Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All browser clicks redirecting me to www.tradexchange.com


  • This topic is locked This topic is locked
11 replies to this topic

#1 adexchangesucks

adexchangesucks

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 28 August 2015 - 01:38 PM

Dear reader,

 

On each click on my browsers IE / Chrome, I get redirected to FIRST to (ad-type.google.com) then to > (www.tradexchange.com) then to > a random ad.

 

I have read on and on about how to resolve this issue but it doesn't seem to work for me. I'm browsing from Istanbul - Turkey.

 

I have already run FRST Scan then I tried to follow the tutorial on how to create a Fixlog but that seems very hard and can be dangerous.

 

I would really appreciate your help!

 

Here are the FRST reports:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-08-2015
Ran by Estetik3 (administrator) on ESTETIK3-PC (28-08-2015 21:14:57)
Running from C:\Users\Estetik3\Desktop
Loaded Profiles: Estetik3 (Available Profiles: Estetik3)
Platform: Windows 8.1 Single Language (X64) Language: Türkçe (Türkiye)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-10-15] (Hewlett-Packard Company)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780520 2015-07-31] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5889824 2015-07-28] (IObit)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1937455341-2164632613-1031517462-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21437568 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1937455341-2164632613-1031517462-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-20] (Piriform Ltd)
HKU\S-1-5-21-1937455341-2164632613-1031517462-1001\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-06-17]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-06-17]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKLM -> {01174EB9-B455-48C6-AB46-1B8E675B355F} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {01174EB9-B455-48C6-AB46-1B8E675B355F} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1937455341-2164632613-1031517462-1001 -> {01174EB9-B455-48C6-AB46-1B8E675B355F} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-28] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-28] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKU\.DEFAULT -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-04-08] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 37.220.8.189 37.220.8.190
Tcpip\..\Interfaces\{EABC30FD-05FB-43E6-B9D3-030CB97D50FC}: [DhcpNameServer] 37.220.8.189 37.220.8.190
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-28] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-05] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-05] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-12-14]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
Chrome: 
=======
CHR Profile: C:\Users\Estetik3\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (No Name) - C:\Users\Estetik3\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-20]
CHR Extension: (Google Drive) - C:\Users\Estetik3\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Estetik3\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-20]
CHR Extension: (YouTube) - C:\Users\Estetik3\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-20]
CHR Extension: (Google Search) - C:\Users\Estetik3\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-20]
CHR Extension: (Google Sheets) - C:\Users\Estetik3\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-20]
CHR Extension: (Google Wallet) - C:\Users\Estetik3\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-20]
CHR Extension: (Gmail) - C:\Users\Estetik3\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-20]
CHR Profile: C:\Users\Estetik3\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Slides) - C:\Users\Estetik3\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-21]
CHR Extension: (Google Docs) - C:\Users\Estetik3\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-21]
CHR Extension: (Google Drive) - C:\Users\Estetik3\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-21]
CHR Extension: (YouTube) - C:\Users\Estetik3\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-21]
CHR Extension: (Google Search) - C:\Users\Estetik3\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-21]
CHR Extension: (Google Sheets) - C:\Users\Estetik3\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Estetik3\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]
CHR Extension: (Google Wallet) - C:\Users\Estetik3\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-21]
CHR Extension: (Gmail) - C:\Users\Estetik3\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-21]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [821024 2015-08-05] (IObit)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3633576 2015-07-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-07-31] (AVG Technologies CZ, s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-10-15] (HP) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-07-19] (Hewlett-Packard)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [882464 2015-07-17] (IObit)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2014-11-05] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-29] (IObit)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [1055008 2015-05-20] (IObit)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2015-08-28] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-08-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-08-28] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312752 2015-07-28] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [245680 2015-07-28] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [296896 2015-07-10] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R4 epp64; C:\EEK\bin\epp64.sys [136456 2015-08-28] (Emsisoft GmbH)
S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2015-03-25] (IObit)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-08-28] ()
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-08-28] (REALiX™)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-11-05] (Intel Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-01-15] (Anchorfree Inc.)
S3 WUDFWpdComp; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-28 21:03 - 2015-08-28 21:03 - 00038538 _____ C:\Users\Estetik3\Desktop\Addition.txt
2015-08-28 21:02 - 2015-08-28 21:14 - 00019783 _____ C:\Users\Estetik3\Desktop\FRST.txt
2015-08-28 21:02 - 2015-08-28 21:14 - 00000000 ____D C:\FRST
2015-08-28 21:02 - 2015-08-28 21:02 - 02186752 _____ (Farbar) C:\Users\Estetik3\Desktop\FRST64.exe
2015-08-28 20:57 - 2015-08-28 20:57 - 02186752 _____ (Farbar) C:\Users\Estetik3\Downloads\FRST64.exe
2015-08-28 20:32 - 2015-08-28 20:32 - 02870984 _____ (ESET) C:\Users\Estetik3\Downloads\esetsmartinstaller_enu.exe
2015-08-28 20:32 - 2015-08-28 20:32 - 00000000 ____D C:\Program Files (x86)\ESET
2015-08-28 20:22 - 2015-08-28 20:22 - 00000763 _____ C:\Users\Estetik3\Desktop\Start Emsisoft Emergency Kit.lnk
2015-08-28 20:22 - 2015-08-28 20:22 - 00000000 ____D C:\EEK
2015-08-28 20:20 - 2015-08-28 20:21 - 165713232 _____ C:\Users\Estetik3\Downloads\EmsisoftEmergencyKit.exe
2015-08-28 20:10 - 2015-08-28 20:16 - 00050703 _____ C:\zoek-results.log
2015-08-28 20:06 - 2015-08-28 20:06 - 01308672 _____ C:\Users\Estetik3\Downloads\zoek.exe
2015-08-28 20:06 - 2015-08-28 20:06 - 00000000 ____D C:\zoek_backup
2015-08-28 19:38 - 2015-08-28 19:38 - 00000000 ____D C:\Users\Estetik3\AppData\Roaming\ProductData
2015-08-28 19:37 - 2015-08-28 19:37 - 00043664 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-08-28 19:34 - 2015-08-28 19:34 - 00000966 _____ C:\WINDOWS\system32\.crusader
2015-08-28 18:53 - 2015-08-28 18:53 - 00001911 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-08-28 18:53 - 2015-08-28 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-08-28 18:53 - 2015-08-28 18:53 - 00000000 ____D C:\Program Files\HitmanPro
2015-08-28 18:52 - 2015-08-28 19:34 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-28 18:51 - 2015-08-28 18:52 - 11352032 _____ (SurfRight B.V.) C:\Users\Estetik3\Downloads\HitmanPro_x64.exe
2015-08-28 18:36 - 2015-08-28 18:36 - 00000000 ____D C:\ProgramData\ProductData
2015-08-28 18:31 - 2015-08-28 18:31 - 01798640 _____ (Malwarebytes Corporation) C:\Users\Estetik3\Downloads\JRT.exe
2015-08-28 18:14 - 2015-08-28 18:16 - 00000000 ___HD C:\$Windows.~BT
2015-08-28 18:06 - 2015-08-28 18:09 - 00000000 ____D C:\AdwCleaner
2015-08-28 17:33 - 2015-08-28 17:07 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-28 17:33 - 2015-08-28 17:07 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-28 17:32 - 2015-08-28 19:37 - 00000231 _____ C:\WINDOWS\setupact.log
2015-08-28 17:32 - 2015-08-28 17:32 - 00009094 _____ C:\WINDOWS\PFRO.log
2015-08-28 17:32 - 2015-08-28 17:32 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-08-28 17:18 - 2015-08-28 17:18 - 00110688 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-08-28 17:18 - 2015-08-28 17:18 - 00000000 ____D C:\Users\Estetik3\AppData\Roaming\Sun
2015-08-28 17:18 - 2015-08-28 17:18 - 00000000 ____D C:\Users\Estetik3\.oracle_jre_usage
2015-08-28 17:18 - 2015-08-28 17:18 - 00000000 ____D C:\Program Files\Java
2015-08-28 17:13 - 2015-08-28 17:13 - 01380056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-08-28 17:13 - 2015-08-28 17:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-08-28 17:12 - 2015-08-28 17:12 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-08-28 17:11 - 2015-08-28 17:11 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-08-28 17:10 - 2015-08-28 17:10 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-08-28 17:10 - 2015-08-28 17:10 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-08-28 17:09 - 2015-08-28 17:09 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-28 17:09 - 2015-08-28 17:09 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-08-28 17:09 - 2015-08-28 17:09 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-08-28 17:09 - 2015-08-28 17:09 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-08-28 17:08 - 2015-08-28 17:08 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-08-28 17:07 - 2015-08-28 17:07 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-08-28 17:07 - 2015-08-28 17:07 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-28 17:07 - 2015-08-28 17:07 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-28 17:07 - 2015-08-28 17:07 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-28 17:07 - 2015-08-28 17:07 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-28 17:07 - 2015-08-28 17:07 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-28 17:07 - 2015-08-28 17:07 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-28 17:07 - 2015-08-28 17:07 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-28 17:06 - 2015-08-28 17:06 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-08-28 17:06 - 2015-08-28 17:06 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-08-28 17:06 - 2015-08-28 17:06 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-08-28 17:06 - 2015-08-28 17:06 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-08-28 17:06 - 2015-08-28 17:06 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-08-28 17:06 - 2015-08-28 17:06 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-08-28 17:06 - 2015-08-28 17:06 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-08-28 17:06 - 2015-08-28 17:06 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-08-28 17:05 - 2015-08-28 17:05 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-08-28 17:05 - 2015-08-28 17:05 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-08-28 17:05 - 2015-08-28 17:05 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-08-28 17:05 - 2015-08-28 17:05 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-08-28 17:04 - 2015-08-28 17:04 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-28 17:04 - 2015-08-28 17:04 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-28 17:04 - 2015-08-28 17:04 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-28 17:04 - 2015-08-28 17:04 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-28 17:04 - 2015-08-28 17:04 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-28 17:04 - 2015-08-28 17:04 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-08-28 17:04 - 2015-08-28 17:04 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-08-28 17:03 - 2015-08-28 17:03 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-28 17:03 - 2015-08-28 17:03 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-28 17:03 - 2015-08-28 17:03 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-28 17:03 - 2015-08-28 17:03 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-28 17:03 - 2015-08-28 17:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-28 17:02 - 2015-08-28 17:02 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-28 17:02 - 2015-08-28 17:02 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-08-28 17:02 - 2015-08-28 17:02 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-08-28 17:02 - 2015-08-28 17:02 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-28 17:02 - 2015-08-28 17:02 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-28 17:02 - 2015-08-28 17:02 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-08-28 17:02 - 2015-08-28 17:02 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-08-28 17:02 - 2015-08-28 17:02 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-08-28 17:02 - 2015-08-28 17:02 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-08-28 17:02 - 2015-08-28 17:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-08-28 17:02 - 2015-08-28 17:02 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-08-28 17:02 - 2015-08-28 17:02 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-08-28 17:02 - 2015-08-28 17:02 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-08-28 17:02 - 2015-08-28 17:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-08-28 17:01 - 2015-08-28 17:01 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-08-28 17:01 - 2015-08-28 17:01 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-08-28 17:01 - 2015-08-28 17:01 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-08-28 17:00 - 2015-08-28 17:00 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-28 17:00 - 2015-08-28 17:00 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-28 16:59 - 2015-08-28 16:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-28 16:59 - 2015-08-28 16:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-08-28 16:59 - 2015-08-28 16:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-08-28 16:58 - 2015-08-28 16:58 - 25192448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-28 16:58 - 2015-08-28 16:58 - 19870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-28 16:58 - 2015-08-28 16:58 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-28 16:58 - 2015-08-28 16:58 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-28 16:58 - 2015-08-28 16:58 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-28 16:58 - 2015-08-28 16:58 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-28 16:58 - 2015-08-28 16:58 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-28 16:58 - 2015-08-28 16:58 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-28 16:58 - 2015-08-28 16:58 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-28 16:58 - 2015-08-28 16:58 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-28 16:58 - 2015-08-28 16:58 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-08-28 16:58 - 2015-08-28 16:58 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-28 16:58 - 2015-08-28 16:58 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-28 16:58 - 2015-08-28 16:58 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-28 16:58 - 2015-08-28 16:58 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-28 16:58 - 2015-08-28 16:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-08-28 16:58 - 2015-08-28 16:58 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-08-28 16:58 - 2015-08-28 16:58 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-08-28 16:58 - 2015-08-28 16:58 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-08-28 16:58 - 2015-08-28 16:58 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-08-28 16:58 - 2015-08-28 16:58 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-08-28 16:58 - 2015-08-28 16:58 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-08-28 16:58 - 2015-08-28 16:58 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-08-28 16:58 - 2015-08-28 16:58 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-08-28 16:58 - 2015-08-28 16:58 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-08-28 16:58 - 2015-08-28 16:58 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-08-28 16:58 - 2015-08-28 16:58 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-08-28 16:58 - 2015-08-28 16:58 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-08-28 16:58 - 2015-08-28 16:58 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-08-28 16:58 - 2015-08-28 16:58 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-08-28 16:58 - 2015-08-28 16:58 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-08-28 16:54 - 2015-08-28 16:54 - 06521800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2015-08-28 16:54 - 2015-08-28 16:54 - 01488000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-08-28 16:54 - 2015-08-28 16:54 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 04837376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 01574400 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 01454080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2015-08-28 16:53 - 2015-08-28 16:53 - 01154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2015-08-28 16:53 - 2015-08-28 16:53 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 01084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-08-28 16:53 - 2015-08-28 16:53 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00962216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00952896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00885760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-08-28 16:53 - 2015-08-28 16:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2015-08-28 16:53 - 2015-08-28 16:53 - 00801584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00786120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00551232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2015-08-28 16:53 - 2015-08-28 16:53 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00473408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-08-28 16:53 - 2015-08-28 16:53 - 00465408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-08-28 16:53 - 2015-08-28 16:53 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-08-28 16:53 - 2015-08-28 16:53 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSHVHOST.DLL
2015-08-28 16:53 - 2015-08-28 16:53 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSHVHOST.DLL
2015-08-28 16:53 - 2015-08-28 16:53 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-08-28 16:53 - 2015-08-28 16:53 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2015-08-28 16:53 - 2015-08-28 16:53 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSVRMGMT.DLL
2015-08-28 16:53 - 2015-08-28 16:53 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2015-08-28 16:53 - 2015-08-28 16:53 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2015-08-28 16:53 - 2015-08-28 16:53 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSVRMGMT.DLL
2015-08-28 16:53 - 2015-08-28 16:53 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-08-28 16:53 - 2015-08-28 16:53 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-08-28 16:53 - 2015-08-28 16:53 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-08-28 16:53 - 2015-08-28 16:53 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00058176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-08-28 16:53 - 2015-08-28 16:53 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
2015-08-28 16:53 - 2015-08-28 16:53 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2015-08-28 16:53 - 2015-08-28 16:53 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp
2015-08-28 16:53 - 2015-08-28 16:53 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2015-08-28 16:53 - 2015-08-28 16:53 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcls.dll
2015-08-28 16:53 - 2015-08-28 16:53 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eventcls.dll
2015-08-28 16:52 - 2015-08-28 16:52 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2015-08-28 16:52 - 2015-08-28 16:52 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-08-28 16:52 - 2015-08-28 16:52 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2015-08-28 16:52 - 2015-08-28 16:52 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2015-08-28 16:45 - 2015-08-28 16:45 - 87744512 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit
2015-08-28 16:45 - 2015-08-28 16:45 - 00389120 _____ C:\WINDOWS\system32\config\DEFAULT.iobit
2015-08-28 16:45 - 2015-08-28 16:45 - 00028672 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2015-08-28 16:45 - 2015-08-28 16:45 - 00024576 _____ C:\WINDOWS\system32\config\SAM.iobit
2015-08-28 16:40 - 2015-08-28 16:40 - 00003196 _____ C:\WINDOWS\System32\Tasks\ASC8_PerformanceMonitor
2015-08-28 16:39 - 2015-08-28 16:39 - 00003194 _____ C:\WINDOWS\System32\Tasks\SmartDefrag4_Update
2015-08-28 16:39 - 2015-08-28 16:39 - 00002378 _____ C:\WINDOWS\System32\Tasks\ASC8_SkipUac_Estetik3
2015-08-28 16:39 - 2015-08-28 16:39 - 00000272 _____ C:\WINDOWS\Tasks\ASC8_SkipUac_Estetik3.job
2015-08-28 16:39 - 2015-08-28 16:39 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2015-08-28 16:39 - 2015-08-28 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
2015-08-28 16:39 - 2015-08-28 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 4
2015-08-28 16:39 - 2015-08-28 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2015-08-28 16:39 - 2015-08-28 16:39 - 00000000 ____D C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-08-28 16:39 - 2015-01-10 15:32 - 00128288 _____ (IObit) C:\WINDOWS\SysWOW64\IObitSmartDefragExtension.dll
2015-08-28 16:39 - 2015-01-10 15:32 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2015-08-28 16:39 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\WINDOWS\system32\SmartDefragBootTime.exe
2015-08-28 16:39 - 2014-06-04 15:17 - 00021184 _____ (IObit) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2015-08-28 16:38 - 2015-08-28 16:38 - 00026528 _____ (REALiX™) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS
2015-08-28 15:47 - 2015-08-28 15:47 - 00001195 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2015-08-28 15:47 - 2015-08-28 15:47 - 00000000 ____D C:\Users\Estetik3\AppData\Roaming\Apple Computer
2015-08-28 15:47 - 2015-08-28 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2015-08-27 15:09 - 2015-08-27 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-27 15:08 - 2015-08-28 20:18 - 00001052 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-27 15:08 - 2015-08-28 20:18 - 00001048 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-27 15:08 - 2015-08-27 20:13 - 00004024 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-27 15:08 - 2015-08-27 20:13 - 00003788 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-25 10:04 - 2015-08-28 20:11 - 00434348 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-06 14:09 - 2015-08-06 14:09 - 00000983 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-07-30 13:06 - 2015-08-26 11:34 - 00000000 ____D C:\Users\Estetik3\Desktop\Yeni klasör (2)
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-28 21:00 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-28 20:38 - 2013-07-30 12:37 - 00000000 ____D C:\Users\Estetik3\AppData\Roaming\Skype
2015-08-28 19:59 - 2012-12-13 22:32 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1937455341-2164632613-1031517462-1001
2015-08-28 19:57 - 2014-07-25 11:40 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-28 19:48 - 2014-01-16 15:11 - 00000000 ____D C:\Users\Estetik3\AppData\Roaming\uTorrent
2015-08-28 19:40 - 2012-10-18 10:18 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-08-28 19:37 - 2013-08-22 17:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-28 19:36 - 2013-08-22 16:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-08-28 18:33 - 2015-01-19 12:50 - 00000000 ____D C:\Users\Estetik3\AppData\Roaming\IObit
2015-08-28 18:33 - 2012-12-13 23:55 - 00000000 ____D C:\ProgramData\IObit
2015-08-28 18:33 - 2012-12-13 23:54 - 00000000 ____D C:\Program Files (x86)\IObit
2015-08-28 18:17 - 2014-11-05 14:12 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-28 18:14 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-28 17:39 - 2014-09-24 19:23 - 01926448 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-28 17:39 - 2014-09-24 18:38 - 00790508 _____ C:\WINDOWS\system32\perfh01F.dat
2015-08-28 17:39 - 2014-09-24 18:38 - 00181360 _____ C:\WINDOWS\system32\perfc01F.dat
2015-08-28 17:32 - 2013-08-22 17:44 - 00419144 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-28 17:29 - 2014-09-24 18:38 - 00000000 ____D C:\WINDOWS\system32\Drivers\tr-TR
2015-08-28 17:29 - 2013-08-22 18:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-28 17:29 - 2013-08-22 18:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-28 17:29 - 2013-08-22 18:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-28 17:29 - 2013-08-22 18:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-28 17:29 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\SysWOW64\tr-TR
2015-08-28 17:29 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2015-08-28 17:29 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-08-28 17:29 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\system32\tr-TR
2015-08-28 17:29 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\system32\setup
2015-08-28 17:29 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-08-28 17:29 - 2013-08-22 18:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-28 17:29 - 2013-08-22 18:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-28 17:25 - 2014-11-05 15:40 - 00003980 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2EE94CDE-FD74-4A30-97B9-E4E932FAFEBA}
2015-08-28 17:25 - 2013-03-18 19:38 - 00000000 ____D C:\Users\Estetik3\Documents\Outlook Dosyaları
2015-08-28 17:19 - 2014-10-24 10:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-28 17:18 - 2014-11-05 14:26 - 00000000 ____D C:\Users\Estetik3
2015-08-28 17:14 - 2012-07-26 10:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-28 16:37 - 2014-11-05 15:07 - 00001176 _____ C:\Users\Estetik3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-28 10:50 - 2013-07-05 15:00 - 00000000 ____D C:\ProgramData\MFAData
2015-08-27 22:23 - 2013-08-22 16:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-08-27 15:50 - 2013-04-08 10:16 - 00000000 ____D C:\Users\Estetik3\AppData\Local\Google
2015-08-27 15:08 - 2013-04-08 10:16 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-27 15:07 - 2015-06-25 11:34 - 00000000 ____D C:\Users\Estetik3\AppData\Local\Deployment
2015-08-27 10:28 - 2013-09-16 12:25 - 00000836 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-08-27 10:28 - 2013-07-05 15:01 - 00000000 ____D C:\Program Files\CCleaner
2015-08-27 10:27 - 2014-12-05 19:18 - 00000000 ____D C:\Users\Estetik3\Desktop\Confirmation stuff
2015-08-26 16:46 - 2014-12-22 12:59 - 00000000 __SHD C:\Users\Estetik3\AppData\Local\EmieBrowserModeList
2015-08-26 16:46 - 2014-11-05 15:40 - 00000000 __SHD C:\Users\Estetik3\AppData\Local\EmieUserList
2015-08-26 16:46 - 2014-11-05 15:40 - 00000000 __SHD C:\Users\Estetik3\AppData\Local\EmieSiteList
2015-08-26 11:32 - 2015-05-16 14:36 - 00000000 ____D C:\Users\Estetik3\Desktop\TT
2015-08-26 10:42 - 2015-07-18 20:36 - 00000000 ____D C:\Users\Estetik3\Desktop\Yeni klasör
2015-08-26 10:42 - 2015-06-17 16:02 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-26 10:42 - 2014-07-25 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-26 10:42 - 2014-07-25 11:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-25 15:18 - 2013-03-18 19:11 - 00003188 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForEstetik3
2015-08-25 15:18 - 2013-03-18 19:11 - 00000368 _____ C:\WINDOWS\Tasks\HPCeeScheduleForEstetik3.job
2015-08-24 14:54 - 2012-12-13 23:59 - 00000000 ____D C:\Users\Estetik3\AppData\Roaming\vlc
2015-08-22 15:05 - 2013-03-10 17:21 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-08-06 14:16 - 2012-12-13 22:25 - 00000000 ____D C:\Users\Estetik3\AppData\Local\Packages
2015-08-06 14:09 - 2014-07-25 14:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
 
==================== Files in the root of some directories =======
 
2013-07-05 15:56 - 2013-07-05 15:56 - 0000576 _____ () C:\Users\Estetik3\AppData\Roaming\All CPU MeterV3_Settings.ini
2013-07-30 01:15 - 2014-03-07 11:15 - 0000214 _____ () C:\Users\Estetik3\AppData\Roaming\WB.CFG
2013-06-18 12:25 - 2013-06-30 13:15 - 0000005 _____ () C:\Users\Estetik3\AppData\Roaming\WBPU-Q2-TTL.DAT
2013-07-05 15:35 - 2013-07-05 15:35 - 0000005 _____ () C:\Users\Estetik3\AppData\Roaming\WBPU-Q3-TTL.DAT
2013-12-31 13:15 - 2014-01-03 15:41 - 0000005 _____ () C:\Users\Estetik3\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-06-17 14:15 - 2014-01-29 12:15 - 0000005 _____ () C:\Users\Estetik3\AppData\Roaming\WBPU-TTL.DAT
2013-09-24 11:41 - 2013-09-24 11:41 - 0361117 _____ () C:\Users\Estetik3\AppData\Local\newhb2.crx
2014-11-27 14:02 - 2014-11-27 14:02 - 0000017 _____ () C:\Users\Estetik3\AppData\Local\resmon.resmoncfg
2012-12-13 22:28 - 2012-12-13 22:28 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-28 17:49
 
==================== End of FRST.txt ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-08-2015
Ran by Estetik3 (2015-08-28 21:15:30)
Running from C:\Users\Estetik3\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1937455341-2164632613-1031517462-500 - Administrator - Disabled)
Estetik3 (S-1-5-21-1937455341-2164632613-1031517462-1001 - Administrator - Enabled) => C:\Users\Estetik3
Guest (S-1-5-21-1937455341-2164632613-1031517462-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1937455341-2164632613-1031517462-1001\...\uTorrent) (Version: 3.4.4.40911 - BitTorrent Inc.)
Adobe Reader XI (11.0.12) - Turkish (HKLM-x32\...\{AC76BA86-7AD7-1055-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.4.0 - IObit)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6125 - AVG Technologies)
AVG 2015 (Version: 15.0.4409 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6125 - AVG Technologies) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
Driver Booster 2.4 (HKLM-x32\...\Driver Booster_is1) (Version: 2.4 - IObit)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000049}) (Version: 11.0.09 - Adobe Systems Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.245 - SurfRight B.V.)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1202 - Hewlett-Packard)
HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version:  - )
HP LaserJet Professional M1210 MFP Series Toolbox (HKLM\...\{43C4BDBB-0FA3-4E79-8E9F-6ACF0F2FC0A4}) (Version: 1.0.12 - Hewlett-Packard)
HP LaserJet Toolbox (HKLM\...\{1FA6376A-3120-45DA-8686-96DEFC8A0513}) (Version: 2.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
hppLaserJetService (x32 Version: 001.003.000145 - Hewlett-Packard) Hidden
hppM1130M1210SeriesLaserJetService (x32 Version: 001.003.00073 - Hewlett-Packard) Hidden
hppusgM1130M1210Series (x32 Version: 1.0.0.2 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation)
IObit Malware Fighter 3 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 3.3 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.3.0.5 - IObit)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft Office Ev ve İş 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.16 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.16.105 - Skype Technologies S.A.)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.2 - IObit)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 2.2.0 - IObit)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}) (Version: 19.5.11475 - WinZip Computing, S.L. )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1937455341-2164632613-1031517462-1001_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1937455341-2164632613-1031517462-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\Estetik3\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-1937455341-2164632613-1031517462-1001_Classes\CLSID\{3DD12613-1A9C-48A6-8691-4CBA20BB7B31}\InprocServer32 -> C:\Users\Estetik3\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GlassyCPUMonitor.gadget\Release\ProcessMonitor64.dll (TODO: <Firmenname>)
CustomCLSID: HKU\S-1-5-21-1937455341-2164632613-1031517462-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
 
==================== Restore Points =========================
 
06-08-2015 14:07:38 Installed AVG 2015
17-08-2015 16:08:38 Zamanlanmış Denetim Noktası
25-08-2015 14:13:04 Zamanlanmış Denetim Noktası
28-08-2015 16:50:53 Windows Modül Yükleyicisi
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 16:25 - 2013-08-22 16:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1D684C70-53AC-4C02-A515-D7DC04408B88} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {298FC6D9-9326-4BE7-84C7-A532D3FED578} - System32\Tasks\HPCeeScheduleForEstetik3 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {32D92FF0-5023-4417-BED6-7F35FD1977D8} - System32\Tasks\{A7D6E4E9-4686-49EB-8A87-4279722DDB93} => pcalua.exe -a C:\Users\Estetik3\Downloads\apr.exe -d C:\Users\Estetik3\Downloads
Task: {55FAC5E8-A16D-4A89-83E5-CFC10A848065} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2015-08-12] (IObit)
Task: {5ACF923A-DED6-466A-8975-248E1303C8A9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {5E6955C8-499E-4115-8E35-C43D767C6713} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {616F3DC1-D3F6-4C85-B15F-B5D5C5E2C30D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {6CE4D8D5-1D61-439A-9317-2587966227B4} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)
Task: {C85143D9-F553-48BB-8086-6EFE4E25B25F} - System32\Tasks\ASC8_SkipUac_Estetik3 => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-08-17] (IObit)
Task: {C96099AB-8891-44C6-9FBD-0277EFF6FDB2} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {C9C2E50B-6203-4CD3-A042-47FAD3278E7B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-20] (Piriform Ltd)
Task: {E1B2B343-A98F-4CF0-81E2-2DC80517A04D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {EC96BDA1-158C-4F1D-B70E-C622BD92FE7D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {FF1A0D40-4426-4A50-A28D-B4C64A25ECF1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\ASC8_SkipUac_Estetik3.job => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForEstetik3.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-11-05 11:55 - 2012-09-29 14:25 - 00409088 _____ () C:\WINDOWS\System32\HPM1210LM.DLL
2014-05-23 16:11 - 2012-09-29 14:25 - 00074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HPM1210PP.dll
2012-12-14 00:21 - 2011-04-16 03:14 - 00222720 _____ () C:\WINDOWS\system32\m1210nwia.dll
2013-10-21 12:52 - 2013-10-21 12:52 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-19 20:06 - 2012-07-19 20:06 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-07-19 20:06 - 2012-07-19 20:06 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-07-19 20:07 - 2012-07-19 20:07 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2014-11-05 15:07 - 2014-11-05 15:07 - 00120224 _____ () C:\Users\Estetik3\AppData\Local\assembly\dl3\BDAVWYPC.J37\9DX59M9G.H8W\436781b7\00f898e6_d065cd01\HPItunesModule.DLL
2015-08-28 15:47 - 2015-01-09 18:46 - 00517408 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\sqlite3.dll
2009-10-15 12:13 - 2009-10-15 12:13 - 00061440 _____ () C:\Program Files (x86)\HP\HPLaserJetService\HPTools.dll
2009-10-15 12:13 - 2009-10-15 12:13 - 00964096 _____ () C:\Program Files (x86)\HP\HPLaserJetService\LEDMXMLObjects.dll
2015-08-28 15:47 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2013-05-07 15:15 - 2015-05-20 19:03 - 00348960 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl
2013-05-07 15:15 - 2015-05-20 19:03 - 00183584 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl
2013-05-07 15:15 - 2015-05-20 19:03 - 00050976 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl
2015-08-28 16:39 - 2015-05-20 19:04 - 00268920 _____ () C:\Program Files (x86)\IObit\Start Menu 8\sqlite3.dll
2015-08-28 16:39 - 2015-05-20 19:03 - 00053024 _____ () C:\Program Files (x86)\IObit\Start Menu 8\parseAuto.dll
2015-08-28 16:39 - 2015-05-20 19:03 - 00622880 _____ () C:\Program Files (x86)\IObit\Start Menu 8\ProductStatistics.dll
2012-10-18 10:26 - 2012-06-08 06:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-10-21 09:27 - 2015-05-20 19:04 - 00041248 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll
2015-08-28 16:39 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2015-08-28 16:39 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2015-08-28 16:39 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2014-11-05 15:46 - 2014-11-05 15:44 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-08-27 15:08 - 2015-08-18 08:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll
2015-08-27 15:08 - 2015-08-18 08:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll
2015-08-27 15:08 - 2015-08-18 08:23 - 16393032 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-1937455341-2164632613-1031517462-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1937455341-2164632613-1031517462-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1937455341-2164632613-1031517462-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1937455341-2164632613-1031517462-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1937455341-2164632613-1031517462-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1937455341-2164632613-1031517462-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1937455341-2164632613-1031517462-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1937455341-2164632613-1031517462-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1937455341-2164632613-1031517462-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1937455341-2164632613-1031517462-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1937455341-2164632613-1031517462-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1937455341-2164632613-1031517462-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1937455341-2164632613-1031517462-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1937455341-2164632613-1031517462-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1937455341-2164632613-1031517462-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1937455341-2164632613-1031517462-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1937455341-2164632613-1031517462-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1937455341-2164632613-1031517462-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1937455341-2164632613-1031517462-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1937455341-2164632613-1031517462-1001\...\100sexlinks.com -> 100sexlinks.com
 
There are 4790 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1937455341-2164632613-1031517462-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\HP\HP_Metro_Sky.jpg
DNS Servers: 37.220.8.189 - 37.220.8.190
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: HPSIService => 2
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "20131121"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{F8EB5C8C-AD4A-4A82-ACB1-E0C0A284326F}] => (Allow) LPort=161
FirewallRules: [{70D2A7A7-1E36-43B4-83F9-98E1EBC89D58}] => (Allow) LPort=427
FirewallRules: [{F881CD4F-2F72-41FC-BDDA-B99B95098787}] => (Allow) LPort=9100
FirewallRules: [TCP Query User{CB9D98FF-05CA-48A4-9532-2904266FF3AD}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{6E62158F-B052-4206-8012-AB9A9FDC28F9}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{CCB39584-B136-4B3D-AC4D-4DBE25B149DE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{F0BCBF43-796C-4007-8523-392985E0AFC1}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{E7BB804F-0F3E-45FD-B9B5-C616D6657BA8}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{960137D9-0678-4FCE-98A7-788A78F434E1}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{C0B5D817-78A9-4A37-8E0A-8F4E7C05A66F}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{E8AF288E-4373-4A85-B64E-84E60D08B176}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{F685DBAD-FA31-4BB5-9CAA-D15D25B20916}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{222E2EF6-EDBF-482D-B862-2740BD114061}] => (Allow) C:\Users\Estetik3\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FAD4AA10-C253-4959-A5AB-9754BBEF42B1}] => (Allow) C:\Users\Estetik3\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{868BB9B0-3EE6-47CC-93D5-34327D11CFD7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{53CEFF86-07AC-4ED4-8BAF-AC351B5821B9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{5F54E010-EAFD-490B-94A3-7E9D1F3D6FC5}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{D69D42BC-06D3-44B9-A2C6-3D3AC5EDBE1A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{C8A51423-89BA-4BB3-8410-97501354CEC1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{CB245105-C9FE-4CAB-AC6D-34AFC7FBFAA2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{1C7D07CF-9179-4987-A766-3FDE9710780C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{5F86FF03-77E3-4CFD-9B11-6C5FD6F9F904}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{076C69F6-6FBC-46C4-815B-8852BAFFE47C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3E97D3FC-ACE0-46B3-B3C9-364ADBD562BD}] => (Allow) LPort=53000
FirewallRules: [{4AA53419-2BCC-4FA7-980A-1AB9BFBF855F}] => (Allow) LPort=52000
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/28/2015 08:44:13 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1" için etkinleştirme içeriği oluşturulamadı. "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" adlı bildirim veya ilke dosyasında C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. satırda hata var.
Uygulama için gereken bir bileşen sürümü halen etkin olan bir başka bileşen sürümüyle çakışıyor.
Çakışan bileşenler:
Bileşen 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Bileşen 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (08/28/2015 08:32:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1" için etkinleştirme içeriği oluşturulamadı. "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" adlı bildirim veya ilke dosyasında C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. satırda hata var.
Uygulama için gereken bir bileşen sürümü halen etkin olan bir başka bileşen sürümüyle çakışıyor.
Çakışan bileşenler:
Bileşen 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Bileşen 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (08/28/2015 08:32:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1" için etkinleştirme içeriği oluşturulamadı. "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" adlı bildirim veya ilke dosyasında C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. satırda hata var.
Uygulama için gereken bir bileşen sürümü halen etkin olan bir başka bileşen sürümüyle çakışıyor.
Çakışan bileşenler:
Bileşen 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Bileşen 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (08/28/2015 08:32:31 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1" için etkinleştirme içeriği oluşturulamadı. "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" adlı bildirim veya ilke dosyasında C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. satırda hata var.
Uygulama için gereken bir bileşen sürümü halen etkin olan bir başka bileşen sürümüyle çakışıyor.
Çakışan bileşenler:
Bileşen 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Bileşen 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (08/28/2015 08:32:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1" için etkinleştirme içeriği oluşturulamadı. "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" adlı bildirim veya ilke dosyasında C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. satırda hata var.
Uygulama için gereken bir bileşen sürümü halen etkin olan bir başka bileşen sürümüyle çakışıyor.
Çakışan bileşenler:
Bileşen 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Bileşen 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (08/28/2015 05:30:14 PM) (Source: IMFservice) (EventID: 0) (User: )
Description: İşleyici geçersiz
 
Error: (08/28/2015 05:30:13 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: İşleyici geçersiz
 
Error: (08/28/2015 04:40:57 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: C:\ biriminin bildirimleri etkin değil. 
 
Bağlam: Windows Uygulaması
 
Ayrıntılar:
Birim değişim günlüğü siliniyor.  (HRESULT : 0x8007049a) (0x8007049a)
 
Error: (08/28/2015 11:20:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe programının 6.3.9600.17415 sürümü, Windows ile birlikte çalışmayı durdurdu ve kapatıldı. Sorun hakkında daha fazla bilgi olup olmadığını görmek için Eylem Merkezi denetim masasında sorunun geçmişini denetleyin.
 
İşlem Kimlik No: 1a30
 
Başlatma Saati: 01d0e169b4004914
 
Sona Erdirme Saati: 4294967295
 
Uygulama Yolu: C:\WINDOWS\syswow64\wwahost.exe
 
Rapor Kimliği: a883909a-4d5d-11e5-81ba-4c72b972d97e
 
Hatalı paket tam adı: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c
 
Hatalı paketle ilgili uygulama kimliği: App
 
Error: (08/28/2015 10:50:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe programının 17.5.9600.20911 sürümü, Windows ile birlikte çalışmayı durdurdu ve kapatıldı. Sorun hakkında daha fazla bilgi olup olmadığını görmek için Eylem Merkezi denetim masasında sorunun geçmişini denetleyin.
 
İşlem Kimlik No: e9c
 
Başlatma Saati: 01d0e1658a81c2b1
 
Sona Erdirme Saati: 4294967295
 
Uygulama Yolu: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Rapor Kimliği: 7e280c7c-4d59-11e5-81ba-4c72b972d97e
 
Hatalı paket tam adı: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Hatalı paketle ilgili uygulama kimliği: ppleae38af2e007f4358a809ac99a64a67c1
 
 
System errors:
=============
Error: (08/28/2015 08:33:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: eapihdrv hizmeti şu hata nedeniyle başlatılamadı: 
%%1275
 
Error: (08/28/2015 08:33:44 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Estetik3\AppData\Local\Temp\ehdrv.sys
 
Error: (08/28/2015 08:33:43 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Estetik3\AppData\Local\Temp\ehdrv.sys
 
Error: (08/28/2015 08:33:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: eapihdrv hizmeti şu hata nedeniyle başlatılamadı: 
%%1275
 
Error: (08/28/2015 08:33:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: eapihdrv hizmeti şu hata nedeniyle başlatılamadı: 
%%1275
 
Error: (08/28/2015 08:33:43 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Estetik3\AppData\Local\Temp\ehdrv.sys
 
Error: (08/28/2015 07:38:01 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: HitmanPro 3.7 Crusader (Boot) hizmeti, hizmete özgü şu hata ile sona erdi: 
%%0
 
Error: (08/28/2015 06:41:53 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: Estetik3-Pc)
Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-1937455341-2164632613-1031517462-1001-0-ntuser.dat
 
Error: (08/28/2015 06:41:44 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: Estetik3-Pc)
Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-1937455341-2164632613-1031517462-1001-0-ntuser.dat
 
Error: (08/28/2015 06:33:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Presentation Foundation Font Cache 3.0.0.0 hizmeti beklenmedik şekilde sona erdi.  Bu durum 1 defa oluştu.  0 milisaniye içinde şu düzeltme eylemi uygulanacak: Hizmeti yeniden başlat.
 
 
Microsoft Office:
=========================
Error: (08/28/2015 08:44:13 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Estetik3\Downloads\esetsmartinstaller_enu.exe
 
Error: (08/28/2015 08:32:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Estetik3\Downloads\esetsmartinstaller_enu.exe
 
Error: (08/28/2015 08:32:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Estetik3\Downloads\esetsmartinstaller_enu.exe
 
Error: (08/28/2015 08:32:31 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Estetik3\Downloads\esetsmartinstaller_enu.exe
 
Error: (08/28/2015 08:32:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Estetik3\Downloads\esetsmartinstaller_enu.exe
 
Error: (08/28/2015 05:30:14 PM) (Source: IMFservice) (EventID: 0) (User: )
Description: İşleyici geçersiz
 
Error: (08/28/2015 05:30:13 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: İşleyici geçersiz
 
Error: (08/28/2015 04:40:57 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Bağlam: Windows Uygulaması
 
Ayrıntılar:
Birim değişim günlüğü siliniyor.  (HRESULT : 0x8007049a) (0x8007049a)
C:\
 
Error: (08/28/2015 11:20:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.174151a3001d0e169b40049144294967295C:\WINDOWS\syswow64\wwahost.exea883909a-4d5d-11e5-81ba-4c72b972d97eMicrosoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5cApp
 
Error: (08/28/2015 10:50:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20911e9c01d0e1658a81c2b14294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe7e280c7c-4d59-11e5-81ba-4c72b972d97emicrosoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3220T CPU @ 2.80GHz
Percentage of memory in use: 57%
Total physical RAM: 3967.16 MB
Available physical RAM: 1673.2 MB
Total Virtual: 5375.16 MB
Available Virtual: 2468.98 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:453.78 GB) (Free:367.1 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:10.06 GB) (Free:1.22 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 19E5B8FB)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,507 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 AM

Posted 29 August 2015 - 10:39 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

EmptyTemp:
CloseProcesses:
cmd: ipconfig /flushdns

HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Toolbar: HKU\.DEFAULT -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} -  No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?


Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

====

Restart the computer.

How is the computer running now?

#3 adexchangesucks

adexchangesucks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 29 August 2015 - 12:31 PM

Dear Nasdaq,

 

Thank you very much for your effort. I have followed all your instructions carefully.

 

It seems the problem still persists, as I click anything on a new tab on any browser, it creates a new tab to the ads.

 

FRST results:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:27-08-2015
Ran by Estetik3 (2015-08-29 20:04:02) Run:1
Running from C:\Users\Estetik3\Desktop
Loaded Profiles: Estetik3 (Available Profiles: Estetik3)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
EmptyTemp:
CloseProcesses:
cmd: ipconfig /flushdns
 
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Toolbar: HKU\.DEFAULT -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} -  No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
 
End
*****************
 
Processes closed successfully.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{91397D20-1446-11D4-8AF4-0040CA1127B6} => value removed successfully
HKCR\CLSID\{91397D20-1446-11D4-8AF4-0040CA1127B6} => key not found. 
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
EmptyTemp: => 645.6 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 20:04:39 ====
 
 
 
ADW cleaner results:
 
# AdwCleaner v5.004 - Logfile created 29/08/2015 at 20:17:11
# Updated 26/08/2015 by Xplode
# Database : 2015-08-25.1 [Server]
# Operating system : Windows 8.1 Single Language  (x64)
# Username : Estetik3 - ESTETIK3-PC
# Running from : C:\Users\Estetik3\Desktop\adwcleaner_5.004.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [563 bytes] ##########
 


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,507 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 AM

Posted 30 August 2015 - 06:55 AM

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.
===

Reset the other browsers.

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.


Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141

For IE 10, 11 follow the following instructions.
http://refreshyourcache.com/en/internet-explorer-11/
===

Clean your Java cache.
https://www.java.com/en/download/help/plugin_cache.xml

===

Clean your Flash cache.
https://forums.adobe.com/message/4278569
===

Make sure you restart the computer after these fixes.

Keep me posted.

#5 adexchangesucks

adexchangesucks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 31 August 2015 - 04:14 AM

Dear Nasdaq,
 
I ran Zoek as instructed, nothing has changed. I have noticed one thing though, on large websites like google/facebook/gmail/outlook etc... the ads never pop-up, but the moment I move to any other website any click redirects.
 
I cleared the cache of flash/java/all browsers after the Zoek Scan.. (by the way, I have uninstalled firefox ages ago, I don't know why there's files still)
 
My computer is much faster now than before so that's great.
 
I ran the scan twice, first time was interrupted by AVG. Here are both results;
 
 
First time:
 
 
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Estetik3 on Pzt 31.08.2015 at 10:49:06,01.
Microsoft Windows 8.1 Single Language 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Estetik3\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results2015-08-28-171646.log 50703 bytes
 
==== System Restore Info ======================
 
31.8.2015 10:52:28 Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\FB PurityClean Up deleted successfully
C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully
C:\PROGRA~2\Samsung deleted successfully
C:\PROGRA~2\Sony Mobile deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Program Files\Windows Sidebar deleted successfully
C:\PROGRA~3\HPSSUPPLY deleted successfully
C:\PROGRA~3\Sony Mobile deleted successfully
C:\PROGRA~3\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} deleted successfully
C:\Users\Estetik3\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Estetik3\AppData\Roaming\Samsung deleted successfully
C:\Users\Estetik3\AppData\Roaming\Video Converter Packages deleted successfully
C:\Users\Estetik3\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Estetik3\AppData\Local\EmieSiteList deleted successfully
C:\Users\Estetik3\AppData\Local\EmieUserList deleted successfully
C:\Users\Estetik3\AppData\Local\Samsung deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aspnet_state deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FontCache3.0.0.0 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrustedInstaller deleted successfully
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\FB PurityClean Up not found
C:\PROGRA~2\Samsung not found
C:\PROGRA~2\Sony Mobile not found
C:\PROGRA~3\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} not found
C:\PROGRA~2\AVG Web TuneUp deleted
C:\Users\Estetik3\AppData\Roaming\WB.CFG deleted
C:\Users\Estetik3\AppData\Roaming\All CPU MeterV3_Settings.ini deleted
C:\Users\Estetik3\AppData\Roaming\ProductData deleted
C:\PROGRA~3\Avg_Update_0414c deleted
C:\PROGRA~3\ProductData deleted
C:\Users\Estetik3\AppData\Local\newhb2.crx deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Web TuneUp deleted
C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
C:\Users\Estetik3\Documents\Add-in Express deleted
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"quickprint@hp.com"="C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension" [26.01.2011 15:27]
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\Estetik3\AppData\Roaming\Thunderbird\Profiles\vak1fbna.default
- Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi
 
==== Firefox Plugins ======================
 
 
==== Chromium Look ======================
 
Google Chrome Version: 44.0.2403.157
 
 
==== Chromium Startpages ======================
 
C:\Users\Estetik3\AppData\Local\Bromium\User Data\Default\Preferences
 
C:\Users\Estetik3\AppData\Local\Chromium\User Data\Default\Preferences
 
C:\Users\Estetik3\AppData\Local\Comodo\Dragon\User Data\Default\Preferences
 
C:\Users\Estetik3\AppData\Local\Google\Chrome\User Data\Profile 3\Preferences
p_original_content_length":"268827441667","http_received_content_length":"268824909410","intl":{"accept_languages":"en-US,en"},"invalidator":{"client_id":"o7h2oaZzvceyVCec5XYU0A=="},"media":{"device_id_salt":"y6lfYWL8nQKw2JuxVXdJbA=="},"net":{"http_server_properties":{"servers":{},"version":3}},"ntp":{"app_page_names":["Apps"],"most_visited_blacklist":{"325208cbe87902a6ca8351857471e70f":null,"e203e98e4c606735cf56db84a002fd22":null}},"partition":{"per_host_zoom_levels":{"2166136261":{}}},"password_bubble":{"nopes":1},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"printing":{"print_preview_sticky_settings":{"appState":"{\"version\":2,\"isGcpPromoDismissed\":false,\"selectedDestinationId\":\"HP LaserJet Professional M1212nf MFP (1)\",\"selectedDestinationOrigin\":\"local\",\"selectedDestinationAccount\":\"\",\"selectedDestinationCapabilities\":{\"printer\":{\"collate\":{\"default\":false},\"color\":{\"option\":[{\"is_default\":true,\"type\":\"STANDARD_MONOCHROME\",\"vendor_id\":\"1\"}]},\"copies\":{},\"duplex\":{\"option\":[{\"is_default\":true,\"type\":\"NO_DUPLEX\"},{\"type\":\"LONG_EDGE\"},{\"type\":\"SHORT_EDGE\"}]},\"media_size\":{\"option\":[{\"custom_display_name\":\"Letter\",\"height_microns\":279400,\"name\":\"NA_LETTER\",\"vendor_id\":\"1\",\"width_microns\":215900},{\"custom_display_name\":\"Legal\",\"height_microns\":355600,\"name\":\"NA_LEGAL\",\"vendor_id\":\"5\",\"width_microns\":215900},{\"custom_display_name\":\"A4\",\"height_microns\":297000,\"is_default\":true,\"name\":\"ISO_A4\",\"vendor_id\":\"9\",\"width_microns\":210000},{\"custom_display_name\":\"Executive\",\"height_microns\":266700,\"name\":\"NA_EXECUTIVE\",\"vendor_id\":\"7\",\"width_microns\":184200},{\"custom_display_name\":\"8,5x13 (Özel)\",\"height_microns\":330200,\"name\":\"JIS_EXEC\",\"vendor_id\":\"258\",\"width_microns\":215900},{\"custom_display_name\":\"A5\",\"height_microns\":210000,\"name\":\"ISO_A5\",\"vendor_id\":\"11\",\"width_microns\":148000},{\"custom_display_name\":\"A6\",\"height_microns\":148000,\"name\":\"ISO_A6\",\"vendor_id\":\"70\",\"width_microns\":105000},{\"custom_display_name\":\"B5 (JIS)\",\"height_microns\":257000,\"name\":\"JIS_B5\",\"vendor_id\":\"13\",\"width_microns\":182000},{\"custom_display_name\":\"16K 195x270\",\"height_microns\":270000,\"vendor_id\":\"264\",\"width_microns\":195000},{\"custom_display_name\":\"16K 184x260\",\"height_microns\":260000,\"vendor_id\":\"263\",\"width_microns\":184000},{\"custom_display_name\":\"16K 197x273\",\"height_microns\":273000,\"name\":\"ROC_16K\",\"vendor_id\":\"257\",\"width_microns\":197000},{\"custom_display_name\":\"Japon Kartpostal\",\"height_microns\":148000,\"name\":\"JPN_HAGAKI\",\"vendor_id\":\"43\",\"width_microns\":100000},{\"custom_display_name\":\"Double Japan Postcard Rotated\",\"height_microns\":200000,\"name\":\"JPN_OUFUKU\",\"vendor_id\":\"82\",\"width_microns\":148000},{\"custom_display_name\":\"Zarf #10\",\"height_microns\":241300,\"name\":\"NA_NUMBER_10\",\"vendor_id\":\"20\",\"width_microns\":104600},{\"custom_display_name\":\"Zarf Monarch\",\"height_microns\":190500,\"name\":\"NA_MONARCH\",\"vendor_id\":\"37\",\"width_microns\":98300},{\"custom_display_name\":\"Zarf B5\",\"height_microns\":250000,\"name\":\"ISO_B5\",\"vendor_id\":\"34\",\"width_microns\":176000},{\"custom_display_name\":\"Zarf C5\",\"height_microns\":229000,\"name\":\"ISO_C5\",\"vendor_id\":\"28\",\"width_microns\":162000},{\"custom_display_name\":\"Zarf DL\",\"height_microns\":220000,\"name\":\"ISO_DL\",\"vendor_id\":\"27\",\"width_microns\":110000}]},\"page_orientation\":{\"option\":[{\"is_default\":true,\"type\":\"PORTRAIT\"},{\"type\":\"LANDSCAPE\"},{\"type\":\"AUTO\"}]},\"supported_content_type\":[{\"content_type\":\"application/pdf\"}]},\"version\":\"1.0\"},\"selectedDestinationName\":\"HP LaserJet Professional M1212nf MFP (1)\",\"mediaSize\":{\"custom_display_name\":\"A4\",\"height_microns\":297000,\"is_default\":true,\"name\":\"ISO_A4\",\"vendor_id\":\"9\",\"width_microns\":210000},\"selectedDestinationExtensionId\":\"\",\"customMargins\":null,\"vendorOptions\":{},\"selectedDestinationExtensionName\":\"\",\"isDuplexEnabled\":false}"}},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"https://www.google.com.tr:443,https://www.google.com.tr:443":{"geolocation":2}},"pref_version":1},"created_by_version":"39.0.2171.99","default_content_settings":{},"exit_type":"Crashed","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Person 1","per_host_zoom_levels":{}},"protection":{"macs":{}},"savefile":{"default_directory":"C:\\Users\\Estetik3\\Desktop"},"selectfile":{"last_directory":"C:\\Users\\Estetik3\\Desktop\\converted\\TravelTriangle\\September"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13066314156449388"},"sync":{"memory_warning_count":465},"sync_promo":{"startup_count":2,"user_skipped":true},"translate_accepted_count":{"ar":0,"de":0,"en":0,"es":0,"ru":0,"tr":0},"translate_blocked_languages":["en"],"translate_denied_count":{"tr":2},"translate_denied_count_for_language":{"ar":2,"de":2,"en":3,"es":1,"ru":3,"tr":2},"translate_last_denied_time":1.42185e+12,"translate_last_denied_time_for_language":{"ar":1.438181e+12,"de":1.440576e+12,"en":1440778073266.966,"es":1.438446e+12,"ru":1440778261307.647,"tr":1.437835e+12},"translate_too_often_denied":true,"translate_too_often_denied_for_language":{"ar":true,"de":true,"ru":true,"tr":true},"translate_whitelists":{},"zerosuggest":{"cachedresults":""}}
 
C:\Users\Estetik3\AppData\Local\Nichrome\User Data\Default\Preferences
 
C:\Users\Estetik3\AppData\Local\Xpom\User Data\Default\Preferences
 
C:\Users\Estetik3\AppData\Local\Yandex\Internet\User Data\Default\Preferences
 
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0E362191-F274-4D9C-8FC9-45841D2DA159}"
{01174EB9-B455-48C6-AB46-1B8E675B355F} Unknown  Url="Not_Found"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-1937455341-2164632613-1031517462-1001\Software\Microsoft\Internet Explorer\SearchScopes\{01174EB9-B455-48C6-AB46-1B8E675B355F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{01174EB9-B455-48C6-AB46-1B8E675B355F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{01174EB9-B455-48C6-AB46-1B8E675B355F} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Empty IE Cache ======================
 
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Estetik3\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Estetik3\AppData\Local\Microsoft\Windows\INetCache\IE\GKXZJ6LD will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Estetik3\AppData\Local\Google\Chrome\User Data\Profile 3\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=14 folders=7 10298040 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Estetik3\AppData\Local\Temp will be emptied at reboot
C:\Users\fbwuser0E0C\AppData\Local\Temp emptied successfully
C:\Users\fbwuser0E0C.Estetik3-Pc\AppData\Local\Temp emptied successfully
C:\Users\fbwuser6B7A\AppData\Local\Temp emptied successfully
C:\Users\fbwuser6B7A.Estetik3-Pc\AppData\Local\Temp emptied successfully
C:\Users\TEMP\AppData\Local\Temp emptied successfully
C:\Users\FBWUSE~1.EST\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp successfully emptied
C:\Users\Estetik3\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Users\Estetik3\AppData\Local\Microsoft\Windows\INetCache\IE\GKXZJ6LD" not found
 
==== EOF on Pzt 31.08.2015 at 11:14:44,70 ======================
 
 
Second time:
 
 
 
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Estetik3 on Pzt 31.08.2015 at 11:20:17,33.
Microsoft Windows 8.1 Single Language 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Estetik3\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results2015-08-28-171646.log 50703 bytes
C:\zoek-results2015-08-31-081444.log 15551 bytes
 
==== System Restore Info ======================
 
31.8.2015 11:20:38 Zoek.exe System Restore Point Created Successfully.
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
C:\Users\Estetik3\AppData\Roaming\ProductData deleted
C:\PROGRA~3\ProductData deleted
"C:\Users\Estetik3\Documents\Add-in Express\adxloader.log" not deleted
"C:\Users\Estetik3\Documents\Add-in Express" not deleted
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"quickprint@hp.com"="C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension" [26.01.2011 15:27]
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\Estetik3\AppData\Roaming\Thunderbird\Profiles\vak1fbna.default
- Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi
 
==== Firefox Plugins ======================
 
 
==== Chromium Look ======================
 
Google Chrome Version: 44.0.2403.157
 
 
==== Chromium Startpages ======================
 
C:\Users\Estetik3\AppData\Local\Bromium\User Data\Default\Preferences
 
C:\Users\Estetik3\AppData\Local\Chromium\User Data\Default\Preferences
 
C:\Users\Estetik3\AppData\Local\Comodo\Dragon\User Data\Default\Preferences
 
C:\Users\Estetik3\AppData\Local\Google\Chrome\User Data\Profile 3\Preferences
tp_original_content_length":"268827441667","http_received_content_length":"268824909410","intl":{"accept_languages":"en-US,en"},"invalidator":{"client_id":"o7h2oaZzvceyVCec5XYU0A=="},"media":{"device_id_salt":"y6lfYWL8nQKw2JuxVXdJbA=="},"net":{"http_server_properties":{"servers":{},"version":3}},"ntp":{"app_page_names":["Apps"],"most_visited_blacklist":{"325208cbe87902a6ca8351857471e70f":null,"e203e98e4c606735cf56db84a002fd22":null}},"partition":{"per_host_zoom_levels":{"2166136261":{}}},"password_bubble":{"nopes":1},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"printing":{"print_preview_sticky_settings":{"appState":"{\"version\":2,\"isGcpPromoDismissed\":false,\"selectedDestinationId\":\"HP LaserJet Professional M1212nf MFP (1)\",\"selectedDestinationOrigin\":\"local\",\"selectedDestinationAccount\":\"\",\"selectedDestinationCapabilities\":{\"printer\":{\"collate\":{\"default\":false},\"color\":{\"option\":[{\"is_default\":true,\"type\":\"STANDARD_MONOCHROME\",\"vendor_id\":\"1\"}]},\"copies\":{},\"duplex\":{\"option\":[{\"is_default\":true,\"type\":\"NO_DUPLEX\"},{\"type\":\"LONG_EDGE\"},{\"type\":\"SHORT_EDGE\"}]},\"media_size\":{\"option\":[{\"custom_display_name\":\"Letter\",\"height_microns\":279400,\"name\":\"NA_LETTER\",\"vendor_id\":\"1\",\"width_microns\":215900},{\"custom_display_name\":\"Legal\",\"height_microns\":355600,\"name\":\"NA_LEGAL\",\"vendor_id\":\"5\",\"width_microns\":215900},{\"custom_display_name\":\"A4\",\"height_microns\":297000,\"is_default\":true,\"name\":\"ISO_A4\",\"vendor_id\":\"9\",\"width_microns\":210000},{\"custom_display_name\":\"Executive\",\"height_microns\":266700,\"name\":\"NA_EXECUTIVE\",\"vendor_id\":\"7\",\"width_microns\":184200},{\"custom_display_name\":\"8,5x13 (Özel)\",\"height_microns\":330200,\"name\":\"JIS_EXEC\",\"vendor_id\":\"258\",\"width_microns\":215900},{\"custom_display_name\":\"A5\",\"height_microns\":210000,\"name\":\"ISO_A5\",\"vendor_id\":\"11\",\"width_microns\":148000},{\"custom_display_name\":\"A6\",\"height_microns\":148000,\"name\":\"ISO_A6\",\"vendor_id\":\"70\",\"width_microns\":105000},{\"custom_display_name\":\"B5 (JIS)\",\"height_microns\":257000,\"name\":\"JIS_B5\",\"vendor_id\":\"13\",\"width_microns\":182000},{\"custom_display_name\":\"16K 195x270\",\"height_microns\":270000,\"vendor_id\":\"264\",\"width_microns\":195000},{\"custom_display_name\":\"16K 184x260\",\"height_microns\":260000,\"vendor_id\":\"263\",\"width_microns\":184000},{\"custom_display_name\":\"16K 197x273\",\"height_microns\":273000,\"name\":\"ROC_16K\",\"vendor_id\":\"257\",\"width_microns\":197000},{\"custom_display_name\":\"Japon Kartpostal\",\"height_microns\":148000,\"name\":\"JPN_HAGAKI\",\"vendor_id\":\"43\",\"width_microns\":100000},{\"custom_display_name\":\"Double Japan Postcard Rotated\",\"height_microns\":200000,\"name\":\"JPN_OUFUKU\",\"vendor_id\":\"82\",\"width_microns\":148000},{\"custom_display_name\":\"Zarf #10\",\"height_microns\":241300,\"name\":\"NA_NUMBER_10\",\"vendor_id\":\"20\",\"width_microns\":104600},{\"custom_display_name\":\"Zarf Monarch\",\"height_microns\":190500,\"name\":\"NA_MONARCH\",\"vendor_id\":\"37\",\"width_microns\":98300},{\"custom_display_name\":\"Zarf B5\",\"height_microns\":250000,\"name\":\"ISO_B5\",\"vendor_id\":\"34\",\"width_microns\":176000},{\"custom_display_name\":\"Zarf C5\",\"height_microns\":229000,\"name\":\"ISO_C5\",\"vendor_id\":\"28\",\"width_microns\":162000},{\"custom_display_name\":\"Zarf DL\",\"height_microns\":220000,\"name\":\"ISO_DL\",\"vendor_id\":\"27\",\"width_microns\":110000}]},\"page_orientation\":{\"option\":[{\"is_default\":true,\"type\":\"PORTRAIT\"},{\"type\":\"LANDSCAPE\"},{\"type\":\"AUTO\"}]},\"supported_content_type\":[{\"content_type\":\"application/pdf\"}]},\"version\":\"1.0\"},\"selectedDestinationName\":\"HP LaserJet Professional M1212nf MFP (1)\",\"mediaSize\":{\"custom_display_name\":\"A4\",\"height_microns\":297000,\"is_default\":true,\"name\":\"ISO_A4\",\"vendor_id\":\"9\",\"width_microns\":210000},\"selectedDestinationExtensionId\":\"\",\"customMargins\":null,\"vendorOptions\":{},\"selectedDestinationExtensionName\":\"\",\"isDuplexEnabled\":false}"}},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"https://www.google.com.tr:443,https://www.google.com.tr:443":{"geolocation":2}},"pref_version":1},"created_by_version":"39.0.2171.99","default_content_settings":{},"exit_type":"Crashed","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Person 1","per_host_zoom_levels":{}},"protection":{"macs":{}},"savefile":{"default_directory":"C:\\Users\\Estetik3\\Desktop"},"selectfile":{"last_directory":"C:\\Users\\Estetik3\\Desktop\\converted\\TravelTriangle\\September"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13066314156449388"},"sync":{"memory_warning_count":465},"sync_promo":{"startup_count":2,"user_skipped":true},"translate_accepted_count":{"ar":0,"de":0,"en":0,"es":0,"ru":0,"tr":0},"translate_blocked_languages":["en"],"translate_denied_count":{"tr":2},"translate_denied_count_for_language":{"ar":2,"de":2,"en":3,"es":1,"ru":3,"tr":2},"translate_last_denied_time":1.42185e+12,"translate_last_denied_time_for_language":{"ar":1.438181e+12,"de":1.440576e+12,"en":1440778073266.966,"es":1.438446e+12,"ru":1440778261307.647,"tr":1.437835e+12},"translate_too_often_denied":true,"translate_too_often_denied_for_language":{"ar":true,"de":true,"ru":true,"tr":true},"translate_whitelists":{},"zerosuggest":{"cachedresults":""}}
 
C:\Users\Estetik3\AppData\Local\Nichrome\User Data\Default\Preferences
 
C:\Users\Estetik3\AppData\Local\Xpom\User Data\Default\Preferences
 
C:\Users\Estetik3\AppData\Local\Yandex\Internet\User Data\Default\Preferences
 
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0E362191-F274-4D9C-8FC9-45841D2DA159}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
 
==== Empty IE Cache ======================
 
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Estetik3\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Estetik3\AppData\Local\Microsoft\Windows\INetCache\IE\547O12QI will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Estetik3\AppData\Local\Google\Chrome\User Data\Profile 3\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=14 folders=7 10294419 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Estetik3\AppData\Local\Temp will be emptied at reboot
C:\Users\fbwuser0E0C\AppData\Local\Temp emptied successfully
C:\Users\fbwuser0E0C.Estetik3-Pc\AppData\Local\Temp emptied successfully
C:\Users\fbwuser6B7A\AppData\Local\Temp emptied successfully
C:\Users\fbwuser6B7A.Estetik3-Pc\AppData\Local\Temp emptied successfully
C:\Users\TEMP\AppData\Local\Temp emptied successfully
C:\Users\FBWUSE~1.EST\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp successfully emptied
C:\Users\Estetik3\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Users\Estetik3\Documents\Add-in Express\adxloader.log"  not found
"C:\Users\Estetik3\Documents\Add-in Express"  not found
"C:\Users\Estetik3\AppData\Local\Microsoft\Windows\INetCache\IE\547O12QI" not found
 
==== EOF on Pzt 31.08.2015 at 11:39:35,84 ======================


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,507 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 AM

Posted 31 August 2015 - 07:46 AM

Execute this with the Zoek tool.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

#7 adexchangesucks

adexchangesucks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 31 August 2015 - 08:38 AM

Dear Nasdaq,

 

I have followed the above steps and here are the results:

 

 
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Estetik3 on Pzt 31.08.2015 at 16:21:21,48.
Microsoft Windows 8.1 Single Language 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Estetik3\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results2015-08-28-171646.log 50703 bytes
C:\zoek-results2015-08-31-081444.log 15551 bytes
C:\zoek-results2015-08-31-083935.log 13390 bytes
 
==== Batch Command(s) Run By Tool======================
 
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=14 folders=7 10294419 bytes)
 
==== EOF on Pzt 31.08.2015 at 16:22:59,22 ======================
 
 
I would like to tell you that, flushing DNS just reminded me that a week ago I have changed my DNS to default. I just tried to change it back to Google Public DNS, the problem completely disappeared.
 
I'm living in Istanbul, Turkey currently, could their DNS be the reason?
 
I know I'm not supposed to do other than what you requested but I just had to try changing the DNS to see if it is the reason, I'm sorry.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,507 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 AM

Posted 31 August 2015 - 01:18 PM

Is the computer running OK now?

#9 adexchangesucks

adexchangesucks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 31 August 2015 - 02:48 PM

Dear Nasdaq,

Yes everything is okay now using google DNS, thank you very much for your patience and efforts.

On a completely different note, do you advise using windows 10 or wait a little longer?

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,507 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 AM

Posted 01 September 2015 - 07:11 AM

I would wait. Microsoft is still sending out Security updates for Windows 10.

On the other side I did not see many complaints from users who have upgraded.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 adexchangesucks

adexchangesucks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 01 September 2015 - 08:52 AM

Dear Nasdaq,

 

I think I'll also wait, my current system is (windows 8.1 Single Language - Turkish), I want to find a way to upgrade to Windows 10 but in English.

 

Thank you very much for your effort in assisting me. I'll take my time to follow this guide thoroughly.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,507 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 AM

Posted 07 September 2015 - 07:37 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users