Jump to content

Recommended Posts

So i came across a pop up that prompted a download of java for 'free'. Now im savy enough to not fall for shady downloads but i am also aware of the fact that 'drive-by' downloads exist, and considering that i've neglected my current pc i kind of want to make sure i'm malware free before i keep using my current pc.

 

I've scanned with Malwarebytes in safe mode and it detected 2 registry keys as potentially unwanted programs and avast boot scan did not find any threat.

 

Here is the funny thing, i cannot download the required farbar tool from the recommended site.

 

 

This help request is more of a 'check-up' in style as you've probably figured out by now, sooo help :3

Link to post
Share on other sites

O.K. so i downloaded the farbar scan tool and here are the logs, sorry for the delay as i do not know why i could not download it beforehand

 

 

FRST LOG

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015 01Ran by Reqvhio (administrator) on R on 20-07-2015 18:33:51Running from C:\Users\Reqvhio\Desktop\here are the toolsLoaded Profiles: Reqvhio (Available Profiles: Reqvhio)Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Türkçe (Türkiye)Internet Explorer Version 9 (Default browser: FF)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe(AMD) C:\Windows\System32\atiesrxx.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe(AMD) C:\Windows\System32\atieclxx.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cfp.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe(Farbar) C:\Users\Reqvhio\Desktop\here are the tools\Farbar Recovery Scan.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2012-02-23] (Synaptics Incorporated)HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-03-05] (IDT, Inc.)HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [9577680 2012-11-08] (COMODO)HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation)HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-03-01] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-20] (AVAST Software)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)AppInit_DLLs: C:\Windows\system32\guard64.dll => C:\Windows\system32\guard64.dll [390392 2012-11-08] (COMODO)AppInit_DLLs-x32: C:\Windows\SysWOW64\guard32.dll => C:\Windows\SysWOW64\guard32.dll [301264 2012-11-08] (COMODO)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-20] (AVAST Software)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKU\S-1-5-21-1709875197-1557330941-3138553455-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://mubis.maltepe.edu.tr/HKU\S-1-5-21-1709875197-1557330941-3138553455-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://tr.msn.com/?ocid=iehpBHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-20] (AVAST Software)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-20] (AVAST Software)Toolbar: HKU\S-1-5-21-1709875197-1557330941-3138553455-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No FileTcpip\Parameters: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{0F8C857B-50E3-42AF-AB54-3E8F41EFA2FF}: [NameServer] 8.26.56.26,156.154.70.22Tcpip\..\Interfaces\{0F8C857B-50E3-42AF-AB54-3E8F41EFA2FF}: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{B7ADA903-39A9-47E9-BFB3-735FBFDFEB74}: [NameServer] 8.26.56.26,8.20.247.20Tcpip\..\Interfaces\{B7ADA903-39A9-47E9-BFB3-735FBFDFEB74}: [DhcpNameServer] 192.168.1.1FireFox:========FF ProfilePath: C:\Users\Reqvhio\AppData\Roaming\Mozilla\Firefox\Profiles\nnjg02e8.defaultFF DefaultSearchEngine: GoogleFF SearchEngineOrder.1: Ask.comFF SelectedSearchEngine: Ask.comFF Homepage: about:homeFF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-16] ()FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-16] ()FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileFF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-10-15] (VideoLAN)FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yandex-tr.xml [2015-04-08]FF Extension: NoScript - C:\Users\Reqvhio\AppData\Roaming\Mozilla\Firefox\Profiles\nnjg02e8.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-04-30]FF Extension: Adblock Plus - C:\Users\Reqvhio\AppData\Roaming\Mozilla\Firefox\Profiles\nnjg02e8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-06]FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-13]Chrome: =======CHR HomePage: Default -> https://www.google.com.tr/CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll No FileCHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll No FileCHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll No FileCHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No FileCHR Profile: C:\Users\Reqvhio\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (No Name) - C:\Users\Reqvhio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl [2013-06-09]CHR Extension: (Sexy Undo Close Tab) - C:\Users\Reqvhio\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcennaiejdjpomgmmohhpgnjlmpcjmbg [2012-12-07]CHR Extension: (AdBlock) - C:\Users\Reqvhio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-12-07]CHR Extension: (Avast Online Security) - C:\Users\Reqvhio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-14]CHR Extension: (Reddit Enhancement Suite) - C:\Users\Reqvhio\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2013-01-24]CHR Extension: (Google Wallet) - C:\Users\Reqvhio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-04-13]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-13]==================== Services (Whitelisted) =================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-20] (AVAST Software)R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2828408 2012-11-08] (COMODO)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-20] (AVAST Software)R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-20] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-20] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-20] (AVAST Software)R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-20] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-20] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-20] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-20] (AVAST Software)R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [584056 2012-11-08] (COMODO)R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [38144 2012-11-08] (COMODO)R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [94288 2012-11-08] (COMODO)S3 massfilter; C:\Windows\SysWOW64\drivers\massfilter.sys [11776 2012-12-07] (MBB Incorporated) [File not signed]R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [258664 2011-09-21] (Realtek Semiconductor Corp.)R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21264 2012-02-23] (Synaptics Incorporated)S3 ZTEusbmdm6k; C:\Windows\SysWOW64\DRIVERS\ZTEusbmdm6k.sys [123520 2012-12-07] (ZTE Incorporated) [File not signed]S3 ZTEusbnmea; C:\Windows\SysWOW64\DRIVERS\ZTEusbnmea.sys [123520 2012-12-07] (ZTE Incorporated) [File not signed]S3 ZTEusbser6k; C:\Windows\SysWOW64\DRIVERS\ZTEusbser6k.sys [123520 2012-12-07] (ZTE Incorporated) [File not signed]S3 VGPU; System32\drivers\rdvgkmd.sys [X]==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-07-20 18:33 - 2015-07-20 18:33 - 00000000 ____D C:\FRST2015-07-20 17:05 - 2015-07-20 18:33 - 00000000 ____D C:\Users\Reqvhio\Desktop\here are the tools2015-07-20 14:29 - 2015-07-20 14:29 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe2015-07-20 14:29 - 2015-07-20 14:29 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr2015-07-16 13:10 - 2015-07-16 13:10 - 03965192 _____ C:\Users\Reqvhio\Desktop\create_to_communicate.epub2015-07-13 18:42 - 2015-07-16 10:52 - 01187008 _____ (Adobe Systems Incorporated) C:\Users\Reqvhio\Desktop\flashplayer18_ha_install.exe2015-07-09 21:27 - 2015-07-09 21:27 - 00465382 _____ C:\Users\Reqvhio\Desktop\Isaac Asimov - Foundation.epub2015-07-09 21:26 - 2015-07-09 21:26 - 00812404 _____ C:\Users\Reqvhio\Desktop\Dune - Frank Herbert.epub2015-07-09 20:05 - 2015-07-10 22:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2015-06-20 18:13 - 2012-12-03 12:26 - 00000000 ____D C:\Users\Reqvhio\Desktop\Monster_Hunter_Freedom_EUR_PSP-pSyPSP2015-06-20 17:30 - 2015-06-20 18:00 - 631291107 _____ C:\Users\Reqvhio\Desktop\Monster_Hunter_Freedom_EUR_PSP-pSyPSP.rar2015-06-20 17:02 - 2012-12-03 12:26 - 00000000 ____D C:\Users\Reqvhio\Desktop\Dragon_Ball_Z_Shin_Budokai_USA_PSP-DMU2015-06-20 16:51 - 2015-06-20 17:01 - 184935042 _____ C:\Users\Reqvhio\Desktop\Dragon_Ball_Z_Shin_Budokai_USA_PSP-DMU.rar2015-06-20 15:10 - 2015-06-20 18:13 - 00000000 ____D C:\Users\Reqvhio\Desktop\hkhkh2015-06-20 15:10 - 2012-12-03 12:46 - 00000000 ____D C:\Users\Reqvhio\Desktop\Sonic_Rivals_USA_PSP-pSyPSP2015-06-20 13:19 - 2015-06-20 13:24 - 85663749 _____ C:\Users\Reqvhio\Desktop\Sonic_Rivals_USA_PSP-pSyPSP.rar==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-07-20 17:46 - 2012-12-07 14:27 - 00001020 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-07-20 17:13 - 2012-12-07 12:19 - 01142679 _____ C:\Windows\WindowsUpdate.log2015-07-20 16:48 - 2009-07-14 07:45 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-07-20 16:48 - 2009-07-14 07:45 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-07-20 16:42 - 2012-12-07 14:27 - 00001016 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-07-20 16:41 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-07-20 16:41 - 2009-07-14 07:51 - 00077306 _____ C:\Windows\setupact.log2015-07-20 15:53 - 2015-04-14 17:33 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-07-20 14:30 - 2010-11-21 06:47 - 00208692 _____ C:\Windows\PFRO.log2015-07-20 14:29 - 2015-04-13 17:50 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys2015-07-20 14:29 - 2015-04-13 17:50 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys2015-07-20 14:29 - 2015-04-13 17:50 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys2015-07-20 14:29 - 2015-04-13 17:50 - 00150160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys2015-07-20 14:29 - 2015-04-13 17:50 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys2015-07-20 14:29 - 2015-04-13 17:50 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys2015-07-20 14:29 - 2015-04-13 17:50 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys2015-07-20 14:29 - 2015-04-13 17:50 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys2015-07-20 14:29 - 2015-04-13 17:50 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update2015-07-16 10:55 - 2013-03-09 21:23 - 00000000 ____D C:\Users\Reqvhio\AppData\Local\Adobe2015-07-16 10:54 - 2013-03-09 21:21 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-07-16 10:54 - 2013-03-09 21:21 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-07-16 10:40 - 2012-12-07 14:27 - 00004016 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-07-16 10:40 - 2012-12-07 14:27 - 00003764 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-07-13 18:48 - 2014-02-12 19:11 - 00002153 _____ C:\Users\Reqvhio\Desktop\OU First Try.txt2015-07-10 22:05 - 2015-02-06 06:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2015-06-21 22:20 - 2012-12-07 15:00 - 00000000 ____D C:\Users\Reqvhio\AppData\Roaming\vlc2015-06-21 21:45 - 2010-11-21 15:35 - 05187804 _____ C:\Windows\system32\perfh01F.dat2015-06-21 21:45 - 2010-11-21 15:35 - 01727948 _____ C:\Windows\system32\perfc01F.dat2015-06-21 21:45 - 2009-07-14 08:13 - 00006248 _____ C:\Windows\system32\PerfStringBackup.INI2015-06-21 21:44 - 2013-04-25 23:41 - 00000000 ____D C:\Users\Reqvhio\AppData\Local\Yandex2015-06-21 19:40 - 2013-02-09 17:14 - 00000000 ____D C:\Program Files (x86)\Steam==================== Files in the root of some directories =======2013-10-29 18:49 - 2013-10-29 18:49 - 0000057 _____ () C:\ProgramData\Ament.iniSome files in TEMP:====================C:\Users\Reqvhio\AppData\Local\Temp\AutoRun.exeC:\Users\Reqvhio\AppData\Local\Temp\AutoRunGUI.dllC:\Users\Reqvhio\AppData\Local\Temp\avgnt.exeC:\Users\Reqvhio\AppData\Local\Temp\EAInstall.dllC:\Users\Reqvhio\AppData\Local\Temp\mfc80.dllC:\Users\Reqvhio\AppData\Local\Temp\mfc80u.dllC:\Users\Reqvhio\AppData\Local\Temp\mfcm80.dllC:\Users\Reqvhio\AppData\Local\Temp\mfcm80u.dllC:\Users\Reqvhio\AppData\Local\Temp\msvcm80.dllC:\Users\Reqvhio\AppData\Local\Temp\msvcp80.dllC:\Users\Reqvhio\AppData\Local\Temp\msvcr80.dllC:\Users\Reqvhio\AppData\Local\Temp\OSU.exeC:\Users\Reqvhio\AppData\Local\Temp\Setup-yabrowser.exeC:\Users\Reqvhio\AppData\Local\Temp\setup.exeC:\Users\Reqvhio\AppData\Local\Temp\swt-win32-3740.dllC:\Users\Reqvhio\AppData\Local\Temp\Uninstaller.exeC:\Users\Reqvhio\AppData\Local\Temp\WtgDriverInstallX.dllC:\Users\Reqvhio\AppData\Local\Temp\WTGXMLUtil.dllC:\Users\Reqvhio\AppData\Local\Temp\yupdate-exec-yabrowser.exe==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-07-13 18:06==================== End of log ============================

Addition Log

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01Ran by Reqvhio at 2015-07-20 18:34:31Running from C:\Users\Reqvhio\Desktop\here are the toolsBoot Mode: Normal============================================================================== Accounts: =============================Administrator (S-1-5-21-1709875197-1557330941-3138553455-500 - Administrator - Disabled)Guest (S-1-5-21-1709875197-1557330941-3138553455-501 - Limited - Disabled)Reqvhio (S-1-5-21-1709875197-1557330941-3138553455-1000 - Administrator - Enabled) => C:\Users\Reqvhio==================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: COMODO Defense+ (Enabled - Up to date) {FEEA52D5-051E-08DD-07EF-2F009097607D}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}FW: COMODO Firewall (Enabled) {7DB03214-694B-060B-1600-BD4715C36DBB}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)2007 Office sistemi için Uyumluluk Paketi (HKLM-x32\...\{90120000-0020-041F-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)AMD Catalyst Install Manager (HKLM\...\{40183CE8-0B6D-C4AF-D123-9D8AF201B03F}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2223 - AVAST Software)Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.100.82.140 - Broadcom Corporation)Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) HiddenCOMODO Internet Security (HKLM\...\{E62381A7-B1C1-4121-8262-84D38C77786C}) (Version: 5.12.59641.2599 - COMODO Security Solutions Inc.)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.28.1 - Google Inc.) HiddenHP Deskjet 1050 J410 series Temel Aygıt Yazılımı (HKLM\...\{9C4F7B3C-5BE8-4D80-8EB8-6DEB41D5CE05}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6392.0 - IDT)Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3090 - Intel Corporation)Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)KeePass Password Safe 2.27 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.27 - Dominik Reichl)League of Legends (HKLM-x32\...\{918A9082-6287-4D25-9002-5E5D5E4971CB}) (Version: 1.02.0000 - Riot Games)LibreOffice 4.2.0.4 (HKLM-x32\...\{E043231F-34F2-4AF5-9400-0961CC15AAAE}) (Version: 4.2.0.4 - The Document Foundation)Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Genişletilmiş TRK Dil Paketi (HKLM\...\Microsoft .NET Framework 4 Extended TRK Language Pack) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 İstemci Profili TRK Dil Paketi (HKLM\...\Microsoft .NET Framework 4 Client Profile TRK Language Pack) (Version: 4.0.30319 - Microsoft Corporation)Microsoft Office PowerPoint Viewer 2007 (Turkish) (HKLM-x32\...\{95120000-00AF-041F-0000-0000000FF1CE}) (Version: 12.0.4518.1027 - Microsoft Corporation)Microsoft Office Word Viewer 2003 (HKLM-x32\...\{9085041F-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Mozilla Firefox 39.0 (x86 tr) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 tr)) (Version: 39.0 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)PX Profile Update (x32 Version: 1.00.1. - AMD) HiddenRealtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29004 - Realtek Semiconductor Corp.)Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.1.0 - Synaptics Incorporated)The Battle for Middle-earth (tm) II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version:  - )The Lord of the Rings, The Rise of the Witch-king (HKLM-x32\...\{B931FB80-537A-4600-00AD-AC5DEDB6C25B}) (Version:  - )VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)==================== Custom CLSID (Whitelisted): ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== Restore Points =========================03-06-2015 11:24:45 Zamanlanan Denetim Noktası11-06-2015 14:28:46 Zamanlanan Denetim Noktası30-06-2015 20:47:50 Zamanlanan Denetim Noktası08-07-2015 19:47:24 Zamanlanan Denetim Noktası16-07-2015 14:25:54 Zamanlanan Denetim Noktası20-07-2015 14:28:03 avast! antivirus system restore point==================== Hosts content: ===============================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2009-07-14 05:34 - 2009-06-11 00:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts==================== Scheduled Tasks (Whitelisted) =============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)Task: {1B8AF116-719B-4C7E-A317-0560B9D41510} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-07] (Google Inc.)Task: {65BD8310-3925-4A20-AC72-808435146B9F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-20] (AVAST Software)Task: {DDCE2C65-CDE8-4411-8379-7FFC820C30B5} - System32\Tasks\FRAPS => C:\Fraps\fraps.exeTask: {F350B6B0-E42B-4E39-A45E-F8477F9D6DAE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-07] (Google Inc.)(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe==================== Loaded Modules (Whitelisted) ==============2012-02-28 03:07 - 2012-02-28 03:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2012-03-01 06:42 - 2012-03-01 06:42 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll2012-02-03 14:33 - 2012-02-03 14:33 - 00016384 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll2015-07-20 14:29 - 2015-07-20 14:29 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll2015-07-20 14:29 - 2015-07-20 14:29 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll2015-07-20 14:26 - 2015-07-20 14:26 - 02956800 _____ () C:\Program Files\AVAST Software\Avast\defs\15072000\algo.dll2015-04-13 17:50 - 2015-04-13 17:50 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2015-07-16 10:54 - 2015-07-16 10:54 - 17448624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll==================== Alternate Data Streams (Whitelisted) =========(If an entry is included in the fixlist, only the ADS will be removed.)==================== Safe Mode (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)==================== EXE Association (Whitelisted) ===============(If an entry is included in the fixlist, the registry item will be restored to default or removed.)==================== Internet Explorer trusted/restricted ===============(If an entry is included in the fixlist, it will be removed from the registry.)==================== Other Areas ============================(Currently there is no automatic fix for this section.)HKU\S-1-5-21-1709875197-1557330941-3138553455-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Reqvhio\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgDNS Servers: 8.26.56.26 - 156.154.70.22==================== MSCONFIG/TASK MANAGER disabled items ==(Currently there is no automatic fix for this section.)==================== FirewallRules (Whitelisted) ===============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)FirewallRules: [{4EB283D6-1433-41E7-AE4E-DB0AF24A90C5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exeFirewallRules: [{AE9CF486-575C-472A-9E56-4EBF61201B20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeFirewallRules: [{1CA7C350-CEAD-4EB2-B09F-719C15E8DAEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeFirewallRules: [{BB9FB420-B7B8-4A08-BA29-CD6A94D9F41F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeFirewallRules: [{FA125EB7-CE15-4D96-8738-37A35700CEF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeFirewallRules: [{36BA34F5-955F-41BC-B327-F5788526DB51}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exeFirewallRules: [{07587918-7EEE-4E03-A254-5119F98DB4CF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [{609CF312-9731-49A5-A36C-6DC426A1D83D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [{0B4E31C2-F087-46E8-8E34-F8CC4A898D28}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (07/20/2015 04:41:25 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/20/2015 04:40:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )Description: Şifreleme Hizmetleri hizmeti VSS yedek "Sistem Yazıcısı" nesnesini başlatamadı.Details:Could not query the status of the EventSystem service.System Error:Sistem kapatma işlemi sürüyor..Error: (07/20/2015 04:39:09 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/20/2015 03:52:46 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/20/2015 03:26:13 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/20/2015 02:31:28 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/20/2015 02:23:50 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/18/2015 01:54:18 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/16/2015 05:41:15 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/16/2015 02:20:38 PM) (Source: SideBySide) (EventID: 33) (User: )Description: "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1" için etkinleştirme içeriği oluşturulamadı.Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" Bağımlı Derlemesi bulunamadı.Lütfen ayrıntılı tanılama için sxstrace.exe programını kullanın.System errors:=============Error: (07/20/2015 04:38:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: Ağ Listesi Hizmeti hizmeti, şu hata nedeniyle başlatılamayan Ağ Konumu Tanıma hizmetine bağımlıdır: %%1068Error: (07/20/2015 04:38:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: Ağ Listesi Hizmeti hizmeti, şu hata nedeniyle başlatılamayan Ağ Konumu Tanıma hizmetine bağımlıdır: %%1068Error: (07/20/2015 04:38:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: Ağ Listesi Hizmeti hizmeti, şu hata nedeniyle başlatılamayan Ağ Konumu Tanıma hizmetine bağımlıdır: %%1068Error: (07/20/2015 04:38:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: Ağ Listesi Hizmeti hizmeti, şu hata nedeniyle başlatılamayan Ağ Konumu Tanıma hizmetine bağımlıdır: %%1068Error: (07/20/2015 04:38:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: Ağ Listesi Hizmeti hizmeti, şu hata nedeniyle başlatılamayan Ağ Konumu Tanıma hizmetine bağımlıdır: %%1068Error: (07/20/2015 04:38:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: Ağ Listesi Hizmeti hizmeti, şu hata nedeniyle başlatılamayan Ağ Konumu Tanıma hizmetine bağımlıdır: %%1068Error: (07/20/2015 04:38:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: Ağ Listesi Hizmeti hizmeti, şu hata nedeniyle başlatılamayan Ağ Konumu Tanıma hizmetine bağımlıdır: %%1068Error: (07/20/2015 04:38:05 PM) (Source: DCOM) (EventID: 10005) (User: )Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}Error: (07/20/2015 04:38:05 PM) (Source: DCOM) (EventID: 10005) (User: )Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}Error: (07/20/2015 04:38:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: Ağ Listesi Hizmeti hizmeti, şu hata nedeniyle başlatılamayan Ağ Konumu Tanıma hizmetine bağımlıdır: %%1068Microsoft Office:=========================Error: (07/20/2015 04:41:25 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/20/2015 04:40:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )Description: Details:Could not query the status of the EventSystem service.System Error:Sistem kapatma işlemi sürüyor.Error: (07/20/2015 04:39:09 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/20/2015 03:52:46 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/20/2015 03:26:13 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/20/2015 02:31:28 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/20/2015 02:23:50 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/18/2015 01:54:18 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/16/2015 05:41:15 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/16/2015 02:20:38 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\ATI\CIM\Bin64\SetACL64.exe==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHzPercentage of memory in use: 27%Total physical RAM: 8092.36 MBAvailable physical RAM: 5867.3 MBTotal Virtual: 16182.91 MBAvailable Virtual: 13814.77 MB==================== Drives ================================Drive c: () (Fixed) (Total:465.66 GB) (Free:389.9 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6EDE9401)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)==================== End of log ============================
Link to post
Share on other sites

Hello and welcome,

P2P/Piracy Warning:
 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

Please do not post logs in quote or code boxes, just paste them direct to your reply....

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on Scan
  • Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed
  • You will get a prompt asking to close all programs. Click OK.
  • Click OK again to reboot your computer.
  • A text file will open after the restart. Please post the content of that logfile in your reply.
  • You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 
Next,
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log
 

Let me see those logs, also give an update on any remaining issues or concerns....

 

Thank you,

 

Kevin...

 

Fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by Reqvhio at 2015-07-20 19:43:22 Run:1
Running from C:\Users\Reqvhio\Desktop\here are the tools
Loaded Profiles: Reqvhio (Available Profiles: Reqvhio)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Reqvhio\AppData\Local\Temp\AutoRun.exe
C:\Users\Reqvhio\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Reqvhio\AppData\Local\Temp\avgnt.exe
C:\Users\Reqvhio\AppData\Local\Temp\EAInstall.dll
C:\Users\Reqvhio\AppData\Local\Temp\mfc80.dll
C:\Users\Reqvhio\AppData\Local\Temp\mfc80u.dll
C:\Users\Reqvhio\AppData\Local\Temp\mfcm80.dll
C:\Users\Reqvhio\AppData\Local\Temp\mfcm80u.dll
C:\Users\Reqvhio\AppData\Local\Temp\msvcm80.dll
C:\Users\Reqvhio\AppData\Local\Temp\msvcp80.dll
C:\Users\Reqvhio\AppData\Local\Temp\msvcr80.dll
C:\Users\Reqvhio\AppData\Local\Temp\OSU.exe
C:\Users\Reqvhio\AppData\Local\Temp\Setup-yabrowser.exe
C:\Users\Reqvhio\AppData\Local\Temp\setup.exe
C:\Users\Reqvhio\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Reqvhio\AppData\Local\Temp\Uninstaller.exe
C:\Users\Reqvhio\AppData\Local\Temp\WtgDriverInstallX.dll
C:\Users\Reqvhio\AppData\Local\Temp\WTGXMLUtil.dll
C:\Users\Reqvhio\AppData\Local\Temp\yupdate-exec-yabrowser.exe
Emptytemp:
End
*****************

VGPU => Service removed successfully
C:\Users\Reqvhio\AppData\Local\Temp\AutoRun.exe => moved successfully.
C:\Users\Reqvhio\AppData\Local\Temp\AutoRunGUI.dll => moved successfully.
C:\Users\Reqvhio\AppData\Local\Temp\avgnt.exe => moved successfully.
C:\Users\Reqvhio\AppData\Local\Temp\EAInstall.dll => moved successfully.
C:\Users\Reqvhio\AppData\Local\Temp\mfc80.dll => moved successfully.
C:\Users\Reqvhio\AppData\Local\Temp\mfc80u.dll => moved successfully.
C:\Users\Reqvhio\AppData\Local\Temp\mfcm80.dll => moved successfully.
C:\Users\Reqvhio\AppData\Local\Temp\mfcm80u.dll => moved successfully.
C:\Users\Reqvhio\AppData\Local\Temp\msvcm80.dll => moved successfully.
C:\Users\Reqvhio\AppData\Local\Temp\msvcp80.dll => moved successfully.
C:\Users\Reqvhio\AppData\Local\Temp\msvcr80.dll => moved successfully.
C:\Users\Reqvhio\AppData\Local\Temp\OSU.exe => moved successfully.
C:\Users\Reqvhio\AppData\Local\Temp\Setup-yabrowser.exe => moved successfully.
C:\Users\Reqvhio\AppData\Local\Temp\setup.exe => moved successfully.
C:\Users\Reqvhio\AppData\Local\Temp\swt-win32-3740.dll => moved successfully.
C:\Users\Reqvhio\AppData\Local\Temp\Uninstaller.exe => moved successfully.
C:\Users\Reqvhio\AppData\Local\Temp\WtgDriverInstallX.dll => moved successfully.
C:\Users\Reqvhio\AppData\Local\Temp\WTGXMLUtil.dll => moved successfully.
C:\Users\Reqvhio\AppData\Local\Temp\yupdate-exec-yabrowser.exe => moved successfully.
EmptyTemp: => 1.8 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 19:43:46 ====

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 20.07.2015
Scan Time: 19:51:45
Logfile: MBAM Scan Log.txt
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.07.20.04
Rootkit Database: v2015.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Reqvhio

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335813
Time Elapsed: 10 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

# AdwCleaner v4.208 - Log-dosyasi olusturuldu 20/07/2015 at 20:19:53
# Güncellendi 09/07/2015 by Xplode
# Veritabani : 2015-07-15.1 [server]
# Isletim Sistemi : Windows 7 Ultimate Service Pack 1 (x64)
# Kullanici adi : Reqvhio - R
# Running from : C:\Users\Reqvhio\Desktop\here are the tools\AdwCleaner.exe
# Secenek : Temizleniyor

***** [ Servis ] *****


***** [ Dosyalar / Klasörler ] *****

Klasör Silindi : C:\Users\Reqvhio\AppData\Local\apn
Klasör Silindi : C:\Users\Reqvhio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl

***** [ Zamanlanmis görevler ] *****


***** [ Kisayollar ] *****


***** [ Kayit Defteri ] *****

Deger Silindi : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Anahtar Silindi : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

***** [ Internet Tarayicilari ] *****

-\\ Internet Explorer v9.0.8112.16457


-\\ Mozilla Firefox v39.0 (x86 tr)

[nnjg02e8.default\prefs.js] - Satir Silindi : user_pref("browser.search.order.1", "Ask.com");
[nnjg02e8.default\prefs.js] - Satir Silindi : user_pref("browser.search.selectedEngine", "Ask.com");

-\\ Google Chrome v43.0.2357.134

[C:\Users\Reqvhio\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Silindi [search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10267&locale=en_NL&apn_uid=9ba8328e-87f6-47d7-aecb-7f8af01fa09f&apn_ptnrs=%5EAGY&apn_sauid=2489C09B-AED0-49F5-BFC0-A380E48F6307&apn_dtid=%5EYYYYYY%5EYY%5ENL&q={searchTerms}

*************************

AdwCleaner[R0].txt - [1750 bayt] - [20/07/2015 20:18:08]
AdwCleaner[s0].txt - [1698 bayt] - [20/07/2015 20:19:53]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1756  bayt] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Ultimate x64
Ran by Reqvhio on 20.07.2015 at 20:32:28,57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Users\Reqvhio\Appdata\Local\yandex
Successfully deleted: [Folder] C:\Users\Reqvhio\Appdata\LocalLow\yandex
Successfully deleted: [Folder] C:\Users\Reqvhio\AppData\Roaming\yandex



~~~ FireFox

Emptied folder: C:\Users\Reqvhio\AppData\Roaming\mozilla\firefox\profiles\nnjg02e8.default\minidumps [55 files]



~~~ Chrome


[C:\Users\Reqvhio\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Reqvhio\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Reqvhio\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Reqvhio\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.07.2015 at 20:38:40,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.16, January 2013
Started On Thu Jan 24 14:58:09 2013
->Scan ERROR: resource process://pid:444 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1344 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:2556 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:444 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 24 14:59:06 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
Started On Mon Jul 20 20:42:43 2015

Engine: 1.1.11804.0
Signatures: 1.201.883.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Mon Jul 20 20:46:15 2015


Return code: 0 (0x0)
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

well other than these i guess i am not under any danger from keyloggers or rootkits? Those kind of programs was what started my suspicions after all.

Also There does not seem to be any other problem

Link to post
Share on other sites

Thanks for the udate, if no issues or concerns run the following to clean up...

 

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:



  •    
  • Remove disinfection tools
       
  • Purge System Restore <--- this will remove all previous restore points and create a fresh point relative to system status at present.
       
  • Reset system settings



Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

Let me know if we are ok to close out...

Thank you,

Kevin..

 

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.