Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with farbar recovery tool log please.


  • This topic is locked This topic is locked
10 replies to this topic

#1 Uyuyanadam

Uyuyanadam

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 19 October 2017 - 06:15 AM

I'm not very good in English but I'll try my best.
So basically my problem is much like the one mentioned in this topic: https://www.bleepingcomputer.com/forums/t/448339/windows-failed-to-start-system-repair-cant-discover-problem/
I scanned the computer with farbar recovery scan tool. I've uploaded the log file below (FRST) from my flash disk.

This is the problem report I'm getting by the way: https://i.imgur.com/Bn1f5xl.jpg

Thank You.

And the log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-10-2017
Ran by SYSTEM on MININT-EFH1SJF (19-10-2017 09:25:57)
Running from h:\
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Türkçe (Türkiye)
Internet Explorer Version 9
Boot Mode: Recovery
Default: ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2015-02-03] (Microsoft Corporation)
GroupPolicy\User: Restriction <==== ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-30] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-30] (Dropbox, Inc.)
S4 DbxSvc; C:\Windows\system32\DbxSvc.exe [51016 2017-10-03] (Dropbox, Inc.)
S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
S4 MyPublicWiFiService; C:\Program Files (x86)\MyPublicWiFi\PublicWiFiService.exe [756224 2013-04-03] ()
S4 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
S4 SwOffScheduler; C:\Program Files\Airytec\Switch Off\swoff.exe [173056 2014-02-13] (Airytec)
S4 SwOffWeb; C:\Program Files\Airytec\Switch Off\swoff.exe [173056 2014-02-13] (Airytec)
S4 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [220840 2015-02-26] (Synaptics Incorporated)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2017-10-17] (Broadcom Corporation.)
S3 cpuz139; C:\Users\EMRE\AppData\Local\Temp\cpuz139\cpuz139_x64.sys [43312 2017-10-17] (CPUID) <==== ATTENTION
S3 cpuz140; C:\Users\EMRE\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [43840 2017-10-16] (CPUID) <==== ATTENTION
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-10-04] ()
S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2017-10-17] (Intel Corporation)
S3 INCA Web Cam; C:\Windows\System32\Drivers\SGCam3UVC.sys [2612824 2010-11-03] (SiGma Micro)
S2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [192952 2017-10-17] (Malwarebytes)
S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [45504 2017-10-17] (Malwarebytes)
S0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2017-10-17] ()
S1 ndiskhaz; C:\Windows\System32\DRIVERS\ndiskhaz.sys [30536 2012-12-07] (Khalil Azzouzi)
S0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S2 risdptsk; C:\Windows\System32\DRIVERS\risdsn64.sys [76288 2017-10-17] (REDC)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33448 2015-02-26] (Synaptics Incorporated)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-18 17:28 - 2017-10-19 09:25 - 000000000 ____D C:\FRST
2017-10-17 15:23 - 2017-10-17 15:23 - 000000000 ____D C:\ProgramData\ESET
2017-10-17 15:23 - 2017-10-17 15:23 - 000000000 ____D C:\Program Files\ESET
2017-10-17 14:41 - 2017-10-17 14:45 - 047704958 _____ C:\Users\EMRE\Downloads\confree-20091105115749.zip
2017-10-17 14:40 - 2017-10-17 14:40 - 001651911 _____ C:\Users\EMRE\Downloads\bios-20100225083938 (2).zip
2017-10-17 07:53 - 2017-10-18 11:26 - 000000000 ____D C:\Windows\rescache
2017-10-17 05:09 - 2017-10-17 05:10 - 000000000 ____D C:\Users\EMRE\Desktop\ıyghj
2017-10-17 04:58 - 2017-10-17 04:58 - 000000000 ____D C:\Users\EMRE\AppData\Roaming\Synaptics
2017-10-17 03:20 - 2017-10-18 11:26 - 000000000 ____D C:\Program Files (x86)\RemoteSound
2017-10-17 03:20 - 2017-10-17 03:20 - 000001047 _____ C:\Users\EMRE\Desktop\RemoteSound.lnk
2017-10-17 03:20 - 2017-10-17 03:20 - 000000000 ____D C:\Users\EMRE\AppData\Roaming\CrazySound
2017-10-17 03:18 - 2017-10-17 03:19 - 008590414 _____ C:\Users\EMRE\Downloads\RemoteSoundServerInstaller.zip
2017-10-17 03:01 - 2017-10-17 03:01 - 000000000 ____D C:\Program Files (x86)\Realtek
2017-10-17 03:01 - 2017-10-17 01:00 - 003508304 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll
2017-10-17 03:01 - 2017-10-17 01:00 - 001347272 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll
2017-10-17 03:01 - 2017-10-17 01:00 - 000343704 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtlCPAPI64.dll
2017-10-17 03:01 - 2017-10-17 01:00 - 000321712 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DAA64.dll
2017-10-17 03:01 - 2017-10-17 01:00 - 000320816 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DHT64.dll
2017-10-17 03:01 - 2017-10-17 01:00 - 000192976 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCfg64.dll
2017-10-17 03:01 - 2017-10-17 00:59 - 000532376 _____ (SRS Labs, Inc.) C:\Windows\System32\SRSTSX64.dll
2017-10-17 03:01 - 2017-10-17 00:59 - 000221960 _____ (SRS Labs, Inc.) C:\Windows\System32\SRSTSH64.dll
2017-10-17 03:01 - 2017-10-17 00:59 - 000209528 _____ (SRS Labs, Inc.) C:\Windows\System32\SRSHP64.dll
2017-10-17 03:01 - 2017-10-17 00:59 - 000166200 _____ (SRS Labs, Inc.) C:\Windows\System32\SRSWOW64.dll
2017-10-17 03:01 - 2017-10-17 00:43 - 003205120 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll
2017-10-17 03:01 - 2017-10-17 00:38 - 003677152 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl
2017-10-17 03:01 - 2017-10-17 00:36 - 005995944 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
2017-10-17 03:01 - 2009-06-24 10:43 - 000831488 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2017-10-17 03:01 - 2008-02-04 20:00 - 000000176 _____ C:\Windows\System32\Drivers\RTHDAEQ1.dat
2017-10-17 03:01 - 2008-02-04 20:00 - 000000176 _____ C:\Windows\System32\Drivers\RTHDAEQ0.dat
2017-10-17 03:01 - 2008-01-18 17:45 - 000000852 _____ C:\Windows\System32\Drivers\RTKHDRC1.dat
2017-10-17 03:01 - 2008-01-18 17:45 - 000000852 _____ C:\Windows\System32\Drivers\RTKHDRC0.dat
2017-10-17 03:01 - 2008-01-18 17:45 - 000000520 _____ C:\Windows\System32\Drivers\RTEQEX1.dat
2017-10-17 03:01 - 2008-01-18 17:45 - 000000520 _____ C:\Windows\System32\Drivers\RTEQEX0.dat
2017-10-17 02:58 - 2017-10-17 03:00 - 072455056 _____ C:\Users\EMRE\Downloads\sound-20091105115622 (1).zip
2017-10-17 02:57 - 2017-10-17 02:58 - 001651911 _____ C:\Users\EMRE\Downloads\bios-20100225083938 (1).zip
2017-10-17 01:54 - 2017-10-17 01:54 - 000000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2017-10-17 01:51 - 2017-10-17 01:51 - 000252232 _____ C:\Windows\System32\Drivers\mbamswissarmy.sys
2017-10-17 01:44 - 2017-10-17 01:44 - 000763520 _____ (ESET) C:\Users\Administrator\Desktop\esetuninstaller.exe
2017-10-17 01:44 - 2017-10-17 01:44 - 000002761 _____ C:\NetworkSettings.txt
2017-10-17 01:39 - 2017-10-17 01:39 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\ATI
2017-10-17 01:39 - 2017-10-17 01:39 - 000000000 ____D C:\Users\Administrator\AppData\Local\ATI
2017-10-17 01:31 - 2017-10-17 01:31 - 000000000 ____D C:\Users\EMRE\AppData\Roaming\ATI
2017-10-17 01:31 - 2017-10-17 01:31 - 000000000 ____D C:\Users\EMRE\AppData\Local\ATI
2017-10-17 01:31 - 2017-10-17 01:31 - 000000000 ____D C:\ProgramData\ATI
2017-10-17 01:29 - 2017-10-17 01:30 - 000000000 ____D C:\Program Files\ATI Technologies
2017-10-17 01:29 - 2017-10-17 01:29 - 000000000 ____D C:\Program Files\ATI
2017-10-17 01:29 - 2017-10-17 01:29 - 000000000 ____D C:\Program Files (x86)\ATI Technologies
2017-10-17 01:27 - 2009-07-07 08:51 - 000009216 _____ (TOSHIBA Corporation) C:\Windows\System32\Drivers\FwLnk.sys
2017-10-17 01:27 - 2006-03-23 13:44 - 000009728 _____ (TOSHIBA Corp.) C:\Windows\SysWOW64\TCMSVR.dll
2017-10-17 01:27 - 2005-04-15 19:58 - 001351392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMCTL32.OCX
2017-10-17 01:27 - 2004-03-09 15:00 - 000152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Comdlg32.ocx
2017-10-17 01:25 - 2017-10-17 01:25 - 000000000 ____H C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
2017-10-17 01:25 - 2017-10-17 01:25 - 000000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2017-10-17 01:25 - 2017-10-17 01:25 - 000000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2017-10-17 01:25 - 2012-07-26 06:55 - 000785512 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2017-10-17 01:25 - 2012-07-26 06:55 - 000054376 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2017-10-17 01:25 - 2012-07-26 04:36 - 000009728 _____ (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2017-10-17 01:25 - 2012-06-02 16:35 - 000000003 _____ C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2017-10-17 01:23 - 2017-10-17 01:23 - 000076288 _____ (REDC) C:\Windows\System32\Drivers\risdsn64.sys
2017-10-17 01:22 - 2017-10-17 01:22 - 000653296 _____ (Intel Corporation) C:\Windows\System32\Drivers\iaStorA.sys
2017-10-17 01:22 - 2017-10-17 01:22 - 000028656 _____ (Intel Corporation) C:\Windows\System32\Drivers\iaStorF.sys
2017-10-17 01:20 - 2017-10-18 11:26 - 000000000 ____D C:\Windows\System32\DAX3
2017-10-17 01:20 - 2017-10-18 11:26 - 000000000 ____D C:\Windows\System32\DAX2
2017-10-17 01:20 - 2017-10-18 11:26 - 000000000 ____D C:\ProgramData\Audyssey Labs
2017-10-17 01:20 - 2017-10-17 01:20 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2017-10-17 01:18 - 2017-10-17 01:18 - 002992176 _____ (Audyssey Labs) C:\Windows\System32\AudysseyEfx.dll
2017-10-17 01:18 - 2017-10-17 01:18 - 001544248 _____ (Dolby Laboratories) C:\Windows\System32\DAX3APOProp.dll
2017-10-17 01:18 - 2017-10-17 01:18 - 001372384 _____ (Dolby Laboratories) C:\Windows\System32\DAX3APOv251.dll
2017-10-17 01:18 - 2017-10-17 01:18 - 001258832 _____ (Dolby Laboratories) C:\Windows\System32\DolbyDAX2APOvlldp.dll
2017-10-17 01:18 - 2017-10-17 01:18 - 000416496 _____ (Harman) C:\Windows\System32\HMUI.dll
2017-10-17 01:18 - 2017-10-17 01:18 - 000406448 _____ (Dolby Laboratories) C:\Windows\System32\HiFiDAX2APIPCLL.dll
2017-10-17 01:18 - 2017-10-17 01:18 - 000366112 _____ (Windows ® Win 7 DDK provider) C:\Windows\System32\HMAPO.dll
2017-10-17 01:18 - 2017-10-17 01:18 - 000360336 _____ (Harman) C:\Windows\System32\HMClariFi.dll
2017-10-17 01:18 - 2017-10-17 01:18 - 000203832 _____ (Harman) C:\Windows\System32\HMHVS.dll
2017-10-17 01:18 - 2017-10-17 01:18 - 000190928 _____ (Harman) C:\Windows\System32\HMEQ_Voice.dll
2017-10-17 01:18 - 2017-10-17 01:18 - 000190928 _____ (Harman) C:\Windows\System32\HMEQ.dll
2017-10-17 01:18 - 2017-10-17 01:18 - 000179592 _____ (Harman) C:\Windows\System32\HMLimiter.dll
2017-10-17 01:18 - 2017-10-17 01:18 - 000154360 _____ (Harman) C:\Windows\System32\HarmanAudioInterface.dll
2017-10-17 01:17 - 2017-10-17 01:17 - 015211616 _____ (Yamaha Corporation) C:\Windows\System32\YamahaAE3.dll
2017-10-17 01:17 - 2017-10-17 01:17 - 006264632 _____ (Dolby Laboratories) C:\Windows\System32\DDPP64AF3.dll
2017-10-17 01:17 - 2017-10-17 01:17 - 005346992 _____ (Dolby Laboratories) C:\Windows\System32\DolbyDAX2APOv211.dll
2017-10-17 01:17 - 2017-10-17 01:17 - 003299816 _____ (Yamaha Corporation) C:\Windows\System32\YamahaAE2.dll
2017-10-17 01:17 - 2017-10-17 01:17 - 003135232 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2017-10-17 01:17 - 2017-10-17 01:17 - 002443792 _____ (Dolby Laboratories) C:\Windows\System32\DolbyDAX2APOv201.dll
2017-10-17 01:17 - 2017-10-17 01:17 - 002190976 _____ (Yamaha Corporation) C:\Windows\System32\YamahaAE.dll
2017-10-17 01:17 - 2017-10-17 01:17 - 001959592 _____ (Dolby Laboratories) C:\Windows\System32\DDPD64AF3.dll
2017-10-17 01:17 - 2017-10-17 01:17 - 001435136 _____ (Synopsys, Inc.) C:\Windows\System32\SRRPTR64.dll
2017-10-17 01:17 - 2017-10-17 01:17 - 001159176 _____ (Dolby Laboratories) C:\Windows\System32\DolbyDAX2APOProp.dll
2017-10-17 01:17 - 2017-10-17 01:17 - 001016920 _____ (Sound Research, Corp.) C:\Windows\System32\SEHDHF64.dll
2017-10-17 01:17 - 2017-10-17 01:17 - 000877424 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDHF32.dll
2017-10-17 01:17 - 2017-10-17 01:17 - 000868176 _____ (Sound Research, Corp.) C:\Windows\System32\SECOMN64.dll
2017-10-17 01:17 - 2017-10-17 01:17 - 000866640 _____ (Sound Research, Corp.) C:\Windows\System32\SEHDRA64.dll
2017-10-17 01:17 - 2017-10-17 01:17 - 000737960 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.dll
2017-10-17 01:17 - 2017-10-17 01:17 - 000680544 _____ (ICEpower a/s) C:\Windows\System32\ICEsoundAPO64.dll
2017-10-17 01:17 - 2017-10-17 01:17 - 000603904 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\System32\tossaemaxapo64.dll
2017-10-17 01:17 - 2017-10-17 01:17 - 000526280 _____ (Sound Research, Corp.) C:\Windows\System32\SEAPO64.dll
2017-10-17 01:17 - 2017-10-17 01:17 - 000467152 _____ (Synopsys, Inc.) C:\Windows\System32\SRAPO64.dll
2017-10-17 01:17 - 2017-10-17 01:17 - 000381400 _____ (Synopsys, Inc.) C:\Windows\System32\SRCOM64.dll
2017-10-17 01:17 - 2017-10-17 01:17 - 000377488 _____ (Dolby Laboratories) C:\Windows\System32\HiFiDAX2API.dll
2017-10-17 01:17 - 2017-10-17 01:17 - 000362048 _____ (Dolby Laboratories) C:\Windows\System32\DDPO64AF3.dll
2017-10-17 01:17 - 2017-10-17 01:17 - 000341144 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2017-10-17 01:17 - 2017-10-17 01:17 - 000341144 _____ (Synopsys, Inc.) C:\Windows\System32\SRCOM.dll
2017-10-17 01:17 - 2017-10-17 01:17 - 000310416 _____ (Dolby Laboratories) C:\Windows\System32\DDPA64F3.dll
2017-10-17 01:16 - 2017-10-17 01:17 - 007096184 _____ (Dolby Laboratories) C:\Windows\System32\DDPP64A.dll
2017-10-17 01:16 - 2017-10-17 01:16 - 001965808 _____ (Dolby Laboratories) C:\Windows\System32\DDPD64A.dll
2017-10-17 01:16 - 2017-10-17 01:16 - 001336744 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\System32\tossaeapo64.dll
2017-10-17 01:16 - 2017-10-17 01:16 - 000852128 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\System32\tosasfapo64.dll
2017-10-17 01:16 - 2017-10-17 01:16 - 000691672 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtDataProc64.dll
2017-10-17 01:16 - 2017-10-17 01:16 - 000446280 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\System32\toseaeapo64.dll
2017-10-17 01:16 - 2017-10-17 01:16 - 000326560 _____ (Dolby Laboratories) C:\Windows\System32\DDPO64A.dll
2017-10-17 01:16 - 2017-10-17 01:16 - 000272712 _____ (Dolby Laboratories) C:\Windows\System32\DDPA64.dll
2017-10-17 01:16 - 2017-10-17 01:16 - 000122312 _____ (Real Sound Lab SIA) C:\Windows\System32\CONEQMSAPOGUILibrary.dll
2017-10-17 01:16 - 2017-10-17 01:16 - 000118584 _____ C:\Windows\System32\AcpiServiceVnA64.dll
2017-10-17 01:16 - 2017-10-17 01:16 - 000105304 _____ C:\Windows\System32\audioLibVc.dll
2017-10-17 01:14 - 2017-10-17 01:15 - 003121760 _____ (DTS, Inc.) C:\Windows\System32\sltech64.dll
2017-10-17 01:13 - 2017-10-17 01:14 - 003410832 _____ (DTS, Inc.) C:\Windows\System32\slcnt64.dll
2017-10-17 01:13 - 2017-10-17 01:13 - 000984904 _____ (DTS, Inc.) C:\Windows\System32\sl3apo64.dll
2017-10-17 01:13 - 2017-10-17 01:13 - 000257968 _____ (TODO: <Company name>) C:\Windows\System32\slprp64.dll
2017-10-17 01:10 - 2017-10-17 01:13 - 011954497 _____ C:\Windows\System32\Drivers\RTAIODAT.DAT
2017-10-17 01:10 - 2017-10-17 01:10 - 001382224 _____ (TOSHIBA Corporation) C:\Windows\System32\tosade.dll
2017-10-17 01:10 - 2017-10-17 01:10 - 000873456 _____ (TOSHIBA Corporation) C:\Windows\System32\tadefxapo264.dll
2017-10-17 01:10 - 2017-10-17 01:10 - 000158688 _____ (TOSHIBA Corporation) C:\Windows\System32\tadefxapo.dll
2017-10-17 01:10 - 2017-10-17 01:10 - 000075528 _____ (TOSHIBA CORPORATION.) C:\Windows\System32\tepeqapo64.dll
2017-10-17 01:05 - 2017-10-17 01:05 - 000134192 _____ (Dolby Laboratories) C:\Windows\System32\R4EEA64A.dll
2017-10-17 01:03 - 2017-10-17 01:05 - 007172904 _____ (Dolby Laboratories) C:\Windows\System32\R4EEP64A.dll
2017-10-17 01:03 - 2017-10-17 01:03 - 000965016 _____ (Sony Corporation) C:\Windows\System32\SFSS_APO.dll
2017-10-17 01:03 - 2017-10-17 01:03 - 000727432 _____ (DTS) C:\Windows\System32\DTSSymmetryDLL64.dll
2017-10-17 01:03 - 2017-10-17 01:03 - 000447712 _____ (Dolby Laboratories) C:\Windows\System32\R4EED64A.dll
2017-10-17 01:03 - 2017-10-17 01:03 - 000445392 _____ (DTS) C:\Windows\System32\DTSLimiterDLL64.dll
2017-10-17 01:03 - 2017-10-17 01:03 - 000440368 _____ (DTS) C:\Windows\System32\DTSGainCompensatorDLL64.dll
2017-10-17 01:03 - 2017-10-17 01:03 - 000151784 _____ (Dolby Laboratories) C:\Windows\System32\R4EEL64A.dll
2017-10-17 01:03 - 2017-10-17 01:03 - 000084608 _____ (Dolby Laboratories) C:\Windows\System32\R4EEG64A.dll
2017-10-17 01:02 - 2017-10-17 01:03 - 001508928 _____ (DTS) C:\Windows\System32\DTSBoostDLL64.dll
2017-10-17 01:02 - 2017-10-17 01:02 - 001591056 _____ (DTS) C:\Windows\System32\DTSS2HeadphoneDLL64.dll
2017-10-17 01:02 - 2017-10-17 01:02 - 000743960 _____ (DTS) C:\Windows\System32\DTSBassEnhancementDLL64.dll
2017-10-17 01:01 - 2017-10-17 01:02 - 001780616 _____ (DTS) C:\Windows\System32\DTSS2SpeakerDLL64.dll
2017-10-17 01:01 - 2017-10-17 01:01 - 000708304 _____ (DTS) C:\Windows\System32\DTSVoiceClarityDLL64.dll
2017-10-17 01:01 - 2017-10-17 01:01 - 000504296 _____ (DTS) C:\Windows\System32\DTSNeoPCDLL64.dll
2017-10-17 01:01 - 2017-10-17 01:01 - 000386416 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEP64A.dll
2017-10-17 01:01 - 2017-10-17 01:01 - 000253888 _____ (DTS) C:\Windows\System32\DTSGFXAPO64.dll
2017-10-17 01:01 - 2017-10-17 01:01 - 000253856 _____ (DTS) C:\Windows\System32\DTSLFXAPO64.dll
2017-10-17 01:01 - 2017-10-17 01:01 - 000252872 _____ (DTS) C:\Windows\System32\DTSGFXAPONS64.dll
2017-10-17 01:01 - 2017-10-17 01:01 - 000231912 _____ (Synopsys, Inc.) C:\Windows\System32\SFNHK64.dll
2017-10-17 01:01 - 2017-10-17 01:01 - 000213936 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RTEED64A.dll
2017-10-17 01:01 - 2017-10-17 01:01 - 000110976 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEL64A.dll
2017-10-17 01:01 - 2017-10-17 01:01 - 000088344 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEG64A.dll
2017-10-17 01:01 - 2017-10-17 01:01 - 000083616 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2017-10-17 01:00 - 2017-10-17 01:01 - 000090912 _____ (Synopsys, Inc.) C:\Windows\System32\SFCOM64.dll
2017-10-17 01:00 - 2017-10-17 01:00 - 000088312 _____ (Synopsys, Inc.) C:\Windows\System32\SFAPO64.dll
2017-10-17 00:44 - 2017-10-17 00:59 - 072520704 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RCoRes64.dat
2017-10-17 00:44 - 2017-10-17 00:44 - 002923488 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll
2017-10-17 00:43 - 2017-10-17 00:44 - 000022800 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCoLDR64.dll
2017-10-17 00:42 - 2017-10-17 00:43 - 003561408 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RltkAPO64.dll
2017-10-17 00:34 - 2017-10-17 00:35 - 005804772 _____ C:\Windows\System32\Drivers\rtvienna.dat
2017-10-17 00:33 - 2017-10-17 00:33 - 002750464 _____ (Intel Corporation) C:\Windows\System32\NETwNr64.dll
2017-10-17 00:32 - 2017-10-17 00:33 - 000799232 _____ (Intel Corporation) C:\Windows\System32\NETwNc64.dll
2017-10-17 00:31 - 2017-10-17 00:32 - 008616960 _____ (Intel Corporation) C:\Windows\System32\Drivers\NETwNs64.sys
2017-10-17 00:28 - 2017-10-17 00:28 - 001075688 _____ (Realtek ) C:\Windows\System32\Drivers\Rt64win7.sys
2017-10-17 00:28 - 2017-10-17 00:28 - 000122856 _____ (Realtek Semiconductor Corporation) C:\Windows\System32\RtNicProp64.dll
2017-10-17 00:27 - 2017-10-17 00:27 - 000600280 _____ (Broadcom Corporation.) C:\Windows\System32\Drivers\btwampfl.sys
2017-10-17 00:27 - 2017-10-17 00:27 - 000291760 _____ (TOSHIBA CORPORATION) C:\Windows\System32\Drivers\tosrfbd.sys
2017-10-17 00:27 - 2017-10-17 00:27 - 000172760 _____ (Broadcom Corporation.) C:\Windows\System32\Drivers\bcbtums.sys
2017-10-17 00:27 - 2017-10-17 00:27 - 000094528 _____ (TOSHIBA Corporation.) C:\Windows\System32\Drivers\Tosrfhid.sys
2017-10-17 00:20 - 2017-10-17 00:20 - 000053624 _____ (TOSHIBA Corporation) C:\Windows\System32\Drivers\tosrfec.sys
2017-10-17 00:11 - 2017-10-17 01:35 - 000000404 _____ C:\Windows\Tasks\Driver Easy Scheduled Scan.job
2017-10-17 00:11 - 2017-10-17 00:11 - 000003808 _____ C:\Windows\System32\Tasks\Driver Easy Scheduled Scan
2017-10-17 00:11 - 2017-10-17 00:11 - 000000967 _____ C:\Users\Public\Desktop\Driver Easy.lnk
2017-10-17 00:11 - 2017-10-17 00:11 - 000000000 ____D C:\Program Files\Easeware
2017-10-17 00:11 - 2016-07-22 10:48 - 000000000 ____D C:\Users\EMRE\Desktop\Patch
2017-10-16 23:56 - 2017-10-16 23:56 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Easeware
2017-10-16 23:49 - 2017-10-16 23:49 - 000000000 ____D C:\Users\EMRE\AppData\Roaming\Easeware
2017-10-16 23:46 - 2017-10-16 23:47 - 004029848 _____ (Easeware ) C:\Users\EMRE\Downloads\DriverEasy_Setup.exe
2017-10-16 15:28 - 2017-10-16 15:28 - 000000432 __RSH C:\Users\EMRE\ntuser.pol
2017-10-16 15:26 - 2017-10-16 15:26 - 000116848 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2017-10-16 15:26 - 2017-10-16 15:26 - 000000432 __RSH C:\Users\Administrator\ntuser.pol
2017-10-16 15:20 - 2017-10-17 00:11 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2017-10-16 15:20 - 2017-10-16 15:20 - 000000000 ____D C:\Windows\Profiles\Default
2017-10-16 15:19 - 2017-10-18 11:26 - 000000000 ____D C:\users\Administrator
2017-10-16 15:19 - 2017-10-16 15:19 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2017-10-16 15:19 - 2017-10-16 15:19 - 000000000 _SHDL C:\Users\Administrator\Documents\Videolarım
2017-10-16 15:19 - 2017-10-16 15:19 - 000000000 _SHDL C:\Users\Administrator\Documents\Resimlerim
2017-10-16 15:19 - 2017-10-16 15:19 - 000000000 _SHDL C:\Users\Administrator\Documents\Müziğim
2017-10-16 15:19 - 2017-10-16 15:19 - 000000000 _SHDL C:\Users\Administrator\Belgelerim
2017-10-16 15:19 - 2014-12-22 18:58 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2017-10-16 15:19 - 2010-11-21 14:45 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2017-10-16 08:56 - 2017-10-17 01:40 - 000192952 _____ (Malwarebytes) C:\Windows\System32\Drivers\MbamChameleon.sys
2017-10-16 08:55 - 2017-10-17 02:19 - 000045504 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2017-10-16 08:55 - 2017-10-16 08:55 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-10-16 08:55 - 2017-10-16 08:55 - 000000000 ____D C:\ProgramData\MB2Migration
2017-10-16 08:55 - 2017-10-16 08:55 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-16 08:55 - 2017-10-04 13:15 - 000077440 _____ C:\Windows\System32\Drivers\mbae64.sys
2017-10-16 06:50 - 2017-10-16 06:50 - 000000000 ____H C:\Users\EMRE\AppData\Local\BITC3DD.tmp
2017-10-16 06:43 - 2017-10-16 06:49 - 000000000 _____ C:\Users\EMRE\AppData\Local\{3104F3C0-7074-48DD-BE89-8872DDC4EA8E}
2017-10-16 03:50 - 2017-10-16 03:50 - 001232232 _____ (Opera Software) C:\Users\EMRE\Downloads\OperaSetup.exe
2017-10-16 03:34 - 2017-10-16 03:34 - 000221662 _____ C:\Users\EMRE\Downloads\MicrosoftProgram_Install_and_Uninstall.meta.diagcab
2017-10-16 03:27 - 2017-10-16 03:31 - 000000000 ___SD C:\ComboFix
2017-10-16 03:26 - 2017-10-16 03:30 - 000000000 ___SD C:\32788R22FWJFW
2017-10-16 02:40 - 2017-10-16 02:40 - 000000000 ____D C:\Users\EMRE\Downloads\bios-20100225083938
2017-10-16 02:32 - 2009-12-07 19:07 - 001727092 _____ (Igor Pavlov) C:\Users\EMRE\Desktop\PO10220.exe
2017-10-16 02:30 - 2017-10-16 02:32 - 072455056 _____ C:\Users\EMRE\Downloads\sound-20091105115622.zip
2017-10-16 02:29 - 2017-10-16 02:29 - 001651911 _____ C:\Users\EMRE\Downloads\bios-20100225083938.zip
2017-10-16 02:24 - 2017-10-16 02:24 - 000000000 ____D C:\Program Files\Synaptics
2017-10-16 02:24 - 2013-10-17 23:46 - 000422640 _____ (Synaptics Incorporated) C:\Windows\System32\SynTPCo19.dll
2017-10-16 02:24 - 2013-04-16 18:33 - 001795952 _____ (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01011.dll
2017-10-16 02:09 - 2017-10-16 02:11 - 123787854 _____ C:\Users\EMRE\Downloads\Synaptics_v17_0_19_C_XP32_Vista32_Win7-32_XP64_Vista64_Win7-64_Acme_Inc.zip
2017-10-16 01:28 - 2017-10-16 01:28 - 000002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-10-16 01:27 - 2017-10-16 01:27 - 007649280 _____ C:\Program Files (x86)\GUTD8A3.tmp
2017-10-16 01:27 - 2017-10-16 01:27 - 001130328 _____ (Google Inc.) C:\Users\EMRE\Downloads\ChromeSetup.exe
2017-10-16 01:27 - 2017-10-16 01:27 - 000000000 ____D C:\Program Files (x86)\GUMD892.tmp
2017-10-15 23:56 - 2011-06-26 08:45 - 000256000 _____ C:\Windows\PEV.exe
2017-10-15 23:56 - 2010-11-07 19:20 - 000208896 _____ C:\Windows\MBR.exe
2017-10-15 23:56 - 2009-04-20 06:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-10-15 23:56 - 2000-08-31 02:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-10-15 23:56 - 2000-08-31 02:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-10-15 23:56 - 2000-08-31 02:00 - 000098816 _____ C:\Windows\sed.exe
2017-10-15 23:56 - 2000-08-31 02:00 - 000080412 _____ C:\Windows\grep.exe
2017-10-15 23:56 - 2000-08-31 02:00 - 000068096 _____ C:\Windows\zip.exe
2017-10-15 23:02 - 2017-10-16 03:28 - 000000000 ____D C:\Qoobox
2017-10-15 23:02 - 2017-10-16 00:43 - 000000000 ____D C:\Windows\erdnt
2017-10-15 23:01 - 2017-10-15 23:02 - 005660147 ____R (Swearware) C:\Users\EMRE\Downloads\ComboFix.exe
2017-10-15 23:00 - 2017-10-16 03:53 - 000000422 _____ C:\Windows\Tasks\Opera scheduled Autoupdate 1443388614.job
2017-10-15 05:18 - 2017-10-15 05:18 - 000000000 ____D C:\Users\EMRE\AppData\Roaming\PC Remote
2017-10-15 05:17 - 2017-10-15 05:17 - 000000000 ____D C:\Program Files (x86)\PC Remote
2017-10-04 22:25 - 2017-10-04 22:25 - 000029944 _____ C:\Users\EMRE\Desktop\vhgvcgthjcvg.jpg_large
2017-10-03 12:21 - 2017-10-03 12:21 - 000051016 _____ (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
2017-10-03 12:21 - 2017-10-03 12:21 - 000045672 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-dev.sys
2017-10-03 12:21 - 2017-10-03 12:21 - 000045640 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-stable.sys
2017-10-03 12:21 - 2017-10-03 12:21 - 000045640 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-canary.sys
2017-10-01 19:39 - 2017-10-01 19:39 - 000842400 _____ C:\Users\EMRE\Downloads\Nazmi Emre Karakaya - CV.pdf
2017-09-30 00:03 - 2017-09-30 00:03 - 000000000 _____ C:\Users\EMRE\AppData\Local\{8E664B83-E65A-4081-8346-21161557E753}
2017-09-29 16:22 - 2017-09-29 16:22 - 000000000 ____D C:\Users\Public\Documents\CrashDump
2017-09-28 15:24 - 2015-02-03 05:34 - 000095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2017-09-28 15:24 - 2015-02-03 05:34 - 000094656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mountmgr.sys
2017-09-28 15:24 - 2015-02-03 05:31 - 002644992 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2017-09-28 15:24 - 2015-02-03 05:31 - 001574400 _____ (Microsoft Corporation) C:\Windows\System32\quartz.dll
2017-09-28 15:24 - 2015-02-03 05:31 - 000371712 _____ (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2017-09-28 15:24 - 2015-02-03 05:31 - 000341504 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2017-09-28 15:24 - 2015-02-03 05:31 - 000325632 _____ (Microsoft Corporation) C:\Windows\System32\msnetobj.dll
2017-09-28 15:24 - 2015-02-03 05:31 - 000314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2017-09-28 15:24 - 2015-02-03 05:31 - 000210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2017-09-28 15:24 - 2015-02-03 05:31 - 000188416 _____ (Microsoft Corporation) C:\Windows\System32\pcasvc.dll
2017-09-28 15:24 - 2015-02-03 05:31 - 000136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2017-09-28 15:24 - 2015-02-03 05:31 - 000086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2017-09-28 15:24 - 2015-02-03 05:31 - 000050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2017-09-28 15:24 - 2015-02-03 05:31 - 000037376 _____ (Microsoft Corporation) C:\Windows\System32\pcadm.dll
2017-09-28 15:24 - 2015-02-03 05:31 - 000029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2017-09-28 15:24 - 2015-02-03 05:31 - 000028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2017-09-28 15:24 - 2015-02-03 05:31 - 000009728 _____ (Microsoft Corporation) C:\Windows\System32\spwmp.dll
2017-09-28 15:24 - 2015-02-03 05:30 - 000631808 _____ (Microsoft Corporation) C:\Windows\System32\evr.dll
2017-09-28 15:24 - 2015-02-03 05:30 - 000497664 _____ (Microsoft Corporation) C:\Windows\System32\drmmgrtn.dll
2017-09-28 15:24 - 2015-02-03 05:30 - 000440832 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2017-09-28 15:24 - 2015-02-03 05:30 - 000296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2017-09-28 15:24 - 2015-02-03 05:30 - 000284672 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll
2017-09-28 15:24 - 2015-02-03 05:30 - 000187904 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2017-09-28 15:24 - 2015-02-03 05:30 - 000146944 _____ (Microsoft Corporation) C:\Windows\System32\appidpolicyconverter.exe
2017-09-28 15:24 - 2015-02-03 05:30 - 000140288 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2017-09-28 15:24 - 2015-02-03 05:30 - 000126464 _____ (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2017-09-28 15:24 - 2015-02-03 05:30 - 000082432 _____ (Microsoft Corporation) C:\Windows\System32\cryptsp.dll
2017-09-28 15:24 - 2015-02-03 05:30 - 000064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2017-09-28 15:24 - 2015-02-03 05:30 - 000058880 _____ (Microsoft Corporation) C:\Windows\System32\appidapi.dll
2017-09-28 15:24 - 2015-02-03 05:30 - 000032256 _____ (Microsoft Corporation) C:\Windows\System32\appidsvc.dll
2017-09-28 15:24 - 2015-02-03 05:30 - 000031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2017-09-28 15:24 - 2015-02-03 05:30 - 000022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2017-09-28 15:24 - 2015-02-03 05:30 - 000017920 _____ (Microsoft Corporation) C:\Windows\System32\appidcertstorecheck.exe
2017-09-28 15:24 - 2015-02-03 05:30 - 000011264 _____ (Microsoft Corporation) C:\Windows\System32\pcawrk.exe
2017-09-28 15:24 - 2015-02-03 05:30 - 000009728 _____ (Microsoft Corporation) C:\Windows\System32\pcalua.exe
2017-09-28 15:24 - 2015-02-03 05:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2017-09-28 15:24 - 2015-02-03 05:29 - 000008704 _____ (Microsoft Corporation) C:\Windows\System32\pcaevts.dll
2017-09-28 15:24 - 2015-02-03 05:28 - 000686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2017-09-28 15:24 - 2015-02-03 05:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2017-09-28 15:24 - 2015-02-03 05:28 - 000006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2017-09-28 15:24 - 2015-02-03 05:19 - 000663552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
2017-09-28 15:24 - 2015-02-03 05:12 - 002135040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2017-09-28 15:24 - 2015-02-03 05:12 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-09-28 15:24 - 2015-02-03 05:12 - 000519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2017-09-28 15:24 - 2015-02-03 05:12 - 000489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2017-09-28 15:24 - 2015-02-03 05:12 - 000374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2017-09-28 15:24 - 2015-02-03 05:12 - 000265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2017-09-28 15:24 - 2015-02-03 05:12 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-09-28 15:24 - 2015-02-03 05:12 - 000143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-09-28 15:24 - 2015-02-03 05:12 - 000103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-09-28 15:24 - 2015-02-03 05:12 - 000081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2017-09-28 15:24 - 2015-02-03 05:12 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-09-28 15:24 - 2015-02-03 05:12 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-09-28 15:24 - 2015-02-03 05:12 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-09-28 15:24 - 2015-02-03 05:12 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-09-28 15:24 - 2015-02-03 05:12 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2017-09-28 15:24 - 2015-02-03 05:11 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-09-28 15:24 - 2015-02-03 05:11 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-09-28 15:24 - 2015-02-03 05:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-09-28 15:24 - 2015-02-03 05:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-09-28 15:24 - 2015-02-03 05:08 - 000686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-09-28 15:24 - 2015-02-03 05:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-09-28 15:24 - 2015-02-03 04:32 - 000061440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
2017-09-28 15:24 - 2014-11-01 00:24 - 000619056 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
2017-09-28 15:24 - 2014-06-28 02:21 - 000532176 _____ (Microsoft Corporation) C:\Windows\System32\winresume.exe
2017-09-28 15:24 - 2014-06-28 02:21 - 000457400 _____ (Microsoft Corporation) C:\Windows\System32\ci.dll
2017-09-28 15:23 - 2015-02-03 05:34 - 005554104 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2017-09-28 15:23 - 2015-02-03 05:34 - 000693176 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2017-09-28 15:23 - 2015-02-03 05:34 - 000155064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2017-09-28 15:23 - 2015-02-03 05:33 - 000616360 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2017-09-28 15:23 - 2015-02-03 05:31 - 014632960 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2017-09-28 15:23 - 2015-02-03 05:31 - 004121600 _____ (Microsoft Corporation) C:\Windows\System32\mf.dll
2017-09-28 15:23 - 2015-02-03 05:31 - 001461760 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2017-09-28 15:23 - 2015-02-03 05:31 - 000782848 _____ (Microsoft Corporation) C:\Windows\System32\wmdrmsdk.dll
2017-09-28 15:23 - 2015-02-03 05:31 - 000728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2017-09-28 15:23 - 2015-02-03 05:31 - 000641024 _____ (Microsoft Corporation) C:\Windows\System32\msscp.dll
2017-09-28 15:23 - 2015-02-03 05:31 - 000503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2017-09-28 15:23 - 2015-02-03 05:31 - 000500224 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2017-09-28 15:23 - 2015-02-03 05:31 - 000432128 _____ (Microsoft Corporation) C:\Windows\System32\mfplat.dll
2017-09-28 15:23 - 2015-02-03 05:31 - 000309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2017-09-28 15:23 - 2015-02-03 05:31 - 000229376 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2017-09-28 15:23 - 2015-02-03 05:31 - 000206848 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2017-09-28 15:23 - 2015-02-03 05:31 - 000063488 _____ (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
2017-09-28 15:23 - 2015-02-03 05:31 - 000011264 _____ (Microsoft Corporation) C:\Windows\System32\msmmsp.dll
2017-09-28 15:23 - 2015-02-03 05:31 - 000005120 _____ (Microsoft Corporation) C:\Windows\System32\msdxm.ocx
2017-09-28 15:23 - 2015-02-03 05:31 - 000005120 _____ (Microsoft Corporation) C:\Windows\System32\dxmasf.dll
2017-09-28 15:23 - 2015-02-03 05:30 - 012625920 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2017-09-28 15:23 - 2015-02-03 05:30 - 001480192 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2017-09-28 15:23 - 2015-02-03 05:30 - 001202176 _____ (Microsoft Corporation) C:\Windows\System32\drmv2clt.dll
2017-09-28 15:23 - 2015-02-03 05:30 - 001069056 _____ (Microsoft Corporation) C:\Windows\System32\cryptui.dll
2017-09-28 15:23 - 2015-02-03 05:30 - 000842240 _____ (Microsoft Corporation) C:\Windows\System32\blackbox.dll
2017-09-28 15:23 - 2015-02-03 05:30 - 000680960 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2017-09-28 15:23 - 2015-02-03 05:30 - 000296448 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2017-09-28 15:23 - 2015-02-03 05:30 - 000112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2017-09-28 15:23 - 2015-02-03 05:30 - 000055808 _____ (Microsoft Corporation) C:\Windows\System32\rrinstaller.exe
2017-09-28 15:23 - 2015-02-03 05:30 - 000043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2017-09-28 15:23 - 2015-02-03 05:30 - 000024576 _____ (Microsoft Corporation) C:\Windows\System32\mfpmp.exe
2017-09-28 15:23 - 2015-02-03 05:28 - 000002048 _____ (Microsoft Corporation) C:\Windows\System32\mferror.dll
2017-09-28 15:23 - 2015-02-03 05:16 - 003973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-09-28 15:23 - 2015-02-03 05:16 - 003917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-09-28 15:23 - 2015-02-03 05:12 - 011411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-09-28 15:23 - 2015-02-03 05:12 - 003209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2017-09-28 15:23 - 2015-02-03 05:12 - 001174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-09-28 15:23 - 2015-02-03 05:12 - 001005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2017-09-28 15:23 - 2015-02-03 05:12 - 000988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2017-09-28 15:23 - 2015-02-03 05:12 - 000744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2017-09-28 15:23 - 2015-02-03 05:12 - 000617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2017-09-28 15:23 - 2015-02-03 05:12 - 000550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-09-28 15:23 - 2015-02-03 05:12 - 000504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2017-09-28 15:23 - 2015-02-03 05:12 - 000442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2017-09-28 15:23 - 2015-02-03 05:12 - 000406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2017-09-28 15:23 - 2015-02-03 05:12 - 000354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2017-09-28 15:23 - 2015-02-03 05:12 - 000259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-09-28 15:23 - 2015-02-03 05:12 - 000248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-09-28 15:23 - 2015-02-03 05:12 - 000221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-09-28 15:23 - 2015-02-03 05:12 - 000195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-09-28 15:23 - 2015-02-03 05:12 - 000179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-09-28 15:23 - 2015-02-03 05:12 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2017-09-28 15:23 - 2015-02-03 05:12 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-09-28 15:23 - 2015-02-03 05:12 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2017-09-28 15:23 - 2015-02-03 05:12 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2017-09-28 15:23 - 2015-02-03 05:11 - 012625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2017-09-28 15:23 - 2015-02-03 05:11 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2017-09-28 15:23 - 2015-02-03 05:11 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2017-09-28 15:23 - 2015-02-03 05:09 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2017-09-28 15:23 - 2015-01-31 01:56 - 000459336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2017-09-28 15:10 - 2017-09-28 15:10 - 000000000 ____D C:\ProgramData\Connectify
2017-09-28 14:33 - 2017-09-28 14:33 - 000000987 _____ C:\Users\Public\Desktop\MyPublicWiFi.lnk
2017-09-28 14:33 - 2012-12-07 10:28 - 000030536 _____ (Khalil Azzouzi) C:\Windows\System32\Drivers\ndiskhaz.sys
2017-09-26 00:37 - 2017-09-26 00:37 - 000045038 _____ C:\Users\EMRE\Downloads\670152-Christine-2016-1CD-23.976fps-EN-43kB-TurkceAltyazi-org.rar
2017-09-25 23:42 - 2017-09-25 23:42 - 000113491 _____ C:\Users\EMRE\Downloads\40798E0DC4956AA015D486983430D1D11D0CE8EB.torrent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-18 11:26 - 2012-07-30 18:09 - 000000000 ____D C:\Users\EMRE\AppData\Roaming\Winamp
2017-10-18 11:26 - 2012-07-30 18:06 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2017-10-18 11:26 - 2012-07-30 16:24 - 000000000 ____D C:\users\EMRE
2017-10-18 11:26 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2017-10-18 11:26 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\AppCompat
2017-10-18 11:25 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\registration
2017-10-18 11:24 - 2012-07-31 11:51 - 000000000 ____D C:\Users\EMRE\AppData\Local\Toshiba
2017-10-18 11:24 - 2012-07-31 11:12 - 000000000 ____D C:\Program Files\Toshiba
2017-10-18 11:24 - 2012-07-30 18:20 - 000000000 ____D C:\Users\EMRE\AppData\Local\Adobe
2017-10-18 11:24 - 2009-07-14 05:20 - 000000000 ___HD C:\Windows\System32\GroupPolicy
2017-10-18 11:24 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\security
2017-10-18 11:23 - 2016-01-30 01:08 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-10-18 11:23 - 2012-07-31 11:10 - 000000000 ____D C:\Program Files (x86)\Toshiba
2017-10-17 14:48 - 2012-07-31 11:51 - 000000000 ____D C:\ProgramData\TOSHIBA
2017-10-17 03:42 - 2012-07-30 18:06 - 000000000 ___HD C:\Program Files (x86)\Temp
2017-10-17 03:20 - 2010-11-21 14:35 - 009060928 _____ C:\Windows\System32\perfh01F.dat
2017-10-17 03:20 - 2010-11-21 14:35 - 003102754 _____ C:\Windows\System32\perfc01F.dat
2017-10-17 03:20 - 2009-07-14 07:13 - 000006440 _____ C:\Windows\System32\PerfStringBackup.INI
2017-10-17 03:19 - 2014-06-20 12:40 - 000000584 _____ C:\Windows\System32\Drivers\etc\hosts.ics
2017-10-17 03:15 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-10-17 03:15 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-17 03:07 - 2016-01-30 01:08 - 000000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-10-17 03:07 - 2012-08-09 22:05 - 000001016 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2017-10-17 03:07 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-17 03:01 - 2012-07-30 18:02 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-10-17 02:39 - 2016-07-13 21:39 - 000000000 ____D C:\Windows\pss
2017-10-17 02:33 - 2016-01-30 01:08 - 000000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-10-17 02:03 - 2012-09-03 10:03 - 000000814 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-10-17 01:54 - 2016-11-13 12:34 - 001277798 _____ C:\Windows\ntbtlog.txt
2017-10-17 01:36 - 2012-07-30 18:20 - 000000974 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3165993971-1480154434-1413894929-1000Core.job
2017-10-17 00:28 - 2011-06-10 05:34 - 000118824 _____ (Realtek Semiconductor Corporation) C:\Windows\System32\RTNUninst64.dll
2017-10-17 00:22 - 2012-08-01 19:18 - 000000000 ____D C:\Users\EMRE\AppData\Roaming\uTorrent
2017-10-16 19:19 - 2012-08-01 00:05 - 000000000 ____D C:\Program Files (x86)\The KMPlayer
2017-10-16 15:00 - 2009-07-14 07:08 - 000032590 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-10-16 08:55 - 2015-03-07 04:52 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-10-16 08:55 - 2015-01-15 23:32 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-16 07:25 - 2012-07-31 23:28 - 000000000 ____D C:\Program Files (x86)\Opera
2017-10-16 03:48 - 2012-07-31 10:49 - 000000000 ____D C:\Users\EMRE\AppData\Local\ElevatedDiagnostics
2017-10-16 01:28 - 2012-08-09 22:05 - 000000000 ____D C:\Program Files (x86)\Google
2017-10-16 00:49 - 2012-07-31 10:41 - 000000000 ____D C:\users\emre karakaya
2017-10-16 00:41 - 2009-07-14 04:34 - 000000215 _____ C:\Windows\system.ini
2017-10-07 09:19 - 2014-12-19 22:57 - 000000000 ____D C:\Users\EMRE\AppData\Roaming\vlc
2017-10-07 09:14 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\System32\NDF
2017-10-05 19:13 - 2015-09-27 23:17 - 000003858 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1443388614
2017-10-05 01:47 - 2013-10-05 12:44 - 000000000 ____D C:\Users\EMRE\AppData\Roaming\Spotify
2017-10-04 19:45 - 2013-10-05 12:50 - 000000000 ____D C:\Users\EMRE\AppData\Local\Spotify
2017-10-01 20:39 - 2017-06-29 15:37 - 000000000 ____D C:\Users\EMRE\Desktop\annefrank
2017-09-29 03:16 - 2009-07-14 07:09 - 000000000 ____D C:\Windows\System32\Tasks\WPD
2017-09-29 01:28 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\SysWOW64\Dism
2017-09-29 01:28 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\System32\Dism
2017-09-28 14:33 - 2014-06-20 12:32 - 000000000 ____D C:\Program Files (x86)\MyPublicWiFi
2017-09-28 14:29 - 2017-02-10 01:43 - 000000000 ____D C:\Program Files (x86)\Virtual Router
2017-09-28 01:00 - 2012-07-31 08:54 - 000000000 ____D C:\Users\EMRE\Downloads\Photomatix Pro v3.2.0 + VIRILITY SERIAL [h33][IslandGirl]
2017-09-25 23:45 - 2014-04-19 16:07 - 000000000 ____D C:\Users\EMRE\AppData\Roaming\.ACEStream

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points =========================

Restore point date: 2017-10-17 01:27
Restore point date: 2017-10-17 03:28
Restore point date: 2017-10-17 14:46
Restore point date: 2017-10-18 04:33

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4093.99 MB
Available physical RAM: 3443.76 MB
Total Virtual: 4092.19 MB
Available Virtual: 3434.02 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:186.05 GB) (Free:2.2 GB) NTFS
Drive e: (Data) (Fixed) (Total:184.99 GB) (Free:5.96 GB) NTFS
Drive f: (WinRE) (Fixed) (Total:1.46 GB) (Free:1.21 GB) NTFS
Drive h: () (Removable) (Total:7.25 GB) (Free:7.15 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Sistem Ayrıldı) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 372.6 GB) (Disk ID: 14A851F0)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=186.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=185 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.3 GB) (Disk ID: 74CA93D0)
Partition 1: (Not Active) - (Size=7.3 GB) - (Type=0B)

LastRegBack: 2017-10-13 19:29

==================== End of FRST.txt ============================

BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:31 PM

Posted 19 October 2017 - 03:37 PM

Please download the attached file [attachment=198899:Fixlist.txt] and save it in the same location the FRST64 is saved in the flash drive.

Insert the USB drive in the infected computer.

Boot to the Recovery Console's Command prompt.

Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button.
  • It will make a log (Fixlog.txt) in the flash drive. Please copy and paste it to your reply.
Attempt to boot in Normal Mode and let me know the outcome.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Uyuyanadam

Uyuyanadam
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 19 October 2017 - 06:41 PM

It did not work unfortunately. I can't copy paste the log at the moment because I don't have another computer. But I took pictures of them (2 pics, not long) If you need editable text files I will upload them tomorrow.
So this is the log and problem report I am getting:
http://imgbox.com/QCdP9ib1
http://imgbox.com/O2V7IyFM
http://imgbox.com/SDuLKoqz

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:31 PM

Posted 19 October 2017 - 07:25 PM

Please download the attached file [attachment=198902:Fixlist.txt] and save it in the same location the FRST64 is saved in the flash drive.

Insert the USB drive in the infected computer.

Boot to the Recovery Console's Command prompt.

Once in the Command Prompt:

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button.
  • It will make a log (Fixlog.txt) in the flash drive. Please copy and paste it to your reply.

Attempt to boot in Normal Mode and let me know the outcome.

Please download Listparts to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flashdrive into the infected PC.

From an Off position in the computer, enter the System Recovery Options. To obtain the desired results, the computer must be restarted.
 

Select Command Prompt

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\ListParts.exe (for x64 bit version type e:\ListParts64.exe) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Put check mark on List BCD.
  • Press Scan button.
  • It will make a log (Result.txt) in the flash drive. Please copy and paste it to your reply.

Edited by JSntgRvr, 19 October 2017 - 07:28 PM.
typo

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 Uyuyanadam

Uyuyanadam
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 19 October 2017 - 08:30 PM

Still can't boot in normal mode.
This is the log I am getting: http://imgbox.com/5SsqC56y
("Ylem Bayaryla Tamamland" means "Process completed successfully")

Should I try the Listparts or should I wait until I am able to boot in normal mode?
Thank you.

Edited by Uyuyanadam, 19 October 2017 - 08:37 PM.


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:31 PM

Posted 20 October 2017 - 01:21 PM

Still can't boot in normal mode.
This is the log I am getting: http://imgbox.com/5SsqC56y
("Ylem Bayaryla Tamamland" means "Process completed successfully")

Should I try the Listparts or should I wait until I am able to boot in normal mode?
Thank you.

Try Listparts, please.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 Uyuyanadam

Uyuyanadam
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 20 October 2017 - 03:06 PM

Hello. I scanned it with listparts. This is the log:
http://imgbox.com/oOGOQcSN
http://imgbox.com/cKvLR7Ni
http://imgbox.com/c4Ea9WXj
http://imgbox.com/3jA5NTHV
http://imgbox.com/7RHD5Pyp
http://imgbox.com/VpRxRFgR
http://imgbox.com/ztItaucI

#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:31 PM

Posted 20 October 2017 - 05:26 PM

Is not only the language, it is attempting to read the image upside down. How were you able to post FRST report?

 

Boot to the Recovery Command prompt. At the prompt type the following and press Enter:

 

sfc /scanNow /offbootdir=c:\ /offwindir=d:\windows

 

Let me know the outcome.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 Uyuyanadam

Uyuyanadam
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 20 October 2017 - 05:59 PM

It's not upside down but there are problems with letters special to Turkish language I think.
This is what I am getting now: http://imgbox.com/nWTFIJcy
but it's in Turkish and I don't know how change the cmd language to English. I tried choosing US in the language settings in the first screen but still the same outcome.

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:31 PM

Posted 24 October 2017 - 01:27 PM

There is nothing wrong with the language. You need to use the right syntax.

 

sfc /scannow /offbootdir=c:\ /offwindir=d:\windows

 

Look at the use of the forward and back slashes.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:31 PM

Posted 06 November 2017 - 12:23 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users