Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 38

Thread: I have a rootkit problem PLEASE HELP

  1. #11
    Junior Member
    Join Date
    Aug 2013
    Posts
    23

    Default

    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck16F31702.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck16F31704.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck16F31705.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck16F31706.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck170516F3.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck170616F3.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck17AA3606.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18490397.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18491397.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18491708.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18491718.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18491818.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492020.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492120.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492220.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492320.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492397.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492420.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492520.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492620.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492708.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492718.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492720.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492818.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492820.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18492920.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18493718.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18493818.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18494718.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18494818.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18495718.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18495818.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18496718.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18496818.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18497718.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18497818.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18498718.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18498818.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck18499718.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck19915733.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1B0A0065.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1B0A00B5.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1B0A0139.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1B0A013A.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1B0A20E9.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1B0A20F3.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1BAB1015.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeck1BDD7133.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\VDeck64\VDeckIni\VDeckF1248888.via => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\Dts2APO.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\Dts2PropPageExt.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\EED64A.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\EED64H.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\EEG64A.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\EEG64H.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\EEL64A.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\EEL64H.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\EEP64A.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\EEP64H.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\MaxxAudioAPO30.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\MaxxAudioAPOShell64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\MaxxAudioVIA64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\nQAPO.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\nQPropPageExt.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\PropPageExt.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\slcshp64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\slcsii64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\slgeq64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\slh36064.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\slInit64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\slmaxv64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\slprop64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\slprt000.txt => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\sltshd64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\sltune00.txt => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\sluapo64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\slvipp64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\slviq64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viaaud.exe => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb.inf => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb01.inf => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb02.inf => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb03.inf => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb04.inf => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb05.inf => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb06.inf => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb07.inf => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb10.inf => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb11.inf => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb17.inf => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb18.inf => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahdb21.inf => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahduaa.cat => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\viahduaa.sys => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\ViaKaraokeAPO.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\ViaKaraokePropPageExt.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\ViaKaraokeSrv.exe => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\ViaMicArrayAPO.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\ViaMicArrayPropPageExt.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\VIAPropPageExt.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\VIASysFx.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\VMAPO32.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\VMAPO64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\vmfilt64.sys => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\VMPPCn64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\VMppld64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\VMTHX32.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\VMTHX64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\VMWrp64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\VtSrdAPO.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\WavesGUILib64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\PCEE4\EEA64A.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\PCEE4\EEA64H.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\PCEE4\EED64A.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\PCEE4\EED64H.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\PCEE4\EEG64A.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\PCEE4\EEG64H.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\PCEE4\EEL64A.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\PCEE4\EEL64H.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\PCEE4\EEP64A.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin864\PCEE4\EEP64H.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\Dts2APO.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\Dts2PropPageExt.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\EED64A.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\EED64H.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\EEG64A.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\EEG64H.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\EEL64A.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\EEL64H.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\EEP64A.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\EEP64H.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\MaxxAudioAPO30.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\MaxxAudioAPOShell64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\MaxxAudioVIA64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\nQAPO.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\nQPropPageExt.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\PropPageExt.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\slcshp64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\slcsii64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\slgeq64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\slh36064.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\slInit64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\slmaxv64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\slprop64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\slprt000.txt => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\sltshd64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\sltune00.txt => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\sluapo64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\slvipp64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\slviq64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viaaud.exe => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb.inf => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb01.inf => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb02.inf => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb03.inf => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb04.inf => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb05.inf => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb06.inf => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb07.inf => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb10.inf => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb11.inf => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb17.inf => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb18.inf => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahdb21.inf => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahduaa.cat => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\viahduaa.sys => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\ViaKaraokeAPO.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\ViaKaraokePropPageExt.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\ViaKaraokeSrv.exe => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\ViaMicArrayAPO.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\ViaMicArrayPropPageExt.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\VIAPropPageExt.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\VIASysFx.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\VMAPO32.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\VMAPO64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\vmfilt64.sys => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\VMPPCn64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\VMppld64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\VMTHX32.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\VMTHX64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\VMWrp64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\VtSrdAPO.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\WavesGUILib64.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\PCEE4\EEA64A.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\PCEE4\EEA64H.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\PCEE4\EED64A.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\PCEE4\EED64H.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\PCEE4\EEG64A.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\PCEE4\EEG64H.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\PCEE4\EEL64A.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\PCEE4\EEL64H.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\PCEE4\EEP64A.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\Present\Drivers\HDWin764\PCEE4\EEP64H.dll => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\HDBusDrv\HDSrv2K3.exe => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\HDBusDrv\HDSrv2K3Sp1.exe => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\HDBusDrv\HDW2K.exe => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\HDBusDrv\HDW2K3x64.exe => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\HDBusDrv\HDWXPSp1.exe => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\HDBusDrv\HDWXPSp2.exe => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\HDBusDrv\HDWXPx64.exe => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\CPLFiles\x64\viahdcpl.cpl => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\CPLFiles\Vista64\viahdcpl.cpl => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\CPLFiles\Vista32\viahdcpl.cpl => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\VIAHDAud\CPLFiles\nt\viahdcpl.cpl => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\DIFXAPI\X86\DIFXAPI.DLL => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\Audio_VIA_Win7_8_64_VER60101600\DIFXAPI\X64\DIFXAPI.DLL => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\7zS37EE\HPSLPSVC64.DLL => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\4840_24027\crl-set => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\4840_24027\manifest.fingerprint => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\4840_24027\manifest.json => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\3476_15646\crl-set => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\3476_15646\manifest.fingerprint => Moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\3476_15646\manifest.json => Moved successfully.
    Could not move "C:\Users\ESMEN\AppData\Local\Temp" directory. => Scheduled to move on reboot.


    => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-06 20:01:42)<=

    C:\Users\ESMEN\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpju8rdj.lck => Is moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\etilqs_bGkgsfrnWyiczec => Is moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\etilqs_vCVhcTjgJ7LVmcw => Is moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\FXSAPIDebugLogFile.txt => Is moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\scoped_dir1964_19511\Cookies => Is moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp\scoped_dir1964_19511\Cookies-journal => Is moved successfully.
    C:\Users\ESMEN\AppData\Local\Temp => Moved successfully.

    ==== End of Fixlog ====

  2. #12
    Junior Member
    Join Date
    Aug 2013
    Posts
    23

    Default

    i also take 2 error

    1-) the drop box stop running and do not start at beginning

    2-)eror saving file
    c:/windows/ERDNT/autobackup/06.04.2014/system !

    continiue with the next file ?
    [ RegCreateKeyEx:5-erişim engellendi ]

  3. #13
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    can you run ComboFix?

    )eror saving file
    c:/windows/ERDNT/autobackup/06.04.2014/system !

    The error from ERUNT is because you have a link in your START UP group for a backup. This gets launched without Admin rights so it fails. You can either modify the shortcut to have Admin rights or remove the shortcut and that should get rid of the error.
    Last edited by Juliet; 2014-04-06 at 20:27.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  4. #14
    Junior Member
    Join Date
    Aug 2013
    Posts
    23

    Default

    i run combofix and i also run ernt as adminastator

    ComboFix 14-04-06.01 - ESMEN 06.04.2014 20:23:34.1.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1254.90.1033.18.4095.2493 [GMT 3:00]
    Running from: c:\users\ESMEN\Downloads\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-03-06 to 2014-04-06 )))))))))))))))))))))))))))))))
    .
    .
    2014-04-06 17:29 . 2014-04-06 17:29 -------- d-----w- c:\users\ESMEN\AppData\Local\temp
    2014-04-06 17:29 . 2014-04-06 17:29 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-04-06 17:27 . 2014-04-06 17:27 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F07518CE-61E8-4777-862B-43057141AABF}\offreg.dll
    2014-04-06 16:28 . 2014-04-06 17:01 -------- d-----w- C:\FRST
    2014-04-06 14:21 . 2014-04-06 14:21 -------- d-----w- c:\program files (x86)\ERUNT
    2014-04-06 11:03 . 2014-04-06 11:03 43152 ----a-w- c:\windows\avastSS.scr
    2014-04-06 11:03 . 2014-04-06 11:03 445304 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
    2014-04-06 10:49 . 2014-04-06 10:49 -------- d-----w- c:\windows\jumpshot.com
    2014-04-05 16:40 . 2013-09-20 07:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
    2014-04-05 16:39 . 2014-04-05 16:41 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
    2014-04-05 16:39 . 2014-04-05 16:39 -------- d-----w- c:\users\ESMEN\AppData\Local\Programs
    2014-04-04 18:47 . 2014-04-04 18:47 -------- d-----w- c:\program files (x86)\Internet Download Manager
    2014-04-04 09:31 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F07518CE-61E8-4777-862B-43057141AABF}\mpengine.dll
    2014-03-27 16:21 . 2014-03-27 16:21 -------- d-----w- c:\users\ESMEN\AppData\Roaming\The Creative Assembly
    2014-03-27 16:04 . 2014-03-27 16:20 -------- d-----w- c:\program files (x86)\Napoleon Total War
    2014-03-12 19:35 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
    2014-03-12 19:35 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
    2014-03-12 19:35 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
    2014-03-12 19:32 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
    2014-03-12 19:32 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
    2014-03-12 19:32 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2014-03-12 19:32 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
    2014-03-09 11:08 . 2014-04-06 16:59 -------- d-----r- c:\users\ESMEN\Dropbox
    2014-03-09 11:06 . 2014-04-06 17:02 -------- d-----w- c:\users\ESMEN\AppData\Roaming\Dropbox
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-04-06 11:03 . 2014-01-27 22:10 84816 ----a-w- c:\windows\system32\drivers\aswStm.sys
    2014-04-06 11:03 . 2014-01-27 22:10 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2014-04-06 11:03 . 2014-01-27 22:10 208928 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-04-06 11:03 . 2014-01-27 22:10 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-04-06 11:03 . 2014-01-27 22:10 423240 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2014-04-06 11:03 . 2014-01-27 22:10 1039096 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2014-04-06 11:03 . 2014-01-27 22:10 334648 ----a-w- c:\windows\system32\aswBoot.exe
    2014-04-06 11:03 . 2014-01-27 22:10 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2014-04-06 11:03 . 2014-01-28 14:58 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
    2014-03-18 16:14 . 2013-12-06 22:46 90015360 ----a-w- c:\windows\system32\MRT.exe
    2014-03-14 07:30 . 2013-12-06 22:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-03-14 07:30 . 2013-12-06 22:16 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-02-19 17:09 . 2013-12-07 15:26 419840 ----a-w- c:\windows\system32\systemcpl.dll
    2014-02-19 17:09 . 2013-12-07 15:26 14848 ----a-w- c:\windows\system32\slwga.dll
    2014-02-19 17:09 . 2013-12-07 15:26 13824 ----a-w- c:\windows\SysWow64\slwga.dll
    2014-01-30 22:09 . 2014-01-30 22:09 119808 ----a-r- c:\users\ESMEN\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
    2014-01-09 02:22 . 2014-02-26 12:00 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
    [7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
    [-] 2013-12-08 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
    .
    [-] 2013-12-08 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
    [7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
    [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-10 23:54 131248 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-10 23:54 131248 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-10 23:54 131248 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-06 3854640]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
    "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
    .
    c:\users\ESMEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\ESMEN\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 33508336]
    ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;tsusbhub [x]
    S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
    S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
    S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
    S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
    S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
    S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
    S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x64.sys;c:\windows\SYSNATIVE\DRIVERS\l260x64.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-03-15 20:13 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-12-06 c:\windows\Tasks\DriverEasy Scheduled Scan.job
    - c:\program files\Easeware\DriverEasy\DriverEasy.exe [2013-12-06 16:15]
    .
    2014-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cef386a2d28c17.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-06 22:27]
    .
    2014-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-06 22:27]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-04-06 11:03 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-10 23:54 164016 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-10 23:54 164016 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-10 23:54 164016 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-10 23:54 164016 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2013-02-05 5670448]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = www.bing.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Bütün Bağlantıları IDM ile İndir - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: IDM ile İndir - c:\program files (x86)\Internet Download Manager\IEExt.htm
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
    TCP: Interfaces\{B9241E59-CE1F-4AE9-A4C9-D798E8DE8C47}: NameServer = 213.74.0.1,213.74.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Notify-SDWinLogon - SDWinLogon.dll
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2395962531-217751968-226635089-1000_Classes\Wow6432Node\CLSID\{3b625d9c-6e60-4dff-ae0d-c5f64fdd5a59}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:0000002f
    "Therad"=dword:00000011
    "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
    1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    .
    [HKEY_USERS\S-1-5-21-2395962531-217751968-226635089-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "scansk"=hex(0):96,1e,1d,69,8b,94,af,4f,37,e7,78,f4,b8,ed,25,ea,3d,b1,c4,a6,fb,
    f6,e7,c9,49,8a,f5,df,20,48,4c,a6,b4,2b,27,23,07,6b,12,74,00,00,00,00,00,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-04-06 20:30:59
    ComboFix-quarantined-files.txt 2014-04-06 17:30
    .
    Pre-Run: 136.639.127.552 bayt boş
    Post-Run: 136.462.843.904 bayt boş
    .
    - - End Of File - - C7802ADFFE7FF941F810928C7E5B942E
    A36C5E4F47E84449FF07ED3517B43A31

  5. #15
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Next: Disconnect from the internet. If you are on Cable or DSL unplug your computer from the modem.
    Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
    This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

    Click on this link Here to see a list of programs that should be disabled.
    The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the Code box below:
    Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.

    Code:
    FCopy::c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll|c:\windows\system32\user32.dll
    FCopy::c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll|c:\windows\SysWOW64\user32.dll
    Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.



    Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.



    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    If there are internet issues afterward:

    *In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.


    Chrome:
    Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``

    Please post this log when done.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #16
    Junior Member
    Join Date
    Aug 2013
    Posts
    23

    Default

    -------combofix with CFscript------------
    ComboFix 14-04-06.01 - ESMEN 07.04.2014 14:02:16.2.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1254.90.1033.18.4095.2211 [GMT 3:00]
    Running from: c:\users\ESMEN\Downloads\ComboFix.exe
    Command switches used :: c:\users\ESMEN\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-03-07 to 2014-04-07 )))))))))))))))))))))))))))))))
    .
    .
    2014-04-07 11:07 . 2014-04-07 11:07 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-04-06 17:31 . 2014-04-07 11:07 -------- d-----w- c:\users\ESMEN\AppData\Local\temp
    2014-04-06 16:28 . 2014-04-06 17:01 -------- d-----w- C:\FRST
    2014-04-06 14:21 . 2014-04-06 14:21 -------- d-----w- c:\program files (x86)\ERUNT
    2014-04-06 11:03 . 2014-04-06 11:03 43152 ----a-w- c:\windows\avastSS.scr
    2014-04-06 11:03 . 2014-04-06 11:03 445304 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
    2014-04-06 10:49 . 2014-04-06 10:49 -------- d-----w- c:\windows\jumpshot.com
    2014-04-05 16:40 . 2013-09-20 07:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
    2014-04-05 16:39 . 2014-04-05 16:41 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
    2014-04-05 16:39 . 2014-04-05 16:39 -------- d-----w- c:\users\ESMEN\AppData\Local\Programs
    2014-04-04 18:47 . 2014-04-04 18:47 -------- d-----w- c:\program files (x86)\Internet Download Manager
    2014-04-04 09:31 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F07518CE-61E8-4777-862B-43057141AABF}\mpengine.dll
    2014-03-27 16:21 . 2014-03-27 16:21 -------- d-----w- c:\users\ESMEN\AppData\Roaming\The Creative Assembly
    2014-03-27 16:04 . 2014-03-27 16:20 -------- d-----w- c:\program files (x86)\Napoleon Total War
    2014-03-12 19:35 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
    2014-03-12 19:35 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
    2014-03-12 19:35 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
    2014-03-12 19:32 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
    2014-03-12 19:32 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
    2014-03-12 19:32 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2014-03-12 19:32 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
    2014-03-09 11:08 . 2014-04-07 10:54 -------- d-----r- c:\users\ESMEN\Dropbox
    2014-03-09 11:06 . 2014-04-07 10:54 -------- d-----w- c:\users\ESMEN\AppData\Roaming\Dropbox
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-04-06 11:03 . 2014-01-27 22:10 84816 ----a-w- c:\windows\system32\drivers\aswStm.sys
    2014-04-06 11:03 . 2014-01-27 22:10 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2014-04-06 11:03 . 2014-01-27 22:10 208928 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-04-06 11:03 . 2014-01-27 22:10 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-04-06 11:03 . 2014-01-27 22:10 423240 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2014-04-06 11:03 . 2014-01-27 22:10 1039096 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2014-04-06 11:03 . 2014-01-27 22:10 334648 ----a-w- c:\windows\system32\aswBoot.exe
    2014-04-06 11:03 . 2014-01-27 22:10 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2014-04-06 11:03 . 2014-01-28 14:58 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
    2014-03-18 16:14 . 2013-12-06 22:46 90015360 ----a-w- c:\windows\system32\MRT.exe
    2014-03-14 07:30 . 2013-12-06 22:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-03-14 07:30 . 2013-12-06 22:16 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-02-19 17:09 . 2013-12-07 15:26 419840 ----a-w- c:\windows\system32\systemcpl.dll
    2014-02-19 17:09 . 2013-12-07 15:26 14848 ----a-w- c:\windows\system32\slwga.dll
    2014-02-19 17:09 . 2013-12-07 15:26 13824 ----a-w- c:\windows\SysWow64\slwga.dll
    2014-01-30 22:09 . 2014-01-30 22:09 119808 ----a-r- c:\users\ESMEN\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
    2014-01-09 02:22 . 2014-02-26 12:00 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
    [7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
    [-] 2013-12-08 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
    .
    [-] 2013-12-08 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
    [7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
    [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-10 23:54 131248 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-10 23:54 131248 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-10 23:54 131248 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-06 3854640]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
    "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
    .
    c:\users\ESMEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\ESMEN\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 33508336]
    ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;tsusbhub [x]
    S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
    S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
    S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
    S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
    S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
    S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
    S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x64.sys;c:\windows\SYSNATIVE\DRIVERS\l260x64.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-03-15 20:13 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-12-06 c:\windows\Tasks\DriverEasy Scheduled Scan.job
    - c:\program files\Easeware\DriverEasy\DriverEasy.exe [2013-12-06 16:15]
    .
    2014-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cef386a2d28c17.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-06 22:27]
    .
    2014-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-06 22:27]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-04-06 11:03 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-10 23:54 164016 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-10 23:54 164016 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-10 23:54 164016 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-10 23:54 164016 ----a-w- c:\users\ESMEN\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2013-02-05 5670448]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = www.bing.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Bütün Bağlantıları IDM ile İndir - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: IDM ile İndir - c:\program files (x86)\Internet Download Manager\IEExt.htm
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
    TCP: Interfaces\{B9241E59-CE1F-4AE9-A4C9-D798E8DE8C47}: NameServer = 213.74.0.1,213.74.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Notify-SDWinLogon - SDWinLogon.dll
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2395962531-217751968-226635089-1000_Classes\Wow6432Node\CLSID\{3b625d9c-6e60-4dff-ae0d-c5f64fdd5a59}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:0000002f
    "Therad"=dword:00000011
    "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
    1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    .
    [HKEY_USERS\S-1-5-21-2395962531-217751968-226635089-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "scansk"=hex(0):96,1e,1d,69,8b,94,af,4f,37,e7,78,f4,b8,ed,25,ea,3d,b1,c4,a6,fb,
    f6,e7,c9,49,8a,f5,df,20,48,4c,a6,b4,2b,27,23,07,6b,12,74,00,00,00,00,00,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-04-07 14:09:39
    ComboFix-quarantined-files.txt 2014-04-07 11:09
    ComboFix2.txt 2014-04-06 17:30
    .
    Pre-Run: 135.884.390.400 bayt boş
    Post-Run: 135.811.702.784 bayt boş
    .
    - - End Of File - - 1C2ECA7FEAC3AB8E16213A012E20BA0F
    A36C5E4F47E84449FF07ED3517B43A31

  7. #17
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Did you drag the script I created into the ComboFix icon?

    The log you posted was from yesterday

    ComboFix 14-04-06.01 <--yesterday

    ComboFix 14-04-06.01 <-- today

    If you did drag it over, how's the computer now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #18
    Junior Member
    Join Date
    Aug 2013
    Posts
    23

    Default

    i did cfscript.txt thing as you describe me. it still found the same folder as invisible and i can't find the folder anywhere. if you wish i can do cfscript.txt thing again

  9. #19
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Quote Originally Posted by atilla View Post
    i did cfscript.txt thing as you describe me. it still found the same folder as invisible and i can't find the folder anywhere. if you wish i can do cfscript.txt thing again
    Before we do that let's try this scanner.


    Download the latest version of TDSSKiller from here and save it to your Desktop.


    • Doubleclick on TDSSKiller.exe to run the application

    • Then click on Change parameters.


    • Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.
    • Click the Start Scan button.

    • If a suspicious object is detected, the default action will be Skip, click on Continue.


    • If malicious objects are found, they will show in the Scan results and offer three (3) options.
    • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    • Get the report by selecting Reports


    • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    Please copy and paste its contents on your next reply.



    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  10. #20
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Looking back I found this
    Running from: c:\users\ESMEN\Downloads\ComboFix.exe
    Command switches used :: c:\users\ESMEN\Desktop\CFScript.txt

    Need to move ComboFix to desktop or delete the version you have now, re-download and make sure it's saved to desktop, then run the fix I created again


    Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •