Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I can not connect to internet for a while


  • This topic is locked This topic is locked
17 replies to this topic

#1 banufix

banufix

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 21 September 2015 - 04:14 PM

After I connect to internet, I can stay in for five- ten minutes. My chrome is crushing and than when I restart my computer it works again.Thanks for helping.
 
Banu
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by hp (administrator) on HP-BILGISAYAR (22-09-2015 00:00:55)
Running from C:\Users\hp\Downloads
Loaded Profiles: hp (Available Profiles: hp)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Language: Türkçe (Türkiye)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Google Inc.) C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\hp\Downloads\FRST64 (1).exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1702400 2009-03-13] (Motorola Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [PLFSetL] => C:\Windows\PLFSetL.exe [94208 2008-07-03] (sonix)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-07-08] (ESET)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-05-20] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [fst_en_105] => [X]
HKLM-x32\...\Run: [t4pc_en_4] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-1316964719-1054508931-2917003293-1000\...\Run: [Google Update] => C:\Users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-06-07] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => No File
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 46.197.15.60 178.233.140.110 176.240.150.250
Tcpip\..\Interfaces\{489E3896-8C1E-41AB-82F3-33E7C776BF6A}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{489E3896-8C1E-41AB-82F3-33E7C776BF6A}: [DhcpNameServer] 46.197.15.60 178.233.140.110 176.240.150.250
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1316964719-1054508931-2917003293-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1402443691&from=tt4u&uid=FUJITSUXMHZ2320BHXG2_K618T8528CEV&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1402443691&from=tt4u&uid=FUJITSUXMHZ2320BHXG2_K618T8528CEV&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1402443691&from=tt4u&uid=FUJITSUXMHZ2320BHXG2_K618T8528CEV&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1402443691&from=tt4u&uid=FUJITSUXMHZ2320BHXG2_K618T8528CEV&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1316964719-1054508931-2917003293-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1316964719-1054508931-2917003293-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-12] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-12] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1402443691&from=tt4u&uid=FUJITSUXMHZ2320BHXG2_K618T8528CEV
 
FireFox:
========
FF ProfilePath: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\qr1tho6h.default
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2014-05-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-12] (Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1316964719-1054508931-2917003293-1000: @tools.google.com/Google Update;version=3 -> C:\Users\hp\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-1316964719-1054508931-2917003293-1000: @tools.google.com/Google Update;version=9 -> C:\Users\hp\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1402443691&from=tt4u&uid=FUJITSUXMHZ2320BHXG2_K618T8528CEV"
CHR Plugin: (Shockwave Flash) - C:\Users\hp\AppData\Local\Google\Chrome\Application\45.0.2454.93\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Users\hp\AppData\Local\Google\Chrome\Application\45.0.2454.93\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\hp\AppData\Local\Google\Chrome\Application\45.0.2454.93\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Profile: C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (FromDocToPDF) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2015-09-17]
CHR Extension: (Chrome Web Mağazası Ödemeleri) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
StartMenuInternet: Google Chrome.3UH63EJN4ZNRR7GN53HAB5VQGM - C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe -service [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-14] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-14] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [168208 2015-07-14] (ESET)
S3 hptmv; C:\Windows\system32\DRIVERS\hptmv.sys [93472 2006-09-18] (HighPoint Technologies, Inc.)
S3 iteraid; C:\Windows\system32\DRIVERS\iteraid.sys [32768 2007-05-02] (ITE Tech. Inc.)
S0 johci; C:\Windows\System32\DRIVERS\johci.sys [18784 2008-10-09] (JMicron )
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
S3 MegaSR1; C:\Windows\system32\DRIVERS\MegaSR1.sys [453952 2008-06-26] (LSI Corporation, Inc.)
S3 nvrd64; C:\Windows\system32\DRIVERS\nvrd64.sys [167456 2008-11-12] (NVIDIA Corporation)
S3 Pnp680; C:\Windows\system32\DRIVERS\pnp680.sys [80424 2007-11-13] (Silicon Image, Inc)
R2 risdptsk; C:\Windows\System32\DRIVERS\risdsn64.sys [76288 2009-09-24] (REDC)
S3 SI3112r; C:\Windows\system32\DRIVERS\SI3112r.sys [164656 2007-02-01] (Silicon Image, Inc)
S3 SI3114; C:\Windows\system32\DRIVERS\SI3114.sys [99120 2006-11-10] (Silicon Image, Inc.)
S3 SI3114r; C:\Windows\system32\DRIVERS\SI3114R.sys [163632 2007-04-11] (Silicon Image, Inc)
S3 SI3124; C:\Windows\system32\DRIVERS\SI3124.sys [113456 2006-11-02] (Silicon Image, Inc.)
S3 Si3124r5; C:\Windows\system32\DRIVERS\Si3124r5.sys [334640 2006-09-20] (Silicon Image, Inc)
S3 SI3132; C:\Windows\system32\DRIVERS\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc)
S3 Si3531; C:\Windows\system32\DRIVERS\Si3531.sys [330544 2007-06-01] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc)
R3 smserial; C:\Windows\System32\DRIVERS\smserial.sys [1202688 2009-03-13] (Motorola Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1829888 2007-10-01] ()
S3 viamrx64; C:\Windows\system32\DRIVERS\viamrx64.sys [157336 2008-04-21] (VIA Technologies Inc.,Ltd)
S3 ViBusX64; C:\Windows\system32\DRIVERS\ViBusX64.sys [25240 2008-04-15] (VIA Technologies, Inc.)
S3 ViPrtX64; C:\Windows\system32\DRIVERS\ViPrtX64.sys [67224 2008-04-15] (VIA Technologies, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 ppfd_vt_1_10_0_24; system32\drivers\ppfd_vt_1_10_0_24.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-22 00:00 - 2015-09-22 00:00 - 00000000 ____D C:\FRST
2015-09-21 21:13 - 2015-09-21 21:13 - 00000000 ____D C:\MSI6cb96.tmp
2015-09-21 21:13 - 2015-09-21 21:13 - 00000000 ____D C:\MSI6cb94.tmp
2015-09-21 01:50 - 2015-09-21 01:50 - 00000000 ____D C:\Program Files\ESET
2015-09-21 01:50 - 2015-09-21 01:50 - 00000000 ____D C:\MSIe0092.tmp
2015-09-21 00:06 - 2015-09-21 00:06 - 00000000 ____D C:\32788R22FWJFW
2015-09-20 21:54 - 2015-09-20 21:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-20 21:54 - 2015-09-20 21:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-18 16:50 - 2015-09-18 16:50 - 00000000 ____D C:\Program Files (x86)\UltraISO
2015-09-18 16:41 - 2015-09-18 16:41 - 00000000 ____D C:\Spacekace
2015-09-18 16:37 - 2015-09-18 16:39 - 00000048 _____ C:\RB.rdat
2015-09-18 16:37 - 2015-09-18 16:39 - 00000048 _____ C:\License_Time.rdat
2015-09-17 01:31 - 2015-09-17 01:31 - 00000000 __SHD C:\Windows\ftpcache
2015-09-17 01:30 - 2015-09-17 01:30 - 00003040 _____ C:\Windows\System32\Tasks\{3C1B5B35-0DB1-4E42-A828-97822845ED60}
2015-09-17 01:27 - 2015-09-17 01:27 - 00000000 ____D C:\Program Files (x86)\Longman
2015-09-12 21:59 - 2014-05-19 14:16 - 00821736 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2015-09-12 21:59 - 2014-05-19 14:16 - 00746984 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2015-09-04 22:07 - 2015-09-04 22:07 - 00000000 ____D C:\Program Files (x86)\TeamViewer
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-21 23:50 - 2014-05-24 23:51 - 00001018 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1316964719-1054508931-2917003293-1000UA.job
2015-09-21 23:08 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-21 23:08 - 2009-07-14 07:51 - 00027067 _____ C:\Windows\setupact.log
2015-09-21 23:07 - 2014-05-19 13:49 - 02059199 _____ C:\Windows\WindowsUpdate.log
2015-09-21 23:07 - 2009-07-14 07:45 - 00009904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-21 23:07 - 2009-07-14 07:45 - 00009904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-21 22:37 - 2014-05-19 14:06 - 00411978 _____ C:\Windows\PFRO.log
2015-09-21 21:17 - 2014-05-19 13:47 - 00000000 ____D C:\Users\hp
2015-09-21 21:13 - 2014-06-04 01:25 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-09-21 01:50 - 2014-05-24 23:51 - 00000966 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1316964719-1054508931-2917003293-1000Core.job
2015-09-19 02:29 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\NDF
2015-09-15 01:45 - 2014-05-24 23:51 - 00003982 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1316964719-1054508931-2917003293-1000UA
2015-09-15 01:45 - 2014-05-24 23:51 - 00003586 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1316964719-1054508931-2917003293-1000Core
2015-09-12 21:59 - 2014-05-19 14:16 - 00000000 ____D C:\Program Files (x86)\Java
2015-09-12 21:51 - 2014-05-19 14:16 - 00274016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-09-12 21:51 - 2014-05-19 14:16 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-09-07 16:49 - 2009-07-14 07:45 - 00409848 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-26 04:33 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\registration
 
==================== Files in the root of some directories =======
 
2014-05-19 14:07 - 2015-09-21 23:09 - 0000187 _____ () C:\ProgramData\HPWALog.txt
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-12 22:47
 
==================== End of FRST.txt ============================
 
Sorry because of my interner connection problem I posted 3 times Idon't know how to delete it :(
Mod Edit:  I deleted dupes - Hamluis.
 

Attached Files


Edited by hamluis, 21 September 2015 - 04:26 PM.


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 AM

Posted 22 September 2015 - 01:49 PM

Hello banufix and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.
 
Are you still with us?

 

:hello:
 
Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 banufix

banufix
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 22 September 2015 - 02:54 PM

Hi Yilmaz,

 

Thanks for helping:) You're welcome. I started my computer as an administrator and I disabled my antivurus program. What is the next step?

 

Best regards


Edited by banufix, 22 September 2015 - 02:57 PM.


#4 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 AM

Posted 22 September 2015 - 04:03 PM

Hi banufix;
 
Step 1:
FRST Script:
Please download this attached txt.gif  Fixlist.txt   4.74KB   0 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.
 
Step 2:
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

Regards.

 

Attached Files


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 banufix

banufix
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 22 September 2015 - 04:13 PM

Sorry I didn't get it. What does mean "save it in the same directory as FRST." Where I have to save  Fixlist.txt ?What I understood is. I need to open a new file and I will put in it FRST program and Fixlist.txt. Right?Ok .I did it.

 

I run AdwCleaner the logfile didn't open autamaticaly. I research for C:\AdwCleaner[S1].txt it wasn't there.Eventhough I looked in file there were only a quarantine file. My computer is restarted after cleaning.

 

I am not sure if I have to move forward so I am sending STEP 1 logs and waiting.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by hp (2015-09-23 00:19:52) Run:1
Running from C:\Users\hp\Desktop\Yeni klasör
Loaded Profiles: hp (Available Profiles: hp)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [fst_en_105] => [X]
HKLM-x32\...\Run: [t4pc_en_4] => [X]
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => No File
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1316964719-1054508931-2917003293-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1402443691&from=tt4u&uid=FUJITSUXMHZ2320BHXG2_K618T8528CEV&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1402443691&from=tt4u&uid=FUJITSUXMHZ2320BHXG2_K618T8528CEV&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1402443691&from=tt4u&uid=FUJITSUXMHZ2320BHXG2_K618T8528CEV&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1402443691&from=tt4u&uid=FUJITSUXMHZ2320BHXG2_K618T8528CEV&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1316964719-1054508931-2917003293-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1316964719-1054508931-2917003293-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1402443691&from=tt4u&uid=FUJITSUXMHZ2320BHXG2_K618T8528CEV
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1402443691&from=tt4u&uid=FUJITSUXMHZ2320BHXG2_K618T8528CEV"
CHR Plugin: (Native Client) - C:\Users\hp\AppData\Local\Google\Chrome\Application\45.0.2454.93\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\hp\AppData\Local\Google\Chrome\Application\45.0.2454.93\pdf.dll => No File
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
StartMenuInternet: Google Chrome.3UH63EJN4ZNRR7GN53HAB5VQGM - C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
S2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe -service [X]
D C:\32788R22FWJFW
S1 ppfd_vt_1_10_0_24; system32\drivers\ppfd_vt_1_10_0_24.sys [X]
C:\Program Files (x86)\Mozilla Maintenance Service
C:\ProgramData\HPWALog.txt
Installer (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1316964719-1054508931-2917003293-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\hp\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1316964719-1054508931-2917003293-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\hp\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1316964719-1054508931-2917003293-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\hp\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1316964719-1054508931-2917003293-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\hp\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1316964719-1054508931-2917003293-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\hp\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1316964719-1054508931-2917003293-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\hp\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_en_105 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\t4pc_en_4 => value removed successfully
"C:\PROGRA~2\SupTab\SEARCH~2.DLL" => Value data removed successfully.
"C:\PROGRA~2\SupTab\SEARCH~1.DLL" => Value data removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1316964719-1054508931-2917003293-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-21-1316964719-1054508931-2917003293-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-1316964719-1054508931-2917003293-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
Chrome StartupUrls removed successfully
C:\Users\hp\AppData\Local\Google\Chrome\Application\45.0.2454.93\ppGoogleNaClPluginChrome.dll => not found.
C:\Users\hp\AppData\Local\Google\Chrome\Application\45.0.2454.93\pdf.dll => not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl" => key removed successfully
C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx => moved successfully
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => value restored successfully
IePluginServices => service removed successfully
D C:\32788R22FWJFW => Error: No automatic fix found for this entry.
ppfd_vt_1_10_0_24 => service removed successfully
 
"C:\Program Files (x86)\Mozilla Maintenance Service" folder move:
 
Could not move "C:\Program Files (x86)\Mozilla Maintenance Service" => Scheduled to move on reboot.
 
C:\ProgramData\HPWALog.txt => moved successfully
Installer (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-1316964719-1054508931-2917003293-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-1316964719-1054508931-2917003293-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-1316964719-1054508931-2917003293-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-1316964719-1054508931-2917003293-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-1316964719-1054508931-2917003293-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-1316964719-1054508931-2917003293-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
 
=========  ipconfig /flushdns =========
 
 
Windows IP Yap�land�rmas�
 
DNS ��z�c� �nbelle�i ba�ar�yla temizlendi.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
 
Winsock Katalo�u ba�ar�yla s�f�rland�.
S�f�rlamay� tamamlamak i�in bilgisayar� yeniden ba�latmal�s�n�z.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Genel s�f�rlan�yor, Tamam!
Arabirim s�f�rlan�yor, Tamam!
Bu eylemi tamamlamak i�in sistemi yeniden ba�lat�n.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Arabirim s�f�rlan�yor, Tamam!
Bu eylemi tamamlamak i�in sistemi yeniden ba�lat�n.
 
 
========= End of CMD: =========
 
EmptyTemp: => 1.8 GB temporary data Removed.
 
==== End of Fixlog 00:20:40 ====

Edited by banufix, 22 September 2015 - 04:46 PM.


#6 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 AM

Posted 22 September 2015 - 04:25 PM

Farber Recovery Scan Tool (FRST) and   fixlist file  whether on the desktop. Then  FRST run and  press Button Fix


Edited by olgun52, 22 September 2015 - 04:25 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 banufix

banufix
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 22 September 2015 - 04:58 PM

I got FRST and Addition logs but It couldn't find fislist file. Also I researched it. It doesn't exist depend on computer search:) What can I do?Long story is down the page.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by hp (administrator) on HP-BILGISAYAR (23-09-2015 00:54:37)
Running from C:\Users\hp\Desktop\Yeni klasör
Loaded Profiles: hp (Available Profiles: hp)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Language: Türkçe (Türkiye)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Google Inc.) C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Farbar) C:\Users\hp\Desktop\Yeni klasör\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1702400 2009-03-13] (Motorola Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [PLFSetL] => C:\Windows\PLFSetL.exe [94208 2008-07-03] (sonix)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-07-08] (ESET)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-05-20] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-1316964719-1054508931-2917003293-1000\...\Run: [Google Update] => C:\Users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-06-07] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 46.197.15.60 178.233.140.110 176.240.150.250
Tcpip\..\Interfaces\{489E3896-8C1E-41AB-82F3-33E7C776BF6A}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{489E3896-8C1E-41AB-82F3-33E7C776BF6A}: [DhcpNameServer] 46.197.15.60 178.233.140.110 176.240.150.250
 
Internet Explorer:
==================
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-12] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-12] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\qr1tho6h.default
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2014-05-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-12] (Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1316964719-1054508931-2917003293-1000: @tools.google.com/Google Update;version=3 -> C:\Users\hp\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-1316964719-1054508931-2917003293-1000: @tools.google.com/Google Update;version=9 -> C:\Users\hp\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Users\hp\AppData\Local\Google\Chrome\Application\45.0.2454.99\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Users\hp\AppData\Local\Google\Chrome\Application\45.0.2454.99\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\hp\AppData\Local\Google\Chrome\Application\45.0.2454.99\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Profile: C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Mağazası Ödemeleri) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-25]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-14] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-14] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [168208 2015-07-14] (ESET)
S3 hptmv; C:\Windows\system32\DRIVERS\hptmv.sys [93472 2006-09-18] (HighPoint Technologies, Inc.)
S3 iteraid; C:\Windows\system32\DRIVERS\iteraid.sys [32768 2007-05-02] (ITE Tech. Inc.)
S0 johci; C:\Windows\System32\DRIVERS\johci.sys [18784 2008-10-09] (JMicron )
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
S3 MegaSR1; C:\Windows\system32\DRIVERS\MegaSR1.sys [453952 2008-06-26] (LSI Corporation, Inc.)
S3 nvrd64; C:\Windows\system32\DRIVERS\nvrd64.sys [167456 2008-11-12] (NVIDIA Corporation)
S3 Pnp680; C:\Windows\system32\DRIVERS\pnp680.sys [80424 2007-11-13] (Silicon Image, Inc)
R2 risdptsk; C:\Windows\System32\DRIVERS\risdsn64.sys [76288 2009-09-24] (REDC)
S3 SI3112r; C:\Windows\system32\DRIVERS\SI3112r.sys [164656 2007-02-01] (Silicon Image, Inc)
S3 SI3114; C:\Windows\system32\DRIVERS\SI3114.sys [99120 2006-11-10] (Silicon Image, Inc.)
S3 SI3114r; C:\Windows\system32\DRIVERS\SI3114R.sys [163632 2007-04-11] (Silicon Image, Inc)
S3 SI3124; C:\Windows\system32\DRIVERS\SI3124.sys [113456 2006-11-02] (Silicon Image, Inc.)
S3 Si3124r5; C:\Windows\system32\DRIVERS\Si3124r5.sys [334640 2006-09-20] (Silicon Image, Inc)
S3 SI3132; C:\Windows\system32\DRIVERS\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc)
S3 Si3531; C:\Windows\system32\DRIVERS\Si3531.sys [330544 2007-06-01] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc)
R3 smserial; C:\Windows\System32\DRIVERS\smserial.sys [1202688 2009-03-13] (Motorola Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1829888 2007-10-01] ()
S3 viamrx64; C:\Windows\system32\DRIVERS\viamrx64.sys [157336 2008-04-21] (VIA Technologies Inc.,Ltd)
S3 ViBusX64; C:\Windows\system32\DRIVERS\ViBusX64.sys [25240 2008-04-15] (VIA Technologies, Inc.)
S3 ViPrtX64; C:\Windows\system32\DRIVERS\ViPrtX64.sys [67224 2008-04-15] (VIA Technologies, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-23 00:26 - 2015-09-23 00:27 - 00000000 ____D C:\AdwCleaner
2015-09-22 00:00 - 2015-09-23 00:20 - 00000000 ____D C:\FRST
2015-09-21 21:13 - 2015-09-21 21:13 - 00000000 ____D C:\MSI6cb96.tmp
2015-09-21 21:13 - 2015-09-21 21:13 - 00000000 ____D C:\MSI6cb94.tmp
2015-09-21 01:50 - 2015-09-21 01:50 - 00000000 ____D C:\Program Files\ESET
2015-09-21 01:50 - 2015-09-21 01:50 - 00000000 ____D C:\MSIe0092.tmp
2015-09-21 00:06 - 2015-09-21 00:06 - 00000000 ____D C:\32788R22FWJFW
2015-09-20 21:54 - 2015-09-20 21:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-18 16:50 - 2015-09-18 16:50 - 00000000 ____D C:\Program Files (x86)\UltraISO
2015-09-18 16:41 - 2015-09-18 16:41 - 00000000 ____D C:\Spacekace
2015-09-18 16:37 - 2015-09-18 16:39 - 00000048 _____ C:\RB.rdat
2015-09-18 16:37 - 2015-09-18 16:39 - 00000048 _____ C:\License_Time.rdat
2015-09-17 01:31 - 2015-09-17 01:31 - 00000000 __SHD C:\Windows\ftpcache
2015-09-17 01:30 - 2015-09-17 01:30 - 00003040 _____ C:\Windows\System32\Tasks\{3C1B5B35-0DB1-4E42-A828-97822845ED60}
2015-09-17 01:27 - 2015-09-17 01:27 - 00000000 ____D C:\Program Files (x86)\Longman
2015-09-12 21:59 - 2014-05-19 14:16 - 00821736 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2015-09-12 21:59 - 2014-05-19 14:16 - 00746984 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2015-09-04 22:07 - 2015-09-04 22:07 - 00000000 ____D C:\Program Files (x86)\TeamViewer
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-23 00:52 - 2014-05-19 13:49 - 01064270 _____ C:\Windows\WindowsUpdate.log
2015-09-23 00:50 - 2014-05-24 23:51 - 00001018 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1316964719-1054508931-2917003293-1000UA.job
2015-09-23 00:34 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-23 00:33 - 2009-07-14 07:51 - 00027179 _____ C:\Windows\setupact.log
2015-09-23 00:33 - 2009-07-14 07:45 - 00009904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-23 00:33 - 2009-07-14 07:45 - 00009904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-22 01:50 - 2014-05-24 23:51 - 00000966 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1316964719-1054508931-2917003293-1000Core.job
2015-09-21 22:37 - 2014-05-19 14:06 - 00411978 _____ C:\Windows\PFRO.log
2015-09-21 21:17 - 2014-05-19 13:47 - 00000000 ____D C:\Users\hp
2015-09-21 21:13 - 2014-06-04 01:25 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-09-19 02:29 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\NDF
2015-09-15 01:45 - 2014-05-24 23:51 - 00003982 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1316964719-1054508931-2917003293-1000UA
2015-09-15 01:45 - 2014-05-24 23:51 - 00003586 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1316964719-1054508931-2917003293-1000Core
2015-09-12 21:59 - 2014-05-19 14:16 - 00000000 ____D C:\Program Files (x86)\Java
2015-09-12 21:51 - 2014-05-19 14:16 - 00274016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-09-12 21:51 - 2014-05-19 14:16 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-09-07 16:49 - 2009-07-14 07:45 - 00409848 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-26 04:33 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\registration
 
==================== Files in the root of some directories =======
 
2015-09-23 00:34 - 2015-09-23 00:34 - 0000188 _____ () C:\ProgramData\HPWALog.txt
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-12 22:47
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by hp (2015-09-23 00:55:08)
Running from C:\Users\hp\Desktop\Yeni klasör
Windows 7 Home Basic Service Pack 1 (X64) (2014-05-19 10:47:22)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1316964719-1054508931-2917003293-500 - Administrator - Disabled)
Guest (S-1-5-21-1316964719-1054508931-2917003293-501 - Limited - Disabled)
hp (S-1-5-21-1316964719-1054508931-2917003293-1000 - Administrator - Enabled) => C:\Users\hp
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET NOD32 Antivirus 8.0 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI - Turkish (HKLM-x32\...\{AC76BA86-7AD7-1055-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.35 - Broadcom Corporation)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
ESET NOD32 Antivirus (HKLM\...\{939E69D9-BD90-4A66-A6F5-64D0A6551876}) (Version: 8.0.319.1 - ESET, spol s r. o.)
Google Chrome (HKU\S-1-5-21-1316964719-1054508931-2917003293-1000\...\Google Chrome) (Version: 45.0.2454.99 - Google Inc.)
HP Wireless Assistant (HKLM-x32\...\{F9A43C0C-F274-4EC0-B02E-202C15C09C00}) (Version: 3.50.12.1 - Hewlett-Packard)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Genişletilmiş TRK Dil Paketi (HKLM\...\Microsoft .NET Framework 4 Extended TRK Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 İstemci Profili TRK Dil Paketi (HKLM\...\Microsoft .NET Framework 4 Client Profile TRK Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Motorola SM56 Data Fax Modem (HKLM\...\SMSERIAL) (Version: 6.12.25.04 - Motorola Inc)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.4 - Notepad++ Team)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
Python 2.7.7 (HKLM-x32\...\{049CA433-77A0-4e48-AC76-180A282C4E10}) (Version: 2.7.7150 - Python Software Foundation)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
TURKCELL T40 Telefon USB Sürücüsü (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2088.1.A02B06 - )
UltraISO Premium V9.65 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1316964719-1054508931-2917003293-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\hp\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1316964719-1054508931-2917003293-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\hp\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
 
==================== Restore Points =========================
 
05-09-2015 20:51:55 Zamanlanan Denetim Noktası
12-09-2015 22:54:16 Zamanlanan Denetim Noktası
21-09-2015 00:26:02 avast! antivirus system restore point
23-09-2015 00:19:55 Restore Point Created by FRST
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 05:34 - 2014-05-19 18:06 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {354762CE-C3FB-45A2-9985-696CFAA1E465} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1316964719-1054508931-2917003293-1000UA => C:\Users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {6BD4D315-C55B-4762-8193-37D20DD5DE96} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1316964719-1054508931-2917003293-1000Core => C:\Users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {7703E476-035B-40E8-9161-8891A4489148} - System32\Tasks\{3C1B5B35-0DB1-4E42-A828-97822845ED60} => pcalua.exe -a E:\Install.exe -d E:\
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1316964719-1054508931-2917003293-1000Core.job => C:\Users\hp\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1316964719-1054508931-2917003293-1000UA.job => C:\Users\hp\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2009-07-01 15:44 - 2009-07-01 15:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2015-09-22 21:50 - 2015-09-19 01:13 - 01501512 _____ () C:\Users\hp\AppData\Local\Google\Chrome\Application\45.0.2454.99\libglesv2.dll
2015-09-22 21:50 - 2015-09-19 01:13 - 00081224 _____ () C:\Users\hp\AppData\Local\Google\Chrome\Application\45.0.2454.99\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1316964719-1054508931-2917003293-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{D6873D50-29D3-4D1D-8455-44CA07CDD001}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B5BE05F0-EAA4-4D97-9411-63255CF5EC7F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3420C27F-3806-4613-A841-132D81354326}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tünel Bağdaştırıcısı
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/23/2015 12:19:55 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Birim Gölge Kopya Hizmeti hatası: IVssWriterCallback arabirimi sorgulanırken hata oluştu.  hr = 0x80070005, Erişim engellendi.
.
Bu duruma genellikle yazan veya istekte bulunan işlemdeki yanlış güvenlik ayarları neden olur.
 
 
İşlem:
   Yazıcı Verileri Toplanıyor
 
Bağlam:
   Yazıcı Sınıf Kimliği: {e8132975-6f93-4464-a53e-1050253ae220}
   Yazıcı Adı: System Writer
   Yazıcı Örnek Kimliği: {7cf261c8-8aaa-4207-9aba-f20c3e576e5f}
 
Error: (09/23/2015 12:08:57 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1" için etkinleştirme bağlamı oluşturulamadı."C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" bildirim veya ilke dosyası C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. satırında hata.
Uygulama için gereken bir bileşen sürümü zaten etkin olan başka bir bileşen sürümüyle çakışıyor.
Çakışan bileşenler:.
Bileşen 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Bileşen 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (09/23/2015 12:08:57 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1" için etkinleştirme bağlamı oluşturulamadı."C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" bildirim veya ilke dosyası C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. satırında hata.
Uygulama için gereken bir bileşen sürümü zaten etkin olan başka bir bileşen sürümüyle çakışıyor.
Çakışan bileşenler:.
Bileşen 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Bileşen 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (09/21/2015 10:43:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Hatalı uygulama adı: jucheck.exe, sürüm: 2.8.60.27, zaman damgası: 0x55c116b1
Hatalı modül adı: jucheck.exe, sürüm: 2.8.60.27, zaman damgası: 0x55c116b1
Özel durum kodu: 0x40000015
Hata uzaklığı 0x00052d24
Hatalı işlem kimliği: 0x918
Uygulama başlangıç zamanı: 0xjucheck.exe0
Hatalı uygulama yolu: jucheck.exe1
Hatalı modül yolu: jucheck.exe2
Rapor kimliği: jucheck.exe3
 
Error: (09/21/2015 03:06:05 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1" için etkinleştirme bağlamı oluşturulamadı."C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" bildirim veya ilke dosyası C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. satırında hata.
Uygulama için gereken bir bileşen sürümü zaten etkin olan başka bir bileşen sürümüyle çakışıyor.
Çakışan bileşenler:.
Bileşen 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Bileşen 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (09/21/2015 12:48:18 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1" için etkinleştirme bağlamı oluşturulamadı."C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" bildirim veya ilke dosyası C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. satırında hata.
Uygulama için gereken bir bileşen sürümü zaten etkin olan başka bir bileşen sürümüyle çakışıyor.
Çakışan bileşenler:.
Bileşen 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Bileşen 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (09/20/2015 11:30:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Hatalı uygulama adı: chrome.exe, sürüm: 45.0.2454.93, zaman damgası: 0x55f350f6
Hatalı modül adı: chrome.dll, sürüm: 45.0.2454.93, zaman damgası: 0x55f34b39
Özel durum kodu: 0x4000001f
Hata uzaklığı 0x00029f99
Hatalı işlem kimliği: 0xd90
Uygulama başlangıç zamanı: 0xchrome.exe0
Hatalı uygulama yolu: chrome.exe1
Hatalı modül yolu: chrome.exe2
Rapor kimliği: chrome.exe3
 
Error: (09/19/2015 09:18:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Üçüncü taraf kök sertifikasının otomatik güncelleştirme yapılarak alınamadığı konum: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/07E032E020B72C3F192F0628A2593A19A70F069E.crt> hata: Belirtilen sunucu istenen işlemi yürütemez.
.
 
Error: (09/19/2015 09:18:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Üçüncü taraf kök sertifikasının otomatik güncelleştirme yapılarak alınamadığı konum: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/07E032E020B72C3F192F0628A2593A19A70F069E.crt> hata: Belirtilen sunucu istenen işlemi yürütemez.
.
 
Error: (09/19/2015 09:18:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Üçüncü taraf kök sertifikasının otomatik güncelleştirme yapılarak alınamadığı konum: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/07E032E020B72C3F192F0628A2593A19A70F069E.crt> hata: Belirtilen sunucu istenen işlemi yürütemez.
.
 
 
System errors:
=============
Error: (09/23/2015 12:34:15 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Aşağıdaki önyükleme başlatma veya sistem başlatma sürücüsü (sürücüleri) yüklenemedi: 
johci
 
Error: (09/23/2015 12:28:26 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Hizmet Denetimi Yöneticisi, Windows Search hizmetinin beklenmedik şekilde sonlanmasından sonra, bir düzeltme eylemi (Hizmeti yeniden başlat) uygulamayı denedi, ancak bu eylem şu hatayla başarısız oldu: 
%%1056
 
Error: (09/23/2015 12:27:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Yazılım Koruması hizmeti beklenmedik şekilde sona erdi.  Bu durum 2 defa oluştu.  300000 milisaniye içinde şu düzeltme eylemi uygulanacak: Hizmeti yeniden başlat.
 
Error: (09/23/2015 12:27:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Yazdırma Biriktiricisi hizmeti beklenmedik şekilde sona erdi.  Bu durum 2 defa oluştu.  60000 milisaniye içinde şu düzeltme eylemi uygulanacak: Hizmeti yeniden başlat.
 
Error: (09/23/2015 12:27:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search hizmeti beklenmedik şekilde sona erdi.  Bu durum 2 defa oluştu.  30000 milisaniye içinde şu düzeltme eylemi uygulanacak: Hizmeti yeniden başlat.
 
Error: (09/23/2015 12:20:43 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Hizmet Denetimi Yöneticisi, Windows Search hizmetinin beklenmedik şekilde sonlanmasından sonra, bir düzeltme eylemi (Hizmeti yeniden başlat) uygulamayı denedi, ancak bu eylem şu hatayla başarısız oldu: 
%%1056
 
Error: (09/23/2015 12:20:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Yazılım Koruması hizmeti beklenmedik şekilde sona erdi.  Bu durum 1 defa oluştu.  120000 milisaniye içinde şu düzeltme eylemi uygulanacak: Hizmeti yeniden başlat.
 
Error: (09/23/2015 12:20:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Yazdırma Biriktiricisi hizmeti beklenmedik şekilde sona erdi.  Bu durum 1 defa oluştu.  60000 milisaniye içinde şu düzeltme eylemi uygulanacak: Hizmeti yeniden başlat.
 
Error: (09/23/2015 12:20:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search hizmeti beklenmedik şekilde sona erdi.  Bu durum 1 defa oluştu.  30000 milisaniye içinde şu düzeltme eylemi uygulanacak: Hizmeti yeniden başlat.
 
Error: (09/23/2015 12:20:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Skype Click to Call Updater hizmeti beklenmeyen bir şekilde sonlandırıldı. Bu durum 1 defa oluştu.
 
 
CodeIntegrity:
===================================
  Date: 2014-05-19 18:05:45.457
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-19 18:05:45.457
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T5750 @ 2.00GHz
Percentage of memory in use: 74%
Total physical RAM: 4094.43 MB
Available physical RAM: 1055.11 MB
Total Virtual: 8187.04 MB
Available Virtual: 4905.48 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:146.39 GB) (Free:108.79 GB) NTFS
Drive d: (Yeni Birim) (Fixed) (Total:151.6 GB) (Free:151.3 GB) NTFS
Drive e: (CEIntermediate) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: C5FCBD5F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=151.6 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Edited by banufix, 22 September 2015 - 05:00 PM.


#8 banufix

banufix
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 22 September 2015 - 05:19 PM

Hello Yilmaz

 

I will be out of town for eid ul-adha till next Monday.I will try to check my messages, but I can not connect the internet for these days . Please remain to open this topic.

 

Thanks.



#9 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 AM

Posted 22 September 2015 - 05:21 PM

Perform steps 2 and 3 now, please. You did not need a new FRST report.

 

Good night. Now is the time to sleep here.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 banufix

banufix
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 22 September 2015 - 06:06 PM

Here we go. Step 2 and 3 logs.

 

( After all that my problem is continuing as my chrome has just crushed and I had to restart my computer.)

 

 

Goodnight.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.3 (09.21.2015:1)
OS: Windows 7 Home Basic x64
Ran by hp on 23.09.2015 at  1:56:57,45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
 
[C:\Users\hp\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\hp\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\hp\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\hp\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.09.2015 at  2:03:22,27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
# AdwCleaner v5.008 - Logfile created 23/09/2015 at 01:53:00
# Updated 18/09/2015 by Xplode
# Database : 2015-09-22.3 [Server]
# Operating system : Windows 7 Home Basic Service Pack 1 (x64)
# Username : hp - HP-BILGISAYAR
# Running from : C:\Users\hp\Downloads\adwcleaner_5.008 (1).exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [630 bytes] ##########
 

Edited by banufix, 22 September 2015 - 06:41 PM.


#11 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 AM

Posted 23 September 2015 - 06:59 AM

After all that my problem is continuing as my chrome has just crushed and I had to restart my computer.

 

Understood banufix.

--------------------------------------

Instructions on how to backup your Favourites/Bookmarks.

For internet Explorer:

  • Open Internet Explorer, click on the “gear icon”  in the upper right part of your browser, then click again on Internet Options.
  • In the “Internet Options” dialog box, click on the “Advanced” tab, then click on the “Reset” button.
  • In the “Reset Internet Explorer settings” section, select the “Delete personal settings” check box, then click on “Reset” button.
  • When Internet Explorer has completed its task, click on the “Close” button in the confirmation dialogue box. You will now  need to close your browser, and then you can open Internet Explorer again.

---------------------------
Instructions on how to backup your Favourites/Bookmarks .

Chrome
Chrome - Reset browser settings

 

----------------------------------------------------------------------------------------------

 

===================================================

Complete Internet Repair

--------------------

  • Please download comintrep.zip and save it to your desktop
  • Double click the icon and select Run
  • Click Extract
  • Double click the Complete Internet Repair folder on your desktop
  • Double click the CIntRep.exe icon
  • Place a checkmark next to the following entries:

Reset Internet Protocol (TCP/IP)
Repair Winsock (Reset Catalog)
Renew Internet Connections
Flush DNS Resolver Cache

Repair Internet Explorer 6.0.2900
Clear Windows Update History
Repair Windows / Automatic Updates
Repair SSL / HTTPS / Cryptography
Reset Windows Firewall Configuration
Restore the default hosts file
Repair Workgroup Computers view

  • Click Go!
  • Ignore any error messages for now
  • Click OK to reboot your computer
  • Check your internet access

===================================================

 

Please be sure to run our tools with administrator rights.
 
ComboFix run:
 
* IMPORTANT : 1   Place ComboFix.exe on your Desktop
* IMPORTANT : 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.
 
Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 banufix

banufix
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 28 September 2015 - 01:23 PM

Hi,

 

Even though I didn't backup chrome bookmarks, after I reseted browser setting, bookmarks aren't disappear.Furthermore, my history didn't delete.Is that Ok?

Also I couldn't run combofix, so I dowloaded it  from different computer to a usb driver. It didn't work again.Eror opening file writing:  C:\ 32788R22FWJFW\023.dat I am waiting for the next step.

 

Sincerly,

 

Banu


Edited by banufix, 28 September 2015 - 01:41 PM.


#13 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 AM

Posted 28 September 2015 - 02:41 PM

Even though I didn't backup chrome bookmarks, after I reseted browser setting, bookmarks aren't disappear.Furthermore, my history didn't delete.Is that Ok?

Please backup your browser bookmarks

 

Please try to run Combofix in safe mode with networking.

 

Safe Mode with Networking :

  • Restart your computer.
  • After hearing your computer beep once during startup, but before the Windows icon appears, start pressing the F8 key.
  • In some systems, this may be the F5 key.
  • Instead of Windows loading as normal, a menu should appear.
  • Use the up arrow key to highlight Safe Mode with Networking and press 'Enter'.
  • Login on your usual account.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 banufix

banufix
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 28 September 2015 - 05:28 PM

I did it, but I am getting same error.However my chrome didn't crush yet, but I used the internet very short time. Maybe it was repaired, I will check tomorrow.



#15 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 AM

Posted 28 September 2015 - 05:39 PM

I did it, but I am getting same error.However my chrome didn't crush yet, but I used the internet very short time. Maybe it was repaired, I will check tomorrow.

Okay.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users