win32/HackTool.Crack.CY potentially unsafe application" ac=I fn="D:\The Sims 4 Oyun\The Sims 4\Game\Bin\rld.dll"
sh=5020E959131101BA5B4CBCD5543F332C31431C46 ft=1 fh=2196be9e3d5eff70 vn="a variant of Win32/HackTool.Crack.DH potentially unsafe application" ac=I fn="D:\The Sims 4 Oyun\The Sims 4\Game\Bin\RldOrigin.dll"
sh=E3C3C648F3783E1918A71EE73561B6DFD9E0C6FF ft=1 fh=031add60de2b5a8f vn="a variant of Win32/Hao123.A potentially unwanted application" ac=I fn="D:\Yeni klasör\7152-FFSetup3.5.0.0.exe"
sh=0EEF1C14A6FD0CEE83C448ABEEDB5C17B9992634 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.HU potentially unsafe application" ac=I fn="D:\Yeni klasör\sony vegas pro 13.0 build 428 (x64).zip"
sh=4DAF000951F851AA424D9F0BCC0529090393C0AE ft=1 fh=6484d5ab354c05d3 vn="a variant of Win32/Keygen.HU potentially unsafe application" ac=I fn="D:\Yeni klasör\sony vegas pro 13.0 build 428 (x64)\KeyGen\Keygen.exe"
 
FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-08-2015 01
Ran by Ece (administrator) on ECE-BILGISAYAR (15-08-2015 14:54:29)
Running from C:\Users\Ece\Desktop
Loaded Profiles: Ece (Available Profiles: Ece)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Language: Türkçe (Türkiye)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13774040 2000-01-01] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Kepard] => "C:\Program Files (x86)\Kepard\Kepard.exe" tray
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1301287419-663054695-3114238220-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4471536 2015-05-21] (Disc Soft Ltd)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175880 2015-05-28] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [154256 2015-05-28] (NVIDIA Corporation)
BootExecute: autocheck autochk /r \??\F:autocheck autochk * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1301287419-663054695-3114238220-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1301287419-663054695-3114238220-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & '
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & '
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{5917D0A2-DD95-491D-BE0F-73B18678DEE5}: [DhcpNameServer] 192.168.1.1 0.0.0.0
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-22] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Ece\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Ece\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ece\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-06]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272560 2015-05-21] (Disc Soft Ltd)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-28] (NVIDIA Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-28] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-28] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-10] (Electronic Arts)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 SlimService; "C:\Program Files\SlimService\SlimServiceFactory.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-06-18] (Disc Soft Ltd)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-28] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-05-28] (NVIDIA Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-15 02:52 - 2015-08-15 04:13 - 00001396 _____ C:\Users\Ece\Desktop\Yeni Metin Belgesi (5).txt
2015-08-15 02:45 - 2015-08-15 02:45 - 00000273 _____ C:\Users\Ece\Desktop\Yeni Metin Belgesi (4).txt
2015-08-15 02:35 - 2015-08-15 02:35 - 02870984 _____ (ESET) C:\Users\Ece\Desktop\esetsmartinstaller_enu (1).exe
2015-08-15 02:35 - 2015-08-15 02:35 - 00000000 ____D C:\Program Files (x86)\ESET
2015-08-12 03:05 - 2015-08-12 03:08 - 00000000 ____D C:\Users\Ece\Desktop\Tweaking.com - Windows Repair
2015-08-12 03:01 - 2015-08-12 03:02 - 00001132 _____ C:\Users\Ece\Desktop\MAMH.txt
2015-08-12 02:48 - 2015-08-12 03:06 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-12 02:48 - 2015-08-12 02:48 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-12 02:48 - 2015-08-12 02:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-12 02:48 - 2015-08-12 02:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-12 02:48 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-12 02:48 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-12 02:48 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-12 02:36 - 2015-08-12 02:36 - 00003591 _____ C:\Users\Ece\Desktop\Msirepair.reg
2015-08-12 02:30 - 2015-08-12 02:30 - 00001264 _____ C:\Users\Ece\Desktop\Revo Uninstaller.lnk
2015-08-12 02:30 - 2015-08-12 02:30 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-08-11 02:15 - 2015-08-12 03:04 - 00002252 _____ C:\Users\Ece\Desktop\Yeni Metin Belgesi (3).txt
2015-08-11 01:52 - 2015-08-15 14:54 - 00000000 ____D C:\Users\Ece\Desktop\FRST-OlderVersion
2015-08-09 01:28 - 2015-08-09 01:28 - 00026336 _____ C:\Users\Ece\Desktop\Addition.txt
2015-08-09 01:27 - 2015-08-15 14:54 - 00006586 _____ C:\Users\Ece\Desktop\FRST.txt
2015-08-09 01:26 - 2015-08-15 14:54 - 02173952 _____ (Farbar) C:\Users\Ece\Desktop\FRST64.exe
2015-08-09 01:26 - 2015-08-15 14:54 - 00000000 ____D C:\FRST
2015-08-06 20:07 - 2015-08-06 20:07 - 00019666 _____ C:\ComboFix.txt
2015-08-06 19:50 - 2015-08-06 20:07 - 00000000 ____D C:\Qoobox
2015-08-06 19:50 - 2015-08-06 20:06 - 00000000 ____D C:\Windows\erdnt
2015-08-06 19:50 - 2011-06-26 09:45 - 00256000 _____ C:\Windows\PEV.exe
2015-08-06 19:50 - 2010-11-07 20:20 - 00208896 _____ C:\Windows\MBR.exe
2015-08-06 19:50 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-08-06 19:50 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-08-06 19:50 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-08-06 19:50 - 2000-08-31 03:00 - 00098816 _____ C:\Windows\sed.exe
2015-08-06 19:50 - 2000-08-31 03:00 - 00080412 _____ C:\Windows\grep.exe
2015-08-06 19:50 - 2000-08-31 03:00 - 00068096 _____ C:\Windows\zip.exe
2015-08-06 17:56 - 2015-08-06 18:03 - 00000000 ____D C:\Users\Ece\Downloads\Life.Is.Strange.Episode.4.Only-ALI213
2015-07-29 03:23 - 2015-08-06 18:46 - 00000000 ____D C:\Users\Ece\AppData\Roaming\PhotoScape
2015-07-29 03:23 - 2015-07-29 03:23 - 00000000 ____D C:\output
2015-07-29 01:17 - 2015-07-29 01:17 - 00000000 ____D C:\Users\Ece\AppData\Local\Adobe
2015-07-29 01:11 - 2015-08-06 18:46 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2015-07-23 03:09 - 2015-07-03 00:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-23 03:09 - 2015-07-03 00:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-23 03:09 - 2015-07-02 23:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-23 03:09 - 2015-07-02 23:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-23 03:09 - 2015-07-02 23:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-23 03:09 - 2015-07-02 23:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-23 03:09 - 2015-07-02 23:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-23 03:09 - 2015-07-02 23:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-23 03:09 - 2015-07-02 23:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-23 03:09 - 2015-07-02 22:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-23 03:09 - 2015-07-02 22:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-23 03:09 - 2015-07-02 21:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-23 03:09 - 2015-06-27 05:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-23 03:09 - 2015-06-27 05:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-23 03:09 - 2015-06-27 04:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-23 03:09 - 2015-06-27 04:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-22 17:26 - 2015-07-22 17:26 - 00002311 _____ C:\Users\Ece\Desktop\Chrome Uygulama Başlatıcı.lnk
2015-07-22 17:26 - 2015-07-22 17:26 - 00000000 ____D C:\Users\Ece\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-22 14:21 - 2015-07-15 06:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-22 14:21 - 2015-07-15 06:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-22 14:21 - 2015-07-15 06:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-22 14:21 - 2015-07-15 06:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-22 14:21 - 2015-07-15 05:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-22 14:21 - 2015-07-15 05:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-22 14:21 - 2015-07-15 05:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-22 14:21 - 2015-07-15 05:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-22 14:21 - 2015-07-15 04:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-22 14:21 - 2015-07-15 04:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-22 14:21 - 2015-07-09 20:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-22 14:21 - 2015-07-09 20:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-22 14:21 - 2015-07-09 20:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-22 14:21 - 2015-07-09 20:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-22 14:21 - 2015-07-09 20:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-22 14:21 - 2015-07-09 20:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-22 14:21 - 2015-07-09 20:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-22 14:21 - 2015-06-02 03:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-22 14:21 - 2015-06-02 02:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-22 14:20 - 2015-06-25 11:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-22 14:19 - 2015-06-17 20:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-22 14:19 - 2015-06-17 20:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-22 14:17 - 2015-06-25 21:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-22 14:17 - 2015-06-25 20:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-22 14:17 - 2015-06-20 23:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-22 14:17 - 2015-06-20 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-22 14:17 - 2015-06-20 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-22 14:17 - 2015-06-20 22:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-22 14:17 - 2015-06-20 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-22 14:17 - 2015-06-20 22:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-22 14:17 - 2015-06-20 22:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-22 14:17 - 2015-06-20 22:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-22 14:17 - 2015-06-20 22:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-22 14:17 - 2015-06-20 22:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-22 14:17 - 2015-06-20 22:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-22 14:17 - 2015-06-20 22:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-22 14:17 - 2015-06-20 22:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-22 14:17 - 2015-06-20 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-22 14:17 - 2015-06-20 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-22 14:17 - 2015-06-20 22:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-22 14:17 - 2015-06-20 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-22 14:17 - 2015-06-20 21:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-22 14:17 - 2015-06-20 21:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-22 14:17 - 2015-06-20 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-22 14:17 - 2015-06-20 21:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-22 14:17 - 2015-06-20 21:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-22 14:17 - 2015-06-20 21:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-22 14:17 - 2015-06-19 21:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-22 14:17 - 2015-06-19 21:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-22 14:17 - 2015-06-19 21:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-22 14:17 - 2015-06-19 21:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-22 14:17 - 2015-06-19 21:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-22 14:17 - 2015-06-19 21:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-22 14:17 - 2015-06-19 21:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-22 14:17 - 2015-06-19 21:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-22 14:17 - 2015-06-19 21:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-22 14:17 - 2015-06-19 21:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-22 14:17 - 2015-06-19 20:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-22 14:17 - 2015-06-19 20:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-22 14:17 - 2015-06-19 20:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-22 14:17 - 2015-06-19 20:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-22 14:17 - 2015-06-19 20:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-22 14:17 - 2015-06-19 20:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-22 14:17 - 2015-06-19 20:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-22 14:17 - 2015-06-19 20:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-22 14:17 - 2015-06-19 20:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-22 14:14 - 2015-07-04 21:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-22 14:14 - 2015-07-04 20:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-22 14:14 - 2015-04-27 22:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-22 14:14 - 2015-04-27 22:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-22 14:14 - 2015-04-27 22:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-22 14:14 - 2015-04-27 22:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-22 14:14 - 2015-04-27 22:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-22 14:14 - 2015-04-27 22:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-22 14:14 - 2015-04-27 22:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-22 14:14 - 2015-04-27 22:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-22 14:13 - 2015-07-09 20:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-22 14:13 - 2015-07-09 20:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-22 14:13 - 2015-07-09 20:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-22 14:13 - 2015-07-09 20:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-22 14:13 - 2015-07-09 20:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-22 14:13 - 2015-07-09 20:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-22 14:13 - 2015-07-09 20:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-22 14:13 - 2015-07-09 20:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-22 14:13 - 2015-07-01 23:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-22 14:13 - 2015-07-01 23:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-22 14:13 - 2015-07-01 23:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-22 14:13 - 2015-07-01 23:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-22 14:13 - 2015-07-01 23:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-22 14:13 - 2015-07-01 23:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-22 14:13 - 2015-07-01 23:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-22 14:13 - 2015-07-01 23:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-22 14:13 - 2015-07-01 23:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-22 14:13 - 2015-07-01 23:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-22 14:13 - 2015-07-01 23:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-22 14:13 - 2015-07-01 23:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-22 14:13 - 2015-07-01 23:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-22 14:13 - 2015-07-01 23:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-22 14:13 - 2015-07-01 23:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-22 14:13 - 2015-07-01 23:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-22 14:13 - 2015-07-01 22:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-22 14:13 - 2015-07-01 22:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-22 14:13 - 2015-07-01 22:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-22 14:13 - 2015-06-16 00:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-22 14:13 - 2015-06-16 00:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-22 14:13 - 2015-06-16 00:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-22 14:13 - 2015-06-16 00:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-22 14:13 - 2015-06-16 00:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-22 14:13 - 2015-06-16 00:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-22 14:13 - 2015-06-16 00:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-22 14:13 - 2015-06-16 00:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-22 14:13 - 2015-06-16 00:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-22 14:13 - 2015-06-16 00:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-22 14:13 - 2015-06-16 00:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-22 14:13 - 2015-06-16 00:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-15 06:59 - 2015-06-11 05:22 - 00000000 ____D C:\Users\Ece\Desktop\Saves
2015-08-15 05:50 - 2015-06-06 06:23 - 01996077 _____ C:\Windows\WindowsUpdate.log
2015-08-15 02:37 - 2010-11-21 15:35 - 00613302 _____ C:\Windows\system32\perfh01F.dat
2015-08-15 02:37 - 2010-11-21 15:35 - 00122284 _____ C:\Windows\system32\perfc01F.dat
2015-08-15 02:37 - 2009-07-14 08:13 - 01479148 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-15 02:35 - 2015-07-10 20:02 - 00000000 ____D C:\Users\Ece\Downloads\Sims 4 DL
2015-08-15 02:28 - 2015-06-06 06:56 - 00001016 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-15 02:28 - 2009-07-14 07:51 - 00046692 _____ C:\Windows\setupact.log
2015-08-15 02:27 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-12 06:23 - 2009-07-14 07:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-12 06:23 - 2009-07-14 07:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-12 06:13 - 2009-07-14 07:45 - 00268440 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-12 06:12 - 2010-11-21 06:47 - 00010638 _____ C:\Windows\PFRO.log
2015-08-12 04:49 - 2009-07-14 05:34 - 00000439 _____ C:\Windows\win.ini
2015-08-09 07:12 - 2015-06-06 07:14 - 00002828 _____ C:\Windows\System32\Tasks\SlimDrivers Startup
2015-08-09 07:12 - 2015-06-06 06:55 - 00058016 _____ C:\Users\Ece\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-09 07:11 - 2015-06-06 07:13 - 00016056 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys
2015-08-06 20:10 - 2015-06-06 06:56 - 00001020 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-06 20:05 - 2009-07-14 05:34 - 00000215 _____ C:\Windows\system.ini
2015-08-06 20:05 - 2009-07-14 05:34 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts_bak_247
2015-08-06 19:28 - 2015-06-11 01:37 - 00000000 ____D C:\Users\Ece\AppData\Local\NVIDIA Corporation
2015-08-06 19:28 - 2015-06-11 01:36 - 00000000 ____D C:\Users\Ece\AppData\Local\NVIDIA
2015-08-06 18:48 - 2015-06-06 06:39 - 00000000 ____D C:\Users\Ece
2015-08-06 18:46 - 2015-07-02 03:36 - 00000000 ____D C:\Users\Ece\AppData\Roaming\Adobe
2015-08-06 18:46 - 2015-07-02 03:35 - 00000000 ____D C:\ProgramData\Adobe
2015-08-06 18:46 - 2015-06-18 00:30 - 00000000 ____D C:\Users\Ece\AppData\Roaming\uTorrent
2015-08-06 18:46 - 2015-06-14 03:27 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-06 18:46 - 2015-06-11 07:02 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-06 18:46 - 2015-06-06 06:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-06 18:46 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\registration
2015-07-27 23:31 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache
2015-07-26 02:08 - 2015-06-18 04:42 - 00000876 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-07-26 01:42 - 2015-06-06 06:56 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-24 00:09 - 2015-06-14 03:27 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-24 00:09 - 2015-06-11 07:02 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-24 00:09 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2015-07-24 00:09 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\tr-TR
2015-07-24 00:09 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-22 14:39 - 2015-07-03 18:46 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-22 14:35 - 2015-06-06 06:56 - 00004016 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-22 14:35 - 2015-06-06 06:56 - 00003764 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-22 14:22 - 2015-07-04 05:31 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-23 04:47
 
==================== End of log ============================
 
Addition.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-08-2015 01
Ran by Ece (administrator) on ECE-BILGISAYAR (15-08-2015 14:54:29)
Running from C:\Users\Ece\Desktop
Loaded Profiles: Ece (Available Profiles: Ece)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Language: Türkçe (Türkiye)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13774040 2000-01-01] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Kepard] => "C:\Program Files (x86)\Kepard\Kepard.exe" tray
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1301287419-663054695-3114238220-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4471536 2015-05-21] (Disc Soft Ltd)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175880 2015-05-28] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [154256 2015-05-28] (NVIDIA Corporation)
BootExecute: autocheck autochk /r \??\F:autocheck autochk * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1301287419-663054695-3114238220-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1301287419-663054695-3114238220-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & '
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & '
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{5917D0A2-DD95-491D-BE0F-73B18678DEE5}: [DhcpNameServer] 192.168.1.1 0.0.0.0
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-22] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Ece\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Ece\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ece\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-06]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272560 2015-05-21] (Disc Soft Ltd)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-28] (NVIDIA Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-28] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-28] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-10] (Electronic Arts)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 SlimService; "C:\Program Files\SlimService\SlimServiceFactory.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-06-18] (Disc Soft Ltd)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-28] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-05-28] (NVIDIA Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-15 02:52 - 2015-08-15 04:13 - 00001396 _____ C:\Users\Ece\Desktop\Yeni Metin Belgesi (5).txt
2015-08-15 02:45 - 2015-08-15 02:45 - 00000273 _____ C:\Users\Ece\Desktop\Yeni Metin Belgesi (4).txt
2015-08-15 02:35 - 2015-08-15 02:35 - 02870984 _____ (ESET) C:\Users\Ece\Desktop\esetsmartinstaller_enu (1).exe
2015-08-15 02:35 - 2015-08-15 02:35 - 00000000 ____D C:\Program Files (x86)\ESET
2015-08-12 03:05 - 2015-08-12 03:08 - 00000000 ____D C:\Users\Ece\Desktop\Tweaking.com - Windows Repair
2015-08-12 03:01 - 2015-08-12 03:02 - 00001132 _____ C:\Users\Ece\Desktop\MAMH.txt
2015-08-12 02:48 - 2015-08-12 03:06 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-12 02:48 - 2015-08-12 02:48 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-12 02:48 - 2015-08-12 02:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-12 02:48 - 2015-08-12 02:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-12 02:48 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-12 02:48 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-12 02:48 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-12 02:36 - 2015-08-12 02:36 - 00003591 _____ C:\Users\Ece\Desktop\Msirepair.reg
2015-08-12 02:30 - 2015-08-12 02:30 - 00001264 _____ C:\Users\Ece\Desktop\Revo Uninstaller.lnk
2015-08-12 02:30 - 2015-08-12 02:30 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-08-11 02:15 - 2015-08-12 03:04 - 00002252 _____ C:\Users\Ece\Desktop\Yeni Metin Belgesi (3).txt
2015-08-11 01:52 - 2015-08-15 14:54 - 00000000 ____D C:\Users\Ece\Desktop\FRST-OlderVersion
2015-08-09 01:28 - 2015-08-09 01:28 - 00026336 _____ C:\Users\Ece\Desktop\Addition.txt
2015-08-09 01:27 - 2015-08-15 14:54 - 00006586 _____ C:\Users\Ece\Desktop\FRST.txt
2015-08-09 01:26 - 2015-08-15 14:54 - 02173952 _____ (Farbar) C:\Users\Ece\Desktop\FRST64.exe
2015-08-09 01:26 - 2015-08-15 14:54 - 00000000 ____D C:\FRST
2015-08-06 20:07 - 2015-08-06 20:07 - 00019666 _____ C:\ComboFix.txt
2015-08-06 19:50 - 2015-08-06 20:07 - 00000000 ____D C:\Qoobox
2015-08-06 19:50 - 2015-08-06 20:06 - 00000000 ____D C:\Windows\erdnt
2015-08-06 19:50 - 2011-06-26 09:45 - 00256000 _____ C:\Windows\PEV.exe
2015-08-06 19:50 - 2010-11-07 20:20 - 00208896 _____ C:\Windows\MBR.exe
2015-08-06 19:50 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-08-06 19:50 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-08-06 19:50 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-08-06 19:50 - 2000-08-31 03:00 - 00098816 _____ C:\Windows\sed.exe
2015-08-06 19:50 - 2000-08-31 03:00 - 00080412 _____ C:\Windows\grep.exe
2015-08-06 19:50 - 2000-08-31 03:00 - 00068096 _____ C:\Windows\zip.exe
2015-08-06 17:56 - 2015-08-06 18:03 - 00000000 ____D C:\Users\Ece\Downloads\Life.Is.Strange.Episode.4.Only-ALI213
2015-07-29 03:23 - 2015-08-06 18:46 - 00000000 ____D C:\Users\Ece\AppData\Roaming\PhotoScape
2015-07-29 03:23 - 2015-07-29 03:23 - 00000000 ____D C:\output
2015-07-29 01:17 - 2015-07-29 01:17 - 00000000 ____D C:\Users\Ece\AppData\Local\Adobe
2015-07-29 01:11 - 2015-08-06 18:46 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2015-07-23 03:09 - 2015-07-03 00:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-23 03:09 - 2015-07-03 00:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-23 03:09 - 2015-07-02 23:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-23 03:09 - 2015-07-02 23:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-23 03:09 - 2015-07-02 23:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-23 03:09 - 2015-07-02 23:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-23 03:09 - 2015-07-02 23:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-23 03:09 - 2015-07-02 23:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-23 03:09 - 2015-07-02 23:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-23 03:09 - 2015-07-02 22:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-23 03:09 - 2015-07-02 22:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-23 03:09 - 2015-07-02 21:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-23 03:09 - 2015-06-27 05:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-23 03:09 - 2015-06-27 05:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-23 03:09 - 2015-06-27 04:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-23 03:09 - 2015-06-27 04:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-22 17:26 - 2015-07-22 17:26 - 00002311 _____ C:\Users\Ece\Desktop\Chrome Uygulama Başlatıcı.lnk
2015-07-22 17:26 - 2015-07-22 17:26 - 00000000 ____D C:\Users\Ece\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-22 14:21 - 2015-07-15 06:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-22 14:21 - 2015-07-15 06:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-22 14:21 - 2015-07-15 06:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-22 14:21 - 2015-07-15 06:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-22 14:21 - 2015-07-15 05:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-22 14:21 - 2015-07-15 05:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-22 14:21 - 2015-07-15 05:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-22 14:21 - 2015-07-15 05:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-22 14:21 - 2015-07-15 04:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-22 14:21 - 2015-07-15 04:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-22 14:21 - 2015-07-09 20:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-22 14:21 - 2015-07-09 20:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-22 14:21 - 2015-07-09 20:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-22 14:21 - 2015-07-09 20:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-22 14:21 - 2015-07-09 20:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-22 14:21 - 2015-07-09 20:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-22 14:21 - 2015-07-09 20:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-22 14:21 - 2015-06-02 03:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-22 14:21 - 2015-06-02 02:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-22 14:20 - 2015-06-25 11:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-22 14:19 - 2015-06-17 20:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-22 14:19 - 2015-06-17 20:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-22 14:17 - 2015-06-25 21:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-22 14:17 - 2015-06-25 20:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-22 14:17 - 2015-06-20 23:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-22 14:17 - 2015-06-20 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-22 14:17 - 2015-06-20 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-22 14:17 - 2015-06-20 22:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-22 14:17 - 2015-06-20 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-22 14:17 - 2015-06-20 22:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-22 14:17 - 2015-06-20 22:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-22 14:17 - 2015-06-20 22:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-22 14:17 - 2015-06-20 22:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-22 14:17 - 2015-06-20 22:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-22 14:17 - 2015-06-20 22:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-22 14:17 - 2015-06-20 22:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-22 14:17 - 2015-06-20 22:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-22 14:17 - 2015-06-20 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-22 14:17 - 2015-06-20 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-22 14:17 - 2015-06-20 22:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-22 14:17 - 2015-06-20 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-22 14:17 - 2015-06-20 21:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-22 14:17 - 2015-06-20 21:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-22 14:17 - 2015-06-20 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-22 14:17 - 2015-06-20 21:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-22 14:17 - 2015-06-20 21:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-22 14:17 - 2015-06-20 21:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-22 14:17 - 2015-06-19 21:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-22 14:17 - 2015-06-19 21:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-22 14:17 - 2015-06-19 21:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-22 14:17 - 2015-06-19 21:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-22 14:17 - 2015-06-19 21:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-22 14:17 - 2015-06-19 21:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-22 14:17 - 2015-06-19 21:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-22 14:17 - 2015-06-19 21:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-22 14:17 - 2015-06-19 21:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-22 14:17 - 2015-06-19 21:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-22 14:17 - 2015-06-19 20:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-22 14:17 - 2015-06-19 20:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-22 14:17 - 2015-06-19 20:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-22 14:17 - 2015-06-19 20:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-22 14:17 - 2015-06-19 20:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-22 14:17 - 2015-06-19 20:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-22 14:17 - 2015-06-19 20:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-22 14:17 - 2015-06-19 20:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-22 14:17 - 2015-06-19 20:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-22 14:14 - 2015-07-04 21:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-22 14:14 - 2015-07-04 20:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-22 14:14 - 2015-04-27 22:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-22 14:14 - 2015-04-27 22:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-22 14:14 - 2015-04-27 22:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-22 14:14 - 2015-04-27 22:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-22 14:14 - 2015-04-27 22:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-22 14:14 - 2015-04-27 22:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-22 14:14 - 2015-04-27 22:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-22 14:14 - 2015-04-27 22:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-22 14:13 - 2015-07-09 20:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-22 14:13 - 2015-07-09 20:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-22 14:13 - 2015-07-09 20:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-22 14:13 - 2015-07-09 20:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-22 14:13 - 2015-07-09 20:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-22 14:13 - 2015-07-09 20:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-22 14:13 - 2015-07-09 20:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-22 14:13 - 2015-07-09 20:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-22 14:13 - 2015-07-01 23:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-22 14:13 - 2015-07-01 23:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-22 14:13 - 2015-07-01 23:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-22 14:13 - 2015-07-01 23:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-22 14:13 - 2015-07-01 23:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-22 14:13 - 2015-07-01 23:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-22 14:13 - 2015-07-01 23:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-22 14:13 - 2015-07-01 23:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-22 14:13 - 2015-07-01 23:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-22 14:13 - 2015-07-01 23:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-22 14:13 - 2015-07-01 23:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-22 14:13 - 2015-07-01 23:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-22 14:13 - 2015-07-01 23:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-22 14:13 - 2015-07-01 23:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-22 14:13 - 2015-07-01 23:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-22 14:13 - 2015-07-01 23:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-22 14:13 - 2015-07-01 22:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-22 14:13 - 2015-07-01 22:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-22 14:13 - 2015-07-01 22:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-22 14:13 - 2015-06-16 00:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-22 14:13 - 2015-06-16 00:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-22 14:13 - 2015-06-16 00:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-22 14:13 - 2015-06-16 00:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-22 14:13 - 2015-06-16 00:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-22 14:13 - 2015-06-16 00:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-22 14:13 - 2015-06-16 00:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-22 14:13 - 2015-06-16 00:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-22 14:13 - 2015-06-16 00:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-22 14:13 - 2015-06-16 00:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-22 14:13 - 2015-06-16 00:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-22 14:13 - 2015-06-16 00:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-15 06:59 - 2015-06-11 05:22 - 00000000 ____D C:\Users\Ece\Desktop\Saves
2015-08-15 05:50 - 2015-06-06 06:23 - 01996077 _____ C:\Windows\WindowsUpdate.log
2015-08-15 02:37 - 2010-11-21 15:35 - 00613302 _____ C:\Windows\system32\perfh01F.dat
2015-08-15 02:37 - 2010-11-21 15:35 - 00122284 _____ C:\Windows\system32\perfc01F.dat
2015-08-15 02:37 - 2009-07-14 08:13 - 01479148 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-15 02:35 - 2015-07-10 20:02 - 00000000 ____D C:\Users\Ece\Downloads\Sims 4 DL
2015-08-15 02:28 - 2015-06-06 06:56 - 00001016 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-15 02:28 - 2009-07-14 07:51 - 00046692 _____ C:\Windows\setupact.log
2015-08-15 02:27 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-12 06:23 - 2009-07-14 07:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-12 06:23 - 2009-07-14 07:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-12 06:13 - 2009-07-14 07:45 - 00268440 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-12 06:12 - 2010-11-21 06:47 - 00010638 _____ C:\Windows\PFRO.log
2015-08-12 04:49 - 2009-07-14 05:34 - 00000439 _____ C:\Windows\win.ini
2015-08-09 07:12 - 2015-06-06 07:14 - 00002828 _____ C:\Windows\System32\Tasks\SlimDrivers Startup
2015-08-09 07:12 - 2015-06-06 06:55 - 00058016 _____ C:\Users\Ece\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-09 07:11 - 2015-06-06 07:13 - 00016056 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys
2015-08-06 20:10 - 2015-06-06 06:56 - 00001020 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-06 20:05 - 2009-07-14 05:34 - 00000215 _____ C:\Windows\system.ini
2015-08-06 20:05 - 2009-07-14 05:34 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts_bak_247
2015-08-06 19:28 - 2015-06-11 01:37 - 00000000 ____D C:\Users\Ece\AppData\Local\NVIDIA Corporation
2015-08-06 19:28 - 2015-06-11 01:36 - 00000000 ____D C:\Users\Ece\AppData\Local\NVIDIA
2015-08-06 18:48 - 2015-06-06 06:39 - 00000000 ____D C:\Users\Ece
2015-08-06 18:46 - 2015-07-02 03:36 - 00000000 ____D C:\Users\Ece\AppData\Roaming\Adobe
2015-08-06 18:46 - 2015-07-02 03:35 - 00000000 ____D C:\ProgramData\Adobe
2015-08-06 18:46 - 2015-06-18 00:30 - 00000000 ____D C:\Users\Ece\AppData\Roaming\uTorrent
2015-08-06 18:46 - 2015-06-14 03:27 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-06 18:46 - 2015-06-11 07:02 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-06 18:46 - 2015-06-06 06:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-06 18:46 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\registration
2015-07-27 23:31 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache
2015-07-26 02:08 - 2015-06-18 04:42 - 00000876 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-07-26 01:42 - 2015-06-06 06:56 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-24 00:09 - 2015-06-14 03:27 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-24 00:09 - 2015-06-11 07:02 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-24 00:09 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2015-07-24 00:09 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\tr-TR
2015-07-24 00:09 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-22 14:39 - 2015-07-03 18:46 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-22 14:35 - 2015-06-06 06:56 - 00004016 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-22 14:35 - 2015-06-06 06:56 - 00003764 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-22 14:22 - 2015-07-04 05:31 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-23 04:47
 
==================== End of log ============================


#10 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:51 AM

Posted 15 August 2015 - 12:35 PM

Hi Prudencia,

Let's try the following. :)

==================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1301287419-663054695-3114238220-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S2 SlimService; "C:\Program Files\SlimService\SlimServiceFactory.exe" [X]
2015-08-09 07:12 - 2015-06-06 07:14 - 00002828 _____ C:\Windows\System32\Tasks\SlimDrivers Startup
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

==================================================

Startup Repair

  • As your computer is booting up, press F8 repeatedly.
  • A menu should appear - choose Repair your computer.
  • This will bring you to a Windows Installation screen. Continue with the directions until you reach the "Install Now" screen:
    windows-7-startup-repair-4.jpg
  • Click the Repair Your Computer button in the lower-left corner.
  • Continue through until you reach the Recovery Environment screen:
    windows-7-startup-repair-7.jpg
  • Click Startup Repair.
  • Let this process complete and include the results in your next post.

==================================================

CHKDSK

  • Press and hold the Windows button + R on your keyboard.
  • In the Run box, type CMD and hit Enter.
  • In Command Prompt, type CHKDSK /r and hit Enter.
  • At the prompt, type Y and hit Enter.
  • Reboot the machine.
  • Post the resulting log in your next reply. Directions on how to retrieve the CHKDSK log can be found here.

==================================================

Fresh FRST and Addition Logs

You didn't include the Addition.txt in your last post - please make sure to include the newly made one below. If you can produce these logs from within Windows normally (as opposed to Safe Mode), please do so.

  • Launch FRST.
  • Check the Addition.txt box.
  • Press Scan.
  • When finished, FRST will produce two logs. Please copy and paste these logs in your next reply.

==================================================
 
What I'd like to see in your next post:

  • Fixlog.txt.
  • Did Startup Repair have any effect on booting into Windows normally?
  • CHKDSK log.
  • Fresh FRST and Addition logs.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#11 Prudencia

Prudencia
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 18 August 2015 - 02:55 AM

Hi Cody,

Startup repair didn't change anything because it couldn't recognize any problem. But, after chkdsk thing i could start my Windows normally and i use it in normal mode now.

Here is my fixlog: 

Fix result of Farbar Recovery Scan Tool (x64) Version:17-08-2015
Ran by Ece (2015-08-18 09:08:42) Run:3
Running from C:\Users\Ece\Desktop
Loaded Profiles: Ece (Available Profiles: Ece)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1301287419-663054695-3114238220-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S2 SlimService; "C:\Program Files\SlimService\SlimServiceFactory.exe" [X]
2015-08-09 07:12 - 2015-06-06 07:14 - 00002828 _____ C:\Windows\System32\Tasks\SlimDrivers Startup
*****************
 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1301287419-663054695-3114238220-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
SlimService => service removed successfully
C:\Windows\System32\Tasks\SlimDrivers Startup => moved successfully.
 
==== End of Fixlog 09:08:42 ====
 
Also, here is my CHKDSK.log but my main language is Turkish and I don't know how to change it. I will post it as Turkish but if you don't understand anything please let me know so maybe i can try to change it to English.
 
C: üzerindeki dosya sistemi denetleniyor Dosya sistemi türü NTFS. Bir disk gözden geçirmesi zamanlanmis. Windows su an diski gözden geçirecek. CHKDSK dosyalari dogruluyor (asama 1 / 5)... 325632 dosya kaydi islendi. Dosya dogrulama tamamlandi. 1197 büyük dosya kaydi islendi. 0 bozuk dosya kaydi islendi. 0 EA kaydi islendi. 56 yeniden ayristirma kaydi islendi. CHKDSK dizinleri dogruluyor (asama 2 / 5)... 369946 dizin girdisi islendi. Dizin dogrulama tamamlandi. 0 dizin olusturulmamis dosya islendi. 0 dizin olusturulmamis dosya kurtarildi. CHKDSK güvenlik tanimlayicilarini dogruluyor (asama 3 / 5)... 325632 dosya SD'leri/SID'leri islendi. 0x9 dosyasinin $SII dizininden 3329 kullanilmayan dizin girdisi temizleniyor. 0x9 dosyasinin $SDH dizininden 3329 kullanilmayan dizin girdisi temizleniyor. 3329 kullanilmayan güvenlik tanimlayicisi temizleniyor. Güvenlik tanimlayicisi dogrulama tamamlandi. 22158 veri dosyasi islendi. CHKDSK Usn Günlük dogruluyor... 36659128 USN bayti islendi. Usn Günlük dogrulamasi tamamlandi. CHKDSK dosya verisini dogruluyor (asama 4 / 5)... 0xc0000185 durumuyla 0xcf2f6a000 ofsetindeki okuma hatasi 0x6000 bayt. 0xc0000185 durumuyla 0xcf2f6a000 ofsetindeki okuma hatasi 0x1000 bayt. Windows, \Windows\Prefetch\READYB~1\Trace2.fx adinin 21150 dosyasindaki kötü kümeleri degistirdi. 325616 dosya islendi. Dosya verisini dogrulama tamamlandi. CHKDSK bos alani dogruluyor (asama: 5 / 5)... 27151967 bos küme islendi. Bos alan dogrulamasi tamamlandi. 3 kötü kümeleri Kötü Küme Dosyasi'na ekleniyor. CHKDSK, ana dosya tablosu (MFT) bitesleminde, ayrilmis olarak isaretli bos bir alan buldu. CHKDSK, birim bitesleminde, ayrilmis olarak isaretli bos bir alan buldu. Windows dosya sisteminde düzeltmeler yapti. 187695103 KB toplam disk alani. 86418 dosyada 78590332 KB. 59440 KB 22159 dizinde. 12 KB bozuk kesimde Sistem tarafindan kullanilan alan: 437455 KB. 65536 KB Günlük dosyasinca kullaniliyor. Diskteki kullanilabilir alan: 108607864 KB. 4096 bayt her ayirma biriminde. 46923775 ayirma birimi disk üstünde kullanilabiliyor. 27151966 ayirma birimi disk üstünde kullanilabiliyor. Iç Bilgi: 00 f8 04 00 2d a8 01 00 5d 39 03 00 00 00 00 00 ....-...]9...... dc 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 ....8........... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Windows diskinizi gözden geçirmeyi tamamladi. Bilgisayariniz yeniden baslarken bekleyin. 
 

 

Here is my FRST.log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-08-2015
Ran by Ece (administrator) on ECE-BILGISAYAR (18-08-2015 10:53:31)
Running from C:\Users\Ece\Desktop
Loaded Profiles: Ece (Available Profiles: Ece)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Language: Türkçe (Türkiye)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13774040 2000-01-01] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Kepard] => "C:\Program Files (x86)\Kepard\Kepard.exe" tray
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1301287419-663054695-3114238220-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4471536 2015-05-21] (Disc Soft Ltd)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175880 2015-05-28] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [154256 2015-05-28] (NVIDIA Corporation)
BootExecute: autocheck autochk /r \??\F:autocheck autochk * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1301287419-663054695-3114238220-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & '
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & '
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{5917D0A2-DD95-491D-BE0F-73B18678DEE5}: [DhcpNameServer] 192.168.1.1 0.0.0.0
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-22] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Ece\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Ece\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ece\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-06]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272560 2015-05-21] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-28] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-28] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-10] (Electronic Arts)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-06-18] (Disc Soft Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-05-28] (NVIDIA Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-18 10:53 - 2015-08-18 10:53 - 00007560 _____ C:\Users\Ece\Desktop\FRST.txt
2015-08-18 10:31 - 2015-08-18 10:31 - 00003552 ____N C:\bootsqm.dat
2015-08-15 02:52 - 2015-08-15 04:13 - 00001396 _____ C:\Users\Ece\Desktop\Yeni Metin Belgesi (5).txt
2015-08-15 02:45 - 2015-08-15 02:45 - 00000273 _____ C:\Users\Ece\Desktop\Yeni Metin Belgesi (4).txt
2015-08-15 02:35 - 2015-08-15 02:35 - 02870984 _____ (ESET) C:\Users\Ece\Desktop\esetsmartinstaller_enu (1).exe
2015-08-15 02:35 - 2015-08-15 02:35 - 00000000 ____D C:\Program Files (x86)\ESET
2015-08-12 03:05 - 2015-08-12 03:08 - 00000000 ____D C:\Users\Ece\Desktop\Tweaking.com - Windows Repair
2015-08-12 03:01 - 2015-08-12 03:02 - 00001132 _____ C:\Users\Ece\Desktop\MAMH.txt
2015-08-12 02:48 - 2015-08-12 03:06 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-12 02:48 - 2015-08-12 02:48 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-12 02:48 - 2015-08-12 02:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-12 02:48 - 2015-08-12 02:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-12 02:48 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-12 02:48 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-12 02:48 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-12 02:36 - 2015-08-12 02:36 - 00003591 _____ C:\Users\Ece\Desktop\Msirepair.reg
2015-08-12 02:30 - 2015-08-12 02:30 - 00001264 _____ C:\Users\Ece\Desktop\Revo Uninstaller.lnk
2015-08-12 02:30 - 2015-08-12 02:30 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-08-11 02:15 - 2015-08-12 03:04 - 00002252 _____ C:\Users\Ece\Desktop\Yeni Metin Belgesi (3).txt
2015-08-11 01:52 - 2015-08-18 09:08 - 00000000 ____D C:\Users\Ece\Desktop\FRST-OlderVersion
2015-08-09 01:26 - 2015-08-18 10:53 - 00000000 ____D C:\FRST
2015-08-09 01:26 - 2015-08-18 09:08 - 02173440 _____ (Farbar) C:\Users\Ece\Desktop\FRST64.exe
2015-08-06 20:07 - 2015-08-06 20:07 - 00019666 _____ C:\ComboFix.txt
2015-08-06 19:50 - 2015-08-06 20:07 - 00000000 ____D C:\Qoobox
2015-08-06 19:50 - 2015-08-06 20:06 - 00000000 ____D C:\Windows\erdnt
2015-08-06 19:50 - 2011-06-26 09:45 - 00256000 _____ C:\Windows\PEV.exe
2015-08-06 19:50 - 2010-11-07 20:20 - 00208896 _____ C:\Windows\MBR.exe
2015-08-06 19:50 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-08-06 19:50 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-08-06 19:50 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-08-06 19:50 - 2000-08-31 03:00 - 00098816 _____ C:\Windows\sed.exe
2015-08-06 19:50 - 2000-08-31 03:00 - 00080412 _____ C:\Windows\grep.exe
2015-08-06 19:50 - 2000-08-31 03:00 - 00068096 _____ C:\Windows\zip.exe
2015-08-06 17:56 - 2015-08-06 18:03 - 00000000 ____D C:\Users\Ece\Downloads\Life.Is.Strange.Episode.4.Only-ALI213
2015-07-29 03:23 - 2015-08-06 18:46 - 00000000 ____D C:\Users\Ece\AppData\Roaming\PhotoScape
2015-07-29 03:23 - 2015-07-29 03:23 - 00000000 ____D C:\output
2015-07-29 01:17 - 2015-07-29 01:17 - 00000000 ____D C:\Users\Ece\AppData\Local\Adobe
2015-07-29 01:11 - 2015-08-06 18:46 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2015-07-23 03:09 - 2015-07-03 00:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-23 03:09 - 2015-07-03 00:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-23 03:09 - 2015-07-02 23:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-23 03:09 - 2015-07-02 23:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-23 03:09 - 2015-07-02 23:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-23 03:09 - 2015-07-02 23:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-23 03:09 - 2015-07-02 23:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-23 03:09 - 2015-07-02 23:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-23 03:09 - 2015-07-02 23:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-23 03:09 - 2015-07-02 22:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-23 03:09 - 2015-07-02 22:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-23 03:09 - 2015-07-02 21:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-23 03:09 - 2015-06-27 05:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-23 03:09 - 2015-06-27 05:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-23 03:09 - 2015-06-27 04:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-23 03:09 - 2015-06-27 04:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-22 17:26 - 2015-07-22 17:26 - 00002311 _____ C:\Users\Ece\Desktop\Chrome Uygulama Başlatıcı.lnk
2015-07-22 17:26 - 2015-07-22 17:26 - 00000000 ____D C:\Users\Ece\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-22 14:21 - 2015-07-15 06:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-22 14:21 - 2015-07-15 06:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-22 14:21 - 2015-07-15 06:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-22 14:21 - 2015-07-15 06:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-22 14:21 - 2015-07-15 05:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-22 14:21 - 2015-07-15 05:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-22 14:21 - 2015-07-15 05:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-22 14:21 - 2015-07-15 05:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-22 14:21 - 2015-07-15 04:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-22 14:21 - 2015-07-15 04:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-22 14:21 - 2015-07-09 20:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-22 14:21 - 2015-07-09 20:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-22 14:21 - 2015-07-09 20:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-22 14:21 - 2015-07-09 20:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-22 14:21 - 2015-07-09 20:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-22 14:21 - 2015-07-09 20:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-22 14:21 - 2015-07-09 20:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-22 14:21 - 2015-07-09 20:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-22 14:21 - 2015-06-02 03:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-22 14:21 - 2015-06-02 02:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-22 14:20 - 2015-06-25 11:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-22 14:19 - 2015-06-17 20:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-22 14:19 - 2015-06-17 20:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-22 14:17 - 2015-06-25 21:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-22 14:17 - 2015-06-25 20:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-22 14:17 - 2015-06-20 23:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-22 14:17 - 2015-06-20 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-22 14:17 - 2015-06-20 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-22 14:17 - 2015-06-20 22:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-22 14:17 - 2015-06-20 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-22 14:17 - 2015-06-20 22:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-22 14:17 - 2015-06-20 22:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-22 14:17 - 2015-06-20 22:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-22 14:17 - 2015-06-20 22:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-22 14:17 - 2015-06-20 22:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-22 14:17 - 2015-06-20 22:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-22 14:17 - 2015-06-20 22:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-22 14:17 - 2015-06-20 22:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-22 14:17 - 2015-06-20 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-22 14:17 - 2015-06-20 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-22 14:17 - 2015-06-20 22:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-22 14:17 - 2015-06-20 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-22 14:17 - 2015-06-20 21:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-22 14:17 - 2015-06-20 21:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-22 14:17 - 2015-06-20 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-22 14:17 - 2015-06-20 21:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-22 14:17 - 2015-06-20 21:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-22 14:17 - 2015-06-20 21:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-22 14:17 - 2015-06-19 21:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-22 14:17 - 2015-06-19 21:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-22 14:17 - 2015-06-19 21:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-22 14:17 - 2015-06-19 21:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-22 14:17 - 2015-06-19 21:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-22 14:17 - 2015-06-19 21:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-22 14:17 - 2015-06-19 21:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-22 14:17 - 2015-06-19 21:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-22 14:17 - 2015-06-19 21:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-22 14:17 - 2015-06-19 21:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-22 14:17 - 2015-06-19 20:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-22 14:17 - 2015-06-19 20:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-22 14:17 - 2015-06-19 20:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-22 14:17 - 2015-06-19 20:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-22 14:17 - 2015-06-19 20:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-22 14:17 - 2015-06-19 20:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-22 14:17 - 2015-06-19 20:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-22 14:17 - 2015-06-19 20:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-22 14:17 - 2015-06-19 20:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-22 14:14 - 2015-07-04 21:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-22 14:14 - 2015-07-04 20:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-22 14:14 - 2015-04-27 22:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-22 14:14 - 2015-04-27 22:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-22 14:14 - 2015-04-27 22:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-22 14:14 - 2015-04-27 22:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-22 14:14 - 2015-04-27 22:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-22 14:14 - 2015-04-27 22:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-22 14:14 - 2015-04-27 22:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-22 14:14 - 2015-04-27 22:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-22 14:13 - 2015-07-09 20:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-22 14:13 - 2015-07-09 20:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-22 14:13 - 2015-07-09 20:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-22 14:13 - 2015-07-09 20:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-22 14:13 - 2015-07-09 20:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-22 14:13 - 2015-07-09 20:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-22 14:13 - 2015-07-09 20:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-22 14:13 - 2015-07-09 20:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-22 14:13 - 2015-07-01 23:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-22 14:13 - 2015-07-01 23:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-22 14:13 - 2015-07-01 23:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-22 14:13 - 2015-07-01 23:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-22 14:13 - 2015-07-01 23:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-22 14:13 - 2015-07-01 23:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-22 14:13 - 2015-07-01 23:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-22 14:13 - 2015-07-01 23:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-22 14:13 - 2015-07-01 23:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-22 14:13 - 2015-07-01 23:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-22 14:13 - 2015-07-01 23:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-22 14:13 - 2015-07-01 23:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-22 14:13 - 2015-07-01 23:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-22 14:13 - 2015-07-01 23:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-22 14:13 - 2015-07-01 23:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-22 14:13 - 2015-07-01 23:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-22 14:13 - 2015-07-01 23:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-22 14:13 - 2015-07-01 23:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-22 14:13 - 2015-07-01 22:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-22 14:13 - 2015-07-01 22:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-22 14:13 - 2015-07-01 22:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-22 14:13 - 2015-06-16 00:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-22 14:13 - 2015-06-16 00:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-22 14:13 - 2015-06-16 00:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-22 14:13 - 2015-06-16 00:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-22 14:13 - 2015-06-16 00:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-22 14:13 - 2015-06-16 00:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-22 14:13 - 2015-06-16 00:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-22 14:13 - 2015-06-16 00:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-22 14:13 - 2015-06-16 00:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-22 14:13 - 2015-06-16 00:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-22 14:13 - 2015-06-16 00:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-22 14:13 - 2015-06-16 00:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-18 10:43 - 2015-06-06 06:56 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-18 10:43 - 2015-06-06 06:56 - 00001020 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-18 10:41 - 2009-07-14 07:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-18 10:41 - 2009-07-14 07:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-18 10:40 - 2015-06-06 06:55 - 00058016 _____ C:\Users\Ece\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-18 10:38 - 2015-06-06 06:23 - 02011846 _____ C:\Windows\WindowsUpdate.log
2015-08-18 10:37 - 2010-11-21 15:35 - 00613540 _____ C:\Windows\system32\perfh01F.dat
2015-08-18 10:37 - 2010-11-21 15:35 - 00122490 _____ C:\Windows\system32\perfc01F.dat
2015-08-18 10:37 - 2009-07-14 08:13 - 01479148 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-18 10:36 - 2015-06-06 06:56 - 00001016 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-18 10:32 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-18 10:32 - 2009-07-14 07:51 - 00047084 _____ C:\Windows\setupact.log
2015-08-18 09:00 - 2010-11-21 06:47 - 00011160 _____ C:\Windows\PFRO.log
2015-08-15 06:59 - 2015-06-11 05:22 - 00000000 ____D C:\Users\Ece\Desktop\Saves
2015-08-15 02:35 - 2015-07-10 20:02 - 00000000 ____D C:\Users\Ece\Downloads\Sims 4 DL
2015-08-12 06:13 - 2009-07-14 07:45 - 00268440 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-12 04:49 - 2009-07-14 05:34 - 00000439 _____ C:\Windows\win.ini
2015-08-09 07:11 - 2015-06-06 07:13 - 00016056 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys
2015-08-06 20:05 - 2009-07-14 05:34 - 00000215 _____ C:\Windows\system.ini
2015-08-06 20:05 - 2009-07-14 05:34 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts_bak_247
2015-08-06 19:28 - 2015-06-11 01:37 - 00000000 ____D C:\Users\Ece\AppData\Local\NVIDIA Corporation
2015-08-06 19:28 - 2015-06-11 01:36 - 00000000 ____D C:\Users\Ece\AppData\Local\NVIDIA
2015-08-06 18:48 - 2015-06-06 06:39 - 00000000 ____D C:\Users\Ece
2015-08-06 18:46 - 2015-07-02 03:36 - 00000000 ____D C:\Users\Ece\AppData\Roaming\Adobe
2015-08-06 18:46 - 2015-07-02 03:35 - 00000000 ____D C:\ProgramData\Adobe
2015-08-06 18:46 - 2015-06-18 00:30 - 00000000 ____D C:\Users\Ece\AppData\Roaming\uTorrent
2015-08-06 18:46 - 2015-06-14 03:27 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-06 18:46 - 2015-06-11 07:02 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-06 18:46 - 2015-06-06 06:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-06 18:46 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\registration
2015-07-27 23:31 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache
2015-07-26 02:08 - 2015-06-18 04:42 - 00000876 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-07-24 00:09 - 2015-06-14 03:27 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-24 00:09 - 2015-06-11 07:02 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-24 00:09 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2015-07-24 00:09 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\tr-TR
2015-07-24 00:09 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-22 14:39 - 2015-07-03 18:46 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-22 14:35 - 2015-06-06 06:56 - 00004016 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-22 14:35 - 2015-06-06 06:56 - 00003764 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-22 14:22 - 2015-07-04 05:31 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-23 04:47
 
==================== End of log ============================
 
Here is my Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-08-2015
Ran by Ece (2015-08-18 10:54:13)
Running from C:\Users\Ece\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1301287419-663054695-3114238220-500 - Administrator - Disabled)
Ece (S-1-5-21-1301287419-663054695-3114238220-1000 - Administrator - Enabled) => C:\Users\Ece
Guest (S-1-5-21-1301287419-663054695-3114238220-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1301287419-663054695-3114238220-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Turkish (HKLM-x32\...\{AC76BA86-7AD7-1055-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.0.0.0054 - Disc Soft Ltd)
DC Universe Online Live (HKU\S-1-5-21-1301287419-663054695-3114238220-1000\...\SOE-DC Universe Online Live) (Version:  - Sony Online Entertainment)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.242 - SurfRight B.V.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4101 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Life Is Strange (HKLM-x32\...\Life Is Strange_is1) (Version:  - )
Life is Strange EP2 1.00 (HKLM-x32\...\Life is Strange EP2 1.00) (Version: 1.00 - Taner Saydam)
Malwarebytes Anti-Malware 2.1.8.1057 sürümü (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Genişletilmiş TRK Dil Paketi (HKLM\...\Microsoft .NET Framework 4 Extended TRK Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 İstemci Profili TRK Dil Paketi (HKLM\...\Microsoft .NET Framework 4 Client Profile TRK Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
NVIDIA GeForce Experience 2.4.5.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.28 - NVIDIA Corporation)
NVIDIA Grafik Sürücüsü 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.06 - NVIDIA Corporation)
NVIDIA PhysX Sistem Yazılımı 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.20.5318 - Electronic Arts, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7378 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.28 - NVIDIA Corporation) Hidden
SlimCleaner Plus (HKLM\...\{C5A62BD3-AF28-47C5-A5BD-5B0F92A94F5A}) (Version: 1.4.1 - SlimWare Utilities, Inc.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
The Sims 4 (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - )
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 05:34 - 2015-08-12 04:49 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1365A1F8-B766-495B-9C12-17954E4E2F0D} - \SlimDrivers Startup -> No File <==== ATTENTION
Task: {2F90CA8D-CE56-4226-AF73-AB0E1C03CE64} - System32\Tasks\{2C251BA0-8C4E-4C97-BDBA-21F41F04B6B0} => pcalua.exe -a D:\PhotoshopPortable\PhotoshopPortable\PhotoshopPortable.exe -d D:\PhotoshopPortable\PhotoshopPortable
Task: {519FBD91-4C82-409F-8027-3A6FF91F0AC5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-06] (Google Inc.)
Task: {67F58533-5181-4E99-A5F2-2506CC533446} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Ece) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {7848E926-4172-4399-9673-10DC65C3B589} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-06] (Google Inc.)
Task: {8FE45918-4827-4935-B4E3-E6566BAEB336} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {D194B8A0-92AC-40C4-943E-D6F51FA07F6F} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_203_pepper.exe [2015-07-08] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_203_pepper.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-06-06 07:02 - 2015-05-28 10:04 - 00012104 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-06-06 07:03 - 2015-05-28 07:15 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-01-10 13:12 - 2015-06-06 07:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-06-11 01:35 - 2015-05-28 10:04 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-06-06 07:02 - 2015-05-28 10:04 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-07-26 01:42 - 2015-07-24 01:39 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.107\libglesv2.dll
2015-07-26 01:42 - 2015-07-24 01:39 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.107\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1301287419-663054695-3114238220-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1301287419-663054695-3114238220-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1301287419-663054695-3114238220-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1301287419-663054695-3114238220-1000\...\sony.com -> sony.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1301287419-663054695-3114238220-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ece\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{AC8904D5-8F48-49EF-B8F8-AF565EE365A7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{22D371C8-318B-47D6-94C2-8C34584BF82F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2CD8BB69-3DFB-48C4-B726-D4330EA115AD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{77361F08-863F-45DC-B2D5-1A39EE6BCE4D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{4DCFCE14-787F-4680-A24B-4F4C2C000BCB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C04BAD95-9339-4718-A840-2F688B7DD3CC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{970C7BDB-40FB-41A5-9FD4-A493A837C7F4}D:\ffoutput\unreal3\binaries\win32\dcgame.exe] => (Allow) D:\ffoutput\unreal3\binaries\win32\dcgame.exe
FirewallRules: [UDP Query User{8894A10E-F9A3-4BCE-946D-F1DC4B34ED36}D:\ffoutput\unreal3\binaries\win32\dcgame.exe] => (Allow) D:\ffoutput\unreal3\binaries\win32\dcgame.exe
FirewallRules: [{72278218-CC64-4D8E-A0B3-B2082CE1C791}] => (Allow) C:\Users\Ece\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F018FFD8-A8F0-44F8-9D92-17369FFB7A2E}] => (Allow) C:\Users\Ece\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{C35F4F49-F091-4B4E-A344-6FC3495C0241}C:\program files (x86)\bethesda softworks\hunted the demons forge\binaries\win32\p4dftre.dll] => (Allow) C:\program files (x86)\bethesda softworks\hunted the demons forge\binaries\win32\p4dftre.dll
FirewallRules: [UDP Query User{C31BB8F2-0BA3-4EE4-9D96-9ABD38C7B817}C:\program files (x86)\bethesda softworks\hunted the demons forge\binaries\win32\p4dftre.dll] => (Allow) C:\program files (x86)\bethesda softworks\hunted the demons forge\binaries\win32\p4dftre.dll
FirewallRules: [{6EF5AFC6-D64B-43A4-9306-8E8B13C24688}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{E477E95E-9425-4717-B334-2EA1404E84DB}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{C4F1EFF0-3D9F-4373-99B2-49C9C8EA02D7}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{64F20458-EBF9-4012-8483-4FC3C5313989}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{01B14729-6A15-4AB3-880A-25DE0867AE33}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{DA9D8913-4446-4273-B1B9-D89D0208889B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{6C007E06-F4EE-40EE-9B69-D0959D6E40AF}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{17537DC4-AC85-4F65-BF59-B0210830BEF0}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{32A52525-1CF6-4F4D-A0CB-2B3179543D5B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: PCI Basit İletişim Denetleyicisi
Description: PCI Basit İletişim Denetleyicisi
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Ethernet Denetleyicisi
Description: Ethernet Denetleyicisi
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/18/2015 10:36:41 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1" için etkinleştirme bağlamı oluşturulamadı."C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" bildirim veya ilke dosyası C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. satırında hata.
Uygulama için gereken bir bileşen sürümü zaten etkin olan başka bir bileşen sürümüyle çakışıyor.
Çakışan bileşenler:.
Bileşen 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Bileşen 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (08/18/2015 10:35:10 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: 80004005
 
Error: (08/18/2015 10:32:45 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Aşağıdaki hata nedeniyle,   örneği için WSearchIdxPi performans sayacı kayıt bilgileri alınamadı: İşlem başarıyla tamamlandı.   0x0.
 
Error: (08/18/2015 10:32:38 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Sayaçlar yüklü olmadığından veya paylaşılan bellek nesnesi açılamadığından, toplayıcı nesnesi için performans izlemesi başlatılamıyor. Bu yalnızca performans izleyicisi sayaçlarının kullanılabilirliğini etkiler. Bilgisayarınızı yeniden başlatın.
 
Bağlam:  Uygulaması, SystemIndex Kataloğu
 
Error: (08/18/2015 10:32:36 AM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Sayaçlar yüklü olmadığından veya paylaşılan bellek nesnesi açılamadığından, toplayıcı hizmeti için performans izlemesi başlatılamıyor. Bu yalnızca performans izleyicisi sayaçlarının kullanılabilirliğini etkiler. Bilgisayarınızı yeniden başlatın.
 
Error: (08/18/2015 09:15:25 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1" için etkinleştirme bağlamı oluşturulamadı."C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" bildirim veya ilke dosyası C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. satırında hata.
Uygulama için gereken bir bileşen sürümü zaten etkin olan başka bir bileşen sürümüyle çakışıyor.
Çakışan bileşenler:.
Bileşen 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Bileşen 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (08/18/2015 09:05:40 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1" için etkinleştirme bağlamı oluşturulamadı."C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" bildirim veya ilke dosyası C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. satırında hata.
Uygulama için gereken bir bileşen sürümü zaten etkin olan başka bir bileşen sürümüyle çakışıyor.
Çakışan bileşenler:.
Bileşen 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Bileşen 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (08/18/2015 09:01:55 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Aşağıdaki hata nedeniyle,   örneği için WSearchIdxPi performans sayacı kayıt bilgileri alınamadı: İşlem başarıyla tamamlandı.   0x0.
 
Error: (08/18/2015 09:01:44 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Sayaçlar yüklü olmadığından veya paylaşılan bellek nesnesi açılamadığından, toplayıcı nesnesi için performans izlemesi başlatılamıyor. Bu yalnızca performans izleyicisi sayaçlarının kullanılabilirliğini etkiler. Bilgisayarınızı yeniden başlatın.
 
Bağlam:  Uygulaması, SystemIndex Kataloğu
 
Error: (08/18/2015 09:01:41 AM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Sayaçlar yüklü olmadığından veya paylaşılan bellek nesnesi açılamadığından, toplayıcı hizmeti için performans izlemesi başlatılamıyor. Bu yalnızca performans izleyicisi sayaçlarının kullanılabilirliğini etkiler. Bilgisayarınızı yeniden başlatın.
 
 
System errors:
=============
Error: (08/18/2015 10:32:09 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Bu bilgisayar, etki alanı üyesi olarak değil iş grubu
üyesi olarak yapılandırılmış. Netlogon hizmetinin bu yapılandırılmada çalıştırılması
gerekmez.
 
Error: (08/18/2015 09:32:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Bilgisayar Tarayıcısı hizmeti, şu hata nedeniyle başlatılamayan Sunucu hizmetine bağımlıdır: 
%%1068
 
Error: (08/18/2015 09:32:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Bilgisayar Tarayıcısı hizmeti, şu hata nedeniyle başlatılamayan Sunucu hizmetine bağımlıdır: 
%%1068
 
Error: (08/18/2015 09:32:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Bilgisayar Tarayıcısı hizmeti, şu hata nedeniyle başlatılamayan Sunucu hizmetine bağımlıdır: 
%%1068
 
Error: (08/18/2015 09:31:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Bilgisayar Tarayıcısı hizmeti, şu hata nedeniyle başlatılamayan Sunucu hizmetine bağımlıdır: 
%%1068
 
Error: (08/18/2015 09:31:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Bilgisayar Tarayıcısı hizmeti, şu hata nedeniyle başlatılamayan Sunucu hizmetine bağımlıdır: 
%%1068
 
Error: (08/18/2015 09:31:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Bilgisayar Tarayıcısı hizmeti, şu hata nedeniyle başlatılamayan Sunucu hizmetine bağımlıdır: 
%%1068
 
Error: (08/18/2015 09:30:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Bilgisayar Tarayıcısı hizmeti, şu hata nedeniyle başlatılamayan Sunucu hizmetine bağımlıdır: 
%%1068
 
Error: (08/18/2015 09:30:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Bilgisayar Tarayıcısı hizmeti, şu hata nedeniyle başlatılamayan Sunucu hizmetine bağımlıdır: 
%%1068
 
Error: (08/18/2015 09:30:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Bilgisayar Tarayıcısı hizmeti, şu hata nedeniyle başlatılamayan Sunucu hizmetine bağımlıdır: 
%%1068
 
 
Microsoft Office:
=========================
Error: (08/18/2015 10:36:41 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Ece\Desktop\esetsmartinstaller_enu (1).exe
 
Error: (08/18/2015 10:35:10 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: 80004005
 
Error: (08/18/2015 10:32:45 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: WSearchIdxPiİşlem başarıyla tamamlandı.   0x0
 
Error: (08/18/2015 10:32:38 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Bağlam:  Uygulaması, SystemIndex Kataloğu
 
Error: (08/18/2015 10:32:36 AM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: 
 
Error: (08/18/2015 09:15:25 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Ece\Desktop\esetsmartinstaller_enu (1).exe
 
Error: (08/18/2015 09:05:40 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Ece\Desktop\esetsmartinstaller_enu (1).exe
 
Error: (08/18/2015 09:01:55 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: WSearchIdxPiİşlem başarıyla tamamlandı.   0x0
 
Error: (08/18/2015 09:01:44 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Bağlam:  Uygulaması, SystemIndex Kataloğu
 
Error: (08/18/2015 09:01:41 AM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: 
 
 
CodeIntegrity:
===================================
  Date: 2015-08-06 20:04:56.781
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix.15.7.18.1\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-08-06 20:04:56.766
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix.15.7.18.1\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 37%
Total physical RAM: 4009.55 MB
Available physical RAM: 2510.65 MB
Total Virtual: 8017.3 MB
Available Virtual: 6461.96 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:179 GB) (Free:103.29 GB) NTFS
Drive d: () (Fixed) (Total:266.24 GB) (Free:113.04 GB) NTFS
Drive f: (NIKON D90) (Removable) (Total:14.91 GB) (Free:13.58 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CEE9A796)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=179 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=266.2 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=20.4 GB) - (Type=27)
 
========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of log ============================


#12 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:51 AM

Posted 18 August 2015 - 09:28 AM

But, after chkdsk thing i could start my Windows normally and i use it in normal mode now.

:thumbup2:

Also, here is my CHKDSK.log but my main language is Turkish and I don't know how to change it. I will post it as Turkish but if you don't understand anything please let me know so maybe i can try to change it to English.

I'm not sure what happened, but the formatting on the log is off. Could you please try submitting it again?

 

Also, if you could translate it to English that would be helpful.

 

----------------------------------------------------------------------------

 

Before going too much further, I'd like to get a status report as to where we currently stand.

 

How is your computer currently running? What symptoms remain?


Edited by TheShooter93, 18 August 2015 - 09:28 AM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#13 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:51 AM

Posted 21 August 2015 - 06:57 AM

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#14 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:51 AM

Posted 23 August 2015 - 07:21 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#15 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:51 AM

Posted 25 August 2015 - 11:25 AM

This topic has been re-opened at the request of the person who originally posted.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users