Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

windows 8.1 possible virus removal [Solved]


  • This topic is locked This topic is locked

#16
bloopie

bloopie

    Trusted Helper

  • Malware Removal
  • 62 posts

Hello again,

 

Please do not use any codeboxes when posting logs, they are much harder to analyze that way. :happy:

 

How is the machine running now?

 

bloopie


  • 0

Advertisements


#17
bloopie

bloopie

    Trusted Helper

  • Malware Removal
  • 62 posts

Please don't miss my last post.
 
In addition to my question in the previous post, please run this tool for me next:

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

==========

Please answer the question in my previous post, and post the JRT.txt log (without codeboxes) in your next reply!

bloopie


  • 0

#18
ihocan

ihocan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

okey i wont :D
thanks for that  :laughing: 
its good my speed problems are solved but the "Automatic Maintenance" is always open, it wont close if i closed it manually it resumes after 1-2 hours later.


  • 0

#19
ihocan

ihocan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

JRT log is empty, it dont find antything.


  • 0

#20
bloopie

bloopie

    Trusted Helper

  • Malware Removal
  • 62 posts

Hello again, and sorry for the delay!

 

its good my speed problems are solved

That's good to hear! :)

 

Are you still having your initial problems with the chrome browser, or is that doing much better now?

 

==========

 

the "Automatic Maintenance" is always open, it wont close if i closed it manually it resumes after 1-2 hours later.

If this machine is not used for "work purposes", then we can disable the automatic maintenence...you really don't need it enabled on a home computer.

 

Have a look here on how to disable it: http://www.eightforu...indows-8-a.html

 

==========

 

After disabling the automatic maintenence, please let me know if things are better!

 

Otherwise, things are looking pretty good, so please tell me if there is anything else you'd like to bring to my attention! :)

 

bloopie


  • 0

#21
ihocan

ihocan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

thanks for that,
My internet speed is sometimes slown on chrome it's normal or not?
otherwise

i dont have any speed problem my computer thanks for your effort


  • 0

#22
ihocan

ihocan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

hello again
disabled the automatic maintenence like that post, but it's always enabling after pc restart. 


  • 0

#23
bloopie

bloopie

    Trusted Helper

  • Malware Removal
  • 62 posts

Hello again, and sorry for the long delay! I meant to reply yesterday but couldn't get to my computer at home, and replying with my phone would be fairly pointless. Again, I apologize!

 

If that happens again (as mentioned in my signature of every post), please feel free to shoot me a PM and let me know!

 

==========

 

Okay, I see you have msconfig set to selective startup. Could you please open msconfig (WIndows Key + R, and in the runbox type in msconfig and press enter), and under the "General" tab, make sure "Normal startup" is ticked and click Apply and OK.

 

Then please reboot the machine (<--Important), and run a fresh FRST scan and post the FRST.txt (please do not put the log in a codebox, just copy and paste the fresh log into your reply)...no need for an Addition.txt. Also, please let me know if you notice the system any slower after this as well.

 

I want to see if there is some more registry "Run" keys that could be causing the automatic maintenence issue.

 

Thanks,

 

bloopie


  • 0

#24
ihocan

ihocan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Hello There is the log file, i don't see any speed change

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015

Ran by ihsan (administrator) on IHOCAN on 10-02-2015 01:48:43

Running from C:\Users\ihsan\Desktop

Loaded Profiles: ihsan & MsDtsServer110 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & MSSQLSERVER (Available profiles: ihsan & MsDtsServer110 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & MSSQLSERVER)

Platform: Windows 8.1 Pro (X64) OS Language: Türkçe (Türkiye)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe

() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

(Microsoft Corporation) C:\Windows\System32\vmms.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Intel Corporation) C:\Windows\System32\igfxTray.exe

(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(MSI) C:\Program Files (x86)\SCM\Radio Manager.exe

(MSI) C:\Program Files (x86)\SCM\SCM.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VsHub\1.0.0.0\VsHub.exe

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Internet Security\a2guard.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [253952 2013-05-07] (Realtek Semiconductor Corporation)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2893104 2013-08-23] (ELAN Microelectronics Corp.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320360 2014-08-04] (Intel Corporation)

HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [406920 2013-09-26] (MSI)

HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [408232 2013-09-26] (MSI)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)

HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64

HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)

HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)

HKLM-x32\...\Run: [OmniPage Preload] => C:\Program Files (x86)\Nuance\OmniPage19\OmniPage19.exe [2922824 2013-04-22] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [Nuance OmniPage Ultimate-reminder] => C:\Program Files (x86)\Nuance\OmniPage19\Ereg\Ereg.exe [334152 2013-01-14] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [VsHub.exe] => C:\Program Files (x86)\Common Files\Microsoft Shared\VsHub\1.0.0.0\vshub.exe [141440 2014-11-10] (Microsoft Corporation)

HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft internet security\a2guard.exe [4997872 2014-12-31] (Emsisoft GmbH)

HKU\S-1-5-21-3051402733-4133393625-984315149-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)

HKU\S-1-5-21-3051402733-4133393625-984315149-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)

HKU\S-1-5-21-3051402733-4133393625-984315149-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3878480 2014-09-03] (Tonec Inc.)

HKU\S-1-5-21-3051402733-4133393625-984315149-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-11-04] (NVIDIA Corporation)

AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-11-04] (NVIDIA Corporation)

ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

URLSearchHook: [S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757] ATTENTION ==> Default URLSearchHook is missing.

URLSearchHook: [S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921] ATTENTION ==> Default URLSearchHook is missing.

URLSearchHook: [S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051] ATTENTION ==> Default URLSearchHook is missing.

URLSearchHook: [S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582] ATTENTION ==> Default URLSearchHook is missing.

URLSearchHook: [S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003] ATTENTION ==> Default URLSearchHook is missing.

SearchScopes: HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO-x32: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll (pdfforge GmbH)

BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Microsoft Web Test Recorder 14.0 Helper -> {b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3} -> C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll (pdfforge GmbH)

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0

 

FireFox:

========

FF ProfilePath: C:\Users\ihsan\AppData\Roaming\Mozilla\Firefox\Profiles\kg35b0ue.default

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()

FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()

FF Plugin-x32: @huawei.com/npHWPlugin -> C:\Program Files (x86)\Web_TV\WebTVPlugin\npHWPlugin.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)

FF Plugin HKU\S-1-5-21-3051402733-4133393625-984315149-1001: @acestream.net/acestreamplugin,version=3.0.5 -> C:\Users\ihsan\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)

FF Plugin HKU\S-1-5-21-3051402733-4133393625-984315149-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ihsan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKU\S-1-5-21-3051402733-4133393625-984315149-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yandex-tr.xml

FF Extension: AS Magic Player - C:\Users\ihsan\AppData\Roaming\Mozilla\Firefox\Profiles\kg35b0ue.default\Extensions\[email protected] [2015-01-08]

FF Extension: User Agent Switcher - C:\Users\ihsan\AppData\Roaming\Mozilla\Firefox\Profiles\kg35b0ue.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2015-01-15]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension

FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2014-10-18]

FF HKU\S-1-5-21-3051402733-4133393625-984315149-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\ihsan\AppData\Roaming\IDM\idmmzcc5

FF Extension: IDM CC - C:\Users\ihsan\AppData\Roaming\IDM\idmmzcc5 [2014-09-28]

FF HKU\S-1-5-21-3051402733-4133393625-984315149-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\ihsan\AppData\Roaming\IDM\idmmzcc5

Chrome:

=======

CHR HomePage: Default -> hxxp://klit.startnow.com/?src=startpage&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=US&install_date=20120929&user_guid=3220074E5BF444FFABB0303EA47C4FB8&machine_id=67326ca3ae2301667ef9afd37f603db0&browser=CR&os=win&os_version=6.1-x86-SP0

CHR StartupUrls: Default -> "https://www.google.com.tr/"

CHR DefaultSearchKeyword: Default -> google.com.trhttps://www.google.c...eferences?hl=tr

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\ihsan\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (From Dust) - C:\Users\ihsan\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj [2014-12-28]

CHR Extension: (Google Drive) - C:\Users\ihsan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-28]

CHR Extension: (Manga Viewer) - C:\Users\ihsan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bebalkdfejapnfbngpmhchkboajaofen [2014-12-28]

CHR Extension: (Adguard AdBlocker) - C:\Users\ihsan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2014-12-29]

CHR Extension: (MEGA) - C:\Users\ihsan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2014-12-28]

CHR Extension: (Adblock Plus) - C:\Users\ihsan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-28]

CHR Extension: (Pushbullet) - C:\Users\ihsan\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-01-10]

CHR Extension: (Google Apps Script) - C:\Users\ihsan\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoieeedlomnegifmaghhjnghhmcldobl [2014-12-28]

CHR Extension: (+ Flip It) - C:\Users\ihsan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbmppankahdodchhioklnbcmohehhjoa [2014-12-28]

CHR Extension: (ZenMate Security & Privacy VPN) - C:\Users\ihsan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-12-28]

CHR Extension: (Office Belgeleri Düzenleme) - C:\Users\ihsan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2014-12-28]

CHR Extension: (Quick Javascript Switcher) - C:\Users\ihsan\AppData\Local\Google\Chrome\User Data\Default\Extensions\geddoclleiomckbhadiaipdggiiccfje [2014-12-28]

CHR Extension: (Orta Dünya'da Bir Yolculuk) - C:\Users\ihsan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjgkjeheegjnnmheaflhdocglkiegoni [2014-12-28]

CHR Extension: (360 İnternet Koruması) - C:\Users\ihsan\AppData\Local\Google\Chrome\User Data\Default\Extensions\glcimepnljoholdmjchkloafkggfoijh [2014-12-28]

CHR Extension: (Bookmark Manager) - C:\Users\ihsan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2014-12-29]

CHR Extension: (Tureng Dictionary) - C:\Users\ihsan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihedienojfhdahpomfldoejaimefofff [2014-12-28]

CHR Extension: (Streamus™) - C:\Users\ihsan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbnkffmindojffecdhbbmekbmkkfpmjd [2014-12-28]

CHR Extension: (IDM Integration Module) - C:\Users\ihsan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-12-28]

CHR Extension: (Chrome extension source viewer) - C:\Users\ihsan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpbeccnghkjeaalbbjmodiffmgedin [2014-12-28]

CHR Extension: (Google Inbox Checker (Inbox by Gmail)) - C:\Users\ihsan\AppData\Local\Google\Chrome\User Data\Default\Extensions\llldafpkkdiljghncbdnkgfinfiifnig [2014-12-28]

CHR Extension: (Google Mail Checker) - C:\Users\ihsan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-12-28]

CHR Extension: (Google Cüzdan) - C:\Users\ihsan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-28]

CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\ihsan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2014-12-28]

CHR Extension: (Gmail) - C:\Users\ihsan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-28]

CHR Extension: (Chrome Dev Editor (developer preview)) - C:\Users\ihsan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnoffddplpippgcfjdhbmhkofpnaalpg [2014-12-28]

CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-09-12]

CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-09-12]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH)

R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [56832 2013-08-28] () [File not signed]

S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2014-12-23] (Microsoft Corporation)

S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174624 2015-01-19] (EasyAntiCheat Ltd)

R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2013-08-23] (ELAN Microelectronics Corp.)

S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-08-04] (Intel Corporation)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-12] (Intel Corporation)

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)

R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)

R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2013-09-26] (Micro-Star International Co., Ltd.) [File not signed]

R2 MsDtsServer110; C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [218200 2012-02-11] (Microsoft Corporation)

R3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [49752 2012-02-11] (Microsoft Corporation)

R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)

R2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe [61538904 2012-02-11] (Microsoft Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-28] (Electronic Arts)

S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)

R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)

S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-16] ()

R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2348632 2012-02-11] (Microsoft Corporation)

S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe [137304 2012-02-11] (Microsoft Corporation)

S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe [342104 2012-02-11] (Microsoft Corporation)

S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)

S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]

R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)

R2 vmms; C:\Windows\system32\vmms.exe [13401600 2014-12-23] (Microsoft Corporation)

S3 VsEtwService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89240 2014-11-10] (Microsoft Corporation)

S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [147664 2014-11-10] (Microsoft Corporation)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT INTERNET SECURITY\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)

R1 A2DDA; C:\Program Files (x86)\Emsisoft Internet Security\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)

R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Internet Security\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)

R1 a2util; C:\Program Files (x86)\Emsisoft Internet Security\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)

S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)

R3 cleanhlp; C:\Program Files (x86)\Emsisoft Internet Security\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)

S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31160 2014-04-24] ()

R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-10-30] (Disc Soft Ltd)

R3 fwndis; C:\Windows\system32\DRIVERS\fwndis64.sys [491632 2015-01-01] ()

R1 fwwfp; C:\Program Files (x86)\Emsisoft Internet Security\fwwfp764.sys [414936 2015-01-01] ()

S3 hid7906; C:\Windows\SysWOW64\drivers\hid7906.sys [34963 2007-12-12] (Compuware Corporation) [File not signed]

S3 hid8101; C:\Windows\SysWOW64\drivers\hid8101.sys [37024 2007-12-03] (Compuware Corporation) [File not signed]

S3 hid8103; C:\Windows\SysWOW64\drivers\hid8103.sys [34587 2007-11-28] (Compuware Corporation) [File not signed]

R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [68960 2014-12-23] (Microsoft Corporation)

S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [19456 2014-12-23] (Microsoft Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)

S3 NPF; C:\Windows\System32\drivers\NPF.sys [36600 2013-03-01] (Riverbed Technology, Inc.)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)

S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [22016 2014-12-23] (Microsoft Corporation)

S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [27136 2014-12-23] (Microsoft Corporation)

S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)

R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [547032 2013-07-04] (Realtek Semiconductor Corporation)

R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corporation                           )

R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)

S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [18944 2014-12-23] (Microsoft Corporation)

R3 VMSMP; C:\Windows\system32\DRIVERS\vmswitch.sys [690688 2014-08-26] (Microsoft Corporation)

S3 VMSP; C:\Windows\system32\DRIVERS\vmswitch.sys [690688 2014-08-26] (Microsoft Corporation)

S3 VMSVSF; C:\Windows\system32\DRIVERS\vmswitch.sys [690688 2014-08-26] (Microsoft Corporation)

S3 VMSVSP; C:\Windows\system32\DRIVERS\vmswitch.sys [690688 2014-08-26] (Microsoft Corporation)

S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]

S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 01:48 - 2015-02-10 01:49 - 00031427 _____ () C:\Users\ihsan\Desktop\FRST.txt

2015-02-09 02:03 - 2015-02-09 02:05 - 00001588 _____ () C:\Users\ihsan\Desktop\green43.txt

2015-02-09 00:35 - 2015-02-09 03:09 - 00000264 _____ () C:\Users\ihsan\Desktop\cevirikelmeler.txt

2015-02-09 00:18 - 2015-02-09 00:18 - 06999120 _____ (Microsoft Corporation) C:\Users\ihsan\Downloads\proofingtools_tr-tr-x64.exe

2015-02-09 00:18 - 2015-02-09 00:18 - 01738608 _____ (Microsoft Corporation) C:\Users\ihsan\Downloads\screentiplanguage_tr-tr_64bit.exe

2015-02-08 14:16 - 2015-02-08 14:16 - 00000000 ____D () C:\Users\ihsan\AppData\Roaming\Superonline

2015-02-08 14:07 - 2015-02-08 14:07 - 00000000 _____ () C:\Users\ihsan\AppData\Local\{F2DF1386-5DA7-4B6C-87BB-7AEDCFAE3D21}

2015-02-08 00:53 - 2015-02-10 01:36 - 00000392 _____ () C:\Windows\Tasks\updater.job

2015-02-08 00:53 - 2015-02-10 01:36 - 00000338 _____ () C:\Windows\Tasks\SuperDestekStartup.job

2015-02-08 00:53 - 2015-02-08 00:53 - 00002588 _____ () C:\Windows\System32\Tasks\updater

2015-02-08 00:53 - 2015-02-08 00:53 - 00002506 _____ () C:\Windows\System32\Tasks\SuperDestekStartup

2015-02-08 00:53 - 2015-02-08 00:53 - 00001189 _____ () C:\Users\Public\Desktop\SüperDestek.lnk

2015-02-08 00:53 - 2015-02-08 00:53 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin

2015-02-08 00:53 - 2015-02-08 00:53 - 00000000 ____D () C:\Users\ihsan\.swt

2015-02-08 00:53 - 2015-02-08 00:53 - 00000000 ____D () C:\Users\ihsan\.superonline

2015-02-08 00:53 - 2015-02-08 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Superonline

2015-02-08 00:53 - 2015-02-08 00:53 - 00000000 ____D () C:\Program Files (x86)\Superonline

2015-02-08 00:51 - 2015-02-08 00:51 - 40404872 _____ (Superonline) C:\Users\ihsan\Downloads\superdestek.exe

2015-02-08 00:42 - 2015-02-08 00:42 - 00001476 _____ () C:\Users\ihsan\Downloads\SuperDestek_Web_Starter.jnlp

2015-02-07 18:12 - 2015-02-07 19:20 - 00000000 ____D () C:\Users\ihsan\AppData\Roaming\Tropico 4

2015-02-07 18:12 - 2015-02-07 18:12 - 00000000 ____D () C:\Users\ihsan\AppData\Roaming\Kalypso Media

2015-02-07 18:11 - 2015-02-07 18:12 - 00017513 _____ () C:\Windows\DirectX.log

2015-02-06 23:34 - 2015-02-06 23:34 - 00002155 _____ () C:\Users\Public\Desktop\Google Earth Pro.lnk

2015-02-06 23:34 - 2015-02-06 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro

2015-02-06 23:32 - 2015-02-10 01:37 - 00001032 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-02-06 23:32 - 2015-02-10 01:36 - 00001028 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-02-06 23:31 - 2015-02-06 23:31 - 00880208 _____ (Google Inc.) C:\Users\ihsan\Downloads\GoogleEarthProSetup.exe

2015-02-06 14:06 - 2015-02-06 14:06 - 00000000 ____D () C:\Users\ihsan\AppData\Local\EMU

2015-02-06 14:00 - 2015-02-06 14:00 - 00001428 _____ () C:\Users\Public\Desktop\Life Is Strange.lnk

2015-02-06 14:00 - 2015-02-06 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Life Is Strange

2015-02-06 13:58 - 2015-02-06 14:00 - 00000000 ____D () C:\Program Files (x86)\Life Is Strange

2015-02-06 11:27 - 2015-02-06 11:27 - 00042015 _____ () C:\Users\ihsan\Downloads\[kickass.so]life.is.strange.episode.1.flt.torrent

2015-02-06 02:28 - 2015-02-06 02:28 - 00000626 _____ () C:\Users\ihsan\Desktop\JRT.txt

2015-02-06 02:19 - 2015-02-06 02:19 - 01388274 _____ (Thisisu) C:\Users\ihsan\Downloads\JRT.exe

2015-02-06 02:19 - 2015-02-06 02:19 - 01388274 _____ (Thisisu) C:\Users\ihsan\Desktop\JRT.exe

2015-02-06 01:15 - 2015-02-06 01:15 - 00000238 _____ () C:\Users\ihsan\Downloads\h002.txt

2015-02-06 01:07 - 2015-02-06 01:12 - 00000000 ____D () C:\Users\ihsan\Desktop\xx

2015-02-06 01:05 - 2015-02-06 01:10 - 00000000 ____D () C:\Users\ihsan\AppData\Roaming\OmegaT

2015-02-06 01:03 - 2015-02-06 01:03 - 00000991 _____ () C:\Users\Public\Desktop\OmegaT.lnk

2015-02-06 01:03 - 2015-02-06 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OmegaT

2015-02-06 01:02 - 2015-02-06 01:03 - 00000000 ____D () C:\Program Files (x86)\OmegaT

2015-02-06 01:00 - 2015-02-06 01:01 - 108248219 _____ (OmegaT ) C:\Users\ihsan\Downloads\OmegaT_3.1.8_Windows.exe

2015-02-05 21:07 - 2015-02-05 21:07 - 00000199 _____ () C:\Users\ihsan\Desktop\Dota 2.url

2015-02-05 18:36 - 2015-02-05 18:36 - 00018944 ___SH () C:\Users\ihsan\Documents\Thumbs.db

2015-02-05 13:57 - 2015-02-05 13:57 - 00000000 ____D () C:\Users\ihsan\AppData\Local\Introversion

2015-02-05 12:36 - 2015-02-05 12:36 - 00019778 _____ () C:\Users\ihsan\Downloads\[kickass.so]prison.architect.alpha.28.windows.viruz.torrent

2015-02-05 11:27 - 2015-02-05 11:27 - 00002273 _____ () C:\Users\ihsan\Downloads\fixlist.txt

2015-02-05 11:26 - 2015-02-10 01:48 - 02132992 _____ (Farbar) C:\Users\ihsan\Desktop\FRST64.exe

2015-02-05 11:26 - 2015-02-10 01:48 - 00000000 ____D () C:\Users\ihsan\Desktop\FRST-OlderVersion

2015-02-04 13:05 - 2015-02-04 13:05 - 00000000 ____D () C:\Users\ihsan\AppData\Roaming\3909

2015-02-04 13:04 - 2015-02-04 13:04 - 00564886 _____ () C:\Users\ihsan\Downloads\tr.zip

2015-02-04 13:03 - 2015-02-04 13:03 - 00001970 _____ () C:\Users\ihsan\Desktop\Papers Please.lnk

2015-02-04 13:03 - 2015-02-04 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Papers Please

2015-02-04 13:03 - 2015-02-04 13:03 - 00000000 ____D () C:\Program Files (x86)\Papers Please

2015-02-04 12:07 - 2015-02-04 12:07 - 00000000 ____D () C:\Users\ihsan\AppData\Roaming\Verimatrix

2015-02-04 12:07 - 2015-02-04 12:07 - 00000000 ____D () C:\Users\ihsan\AppData\Roaming\HWPlugin

2015-02-04 12:07 - 2015-02-04 12:07 - 00000000 ____D () C:\Program Files (x86)\Web_TV

2015-02-04 00:50 - 2015-02-04 00:50 - 10598910 _____ () C:\Users\ihsan\Downloads\TYTWOMTYV100.rar

2015-02-04 00:43 - 2015-02-04 00:43 - 00001296 _____ () C:\Users\ihsan\Desktop\This War of Mine.lnk

2015-02-04 00:43 - 2015-02-04 00:43 - 00000000 ____D () C:\Users\ihsan\AppData\Roaming\This War of Mine

2015-02-04 00:43 - 2015-02-04 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics

2015-02-04 00:42 - 2015-02-04 00:42 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics

2015-02-04 00:41 - 2014-12-12 11:10 - 00023752 _____ (360安全中心) C:\Windows\SysWOW64\Drivers\efimon.sys

2015-02-04 00:28 - 2015-02-04 00:28 - 02194432 _____ () C:\Users\ihsan\Downloads\adwcleaner_4.109.exe

2015-02-02 21:59 - 2015-02-02 21:59 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-02-02 15:00 - 2015-02-02 15:00 - 27111830 _____ (Insecure.org) C:\Users\ihsan\Downloads\nmap-6.47-setup.exe

2015-02-02 01:10 - 2015-02-02 01:10 - 00052048 _____ () C:\Users\ihsan\Downloads\Addition.txt

2015-02-01 23:43 - 2015-02-02 01:11 - 00059697 _____ () C:\Users\ihsan\Downloads\FRST.txt

2015-02-01 23:42 - 2015-02-10 01:48 - 00000000 ____D () C:\FRST

2015-02-01 23:41 - 2015-02-01 23:41 - 02131456 _____ (Farbar) C:\Users\ihsan\Downloads\FRST64.exe

2015-02-01 23:08 - 2015-02-01 23:14 - 00205616 _____ () C:\Users\ihsan\Desktop\Extras.Txt

2015-02-01 23:07 - 2015-02-01 23:13 - 00185112 _____ () C:\Users\ihsan\Desktop\OTL.Txt

2015-02-01 22:55 - 2015-02-01 22:55 - 00602112 _____ (OldTimer Tools) C:\Users\ihsan\Downloads\OTL.exe

2015-02-01 22:55 - 2015-02-01 22:55 - 00602112 _____ (OldTimer Tools) C:\Users\ihsan\Desktop\OTL.exe

2015-02-01 22:51 - 2015-02-01 22:51 - 00468480 _____ () C:\Users\ihsan\Downloads\CKScanner.exe

2015-02-01 20:43 - 2015-02-01 20:43 - 05661717 _____ () C:\Users\ihsan\Downloads\chipset_intel_9.4.0.1026_0xb351380a_818700.zip

2015-02-01 20:43 - 2015-02-01 20:43 - 05661717 _____ () C:\Users\ihsan\Downloads\chipset_intel_9.4.0.1026_0xb351380a_818700 (2).zip

2015-02-01 20:43 - 2015-02-01 20:43 - 05661717 _____ () C:\Users\ihsan\Downloads\chipset_intel_9.4.0.1026_0xb351380a_818700 (1).zip

2015-02-01 20:28 - 2015-02-01 20:36 - 00013721 _____ () C:\Users\ihsan\Downloads\hijackthis.log

2015-02-01 20:27 - 2015-02-01 20:27 - 00388608 _____ (Trend Micro Inc.) C:\Users\ihsan\Downloads\HijackThis.exe

2015-01-31 09:00 - 2015-01-31 09:00 - 00030289 _____ () C:\Users\ihsan\Downloads\(336817)Edge_of_Tomorrow_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.rar

2015-01-31 08:56 - 2015-01-31 08:56 - 00031049 _____ () C:\Users\ihsan\Downloads\(336078)Edge_of_Tomorrow_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.rar

2015-01-31 08:42 - 2015-01-31 08:42 - 00034598 _____ () C:\Users\ihsan\Downloads\(328659)Noah_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.rar

2015-01-31 04:30 - 2015-01-31 10:38 - 00000000 ____D () C:\OutputFolder

2015-01-31 04:27 - 2015-01-31 04:29 - 00000000 ____D () C:\Program Files (x86)\Allok Video Converter

2015-01-31 04:27 - 2015-01-31 04:27 - 00001085 _____ () C:\Users\Public\Desktop\Allok Video Converter.lnk

2015-01-31 04:27 - 2015-01-31 04:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Allok Video Converter

2015-01-31 04:27 - 2007-04-12 14:19 - 00129024 _____ () C:\Windows\SysWOW64\AVERM.dll

2015-01-31 04:27 - 2006-09-26 13:57 - 00028672 _____ () C:\Windows\SysWOW64\AVEQT.dll

2015-01-31 04:20 - 2015-01-31 04:20 - 00219648 _____ () C:\Users\ihsan\Downloads\scheduling-05.ppt

2015-01-31 04:00 - 2015-01-31 04:00 - 04882432 _____ () C:\Users\ihsan\Downloads\ch7.ppt

2015-01-31 03:59 - 2015-01-31 03:59 - 03999232 _____ () C:\Users\ihsan\Downloads\ch6.ppt

2015-01-31 03:38 - 2015-01-31 03:38 - 00038632 _____ () C:\Users\ihsan\Downloads\(324302)RoboCop_23.976fps_1CD_Turkce_SubRip_DiVXPlanet.rar

2015-01-31 00:59 - 2015-01-31 01:00 - 00424448 _____ () C:\Users\ihsan\Downloads\csc4320 Chapter 5-2.ppt

2015-01-31 00:48 - 2015-01-31 03:25 - 00000000 ____D () C:\Users\ihsan\Documents\Freemake

2015-01-31 00:48 - 2015-01-31 03:25 - 00000000 ____D () C:\ProgramData\Freemake

2015-01-31 00:48 - 2015-01-31 00:48 - 00001336 _____ () C:\Users\Public\Desktop\Freemake Video Converter.lnk

2015-01-31 00:48 - 2015-01-31 00:48 - 00000000 ____D () C:\Users\ihsan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake

2015-01-31 00:48 - 2015-01-31 00:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake

2015-01-31 00:46 - 2015-01-31 00:48 - 00000000 ____D () C:\Program Files (x86)\Freemake

2015-01-31 00:14 - 2015-01-31 00:15 - 01270544 _____ (Ellora Assets Corporation ) C:\Users\ihsan\Downloads\FreemakeVideoConverterSetup.exe

2015-01-31 00:13 - 2015-01-31 00:13 - 00008844 _____ () C:\Users\ihsan\Downloads\Edge_of_Tomorrow_2014_720p.torrent

2015-01-31 00:08 - 2015-01-31 00:08 - 00010011 _____ () C:\Users\ihsan\Downloads\Noah_2014_720p.torrent

2015-01-31 00:08 - 2015-01-31 00:08 - 00009367 _____ () C:\Users\ihsan\Downloads\RoboCop_2014_720p.torrent

2015-01-30 21:50 - 2015-01-30 21:51 - 00850432 _____ () C:\Users\ihsan\Downloads\Scheduling.ppt

2015-01-30 05:07 - 2015-01-30 05:07 - 00000000 ____D () C:\Users\ihsan\Downloads\Video

2015-01-30 04:39 - 2015-02-10 01:37 - 01556924 _____ () C:\Windows\WindowsUpdate.log

2015-01-30 04:37 - 2015-02-10 01:35 - 00004004 _____ () C:\Windows\setupact.log

2015-01-30 04:37 - 2015-01-30 04:37 - 00000000 _____ () C:\Windows\setuperr.log

2015-01-30 04:36 - 2015-02-07 02:16 - 00005140 _____ () C:\Windows\PFRO.log

2015-01-30 04:34 - 2015-01-30 04:34 - 00000000 ____D () C:\ProgramData\Emsisoft

2015-01-30 04:10 - 2015-02-09 18:52 - 00117248 ___SH () C:\Users\ihsan\Desktop\Thumbs.db

2015-01-30 04:10 - 2015-01-30 04:10 - 00001138 _____ () C:\Users\Public\Desktop\Emsisoft Internet Security.lnk

2015-01-30 04:10 - 2015-01-30 04:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Internet Security

2015-01-30 04:09 - 2015-02-10 01:48 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Internet Security

2015-01-30 04:09 - 2015-01-01 21:36 - 00491632 _____ () C:\Windows\system32\Drivers\fwndis64.sys

2015-01-30 03:30 - 2015-01-30 03:45 - 00000000 ____D () C:\Users\ihsan\AppData\Roaming\Wise Registry Cleaner

2015-01-30 03:29 - 2011-07-31 15:14 - 00076565 _____ (RaProducts.org) C:\Users\ihsan\Desktop\PureRa.exe

2015-01-30 03:25 - 2015-02-06 02:42 - 00000878 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2015-01-30 03:25 - 2015-01-30 03:25 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2015-01-30 03:25 - 2015-01-30 03:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2015-01-30 03:25 - 2015-01-30 03:25 - 00000000 ____D () C:\Program Files\CCleaner

2015-01-30 03:05 - 2015-01-30 03:05 - 00000196 _____ () C:\Users\ihsan\Desktop\ksifre.rar

2015-01-30 03:02 - 2015-01-30 03:11 - 00000000 ____D () C:\Users\ihsan\Desktop\hellsing altyazı

2015-01-30 02:33 - 2015-01-30 02:33 - 00000000 ____D () C:\Users\ihsan\AppData\Local\VS Revo Group

2015-01-30 02:32 - 2015-01-30 02:32 - 00000000 ____D () C:\ProgramData\VS Revo Group

2015-01-30 02:32 - 2015-01-30 02:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

2015-01-30 02:32 - 2015-01-30 02:32 - 00000000 ____D () C:\Program Files\VS Revo Group

2015-01-30 02:32 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys

2015-01-29 00:46 - 2015-01-29 05:20 - 00000000 ____D () C:\Users\ihsan\Documents\GenTool

2015-01-28 22:53 - 2015-01-29 03:11 - 00000000 ____D () C:\Users\ihsan\Documents\Command and Conquer Generals Zero Hour Data

2015-01-28 22:53 - 2015-01-29 03:11 - 00000000 ____D () C:\Users\ihsan\Documents\Command and Conquer Generals Data

2015-01-28 22:53 - 2015-01-28 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Command and Conquer Generals and Zero Hour

2015-01-26 02:10 - 2015-01-26 02:10 - 00000000 ____D () C:\data_from_forms

2015-01-26 02:09 - 2015-01-26 02:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ETS

2015-01-26 02:09 - 2015-01-26 02:09 - 00000000 ____D () C:\Program Files (x86)\ETS

2015-01-26 02:06 - 2015-01-26 02:06 - 00000000 ____D () C:\Users\ihsan\AppData\Local\Downloaded Installations

2015-01-20 02:29 - 2015-01-20 02:30 - 00000000 ____D () C:\Users\ihsan\AppData\Local\Sublight

2015-01-20 02:29 - 2015-01-20 02:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublight

2015-01-20 02:29 - 2015-01-20 02:29 - 00000000 ____D () C:\Program Files\Sublight

2015-01-19 14:52 - 2015-01-19 02:17 - 00174624 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe

2015-01-19 01:57 - 2014-11-22 12:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys

2015-01-19 01:57 - 2014-11-22 12:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

2015-01-19 00:42 - 2015-01-19 00:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Command and Conquer Red Alert 2

2015-01-18 23:21 - 2015-01-28 22:51 - 00000000 ____D () C:\Program Files (x86)\Origin Games

2015-01-18 23:04 - 2015-01-28 22:46 - 00000000 ____D () C:\Users\ihsan\AppData\Roaming\Origin

2015-01-18 23:04 - 2015-01-18 23:28 - 00000000 ____D () C:\Users\ihsan\AppData\Local\Origin

2015-01-18 17:50 - 2015-01-20 02:40 - 00121105 _____ () C:\Users\ihsan\Desktop\pk altyazı.srt

2015-01-18 17:36 - 2015-01-18 17:36 - 00000000 ____D () C:\Users\ihsan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\URUSoft

2015-01-18 17:36 - 2015-01-18 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\URUSoft

2015-01-18 17:36 - 2015-01-18 17:36 - 00000000 ____D () C:\Program Files (x86)\URUSoft

2015-01-18 14:55 - 2013-07-09 07:58 - 00263896 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUStor.sys

2015-01-18 14:55 - 2013-04-25 12:12 - 09889352 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsUStoricon.dll

2015-01-16 00:10 - 2015-01-30 03:30 - 00000000 ____D () C:\Users\ihsan\Desktop\işletimsistemleri

2015-01-14 17:16 - 2014-12-19 08:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-14 17:16 - 2014-12-12 04:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2015-01-14 17:16 - 2014-12-12 02:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys

2015-01-14 17:16 - 2014-12-09 03:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-14 17:16 - 2014-12-08 21:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

2015-01-14 17:16 - 2014-12-08 21:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll

2015-01-14 17:16 - 2014-12-08 21:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll

2015-01-14 17:16 - 2014-12-08 21:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll

2015-01-14 17:16 - 2014-12-08 21:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll

2015-01-14 17:16 - 2014-12-08 21:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2015-01-14 17:16 - 2014-12-08 21:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe

2015-01-14 17:16 - 2014-12-08 21:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe

2015-01-14 17:16 - 2014-12-06 05:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll

2015-01-14 17:16 - 2014-12-06 03:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-14 17:16 - 2014-12-06 03:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll

2015-01-14 17:16 - 2014-10-29 06:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe

2015-01-14 17:16 - 2014-10-29 06:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe

2015-01-14 17:16 - 2014-10-29 05:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2015-01-14 17:16 - 2014-10-29 05:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2015-01-14 17:16 - 2014-10-29 05:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2015-01-14 17:16 - 2014-10-29 05:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

2015-01-14 17:16 - 2014-10-29 05:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe

2015-01-14 17:16 - 2014-10-29 05:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe

2015-01-14 17:16 - 2014-10-29 05:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2015-01-14 17:16 - 2014-10-29 05:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2015-01-14 17:16 - 2014-10-29 05:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2015-01-14 17:16 - 2014-10-29 04:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll

2015-01-14 17:16 - 2014-10-29 03:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll

2015-01-14 17:16 - 2014-10-29 03:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll

2015-01-14 17:16 - 2014-10-29 03:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2015-01-14 17:16 - 2014-10-29 03:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2015-01-12 21:40 - 2015-01-12 21:40 - 00000000 ____D () C:\Users\ihsan\Documents\Red Alert 3

2015-01-12 21:34 - 2015-01-12 21:34 - 00000000 ____D () C:\Users\ihsan\AppData\Roaming\Red Alert 3

2015-01-12 18:08 - 2015-01-12 18:08 - 00000000 ____D () C:\Users\ihsan\AppData\Roaming\Aegisub

2015-01-12 09:33 - 2015-01-12 09:39 - 00000000 ____D () C:\Users\ihsan\AppData\Roaming\Dev-Cpp

2015-01-12 09:32 - 2015-01-12 09:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++

2015-01-12 09:32 - 2015-01-12 09:32 - 00000000 ____D () C:\Dev-Cpp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 01:44 - 2014-12-23 16:49 - 27590656 _____ () C:\Windows\system32\vmguest.iso

2015-02-10 01:36 - 2014-09-28 15:06 - 00046575 _____ () C:\Users\ihsan\AppData\Local\BTServer.log

2015-02-10 01:36 - 2014-09-28 12:52 - 00000000 __RDO () C:\Users\ihsan\SkyDrive

2015-02-10 01:34 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-10 01:34 - 2013-08-22 15:25 - 00524288 ___SH () C:\Windows\system32\config\BBI

2015-02-10 01:33 - 2014-12-29 00:49 - 00000000 ____D () C:\Windows\pss

2015-02-10 01:18 - 2015-01-09 13:44 - 00000814 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-02-10 01:02 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru

2015-02-09 03:15 - 2014-09-28 12:49 - 00000000 ____D () C:\Users\ihsan

2015-02-09 01:09 - 2014-10-17 01:01 - 00000000 ____D () C:\Temp

2015-02-09 00:20 - 2014-12-18 01:59 - 00000000 ____D () C:\Program Files (x86)\MSECache

2015-02-08 16:39 - 2014-09-28 12:55 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3051402733-4133393625-984315149-1001

2015-02-08 14:15 - 2014-11-28 23:06 - 05184552 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-02-08 14:15 - 2014-10-21 10:04 - 00000000 ____D () C:\Users\ReportServer

2015-02-08 14:15 - 2014-10-21 10:04 - 00000000 ____D () C:\Users\MSSQLServerOLAPService

2015-02-08 14:15 - 2014-10-21 10:03 - 00000000 ____D () C:\Users\MSSQLSERVER

2015-02-08 14:15 - 2014-10-21 10:03 - 00000000 ____D () C:\Users\MSSQLFDLauncher

2015-02-08 14:15 - 2014-10-21 10:03 - 00000000 ____D () C:\Users\MsDtsServer110

2015-02-08 14:11 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\LiveKernelReports

2015-02-07 20:11 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness

2015-02-07 11:54 - 2014-09-28 15:06 - 00000000 ____D () C:\Users\ihsan\Documents\My Bluetooth

2015-02-07 02:22 - 2014-12-23 17:31 - 00007639 _____ () C:\Users\ihsan\AppData\Local\Resmon.ResmonCfg

2015-02-07 02:15 - 2014-09-28 19:59 - 00000000 ____D () C:\Users\ihsan\AppData\Roaming\tixati

2015-02-07 02:15 - 2014-09-28 12:59 - 00000000 ____D () C:\Users\ihsan\AppData\Roaming\DMCache

2015-02-07 01:27 - 2014-11-16 23:41 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr

2015-02-07 01:27 - 2014-11-16 16:28 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.exe

2015-02-06 23:34 - 2014-09-28 12:54 - 00000000 ____D () C:\Program Files (x86)\Google

2015-02-06 23:32 - 2014-09-28 12:54 - 00004004 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-02-06 23:32 - 2014-09-28 12:54 - 00003768 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-02-06 14:06 - 2014-09-28 16:34 - 00000000 ____D () C:\Users\ihsan\Documents\My Games

2015-02-05 21:23 - 2014-11-16 16:28 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0

2015-02-05 21:16 - 2014-09-28 14:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2015-02-05 02:09 - 2015-01-04 15:03 - 00000000 ____D () C:\Users\ihsan\AppData\Roaming\TeamViewer

2015-02-04 21:19 - 2015-01-09 13:44 - 00003702 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-02-04 13:03 - 2014-09-28 16:36 - 00000000 ___HD () C:\Windows\msdownld.tmp

2015-02-04 13:03 - 2014-09-28 16:35 - 00000000 ____D () C:\Windows\SysWOW64\directx

2015-02-04 00:52 - 2014-09-28 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oyun Çeviri

2015-02-04 00:34 - 2014-06-26 08:24 - 00000000 ____D () C:\AdwCleaner

2015-02-02 23:49 - 2014-09-28 15:04 - 00000000 ____D () C:\ProgramData\Realtek

2015-02-02 15:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF

2015-02-02 15:07 - 2014-12-23 16:32 - 00000000 ____D () C:\Users\ihsan\Documents\Visual Studio 2015

2015-02-02 15:03 - 2014-11-26 12:47 - 00000000 ____D () C:\ProgramData\Origin

2015-02-02 15:02 - 2014-11-26 12:47 - 00000000 ____D () C:\Program Files (x86)\Origin

2015-02-02 15:02 - 2014-10-20 22:03 - 00000000 ____D () C:\Users\ihsan\Desktop\Oyun

2015-02-02 00:56 - 2014-10-21 12:09 - 00000000 ____D () C:\Program Files\Common Files\Adobe

2015-02-02 00:56 - 2014-10-21 12:07 - 00000000 ____D () C:\ProgramData\Adobe

2015-02-02 00:56 - 2014-10-21 12:04 - 00000000 ____D () C:\Program Files\Adobe

2015-02-02 00:56 - 2014-09-28 12:50 - 00000000 ____D () C:\Users\ihsan\AppData\Roaming\Adobe

2015-02-02 00:50 - 2014-10-21 12:13 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe

2015-02-01 23:43 - 2014-09-28 12:52 - 02230282 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-02-01 23:43 - 2013-08-23 00:53 - 00896376 _____ () C:\Windows\system32\perfh01F.dat

2015-02-01 23:43 - 2013-08-23 00:53 - 00224000 _____ () C:\Windows\system32\perfc01F.dat

2015-01-31 11:40 - 2014-09-28 12:50 - 00000000 ____D () C:\Users\ihsan\AppData\Local\Packages

2015-01-30 17:50 - 2014-09-28 12:59 - 00000000 ____D () C:\Users\ihsan\AppData\Roaming\IDM

2015-01-30 08:38 - 2014-10-20 22:03 - 00000000 ___RD () C:\Users\ihsan\Desktop\program

2015-01-30 03:40 - 2014-10-19 01:46 - 00000000 ____D () C:\Users\ihsan\AppData\Local\0ad

2015-01-30 03:35 - 2014-09-28 20:12 - 00000000 __SHD () C:\ProgramData\360Quarant

2015-01-30 03:35 - 2014-09-11 16:00 - 00000000 __SHD () C:\$360Section

2015-01-30 03:35 - 2014-09-02 12:13 - 00033432 _____ () C:\PureRa.txt

2015-01-30 03:30 - 2014-11-13 21:54 - 00000000 ____D () C:\Users\ihsan\Desktop\Ders Notları

2015-01-30 03:30 - 2014-10-02 20:15 - 00000000 ____D () C:\Users\ihsan\.WebIde80

2015-01-30 03:30 - 2014-09-28 19:39 - 00000000 ___RD () C:\Users\ihsan\Downloads\Microsoft.SkypeApp_kzf8qxf38zg5c!App

2015-01-30 03:30 - 2014-09-28 13:00 - 00000000 ____D () C:\Users\ihsan\Downloads\Compressed

2015-01-30 03:29 - 2014-10-30 20:00 - 00000000 ____D () C:\Users\ihsan\AppData\Roaming\DAEMON Tools Lite

2015-01-30 03:29 - 2014-10-27 00:54 - 00000000 ____D () C:\Users\ihsan\AppData\Roaming\FileZilla

2015-01-30 03:01 - 2014-12-17 20:08 - 00000000 ____D () C:\Users\Public\Documents\DevExpress Demos 14.2

2015-01-30 03:01 - 2014-12-17 20:07 - 00000000 ____D () C:\Program Files (x86)\DevExpress 14.2

2015-01-30 03:00 - 2014-12-17 20:34 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DevExpress 14.2

2015-01-30 02:59 - 2014-10-20 22:03 - 00000000 ____D () C:\Users\ihsan\Desktop\yazlım p

2015-01-30 02:45 - 2014-10-02 16:28 - 00000000 ____D () C:\Users\ihsan\AppData\Roaming\RenPy

2015-01-30 02:39 - 2014-12-04 09:39 - 00000000 ____D () C:\Program Files (x86)\Nuance

2015-01-30 02:24 - 2014-09-28 19:44 - 00000000 ____D () C:\Program Files (x86)\StarCraft II

2015-01-28 23:22 - 2014-09-28 19:36 - 00000000 ____D () C:\Windows\system32\appmgmt

2015-01-28 02:14 - 2014-10-21 10:03 - 00000000 ____D () C:\Users\ihsan\Documents\SQL Server Management Studio

2015-01-27 21:06 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp

2015-01-26 02:10 - 2014-09-28 12:53 - 00000000 ____D () C:\Users\ihsan\AppData\Roaming\Macromedia

2015-01-24 22:20 - 2013-08-22 17:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-01-24 22:20 - 2013-08-22 17:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-24 00:13 - 2014-10-20 20:53 - 00000000 ____D () C:\Users\ihsan\Documents\Visual Studio 2012

2015-01-23 13:36 - 2014-11-22 15:22 - 00000000 ____D () C:\Users\ihsan\AppData\Roaming\.ACEStream

2015-01-23 13:29 - 2014-11-22 15:22 - 00000000 ___HD () C:\_acestream_cache_

2015-01-21 03:09 - 2014-10-30 21:25 - 00000396 __RSH () C:\ProgramData\ntuser.pol

2015-01-18 14:55 - 2014-09-28 15:20 - 00000000 ____D () C:\Windows\SysWOW64\sda

2015-01-18 14:55 - 2014-09-28 14:38 - 00000000 ____D () C:\Program Files (x86)\Realtek

2015-01-14 21:12 - 2015-01-08 20:32 - 00000000 ____D () C:\Users\ihsan\AppData\Roaming\vlc

2015-01-14 17:29 - 2014-09-28 19:32 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-14 17:21 - 2014-09-28 19:32 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-01-12 21:30 - 2014-09-12 17:38 - 00000000 ____D () C:\Games

2015-01-12 18:08 - 2014-10-21 07:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

2015-01-12 18:08 - 2014-10-21 07:49 - 00000000 ____D () C:\ProgramData\Microsoft Help

 

==================== Files in the root of some directories =======

 

2014-11-22 12:42 - 2014-11-22 12:42 - 0000132 _____ () C:\Users\ihsan\AppData\Roaming\Adobe PNG Format CC Prefs

2014-09-28 15:06 - 2015-02-10 01:36 - 0046575 _____ () C:\Users\ihsan\AppData\Local\BTServer.log

2014-11-24 23:55 - 2014-11-25 16:37 - 0000600 _____ () C:\Users\ihsan\AppData\Local\PUTTY.RND

2014-12-23 17:31 - 2015-02-07 02:22 - 0007639 _____ () C:\Users\ihsan\AppData\Local\Resmon.ResmonCfg

2015-02-08 14:07 - 2015-02-08 14:07 - 0000000 _____ () C:\Users\ihsan\AppData\Local\{F2DF1386-5DA7-4B6C-87BB-7AEDCFAE3D21}

 

Some content of TEMP:

====================

C:\Users\ihsan\AppData\Local\Temp\drm_dyndata_7380014.dll

C:\Users\ihsan\AppData\Local\Temp\drm_dyndata_7410004.dll

C:\Users\ihsan\AppData\Local\Temp\_is806A.exe

 

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2015-02-08 16:39

 

==================== End Of Log ============================


  • 0

#25
bloopie

bloopie

    Trusted Helper

  • Malware Removal
  • 62 posts

Hello again,
 
Thanks for the note, and once again I apologize! It is certainly not my intention to make you wait. I promise to be more attentive from here on out!
 
Okay, let's run these next and let me know how the machine is running after:
 
Step 1:

We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Attached File  fixlist.txt   672bytes   161 downloads
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

==========

Step 2:

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your currently installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to right-click on either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

==========

In addition to the above logs, let me know how the machine is running now, and also please let me know if the automatic maintenance issue is still occurring!

bloopie


  • 0

Advertisements


#26
bloopie

bloopie

    Trusted Helper

  • Malware Removal
  • 62 posts
Hi again,

Have you run completed the above steps?

If so, please post the logs for me to review.

If you need more time, no problem. :)

bloopie
  • 0

#27
ihocan

ihocan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

sory for late.

 

here eset log i forgot uncheck.
 

[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ac8644e438d4a24093a473a91b0f7ffa
# engine=22476
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-02-15 04:20:58
# local_time=2015-02-15 06:20:58 (+0200, Türkiye Standart Saati)
# country="Turkey"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 8118289 14278377 0 0
# compatibility_mode_1='Emsisoft Internet Security'
# compatibility_mode=16643 16777213 100 100 0 225219946 0 0
# scanned=814444
# found=17
# cleaned=10
# scan_time=11490
sh=C9043F07A8FF06FA45F277734279C7DC2BDAC71F ft=1 fh=e3093d1defd70c82 vn="Win32/Toolbar.Conduit.AE potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\ihsan\Application Data\IDM\DwnlData\ihsan\dde_de_drive-files-b_com_689\dde_de_drive-files-b_com"
sh=C9043F07A8FF06FA45F277734279C7DC2BDAC71F ft=1 fh=e3093d1defd70c82 vn="Win32/Toolbar.Conduit.AE potentially unwanted application" ac=I fn="C:\Windows.old\Users\ihsan\AppData\Roaming\IDM\DwnlData\ihsan\dde_de_drive-files-b_com_689\dde_de_drive-files-b_com"
sh=C9043F07A8FF06FA45F277734279C7DC2BDAC71F ft=1 fh=e3093d1defd70c82 vn="Win32/Toolbar.Conduit.AE potentially unwanted application" ac=I fn="C:\Windows.old\Users\ihsan\Application Data\IDM\DwnlData\ihsan\dde_de_drive-files-b_com_689\dde_de_drive-files-b_com"
sh=E32FCD9BC5ED916E7DA36EDCC08AC2B7191F4EDC ft=1 fh=437ba9a2ac46033a vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows.old\Users\ihsan\Downloads\Programs\aida64extreme460.exe"
sh=1DE5D70A411EBBF4441FD569E7427CC28A4D6B13 ft=1 fh=b572351b8a033ea9 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows.old\Users\ihsan\Downloads\Programs\ccsetup417.exe"
sh=D7D5A78EB6B2C075F270E220790A061815CFD7DD ft=1 fh=74a01f20d747950b vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Windows.old\Users\ihsan\Downloads\Programs\GOMPLAYERENSETUP.EXE"
sh=C716724D9268C6ED892E6A3CB0588D712A7BE60C ft=1 fh=55ce4bfb7a3a21e5 vn="a variant of Win32/GameHack.F potentially unsafe application" ac=I fn="C:\Windows.old\Users\ihsan\Games\Tom Clancy's H.A.W.X\EXTRAS\Promo Trainer\H.A.W.X. Trainer.exe"
sh=6FCA176F7CA59A205BBA19051BD2BE0436A7AE0E ft=1 fh=f36f93518a00a63a vn="a variant of Win32/Toolbar.Babylon.P potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll.vir"
sh=0D5553A4A13A09135ECA5FC684302E9A44C1C72A ft=1 fh=a76a8e7267bbf400 vn="a variant of Win32/Toolbar.Babylon.P potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonOfficePI.dll.vir"
sh=C2D2063A0007EF5EBB2BDE3D2609F32290F559C5 ft=1 fh=115a5dd9e33fd729 vn="a variant of Win32/Toolbar.Babylon.P potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Babylon\Babylon-Pro\Utils\uninstbb.exe.vir"
sh=2AA39DB824421ACA2DBA7A5445E16CDF6D3397DE ft=1 fh=93758d6df08e102a vn="a variant of Win32/OpenCandy.C potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\ihsan\Downloads\FreemakeVideoConverterSetup.exe"
sh=74507D2AD5D69252167B682B5FA7E693E1AE0652 ft=1 fh=c644006b49a165d6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\ihsan\Downloads\Programs\ccsetup502.exe"
sh=C9043F07A8FF06FA45F277734279C7DC2BDAC71F ft=1 fh=e3093d1defd70c82 vn="Win32/Toolbar.Conduit.AE potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows.old\Documents and Settings\ihsan\AppData\Roaming\IDM\DwnlData\ihsan\dde_de_drive-files-b_com_689\dde_de_drive-files-b_com"
sh=E32FCD9BC5ED916E7DA36EDCC08AC2B7191F4EDC ft=1 fh=437ba9a2ac46033a vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Documents and Settings\ihsan\Downloads\Programs\aida64extreme460.exe"
sh=1DE5D70A411EBBF4441FD569E7427CC28A4D6B13 ft=1 fh=b572351b8a033ea9 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Documents and Settings\ihsan\Downloads\Programs\ccsetup417.exe"
sh=D7D5A78EB6B2C075F270E220790A061815CFD7DD ft=1 fh=74a01f20d747950b vn="Win32/OpenCandy potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Documents and Settings\ihsan\Downloads\Programs\GOMPLAYERENSETUP.EXE"
sh=C716724D9268C6ED892E6A3CB0588D712A7BE60C ft=1 fh=55ce4bfb7a3a21e5 vn="a variant of Win32/GameHack.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows.old\Documents and Settings\ihsan\Games\Tom Clancy's H.A.W.X\EXTRAS\Promo Trainer\H.A.W.X. Trainer.exe"
[email protected] as downloader log:
all ok

here there the fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-02-2015
Ran by ihsan at 2015-02-15 02:56:57 Run:2
Running from C:\Users\ihsan\Desktop
Loaded Profiles: ihsan & MsDtsServer110 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & MSSQLSERVER (Available profiles: ihsan & MsDtsServer110 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & MSSQLSERVER)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
URLSearchHook: [S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003] ATTENTION ==> Default URLSearchHook is missing.
EmptyTemp:
*****************
 
Processes closed successfully.
Error setting Default URLSearchHook.
Error setting Default URLSearchHook.
Error setting Default URLSearchHook.
Error setting Default URLSearchHook.
Error setting Default URLSearchHook.
EmptyTemp: => Removed 1.1 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 02:57:36 ====

  • 0

#28
bloopie

bloopie

    Trusted Helper

  • Malware Removal
  • 62 posts

Hello again,

 

You have nothing to be sorry for! :)

 

Thankfully, running ESET to remove everything automatically didn't harm your computer. We can take care of any leftovers later on, but let's see if we can get the below issue resolved.

 

==========

 

Could you please verify that you completely followed the steps in this link (and you've also read the other link that is present on how to change the automatic maintenance settings)?

 

After those steps are followed (and you have rebooted the machine), you should not have the automatic maintenance always running.

 

Please retry the steps in those links, and let me know if that changes anything after you rebooted the machine!

 

bloopie


  • 0

#29
ihocan

ihocan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Thanks the Maintenance issue is solved.


Edited by ihocan, 15 February 2015 - 06:33 PM.

  • 0

#30
bloopie

bloopie

    Trusted Helper

  • Malware Removal
  • 62 posts

Hello again,

 

Glad to hear that, well done! :spoton:

 

==========

 

Okay at this point, is there anything else you'd like to bring to my attention with this computer? If not, then we'll go ahead with the final steps to remove our tools and clean up our mess. :)

 

bloopie


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP