Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014
Ran by SYSTEM on MININT-I2KH0DC on 09-11-2014 20:04:06
Running from F:\
Platform: Windows 7 Professional Service Pack 1 (X64)
Internet Explorer Version 11
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [00PCTFW] => C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe [2672600 2011-04-07] (PC Tools)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [440632 2014-08-29] (Malwarebytes Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
HKU\Guest\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\user\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
BootExecute: autocheck autochk /p \??\D:autocheck autochk *
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()
S2 Canon Driver Information Assist Service; C:\Program Files\Canon\DIAS\CnxDIAS.exe [5912240 2011-09-28] (CANON INC.)
S2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [441144 2014-08-29] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S2 PCToolsFirewallPlus; C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe [286000 2011-01-24] (PC Tools)
S4 SQLAgent$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
S2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [X]
S4 NvNetworkService; "C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe" [X]
S4 nvUpdatusService; "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" [X]
S3 WinHttpAutoProxySvc; winhttp.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-04] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-04] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-04] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-04] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-04] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-04] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-04] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-04] ()
S3 cpuz137; C:\Users\user\Desktop\pc-wizard_2014.2.13\pcwiz_x64.sys [26856 2014-02-17] (CPUID)
S2 DS1410D; C:\Windows\SysWow64\Drivers\DS1410D.sys [6592 2001-06-18] ()
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2012-01-06] (DT Soft Ltd)
S1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63000 2014-08-30] ()
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 PCTFW-PacketFilter; C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys [119688 2011-01-12] (PC Tools)
S1 pctgntdi; C:\Windows\System32\drivers\pctgntdi64.sys [334976 2011-01-17] (PC Tools)
S3 pctNdis; C:\Windows\System32\DRIVERS\pctNdis64.sys [79000 2010-07-08] (PC Tools)
S3 pctNdisMP; C:\Windows\System32\DRIVERS\pctNdis64.sys [79000 2010-07-08] (PC Tools)
S3 pctplfw; C:\Windows\System32\drivers\pctplfw64.sys [179976 2011-01-17] (PC Tools)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [166384 2014-09-09] (Windows ® Win 7 DDK provider)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 ROCKEYNT; C:\Windows\System32\DRIVERS\Rockey4.sys [25600 2013-01-11] (Feitian Technologies Co., Ltd.)
S3 VEtherMp50; C:\Windows\System32\Drivers\VEtherMp50.sys [46648 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA))
S3 VEtherSp50; C:\Windows\System32\Drivers\VEtherSp50.sys [45624 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA))
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 usb6xxxk; \??\C:\Windows\system32\drivers\usb6xxxkl.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-04 13:52 - 2014-11-04 13:52 - 01050432 ____C (AVAST Software) C:\Windows\System32\Drivers\aswsnx.sys
2014-11-04 13:52 - 2014-11-04 13:52 - 01049920 ____C () C:\Windows\System32\Drivers\aswsnx.sys.1415101946316
2014-11-04 13:52 - 2014-11-04 13:52 - 00436624 ____C (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2014-11-04 13:52 - 2014-11-04 13:52 - 00364512 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-11-04 13:52 - 2014-11-04 13:52 - 00267632 ____C () C:\Windows\System32\Drivers\aswVmm.sys
2014-11-04 13:52 - 2014-11-04 13:52 - 00116728 ____C (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2014-11-04 13:52 - 2014-11-04 13:52 - 00093568 ____C (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2014-11-04 13:52 - 2014-11-04 13:52 - 00083280 ____C (AVAST Software) C:\Windows\System32\Drivers\aswmonflt.sys
2014-11-04 13:52 - 2014-11-04 13:52 - 00082768 ____C () C:\Windows\System32\Drivers\aswmonflt.sys.1415101946316
2014-11-04 13:52 - 2014-11-04 13:52 - 00065776 ____C () C:\Windows\System32\Drivers\aswRvrt.sys
2014-11-04 13:52 - 2014-11-04 13:52 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-04 13:52 - 2014-11-04 13:52 - 00029208 ____C () C:\Windows\System32\Drivers\aswHwid.sys
2014-11-04 13:52 - 2014-11-04 13:52 - 00001971 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-04 13:52 - 2014-11-04 13:52 - 00000350 ____H () C:\Windows\Tasks\avast! Emergency Update.job
2014-11-04 13:39 - 2014-11-04 13:39 - 00000000 ____D () C:\Program Files\AVAST Software
2014-11-04 13:27 - 2014-11-04 13:39 - 00000000 ____D () C:\ProgramData\AVAST Software
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-04 21:38 - 2012-01-06 16:02 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-04 21:32 - 2012-07-11 20:23 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc
2014-11-04 20:52 - 2012-01-26 17:38 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\setup.exe
C:\Users\user\AppData\Local\Temp\setup64.exe
C:\Users\user\AppData\Local\Temp\_is169B.exe
C:\Users\user\AppData\Local\Temp\_is6CA7.exe
C:\Users\user\AppData\Local\Temp\_isD6ED.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe
[2014-10-15 01:42] - [2014-07-17 04:07] - 0455168 ____A (Microsoft Corporation) 8CEBD9D0A0A879CDE9F36F4383B7CAEA
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
==================== BCD ================================
Windows ™nykleme Y”neticisi
--------------------
tanmlayc: {bootmgr}
device partition=C:
path \bootmgr
description Windows Boot Manager
locale tr-TR
default {default}
displayorder {default}
timeout 30
Windows ™nykleme Ykleyicisi
-------------------
tanmlayc: {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7 Professional (kurtarld)
locale tr-TR
recoverysequence {current}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
Windows ™nykleme Ykleyicisi
-------------------
tanmlayc: {current}
device ramdisk=[C:]\Recovery\da98fdf4-25bd-11e1-bfc3-b49e2de55589\Winre.wim,{62a8e92d-6836-11e4-90b8-c7602c768376}
path \windows\system32\winload.exe
description Windows Recovery Environment (kurtarld)
locale
osdevice ramdisk=[C:]\Recovery\da98fdf4-25bd-11e1-bfc3-b49e2de55589\Winre.wim,{62a8e92d-6836-11e4-90b8-c7602c768376}
systemroot \windows
winpe Yes
Windows Bellek Snama Arac
---------------------
tanmlayc: {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale tr-TR
Aygt se‡enekleri
--------------
tanmlayc: {62a8e92d-6836-11e4-90b8-c7602c768376}
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\da98fdf4-25bd-11e1-bfc3-b49e2de55589\boot.sdi
==================== Memory info ===========================
Percentage of memory in use: 7%
Total physical RAM: 16351.14 MB
Available physical RAM: 15167.28 MB
Total Pagefile: 16349.34 MB
Available Pagefile: 15169.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
==================== Drives ================================
Drive c: (SISTEMA) (Fixed) (Total:111.68 GB) (Free:44.39 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Windows 7 64-bit onarım diski) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 44B082CC)
Partition 1: (Active) - (Size=111.7 GB) - (Type=07 NTFS)
========================================================
LastRegBack: 2014-10-31 15:08
==================== End Of Log ============================