Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

AVG says I got 30 infections (from same rootkit)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

AVG says I got 30 infections (from same rootkit)

Unread postby asi_turk » March 20th, 2014, 2:55 pm

I was using avast for a long time and it slows down my system so I decided to get a new AV.
When I installed AVG I run a Anti-Rootkit scan and it has found 30 malicious.
It allways fails to remove and it says "unable to remove data not vaild"
I have posted AVG log.
Note:Please forgive my grammar mistakes.


DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: BrowserJavaVersion: 10.51.2
Run by Batu at 20:33:35 on 2014-03-20
Microsoft Windows 7 Home Basic 6.1.7601.1.1254.90.1055.18.4044.1677 [GMT 2:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.tr
uSearch Bar = Preserve
uDefault_Page_URL = about:blank
mWinlogon: Userinit = C:\Windows\System32\userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Oturum Açma Yardım Aracı: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{DB481297-64D7-4BC0-9488-BB8AE43F4931} : DHCPNameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{DB481297-64D7-4BC0-9488-BB8AE43F4931}\37D696C656164637C6F513230333 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DB481297-64D7-4BC0-9488-BB8AE43F4931}\6656E65627 : DHCPNameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{DB481297-64D7-4BC0-9488-BB8AE43F4931}\A5455475330303 : DHCPNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
IFEO: taskmgr.exe - "C:\Program Files\Process Hacker 2\ProcessHacker.exe"
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: taskmgr.exe - "C:\Program Files\Process Hacker 2\ProcessHacker.exe"
Hosts: 127.0.0.1 http://www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Batu\AppData\Roaming\Mozilla\Firefox\Profiles\b3233y40.default\
FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS - Turkce
FF - prefs.js: network.proxy.gopher - 85.175.217.151
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-7 203776]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-2-26 2224976]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-22 13336]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-2-26 377616]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-5-22 2656280]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2012-9-13 87040]
R3 IntcDAud;Intel(R) Ekran İçin Ses;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2011-1-8 12262688]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2009-12-2 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2009-12-2 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
RUnknown aswMonFlt;aswMonFlt; [x]
RUnknown aswRvrt;aswRvrt; [x]
RUnknown aswSnx;aswSnx; [x]
RUnknown aswSP;aswSP; [x]
RUnknown aswStm;aswStm; [x]
RUnknown aswVmm;aswVmm; [x]
S2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2013-10-15 50704]
S3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;C:\Windows\System32\drivers\InputFilter_FlexDef2b.sys [2010-6-18 17920]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-24 19456]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-2-15 335464]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-2 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-24 30208]
S3 usbUDisc;usbUDisc;C:\Windows\System32\drivers\USBDrv_AMD64.sys [2014-3-11 17280]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .vbs: VBSFile="C:\Windows\System32\WScript.exe" "%1" %* [UserChoice]
.
=============== Created Last 30 ================
.
2014-03-20 17:44:33 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
2014-03-20 17:00:22 -------- d-----w- C:\Users\Batu\AppData\Roaming\AVG2014
2014-03-20 16:58:02 -------- d-----w- C:\Users\Batu\AppData\Roaming\TuneUp Software
2014-03-20 16:56:49 -------- d--h--w- C:\$AVG
2014-03-20 16:56:49 -------- d-----w- C:\ProgramData\AVG2014
2014-03-20 16:56:23 -------- d-----w- C:\Program Files (x86)\AVG
2014-03-20 16:49:00 -------- d-----w- C:\Users\Batu\AppData\Local\Avg2014
2014-03-20 16:47:47 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2014-03-18 18:49:33 -------- d-----w- C:\Users\Batu\AppData\Local\{3C8521B0-3248-4726-A7E4-0F17360A2D4A}
2014-03-18 15:01:38 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B7A66AFC-78FC-49DF-8DB2-0ACC03DB451A}\mpengine.dll
2014-03-16 12:49:02 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2014-03-16 12:48:42 -------- d-----w- C:\Users\Batu\AppData\Local\LogMeIn Hamachi
2014-03-16 10:26:08 -------- d-----w- C:\Users\Batu\AppData\Local\{5B8DB6CC-2AFC-4FD6-820F-8D0E8FD0BBE8}
2014-03-16 10:17:41 -------- d-----w- C:\Users\Batu\AppData\Local\VS Revo Group
2014-03-16 10:17:30 -------- d-----w- C:\ProgramData\VS Revo Group
2014-03-16 10:13:35 -------- d-----w- C:\Users\Batu\AppData\Local\{661E8134-D521-4DA0-9C43-8E32D6576AB7}
2014-03-16 08:05:02 -------- d-----w- C:\Users\Batu\AppData\Local\Skype
2014-03-16 08:04:41 -------- d-----r- C:\Program Files (x86)\Skype
2014-03-14 16:35:30 -------- d-----w- C:\ProgramData\InstallMate
2014-03-12 16:39:02 -------- d-----w- C:\Users\Batu\AppData\Local\WinTestGear
2014-03-12 16:38:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-03-12 16:38:18 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-03-12 16:38:18 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-03-12 16:38:17 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-12 16:38:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-12 16:38:17 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-03-12 16:38:17 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-12 16:38:16 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-12 16:33:00 -------- d-----w- C:\Users\Batu\AppData\Local\Windows Live
2014-03-12 16:32:26 -------- d-----w- C:\Users\Batu\AppData\Local\{AF4709ED-9BAB-462D-9E0C-AB56E879AC58}
2014-03-11 06:05:09 17280 ----a-w- C:\Windows\System32\drivers\USBDrv_AMD64.sys
2014-03-10 16:10:02 -------- d-----w- C:\Users\Batu\AppData\Roaming\hpqLog
2014-03-09 13:46:55 -------- d-----w- C:\ProgramData\LogMeIn
2014-03-06 17:55:32 -------- d-----w- C:\Users\Batu\AppData\Roaming\skyz
2014-03-05 17:11:06 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-04 16:08:39 -------- d-----w- C:\Users\Batu\AppData\Roaming\Blackboard
2014-03-03 18:54:19 6574592 ----a-w- C:\Windows\System32\mstscax.dll
2014-03-03 18:54:19 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-03-02 16:49:19 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-03-02 16:49:19 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-02-28 18:26:37 -------- d-----w- C:\Users\Batu\AppData\Roaming\FastStone
2014-02-28 08:26:43 -------- d-----w- C:\Users\Batu\AppData\Local\{648DB31E-C55A-438D-A4D2-449765D529A5}
2014-02-28 07:47:39 -------- d-----w- C:\Users\Batu\AppData\Local\Downloaded Installations
2014-02-27 16:33:44 -------- d-----w- C:\Users\Batu\AppData\Roaming\RenPy
2014-02-27 16:23:17 -------- d-----w- C:\Users\Batu\AppData\Roaming\Process Hacker 2
2014-02-27 16:23:06 -------- d-----w- C:\Program Files\Process Hacker 2
2014-02-24 19:09:38 -------- d-----w- C:\Users\Batu\AppData\Roaming\PunkBuster
.
==================== Find3M ====================
.
2014-02-23 08:13:41 2241536 ----a-w- C:\Windows\System32\wininet.dll
2014-02-23 08:11:59 3960320 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-23 08:11:52 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-23 08:11:52 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-02-23 06:54:46 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-23 06:53:22 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-23 06:53:18 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-23 06:53:18 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-02-23 06:35:36 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-23 06:31:25 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 16:49:09 43152 ----a-w- C:\Windows\avastSS.scr
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-21 09:39:33 600064 ----a-w- C:\Windows\System32\vbscript.dll
2013-12-21 07:56:10 523776 ----a-w- C:\Windows\SysWow64\vbscript.dll
.
============= FINISH: 20:33:52,49 ===============

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 21.06.2012 16:26:37
System Uptime: 20.03.2014 18:43:11 (2 hours ago)
.
Motherboard: Hewlett-Packard | | 1670
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz | CPU1 | 2100/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 393,042 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 1,6 GiB free.
E: is CDROM (UDF)
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: Generic Bluetooth Adapter
Device ID: USB\VID_0A5C&PID_21B4\CC52AFA242AD
Manufacturer: GenericAdapter
Name: Generic Bluetooth Adapter
PNP Device ID: USB\VID_0A5C&PID_21B4\CC52AFA242AD
Service: BTHUSB
.
==== System Restore Points ===================
.
RP309: 20.03.2014 18:46:28 - avast! antivirus system restore point
RP310: 20.03.2014 18:55:45 - Installed AVG 2014
RP311: 20.03.2014 18:56:30 - Installed AVG 2014
RP312: 20.03.2014 18:59:58 - Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi Kaldırıldı
RP313: 20.03.2014 20:08:38 - Windows Modül Yükleyicisi
RP314: 20.03.2014 20:16:20 - Windows Modül Yükleyicisi
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7) MUI
Adobe Shockwave Player 12.0
ATI Catalyst Install Manager
AVG 2014
Broadcom 802.11 Wireless LAN Adapter
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCleaner
CDBurnerXP
D3DX10
Empire: Total War
ESU for Microsoft Windows 7
Hotfix for Microsoft Visual C# 2010 Express - ENU (KB2635973)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Documentation
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Software Framework
HUAWEI DataCard Driver 4.23.13.00
IDT Audio
Intel(R) Display Audio Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java 7 Update 51
Java Auto Updater
Junk Mail filter update
LogMeIn Hamachi
Mesh Runtime
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5.1
Microsoft .NET Framework 4.5.1 (Türkçe)
Microsoft .NET Framework 4.5.1 (TRK)
Microsoft Application Error Reporting
Microsoft Help Viewer 1.1
Microsoft Office 2010
Microsoft Office Starter 2010 - Türkçe
Microsoft Office Tıkla-Çalıştır 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2012 Transact-SQL ScriptDom
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server Compact 4.0 SP1 x64 ENU
Microsoft SQL Server System CLR Types
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual C++ 2010 Express - ENU
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft XNA Framework Redistributable 4.0
Mount & Blade: Warband
Mount & Blade: With Fire and Sword
Mozilla Firefox 27.0.1 (x86 tr)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Process Hacker 2.33 (r5590)
PX Profile Update
Realtek Ethernet Controller Driver
Recovery Manager
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Skype™ 6.14
Steam
swMSM
Synaptics TouchPad Driver
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotoğraf Galerisi
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPatrol
WinRAR 4.10 (32-bit)
ZoneAlarm Firewall
ZoneAlarm Security
.
==== End Of File ===========================

AVG Scan Log (Turkish)

Anti-Rootkit tarama
"Orta öncelik;""30"";""0"";""30"""
"Başlangıç:;""20.03.2014, 19:52:45"""
"Bitiş:;""20.03.2014, 19:54:28"""
"Taranan toplam nesne:;""158267"""
"Taramayı başlatan kullanıcı:;""Batu"""

"Adı;""Açıklama"";""Sonuç"";""Durum"";""Öncelik"""
"C:\Windows\system32\drivers\aswSnx.sys;""Satır için kanca win32k.sys W32pArgumentTable+0xBE64 -> aswSnx.sys +0x2D8A8"";""Bulaşmış"";""Bulaşmış"";""Orta"""
"C:\Windows\system32\drivers\aswSnx.sys;""Satır için kanca win32k.sys W32pArgumentTable+0x8548 -> aswSnx.sys +0x2D620"";""Bulaşmış"";""Bulaşmış"";""Orta"""
"C:\Windows\system32\drivers\aswSnx.sys;""Satır için kanca win32k.sys EngSetPointerTag+0x194 -> aswSnx.sys +0x30100"";""Bulaşmış"";""Bulaşmış"";""Orta"""
"C:\Windows\system32\drivers\aswSnx.sys;""Satır için kanca win32k.sys W32pArgumentTable+0x5A00 -> aswSnx.sys +0x2E3A8"";""Bulaşmış"";""Bulaşmış"";""Orta"""
"C:\Windows\system32\drivers\aswSnx.sys;""Satır için kanca win32k.sys W32pArgumentTable+0x45D4 -> aswSnx.sys +0x2D0F0"";""Bulaşmış"";""Bulaşmış"";""Orta"""
"C:\Windows\system32\drivers\aswSnx.sys;""Satır için kanca win32k.sys EngRestoreFloatingPointState+0x1120 -> aswSnx.sys +0x2F4D8"";""Bulaşmış"";""Bulaşmış"";""Orta"""
"C:\Windows\system32\drivers\aswSnx.sys;""Satır için kanca win32k.sys W32pArgumentTable+0x12E7C -> aswSnx.sys +0x2E264"";""Bulaşmış"";""Bulaşmış"";""Orta"""
"C:\Windows\system32\drivers\aswSnx.sys;""Satır için kanca win32k.sys W32pArgumentTable+0x14830 -> aswSnx.sys +0x2DB50"";""Bulaşmış"";""Bulaşmış"";""Orta"""
"C:\Windows\system32\drivers\aswSnx.sys;""Satır için kanca win32k.sys XLATEOBJ_hGetColorTransform+0x15C48 -> aswSnx.sys +0x2F538"";""Bulaşmış"";""Bulaşmış"";""Orta"""
"C:\Windows\system32\drivers\aswSnx.sys;""Satır için kanca win32k.sys W32pArgumentTable+0xE144 -> aswSnx.sys +0x2E4D8"";""Bulaşmış"";""Bulaşmış"";""Orta"""
"C:\Windows\system32\drivers\aswSnx.sys;""Satır için kanca win32k.sys W32pArgumentTable+0x90A0 -> aswSnx.sys +0x2E62C"";""Bulaşmış"";""Bulaşmış"";""Orta"""
"C:\Windows\system32\drivers\aswSnx.sys;""Satır için kanca win32k.sys W32pArgumentTable+0x6304 -> aswSnx.sys +0x2D6D0"";""Bulaşmış"";""Bulaşmış"";""Orta"""
"C:\Windows\system32\drivers\aswSnx.sys;""Satır için kanca win32k.sys XLATEOBJ_hGetColorTransform+0x63DC -> aswSnx.sys +0x2FA98"";""Bulaşmış"";""Bulaşmış"";""Orta"""
"C:\Windows\system32\drivers\aswSnx.sys;""Satır için kanca win32k.sys EngRestoreFloatingPointState+0x3EA8 -> aswSnx.sys +0x2D4E0"";""Bulaşmış"";""Bulaşmış"";""Orta"""
"C:\Windows\system32\drivers\aswSnx.sys;""Satır için kanca win32k.sys STROBJ_fxBreakExtra+0x1E00 -> aswSnx.sys +0x2FF7C"";""Bulaşmış"";""Bulaşmış"";""Orta"""
"C:\Windows\system32\drivers\aswSnx.sys;""Satır için kanca win32k.sys W32pArgumentTable+0xE2C0 -> aswSnx.sys +0x2E37C"";""Bulaşmış"";""Bulaşmış"";""Orta"""
"C:\Windows\system32\drivers\aswSnx.sys;""Satır için kanca win32k.sys W32pArgumentTable+0x2568 -> aswSnx.sys +0x2DE74"";""Bulaşmış"";""Bulaşmış"";""Orta"""
"C:\Windows\system32\drivers\aswSnx.sys;""Satır için kanca win32k.sys W32pArgumentTable+0x7BE4 -> aswSnx.sys +0x2E504"";""Bulaşmış"";""Bulaşmış"";""Orta"""
"C:\Windows\system32\drivers\aswSnx.sys;""Satır için kanca win32k.sys EngFntCacheLookUp+0x12488 -> aswSnx.sys +0x2D300"";""Bulaşmış"";""Bulaşmış"";""Orta"""
"C:\Windows\system32\drivers\aswSnx.sys;""Satır için kanca win32k.sys EngCopyBits+0x16AC -> aswSnx.sys +0x2F470"";""Bulaşmış"";""Bulaşmış"";""Orta"""
"C:\Windows\system32\drivers\aswSnx.sys;""Satır için kanca win32k.sys W32pArgumentTable+0x5694 -> aswSnx.sys +0x2DC30"";""Bulaşmış"";""Bulaşmış"";""Orta"""
"C:\Windows\system32\drivers\aswSnx.sys;""Satır için kanca win32k.sys XLATEOBJ_hGetColorTransform+0xF2C -> aswSnx.sys +0x2F584"";""Bulaşmış"";""Bulaşmış"";""Orta"""
"C:\Windows\system32\drivers\aswSnx.sys;""Satır için kanca win32k.sys W32pArgumentTable+0xBCF8 -> aswSnx.sys +0x2D92C"";""Bulaşmış"";""Bulaşmış"";""Orta"""
"C:\Windows\system32\drivers\aswSnx.sys;""Satır için kanca win32k.sys EngBitBlt+0x6054 -> aswSnx.sys +0x2E0E4"";""Bulaşmış"";""Bulaşmış"";""Orta"""
"C:\Windows\system32\drivers\aswSnx.sys;""Satır için kanca win32k.sys W32pArgumentTable+0xB7D8 -> aswSnx.sys +0x2E100"";""Bulaşmış"";""Bulaşmış"";""Orta"""
"C:\Windows\system32\drivers\aswSnx.sys;""Satır için kanca win32k.sys W32pArgumentTable+0x24D4 -> aswSnx.sys +0x2DD60"";""Bulaşmış"";""Bulaşmış"";""Orta"""
"C:\Windows\system32\drivers\aswSnx.sys;""Satır için kanca win32k.sys W32pArgumentTable+0x8104 -> aswSnx.sys +0x2DA70"";""Bulaşmış"";""Bulaşmış"";""Orta"""
"C:\Windows\system32\drivers\aswSnx.sys;""Satır için kanca win32k.sys W32pArgumentTable+0x6A64 -> aswSnx.sys +0x2E350"";""Bulaşmış"";""Bulaşmış"";""Orta"""
"C:\Windows\system32\drivers\aswSnx.sys;""Satır için kanca win32k.sys EngFntCacheLookUp+0x8F08 -> aswSnx.sys +0x2F2FC"";""Bulaşmış"";""Bulaşmış"";""Orta"""
"C:\Windows\system32\drivers\aswSnx.sys;""Satır için kanca win32k.sys EngPaint+0x914 -> aswSnx.sys +0x2FE00"";""Bulaşmış"";""Bulaşmış"";""Orta"""
asi_turk
Active Member
 
Posts: 7
Joined: March 20th, 2014, 2:14 pm
Advertisement
Register to Remove

Re: AVG says I got 30 infections (from same rootkit)

Unread postby Cypher » March 21st, 2014, 10:55 am

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start



What the AVG scan is detecting "aswSnx.sys" is part of Avast Antivirus.


Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Next.

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished, uncheck any entries you don't want to remove, then click on Clean.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next.

Please download FRST ... by Farbar, from the link below and save it to your Desktop.

For 64 bit Systems

  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • The first time the tool is run, it will create another log... Addition.txt.
  • Please post the content of the Addition.txt in your next reply.

Logs/Information to Post in your Next Reply

  • AdwCleaner log.
  • FRST.txt and Addition.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: AVG says I got 30 infections (from same rootkit)

Unread postby asi_turk » March 21st, 2014, 12:20 pm

First I want to say thanks for helping me.
Also I don't have any issues with my computer speed or my internet connection. (If you want to know)

FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Batu (administrator) on BATU-HP on 21-03-2014 18:11:45
Running from C:\Users\Batu\Desktop
Windows 7 Home Basic Service Pack 1 (X64) OS Language: 041F
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-10-25] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1327276646-4194761679-295217087-1000\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [496192 2014-02-25] (BillP Studios)
IFEO\taskmgr.exe: [Debugger] "C:\Program Files\Process Hacker 2\ProcessHacker.exe"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.tr
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {61A65343-0763-48C0-9A84-4FB678DA91B9} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKLM-x32 - {61A65343-0763-48C0-9A84-4FB678DA91B9} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=483
SearchScopes: HKCU - {61A65343-0763-48C0-9A84-4FB678DA91B9} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0

FireFox:
========
FF ProfilePath: C:\Users\Batu\AppData\Roaming\Mozilla\Firefox\Profiles\b3233y40.default
FF DefaultSearchEngine: Startpage HTTPS - Turkce
FF SelectedSearchEngine: Startpage HTTPS - Turkce
FF NetworkProxy: "gopher", "85.175.217.151"
FF NetworkProxy: "gopher_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yandex-tr.xml
FF Extension: WOT - C:\Users\Batu\AppData\Roaming\Mozilla\Firefox\Profiles\b3233y40.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-02-28]
FF Extension: Adblock Plus - C:\Users\Batu\AppData\Roaming\Mozilla\Firefox\Profiles\b3233y40.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-03]

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2013-10-25] (Check Point Software Technologies LTD)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2010-07-27] (Huawei Technologies Co., Ltd.)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-18] (Siliten)
S3 usbUDisc; C:\Windows\System32\DRIVERS\USBDrv_AMD64.sys [17280 2011-11-20] (Scott)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [454168 2013-10-23] (Check Point Software Technologies LTD)
S3 btwampfl; system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 wolf; \??\C:\Joygame\WolfTeamTS\avital\wolf64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2015-09-26 19:53 - 2014-03-21 20:53 - 00000246 _____ () C:\Users\Batu\Desktop\Not.txt
2014-03-21 18:11 - 2014-03-21 18:12 - 00013453 _____ () C:\Users\Batu\Desktop\FRST.txt
2014-03-21 18:11 - 2014-03-21 18:11 - 00000000 ____D () C:\FRST
2014-03-21 18:05 - 2014-03-21 18:05 - 00000912 _____ () C:\Users\Batu\Desktop\AdwCleaner[S0].txt
2014-03-21 18:04 - 2014-03-21 18:11 - 00000000 ____D () C:\AdwCleaner
2014-03-21 18:04 - 2014-03-21 18:05 - 00000903 _____ () C:\Users\Batu\Desktop\AdwCleaner[R0].txt
2014-03-21 18:04 - 2014-03-21 18:04 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BATU-HP-Microsoft-Windows-7-Home-Basic-(64-bit).dat
2014-03-21 18:02 - 2014-03-21 18:03 - 02157056 _____ (Farbar) C:\Users\Batu\Desktop\FRST64.exe
2014-03-21 18:02 - 2014-03-21 18:02 - 00000000 ____D () C:\RegBackup
2014-03-21 18:01 - 2014-03-21 18:01 - 00000000 ____D () C:\Users\Batu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-03-21 18:01 - 2014-03-21 18:01 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-03-21 18:00 - 2014-03-21 18:00 - 01950720 _____ () C:\Users\Batu\Desktop\adwcleaner.exe
2014-03-20 21:14 - 2014-03-20 21:14 - 00270800 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-20 21:13 - 2014-03-20 21:14 - 00355876 _____ () C:\Windows\PFRO.log
2014-03-20 20:33 - 2014-03-20 20:33 - 00019398 _____ () C:\Users\Batu\Desktop\dds.txt
2014-03-20 20:33 - 2014-03-20 20:33 - 00006285 _____ () C:\Users\Batu\Desktop\attach.txt
2014-03-20 20:17 - 2014-03-20 20:17 - 00688992 ____R (Swearware) C:\Users\Batu\Desktop\dds.scr
2014-03-20 19:05 - 2014-03-21 18:06 - 00000224 _____ () C:\Windows\setupact.log
2014-03-20 19:05 - 2014-03-20 19:05 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-20 19:03 - 2014-03-20 19:03 - 00060056 _____ () C:\Users\Batu\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-20 19:00 - 2014-03-20 19:00 - 00000000 ____D () C:\Users\Batu\AppData\Roaming\AVG2014
2014-03-20 18:58 - 2014-03-20 18:58 - 00000931 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-20 18:58 - 2014-03-20 18:58 - 00000000 ____D () C:\Users\Batu\AppData\Roaming\TuneUp Software
2014-03-20 18:56 - 2014-03-20 18:58 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-20 18:56 - 2014-03-20 18:56 - 00000000 ___HD () C:\$AVG
2014-03-20 18:56 - 2014-03-20 18:56 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-20 18:49 - 2014-03-20 19:17 - 00000000 ____D () C:\Users\Batu\AppData\Local\Avg2014
2014-03-20 18:46 - 2014-03-21 18:10 - 00077034 _____ () C:\Windows\WindowsUpdate.log
2014-03-18 20:49 - 2014-03-18 20:49 - 00000000 ____D () C:\Users\Batu\AppData\Local\{3C8521B0-3248-4726-A7E4-0F17360A2D4A}
2014-03-16 14:49 - 2014-03-16 14:49 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-03-16 14:48 - 2014-03-21 07:22 - 00000000 ____D () C:\Users\Batu\AppData\Local\LogMeIn Hamachi
2014-03-16 14:46 - 2014-03-16 14:56 - 00000000 ____D () C:\Users\Batu\Desktop\Server
2014-03-16 12:26 - 2014-03-16 12:26 - 00000000 ____D () C:\Users\Batu\AppData\Local\{5B8DB6CC-2AFC-4FD6-820F-8D0E8FD0BBE8}
2014-03-16 12:17 - 2014-03-16 12:17 - 00000000 ____D () C:\Users\Batu\AppData\Local\VS Revo Group
2014-03-16 12:17 - 2014-03-16 12:17 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-03-16 12:13 - 2014-03-16 12:13 - 00000000 ____D () C:\Users\Batu\AppData\Local\{661E8134-D521-4DA0-9C43-8E32D6576AB7}
2014-03-16 10:05 - 2014-03-16 10:05 - 00000000 ____D () C:\Users\Batu\AppData\Local\Skype
2014-03-16 10:04 - 2014-03-21 18:04 - 00000000 ____D () C:\Users\Batu\AppData\Roaming\Skype
2014-03-16 10:04 - 2014-03-16 10:04 - 00002705 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-16 10:04 - 2014-03-16 10:04 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-16 10:04 - 2014-03-16 10:04 - 00000000 ____D () C:\ProgramData\Skype
2014-03-14 18:35 - 2014-03-14 18:35 - 00002123 _____ () C:\Users\Batu\Desktop\WinPatrol.lnk
2014-03-14 18:35 - 2014-03-14 18:35 - 00000000 ____D () C:\ProgramData\InstallMate
2014-03-13 16:54 - 2014-02-23 10:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 16:54 - 2014-02-23 10:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 16:54 - 2014-02-23 10:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 16:54 - 2014-02-23 10:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 16:54 - 2014-02-23 10:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-13 16:54 - 2014-02-23 10:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 16:54 - 2014-02-23 10:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 16:54 - 2014-02-23 08:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 16:54 - 2014-02-23 08:53 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 16:54 - 2014-02-23 08:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 16:54 - 2014-02-23 08:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-13 16:54 - 2014-02-23 08:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 16:54 - 2014-02-23 08:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 16:54 - 2014-02-23 08:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 16:54 - 2014-02-23 08:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 16:53 - 2014-02-23 10:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 16:53 - 2014-02-23 10:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 16:53 - 2014-02-23 10:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 16:53 - 2014-02-23 10:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 16:53 - 2014-02-23 10:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 16:53 - 2014-02-23 10:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 16:53 - 2014-02-23 10:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-13 16:53 - 2014-02-23 10:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 16:53 - 2014-02-23 08:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 16:53 - 2014-02-23 08:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 16:53 - 2014-02-23 08:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 16:53 - 2014-02-23 08:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 16:53 - 2014-02-23 08:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 16:53 - 2014-02-23 08:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-13 16:53 - 2014-02-23 08:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 16:53 - 2014-02-23 08:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 18:39 - 2014-03-12 18:39 - 00000000 ____D () C:\Users\Batu\AppData\Local\WinTestGear
2014-03-12 18:38 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 18:38 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 18:38 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 18:38 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 18:38 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 18:38 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 18:38 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 18:38 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 18:33 - 2014-03-16 12:12 - 00000000 ____D () C:\Users\Batu\AppData\Local\Windows Live
2014-03-12 18:32 - 2014-03-12 18:32 - 00000000 ____D () C:\Users\Batu\AppData\Local\{AF4709ED-9BAB-462D-9E0C-AB56E879AC58}
2014-03-11 08:05 - 2011-11-20 00:14 - 00017280 _____ (Scott) C:\Windows\system32\Drivers\USBDrv_AMD64.sys
2014-03-10 18:10 - 2014-03-10 18:10 - 00000000 ____D () C:\Users\Batu\AppData\Roaming\hpqLog
2014-03-09 15:46 - 2014-03-09 15:46 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-03-06 19:55 - 2014-03-06 19:55 - 00000000 ____D () C:\Users\Batu\AppData\Roaming\skyz
2014-03-05 19:11 - 2014-03-05 19:10 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-03-05 19:11 - 2014-03-05 19:10 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-03-05 19:11 - 2014-03-05 19:10 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-03-05 19:11 - 2014-03-05 19:10 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-05 19:10 - 2014-03-05 19:10 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-04 18:08 - 2014-03-04 18:08 - 00000000 ____D () C:\Users\Batu\AppData\Roaming\Blackboard
2014-03-03 20:54 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-03 20:54 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-02 18:54 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-03-02 18:54 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-03-02 18:54 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-03-02 18:54 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-03-02 18:54 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-03-02 18:54 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-03-02 18:54 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-03-02 18:54 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-03-02 18:54 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-03-02 18:54 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-03-02 18:54 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-03-02 18:54 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-03-02 18:54 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-03-02 18:54 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-03-02 18:54 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-03-02 18:54 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-03-02 18:49 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-03-02 18:49 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-02-28 20:26 - 2014-02-28 20:26 - 00000000 ____D () C:\Users\Batu\AppData\Roaming\FastStone
2014-02-28 10:26 - 2014-02-28 10:26 - 00000000 ____D () C:\Users\Batu\AppData\Local\{648DB31E-C55A-438D-A4D2-449765D529A5}
2014-02-28 09:47 - 2014-02-28 09:47 - 00000000 ____D () C:\Users\Batu\AppData\Local\Downloaded Installations
2014-02-27 18:33 - 2014-02-27 18:33 - 00000000 ____D () C:\Users\Batu\AppData\Roaming\RenPy
2014-02-27 18:23 - 2014-02-27 18:23 - 00000000 ____D () C:\Users\Batu\AppData\Roaming\Process Hacker 2
2014-02-27 18:23 - 2014-02-27 18:23 - 00000000 ____D () C:\Program Files\Process Hacker 2
2014-02-24 21:09 - 2014-02-24 21:09 - 00000000 ____D () C:\Users\Batu\AppData\Roaming\PunkBuster

==================== One Month Modified Files and Folders =======

2014-03-21 20:53 - 2015-09-26 19:53 - 00000246 _____ () C:\Users\Batu\Desktop\Not.txt
2014-03-21 18:12 - 2014-03-21 18:11 - 00013453 _____ () C:\Users\Batu\Desktop\FRST.txt
2014-03-21 18:11 - 2014-03-21 18:11 - 00000000 ____D () C:\FRST
2014-03-21 18:11 - 2014-03-21 18:04 - 00000000 ____D () C:\AdwCleaner
2014-03-21 18:10 - 2014-03-20 18:46 - 00077034 _____ () C:\Windows\WindowsUpdate.log
2014-03-21 18:07 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-21 18:06 - 2014-03-20 19:05 - 00000224 _____ () C:\Windows\setupact.log
2014-03-21 18:05 - 2014-03-21 18:05 - 00000912 _____ () C:\Users\Batu\Desktop\AdwCleaner[S0].txt
2014-03-21 18:05 - 2014-03-21 18:04 - 00000903 _____ () C:\Users\Batu\Desktop\AdwCleaner[R0].txt
2014-03-21 18:04 - 2014-03-21 18:04 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BATU-HP-Microsoft-Windows-7-Home-Basic-(64-bit).dat
2014-03-21 18:04 - 2014-03-16 10:04 - 00000000 ____D () C:\Users\Batu\AppData\Roaming\Skype
2014-03-21 18:04 - 2009-07-14 06:45 - 00022944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-21 18:04 - 2009-07-14 06:45 - 00022944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-21 18:03 - 2014-03-21 18:02 - 02157056 _____ (Farbar) C:\Users\Batu\Desktop\FRST64.exe
2014-03-21 18:02 - 2014-03-21 18:02 - 00000000 ____D () C:\RegBackup
2014-03-21 18:02 - 2013-06-24 15:25 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-21 18:01 - 2014-03-21 18:01 - 00000000 ____D () C:\Users\Batu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-03-21 18:01 - 2014-03-21 18:01 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-03-21 18:00 - 2014-03-21 18:00 - 01950720 _____ () C:\Users\Batu\Desktop\adwcleaner.exe
2014-03-21 07:25 - 2011-05-06 03:33 - 00657384 _____ () C:\Windows\system32\perfh01F.dat
2014-03-21 07:25 - 2011-05-06 03:33 - 00140522 _____ () C:\Windows\system32\perfc01F.dat
2014-03-21 07:25 - 2009-07-14 07:13 - 01572482 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-21 07:22 - 2014-03-16 14:48 - 00000000 ____D () C:\Users\Batu\AppData\Local\LogMeIn Hamachi
2014-03-20 21:14 - 2014-03-20 21:14 - 00270800 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-20 21:14 - 2014-03-20 21:13 - 00355876 _____ () C:\Windows\PFRO.log
2014-03-20 21:14 - 2012-06-24 09:53 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-20 21:00 - 2014-02-09 15:43 - 00000000 ____D () C:\Users\Batu\AppData\Roaming\SoftGrid Client
2014-03-20 20:59 - 2012-07-02 13:53 - 00000000 ___RD () C:\Users\Batu\Desktop\Hack
2014-03-20 20:33 - 2014-03-20 20:33 - 00019398 _____ () C:\Users\Batu\Desktop\dds.txt
2014-03-20 20:33 - 2014-03-20 20:33 - 00006285 _____ () C:\Users\Batu\Desktop\attach.txt
2014-03-20 20:17 - 2014-03-20 20:17 - 00688992 ____R (Swearware) C:\Users\Batu\Desktop\dds.scr
2014-03-20 20:09 - 2007-01-02 03:25 - 00000000 ____D () C:\Windows\Panther
2014-03-20 19:44 - 2013-06-12 21:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0
2014-03-20 19:44 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-03-20 19:17 - 2014-03-20 18:49 - 00000000 ____D () C:\Users\Batu\AppData\Local\Avg2014
2014-03-20 19:05 - 2014-03-20 19:05 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-20 19:05 - 2013-06-13 15:31 - 00000000 ____D () C:\Users\Batu\AppData\Local\Deployment
2014-03-20 19:03 - 2014-03-20 19:03 - 00060056 _____ () C:\Users\Batu\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-20 19:00 - 2014-03-20 19:00 - 00000000 ____D () C:\Users\Batu\AppData\Roaming\AVG2014
2014-03-20 18:58 - 2014-03-20 18:58 - 00000931 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-20 18:58 - 2014-03-20 18:58 - 00000000 ____D () C:\Users\Batu\AppData\Roaming\TuneUp Software
2014-03-20 18:58 - 2014-03-20 18:56 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-20 18:56 - 2014-03-20 18:56 - 00000000 ___HD () C:\$AVG
2014-03-20 18:56 - 2014-03-20 18:56 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-19 17:28 - 2013-11-01 22:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 17:27 - 2012-07-07 11:53 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 20:49 - 2014-03-18 20:49 - 00000000 ____D () C:\Users\Batu\AppData\Local\{3C8521B0-3248-4726-A7E4-0F17360A2D4A}
2014-03-18 20:09 - 2012-07-02 15:39 - 00000000 ___RD () C:\Users\Batu\Desktop\Dikkat Müzik
2014-03-18 17:29 - 2013-10-22 19:30 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBatu
2014-03-18 17:29 - 2013-10-22 19:30 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForBatu.job
2014-03-16 14:56 - 2014-03-16 14:46 - 00000000 ____D () C:\Users\Batu\Desktop\Server
2014-03-16 14:49 - 2014-03-16 14:49 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-03-16 14:37 - 2009-07-14 07:08 - 00032590 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-16 12:26 - 2014-03-16 12:26 - 00000000 ____D () C:\Users\Batu\AppData\Local\{5B8DB6CC-2AFC-4FD6-820F-8D0E8FD0BBE8}
2014-03-16 12:17 - 2014-03-16 12:17 - 00000000 ____D () C:\Users\Batu\AppData\Local\VS Revo Group
2014-03-16 12:17 - 2014-03-16 12:17 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-03-16 12:13 - 2014-03-16 12:13 - 00000000 ____D () C:\Users\Batu\AppData\Local\{661E8134-D521-4DA0-9C43-8E32D6576AB7}
2014-03-16 12:12 - 2014-03-12 18:33 - 00000000 ____D () C:\Users\Batu\AppData\Local\Windows Live
2014-03-16 10:16 - 2012-07-09 15:52 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-16 10:05 - 2014-03-16 10:05 - 00000000 ____D () C:\Users\Batu\AppData\Local\Skype
2014-03-16 10:04 - 2014-03-16 10:04 - 00002705 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-16 10:04 - 2014-03-16 10:04 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-16 10:04 - 2014-03-16 10:04 - 00000000 ____D () C:\ProgramData\Skype
2014-03-16 09:01 - 2012-06-21 15:26 - 00000000 ____D () C:\Users\Batu
2014-03-15 18:33 - 2014-01-28 16:52 - 00000000 ____D () C:\Users\Batu\Documents\Visual Studio 2010
2014-03-14 18:35 - 2014-03-14 18:35 - 00002123 _____ () C:\Users\Batu\Desktop\WinPatrol.lnk
2014-03-14 18:35 - 2014-03-14 18:35 - 00000000 ____D () C:\ProgramData\InstallMate
2014-03-13 19:36 - 2013-11-01 22:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 19:36 - 2013-03-29 19:51 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 18:39 - 2014-03-12 18:39 - 00000000 ____D () C:\Users\Batu\AppData\Local\WinTestGear
2014-03-12 18:32 - 2014-03-12 18:32 - 00000000 ____D () C:\Users\Batu\AppData\Local\{AF4709ED-9BAB-462D-9E0C-AB56E879AC58}
2014-03-11 09:06 - 2012-06-25 09:30 - 00000000 ____D () C:\Users\Batu\AppData\Local\CrashDumps
2014-03-10 18:10 - 2014-03-10 18:10 - 00000000 ____D () C:\Users\Batu\AppData\Roaming\hpqLog
2014-03-09 15:46 - 2014-03-09 15:46 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-03-09 10:38 - 2013-02-06 21:50 - 00000000 ___RD () C:\Users\Batu\Desktop\Oyunlar
2014-03-08 22:37 - 2011-05-05 17:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-06 19:55 - 2014-03-06 19:55 - 00000000 ____D () C:\Users\Batu\AppData\Roaming\skyz
2014-03-05 19:11 - 2013-09-13 14:46 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-05 19:10 - 2014-03-05 19:11 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-03-05 19:10 - 2014-03-05 19:11 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-03-05 19:10 - 2014-03-05 19:11 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-03-05 19:10 - 2014-03-05 19:11 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-05 19:10 - 2014-03-05 19:10 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-04 18:25 - 2014-02-16 09:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-04 18:08 - 2014-03-04 18:08 - 00000000 ____D () C:\Users\Batu\AppData\Roaming\Blackboard
2014-03-04 18:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-04 16:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-03-04 16:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-03-04 16:39 - 2013-12-21 17:59 - 00417569 _____ () C:\Windows\system32\Drivers\vsconfig.xml
2014-03-02 18:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-02-28 20:26 - 2014-02-28 20:26 - 00000000 ____D () C:\Users\Batu\AppData\Roaming\FastStone
2014-02-28 15:30 - 2012-07-02 11:05 - 00003216 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBATU-HP$
2014-02-28 15:30 - 2012-07-02 11:05 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForBATU-HP$.job
2014-02-28 10:26 - 2014-02-28 10:26 - 00000000 ____D () C:\Users\Batu\AppData\Local\{648DB31E-C55A-438D-A4D2-449765D529A5}
2014-02-28 10:23 - 2012-08-14 12:37 - 00000000 ____D () C:\Program Files (x86)\Ascii Sector
2014-02-28 09:50 - 2013-10-08 15:22 - 00000000 ____D () C:\Users\Batu\AppData\Local\Unity
2014-02-28 09:47 - 2014-02-28 09:47 - 00000000 ____D () C:\Users\Batu\AppData\Local\Downloaded Installations
2014-02-27 18:33 - 2014-02-27 18:33 - 00000000 ____D () C:\Users\Batu\AppData\Roaming\RenPy
2014-02-27 18:23 - 2014-02-27 18:23 - 00000000 ____D () C:\Users\Batu\AppData\Roaming\Process Hacker 2
2014-02-27 18:23 - 2014-02-27 18:23 - 00000000 ____D () C:\Program Files\Process Hacker 2
2014-02-27 18:19 - 2012-08-02 19:07 - 00000000 ____D () C:\ProgramData\Ubisoft
2014-02-24 21:09 - 2014-02-24 21:09 - 00000000 ____D () C:\Users\Batu\AppData\Roaming\PunkBuster
2014-02-23 10:13 - 2014-03-13 16:54 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-23 10:13 - 2014-03-13 16:53 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-23 10:13 - 2014-03-13 16:53 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-23 10:12 - 2014-03-13 16:54 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-23 10:12 - 2014-03-13 16:53 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-23 10:12 - 2014-03-13 16:53 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-23 10:11 - 2014-03-13 16:54 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-23 10:11 - 2014-03-13 16:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-23 10:11 - 2014-03-13 16:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-23 10:11 - 2014-03-13 16:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-23 10:11 - 2014-03-13 16:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-23 10:11 - 2014-03-13 16:53 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-23 10:11 - 2014-03-13 16:53 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-23 10:11 - 2014-03-13 16:53 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-23 10:11 - 2014-03-13 16:53 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-23 08:54 - 2014-03-13 16:53 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-23 08:54 - 2014-03-13 16:53 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-23 08:53 - 2014-03-13 16:54 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-23 08:53 - 2014-03-13 16:54 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-23 08:53 - 2014-03-13 16:54 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-23 08:53 - 2014-03-13 16:54 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-23 08:53 - 2014-03-13 16:54 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-23 08:53 - 2014-03-13 16:54 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-23 08:53 - 2014-03-13 16:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-23 08:53 - 2014-03-13 16:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-23 08:53 - 2014-03-13 16:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-23 08:53 - 2014-03-13 16:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-23 08:53 - 2014-03-13 16:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-23 08:53 - 2014-03-13 16:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-23 08:35 - 2014-03-13 16:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-23 08:31 - 2014-03-13 16:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

Some content of TEMP:
====================
C:\Users\Batu\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-05-15 09:45

==================== End Of Log ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Batu at 2014-03-21 18:12:57
Running from C:\Users\Batu\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.4.402.287 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
ATI Catalyst Install Manager (HKLM\...\{127BEDB9-CFBA-91A2-BCC1-A3A21AFA02F6}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4259 - AVG Technologies)
AVG 2014 (Version: 14.0.3722 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.61 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0407.736.11742 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0407.736.11742 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0407.736.11742 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0407.736.11742 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0407.0735.11742 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0407.0735.11742 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0407.0735.11742 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0407.0735.11742 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0407.0735.11742 - ATI) Hidden
CCC Help English (x32 Version: 2011.0407.0735.11742 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0407.0735.11742 - ATI) Hidden
CCC Help French (x32 Version: 2011.0407.0735.11742 - ATI) Hidden
CCC Help German (x32 Version: 2011.0407.0735.11742 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0407.0735.11742 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0407.0735.11742 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0407.0735.11742 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0407.0735.11742 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0407.0735.11742 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0407.0735.11742 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0407.0735.11742 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0407.0735.11742 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0407.0735.11742 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0407.0735.11742 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0407.0735.11742 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0407.0735.11742 - ATI) Hidden
ccc-core-static (x32 Version: 2011.0407.736.11742 - Şirketinizin Adı) Hidden
ccc-utility64 (Version: 2011.0407.736.11742 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.0.2905 - CDBurnerXP)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version: - The Creative Assembly)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.0.12656.3472 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{6C453C9C-38AE-494D-BF89-7AA0DE87F3E5}) (Version: 1.2.0.0 - Hewlett-Packard)
HP On Screen Display (HKLM-x32\...\{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}) (Version: 1.1.2 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{94858FC3-2637-4E33-8AFA-824F69ED525B}) (Version: 4.0.110.1 - Hewlett-Packard Company)
HUAWEI DataCard Driver 4.23.13.00 (HKLM-x32\...\HUAWEI DataCard Driver) (Version: 4.23.13.00 - Huawei technologies Co., Ltd.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.173 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.173 - LogMeIn, Inc.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (TRK) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Türkçe) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1055) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Türkçe (HKLM-x32\...\{90140011-0066-041F-0000-0000000FF1CE}) (Version: 14.0.5128.5002 - Microsoft Corporation)
Microsoft Office Tıkla-Çalıştır 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4999.1042 - Microsoft Corporation)
Microsoft Office Tıkla-Çalıştır 2010 (Version: 14.0.4999.1042 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft Visual C# 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C# 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C# 2010 Express - ENU (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++ Compilers 2010 Standard - enu - x86 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31007 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31010 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - Taleworlds Entertainment)
Mount & Blade: With Fire and Sword (HKLM-x32\...\Steam App 48720) (Version: - )
Mozilla Firefox 27.0.1 (x86 tr) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 tr)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Process Hacker 2.33 (r5590) (HKLM\...\Process_Hacker2_is1) (Version: 2.33.0.5590 - wj32)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.7.0 - Tweaking.com)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 30.1.2014 - BillP Studios)
WinRAR 4.10 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
ZoneAlarm Firewall (x32 Version: 12.0.104.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security (x32 Version: 12.0.104.000 - Check Point Software Technologies Ltd.) Hidden

==================== Restore Points =========================

20-03-2014 16:46:28 avast! antivirus system restore point
20-03-2014 16:55:45 Installed AVG 2014
20-03-2014 16:56:30 Installed AVG 2014
20-03-2014 16:59:58 Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi Kaldırıldı
20-03-2014 18:08:38 Windows Modül Yükleyicisi
20-03-2014 18:16:20 Windows Modül Yükleyicisi
20-03-2014 19:24:52 Windows Update
21-03-2014 06:04:04 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-02-28 09:44 - 00450639 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 http://www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 http://www.008k.com
127.0.0.1 008k.com
127.0.0.1 http://www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 http://www.032439.com
127.0.0.1 032439.com
127.0.0.1 http://www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 http://www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 http://www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 http://www.100888290cs.com
127.0.0.1 http://www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 http://www.10sek.com
127.0.0.1 http://www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 http://www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 http://www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {176AE80D-5810-46B3-A80C-EF67FF882FA7} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {1F27EC5E-3EB2-483C-A827-2D600E2178F7} - System32\Tasks\{83DEA0E0-9B10-455D-A742-181C75178B92} => C:\Program Files (x86)\Horde\horde.exe
Task: {260022F6-C523-4DAC-8A10-C60446B80FB4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd)
Task: {3DC5B30A-D7F4-45DF-B84A-6125C1DB706D} - System32\Tasks\HPCeeScheduleForBatu => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {5D202553-16B5-4AB8-B870-35804F20F4D9} - System32\Tasks\HPCeeScheduleForBATU-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {62B3ADDC-037F-4374-9FF8-174F978FFB3B} - System32\Tasks\{2B4DE0F1-685D-4534-8E30-0757E913F47D} => Chrome.exe http://ui.skype.com/ui/0/5.1.0.104.161/ ... d;disabled
Task: {8CB34F20-0E05-4A2A-A7C2-30C2C5150D99} - System32\Tasks\{420C6BEC-1E42-4885-BC06-8E651E3269F6} => C:\Program Files (x86)\Horde\horde.exe
Task: {ACE188B2-3F0D-4B59-B10B-706B4AA2D0C1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe
Task: {B99C3155-53A3-496B-9E47-A7A95F29D95F} - System32\Tasks\{B0D14103-212B-4781-9488-F13B97354A7E} => C:\Program Files\Liquid Entertainment\War of the Ring\Rings.exe
Task: {BD74DE4F-EDFE-47DE-BC08-2FAB93EA48F8} - System32\Tasks\{1C445B49-5D37-4EEC-B84F-DA482A823469} => C:\Program Files (x86)\Cenega\BorderZone\borderzone.exe
Task: {C7CF138A-10ED-430C-885C-AB20CEA05162} - System32\Tasks\{0E742075-DD8E-4F53-BD65-5DA37D8DF8E7} => C:\Program Files (x86)\Horde\horde.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBATU-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBatu.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-09-23 16:21 - 2012-03-09 13:34 - 00022528 _____ () C:\Windows\System32\xrhr2aLM.DLL
2012-07-02 15:28 - 2012-01-09 18:44 - 00193536 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2011-01-08 02:57 - 2011-01-08 02:57 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-04-07 06:35 - 2011-04-07 06:35 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-14 13:21 - 2011-03-14 13:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-03-14 18:35 - 2014-02-18 05:46 - 00643948 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2014-02-23 19:32 - 2014-02-23 19:32 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3e27ac2000641918e7215d97c63e957d\IsdiInterop.ni.dll
2011-05-22 00:38 - 2011-01-12 16:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-02-16 09:55 - 2014-02-16 09:55 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\41499795.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\41499795.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AdobeARMservice => 2

==================== Faulty Device Manager Devices =============

Name: Generic Bluetooth Adapter
Description: Generic Bluetooth Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: GenericAdapter
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/21/2014 06:07:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2014 06:07:16 PM) (Source: SideBySide) (User: )
Description: "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1" için etkinleştirme içeriği oluşturulamadı.
Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" Bağımlı Derlemesi bulunamadı.
Lütfen ayrıntılı tanılama için sxstrace.exe programını kullanın.

Error: (03/21/2014 06:05:34 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC

Error: (03/21/2014 05:57:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2014 05:56:36 PM) (Source: SideBySide) (User: )
Description: "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1" için etkinleştirme içeriği oluşturulamadı.
Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" Bağımlı Derlemesi bulunamadı.
Lütfen ayrıntılı tanılama için sxstrace.exe programını kullanın.

Error: (03/21/2014 08:03:50 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC

Error: (03/21/2014 07:22:21 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2014 07:21:57 AM) (Source: SideBySide) (User: )
Description: "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1" için etkinleştirme içeriği oluşturulamadı.
Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" Bağımlı Derlemesi bulunamadı.
Lütfen ayrıntılı tanılama için sxstrace.exe programını kullanın.

Error: (03/20/2014 09:15:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2014 09:14:53 PM) (Source: SideBySide) (User: )
Description: "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1" için etkinleştirme içeriği oluşturulamadı.
Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" Bağımlı Derlemesi bulunamadı.
Lütfen ayrıntılı tanılama için sxstrace.exe programını kullanın.


System errors:
=============
Error: (03/21/2014 08:04:24 AM) (Source: DCOM) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (03/21/2014 08:03:59 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (03/20/2014 10:29:45 PM) (Source: Service Control Manager) (User: )
Description: Preshutdown denetimi alındıktan sonra AVGIDSAgent hizmeti düzgün kapatılmadı.

Error: (03/20/2014 10:28:46 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (03/20/2014 09:00:21 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (03/20/2014 06:48:00 PM) (Source: Service Control Manager) (User: )
Description: avast! Antivirus hizmeti beklenmedik şekilde sona erdi. Bu durum 1 defa oluştu. 5000 milisaniye içinde şu düzeltme eylemi uygulanacak: Hizmeti yeniden başlat.

Error: (03/20/2014 06:43:57 PM) (Source: Service Control Manager) (User: )
Description: Windows Search hizmeti beklenmedik şekilde sona erdi. Bu durum 1 defa oluştu. 30000 milisaniye içinde şu düzeltme eylemi uygulanacak: Hizmeti yeniden başlat.

Error: (03/20/2014 06:43:57 PM) (Source: Service Control Manager) (User: )
Description: Windows Search hizmeti, hizmete özgü %%-1073473535 hatası ile sona erdi.

Error: (03/20/2014 06:42:55 PM) (Source: Service Control Manager) (User: )
Description: ZoneAlarm Privacy Service hizmeti şu hata nedeniyle başlatılamadı:
%%1053

Error: (03/20/2014 06:42:55 PM) (Source: Service Control Manager) (User: )
Description: ZoneAlarm Privacy Service hizmetinin bağlanması beklenirken zaman aşımı (30000 milisaniye) oluştu.


Microsoft Office Sessions:
=========================
Error: (03/21/2014 06:07:52 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2014 06:07:16 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

Error: (03/21/2014 06:05:34 PM) (Source: ATIeRecord)(User: )
Description:

Error: (03/21/2014 05:57:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2014 05:56:36 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

Error: (03/21/2014 08:03:50 AM) (Source: ATIeRecord)(User: )
Description:

Error: (03/21/2014 07:22:21 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2014 07:21:57 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

Error: (03/20/2014 09:15:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2014 09:14:53 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe


CodeIntegrity Errors:
===================================
Date: 2013-12-30 18:47:25.135
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-12-30 18:47:25.057
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-06-25 15:21:56.430
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-06-25 15:21:56.409
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-06-25 15:21:56.393
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-06-25 15:21:56.378
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-06-25 15:07:10.312
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-06-25 15:07:10.299
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-06-25 15:07:10.287
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-06-25 15:07:10.275
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 4043.86 MB
Available physical RAM: 2188.14 MB
Total Pagefile: 8085.9 MB
Available Pagefile: 5909.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:450.85 GB) (Free:391.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Yerel Disk) (Fixed) (Total:14.62 GB) (Free:1.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 7297C317)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================

Adwcleaner log file

# AdwCleaner v3.022 - Rapor olusturuldu 21/03/2014 tarihinde 18:05:34
# Guncellendi 13/03/2014 tarafindan Xplode
# Isletim sistemi : Windows 7 Home Basic Service Pack 1 (64 bits)
# Kullanici adi : Batu - BATU-HP
# Adwcleaner konumu : C:\Users\Batu\Desktop\adwcleaner.exe
# Tarama turu : Temizle

***** [ Servisler ] *****


***** [ Dosyalar / Klasorler ] *****


***** [ Kisayollar ] *****


***** [ Registry ] *****

Registry Key Silindi : HKCU\Software\Softonic

***** [ Tarayicilar ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v27.0.1 (tr)

[ Dosya : C:\Users\Batu\AppData\Roaming\Mozilla\Firefox\Profiles\b3233y40.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [903 octets] - [21/03/2014 18:04:42]
AdwCleaner[S0].txt - [774 octets] - [21/03/2014 18:05:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [833 octets] ##########
asi_turk
Active Member
 
Posts: 7
Joined: March 20th, 2014, 2:14 pm

Re: AVG says I got 30 infections (from same rootkit)

Unread postby Cypher » March 21st, 2014, 12:46 pm

Hi,
First I want to say thanks for helping me.

You're most welcome.
As you have uninstalled Avast we can remove the file AVG is detecting.
I need you to run another scan for me also.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    
    SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
    BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
    2014-03-20 21:14 - 2012-06-24 09:53 - 00000000 ____D () C:\ProgramData\AVAST Software
    C:\Windows\system32\drivers\aswSnx.sys
    C:\Windows\avastSS.scr
    C:\Users\Batu\AppData\Local\Temp\Quarantine.exe
    
    
  • Save it to your Desktop as filename fixlist.txt.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Click on Run ESET Online Scanner, then elect the option YES, I accept the Terms of Use, then click Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Logs/Information to Post in your Next Reply

  • Fixlog.txt.
  • ESET log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: AVG says I got 30 infections (from same rootkit)

Unread postby asi_turk » March 21st, 2014, 1:57 pm

Bad News! :oops: :oops:

I have left the computer for a while and the computer go to sleep mode so the scan inturupted ):
Also it found Win32/OpenCandy but there is no bing toolbar in my browser.

And the fix failed...

Eset log

C:\Users\Batu\AppData\Local\Temp\CDBurnerXP-updates\cdbxp_setup_4.5.3.4643.exe Win32/OpenCandy potentially unsafe application

Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Batu at 2014-03-21 18:58:56 Run:1
Running from C:\Users\Batu\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
C:\Windows\system32\drivers\aswSnx.sys
C:\Users\Batu\AppData\Local\Temp\Quarantine.exe

*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
"C:\Windows\system32\drivers\aswSnx.sys" => File/Directory not found.
C:\Users\Batu\AppData\Local\Temp\Quarantine.exe => Moved successfully.

==== End of Fixlog ====
asi_turk
Active Member
 
Posts: 7
Joined: March 20th, 2014, 2:14 pm

Re: AVG says I got 30 infections (from same rootkit)

Unread postby Cypher » March 21st, 2014, 2:06 pm

Hi,
I have left the computer for a while and the computer go to sleep mode so the scan inturupted

Run the ESET scan again please, try to make sure the scan is not interrupted this time.
Post the results in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: AVG says I got 30 infections (from same rootkit)

Unread postby asi_turk » March 21st, 2014, 3:55 pm

I have already posted fixlog in past post.
There is no change of performance.

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=50c5a9bbe49eed4ebdf4e8021d159d68
# engine=17549
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-21 07:38:25
# local_time=2014-03-21 09:38:25 (+0200, GTB Standart Saati)
# country="Turkey"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 275807 147060555 0 0
# compatibility_mode=9217 16777214 75 4 1486781 1486781 0 0
# scanned=129920
# found=3
# cleaned=0
# scan_time=4598
sh=B67C54F6148561F9D3FDC3FDE22EF20C906BC5ED ft=1 fh=c0b9bdbd76ce7f12 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Batu\AppData\Local\Temp\CDBurnerXP-updates\cdbxp_setup_4.5.3.4643.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\System32\Adobe\Shockwave 12\gt.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe"
asi_turk
Active Member
 
Posts: 7
Joined: March 20th, 2014, 2:14 pm

Re: AVG says I got 30 infections (from same rootkit)

Unread postby Cypher » March 22nd, 2014, 6:51 am

Hi,
We need to run another fix.
Once done let me know if AVG is still detecting "aswSnx.sys".

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    
    BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
    2014-03-20 21:14 - 2012-06-24 09:53 - 00000000 ____D () C:\ProgramData\AVAST Software
    C:\Users\Batu\AppData\Local\Temp\CDBurnerXP-updates\cdbxp_setup_4.5.3.4643.exe
    C:\Windows\System32\Adobe\Shockwave 12\gt.exe
    C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe
    C:\Windows\avastSS.scr
    
    
  • Save it to your Desktop as filename fixlist.txt.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: AVG says I got 30 infections (from same rootkit)

Unread postby asi_turk » March 22nd, 2014, 2:57 pm

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Batu at 2014-03-22 20:43:39 Run:2
Running from C:\Users\Batu\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************

BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
2014-03-20 21:14 - 2012-06-24 09:53 - 00000000 ____D () C:\ProgramData\AVAST Software
C:\Users\Batu\AppData\Local\Temp\CDBurnerXP-updates\cdbxp_setup_4.5.3.4643.exe
C:\Windows\System32\Adobe\Shockwave 12\gt.exe
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe
C:\Windows\avastSS.scr


*****************

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key deleted successfully.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Value deleted successfully.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found.
C:\ProgramData\AVAST Software => Moved successfully.
C:\Users\Batu\AppData\Local\Temp\CDBurnerXP-updates\cdbxp_setup_4.5.3.4643.exe => Moved successfully.
"C:\Windows\System32\Adobe\Shockwave 12\gt.exe" => File/Directory not found.
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe => Moved successfully.
"C:\Windows\avastSS.scr" => File/Directory not found.

==== End of Fixlog ====

AVG doesnt detect anything at Anti-Rootkit scan! :cheers:
asi_turk
Active Member
 
Posts: 7
Joined: March 20th, 2014, 2:14 pm

Re: AVG says I got 30 infections (from same rootkit)

Unread postby Cypher » March 23rd, 2014, 6:44 am

Hi,
AVG doesnt detect anything at Anti-Rootkit scan

Good, in that case you should be good to go, your computer appears to be clean of malware. :)

Time for some housekeeping

Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check the following boxes then click on Run.

    • Remove disinfection tools
  • All tools we used to clean your computer should be gone now.
  • You can now delete any tools/logs we used if they remain on your computer.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: AVG says I got 30 infections (from same rootkit)

Unread postby asi_turk » March 23rd, 2014, 7:12 am

Thank you for your help Cypher!
asi_turk
Active Member
 
Posts: 7
Joined: March 20th, 2014, 2:14 pm

Re: AVG says I got 30 infections (from same rootkit)

Unread postby Cypher » March 23rd, 2014, 7:16 am

asi_turk wrote:Thank you for your help Cypher!

You're more than welcome, glad we could help.
Good luck and stay safe :)

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 380 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware