Solved Can't get rid of DOS/Rovnix.W

Mahtab · Nov 10, 2014

Hi,
My computer has been infected with DOS/Rovnix.W and despite several scans, in safe mode since it cannot complete the scans in normal mode and shuts down or goes to blue screen, and manual registery cleaning I couldn't get rid of it. My computer doesn't go to blue screen anymore but MSE still shows the malware and is unable to delete it completely. I would appreciate your help.

Mahtab · Nov 10, 2014

For this issue:
Category: Virus

Description: This program is dangerous and replicates by infecting other files.

Recommended action: Remove this software immediately.

Items:
rootkit:Rovnix->Vbr::Rovnix

Step 2: MBAM Log
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/10/2014
Scan Time: 4:56:50 PM
Logfile: ScanLog.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.10.05
Rootkit Database: v2014.11.08.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mahtab

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 359510
Time Elapsed: 45 min, 46 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Step 3: DDS
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/8/2012 2:30:25 PM
System Uptime: 11/10/2014 5:44:57 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 3387
Processor: AMD E-450 APU with Radeon(tm) HD Graphics | Socket FT1 | 1650/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 438 GiB total, 348.355 GiB free.
D: is FIXED (NTFS) - 24 GiB total, 2.514 GiB free.
E: is FIXED (FAT32) - 4 GiB total, 1.08 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter for 64-bit Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter for 64-bit Windows
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP282: 10/19/2014 2:05:57 PM - Windows Update
RP283: 10/24/2014 12:10:16 PM - Windows Update
RP284: 10/27/2014 5:46:02 PM - Windows Update
RP285: 10/31/2014 3:36:07 PM - Windows Update
RP286: 11/4/2014 11:50:14 AM - Windows Update
RP287: 11/6/2014 8:34:53 PM - Removed Arena 13.90.00000 .
RP288: 11/7/2014 10:08:12 PM - Windows Update
.
==== Image File Execution Options =============
.
.
==== Installed Programs ======================
.
.
==== End Of File ===========================

*These files seems incomplete to me but I didn't recieve any errors saying the scans were not successful. Also the DDS created only the Attach.txt and not the other file. I did disable my firewall and disconnected from internet. Please let me know what I should be doing next.

Broni · Nov 10, 2014

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

Download TDSSKiller and save it to your desktop.

Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

Mahtab · Nov 11, 2014

TDSSKiller Log

11:47:13.0909 0x1624 TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
11:48:19.0252 0x1624 ============================================================
11:48:19.0252 0x1624 Current date / time: 2014/11/11 11:48:19.0252
11:48:19.0252 0x1624 SystemInfo:
11:48:19.0252 0x1624
11:48:19.0252 0x1624 OS Version: 6.1.7601 ServicePack: 1.0
11:48:19.0252 0x1624 Product type: Workstation
11:48:19.0268 0x1624 ComputerName: MAHTAB-HP
11:48:19.0268 0x1624 UserName: Mahtab
11:48:19.0268 0x1624 Windows directory: C:\Windows
11:48:19.0268 0x1624 System windows directory: C:\Windows
11:48:19.0268 0x1624 Running under WOW64
11:48:19.0268 0x1624 Processor architecture: Intel x64
11:48:19.0268 0x1624 Number of processors: 2
11:48:19.0268 0x1624 Page size: 0x1000
11:48:19.0268 0x1624 Boot type: Normal boot
11:48:19.0268 0x1624 ============================================================
11:48:20.0328 0x1624 KLMD registered as C:\Windows\system32\drivers\79599235.sys
11:48:21.0717 0x1624 System UUID: {441F15F9-8E09-A47B-6F09-212AAE324194}
11:48:24.0135 0x1624 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:48:24.0166 0x1624 ============================================================
11:48:24.0166 0x1624 \Device\Harddisk0\DR0:
11:48:24.0197 0x1624 MBR partitions:
11:48:24.0197 0x1624 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
11:48:24.0197 0x1624 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x36BBA000
11:48:24.0197 0x1624 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x36C1E000, BlocksNum 0x2F78000
11:48:24.0197 0x1624 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x39B96000, BlocksNum 0x7EF830
11:48:24.0197 0x1624 ============================================================
11:48:24.0353 0x1624 C: <-> \Device\Harddisk0\DR0\Partition2
11:48:24.0494 0x1624 D: <-> \Device\Harddisk0\DR0\Partition3
11:48:24.0556 0x1624 E: <-> \Device\Harddisk0\DR0\Partition4
11:48:24.0556 0x1624 ============================================================
11:48:24.0556 0x1624 Initialize success
11:48:24.0556 0x1624 ============================================================
11:48:27.0255 0x2144 ============================================================
11:48:27.0255 0x2144 Scan started
11:48:27.0255 0x2144 Mode: Manual;
11:48:27.0255 0x2144 ============================================================
11:48:27.0255 0x2144 KSN ping started
11:48:41.0095 0x2144 KSN ping finished: true
11:48:42.0281 0x2144 ================ Scan system memory ========================
11:48:42.0281 0x2144 System memory - ok
11:48:42.0281 0x2144 ================ Scan services =============================
11:48:42.0780 0x2144 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:48:42.0796 0x2144 1394ohci - ok
11:48:42.0874 0x2144 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5, C3CC58D636B18DF77C4C4B384AD1DE78418716A0606E564DBC63782D5EA02905 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
11:48:42.0874 0x2144 Accelerometer - ok
11:48:42.0952 0x2144 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:48:42.0967 0x2144 ACPI - ok
11:48:43.0030 0x2144 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:48:43.0030 0x2144 AcpiPmi - ok
11:48:43.0201 0x2144 [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:48:43.0217 0x2144 AdobeARMservice - ok
11:48:43.0560 0x2144 [ 2637233632CCD1837A1A57A43CAF00A4, 848026C6C9B38FD9F70BC7B2306BF4F5DD395726D4FDD6A18B29354921191DC5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:48:43.0576 0x2144 AdobeFlashPlayerUpdateSvc - ok
11:48:43.0638 0x2144 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:48:43.0669 0x2144 adp94xx - ok
11:48:43.0700 0x2144 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:48:43.0716 0x2144 adpahci - ok
11:48:43.0747 0x2144 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:48:43.0763 0x2144 adpu320 - ok
11:48:43.0810 0x2144 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:48:43.0810 0x2144 AeLookupSvc - ok
11:48:43.0981 0x2144 [ A6FB9DB8F1A86861D955FD6975977AE0, 788C6EE50719227D7A9B7F08C8D5E1289FCD0E8AC23A1021A5093D2E8368F696 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
11:48:43.0997 0x2144 AESTFilters - ok
11:48:44.0059 0x2144 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
11:48:44.0090 0x2144 AFD - ok
11:48:44.0122 0x2144 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
11:48:44.0137 0x2144 agp440 - ok
11:48:44.0168 0x2144 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
11:48:44.0168 0x2144 ALG - ok
11:48:44.0215 0x2144 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
11:48:44.0215 0x2144 aliide - ok
11:48:44.0262 0x2144 [ 310F88A93C3B02E3D1F906FB57B9E01E, C12CF7005F681305FA4A945C77E0C6C6AD674037187030FA506EA85DB37CA68C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:48:44.0278 0x2144 AMD External Events Utility - ok
11:48:44.0309 0x2144 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
11:48:44.0309 0x2144 amdide - ok
11:48:44.0340 0x2144 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:48:44.0356 0x2144 AmdK8 - ok
11:48:44.0917 0x2144 [ 62DDF55680F8C53E4B8DDE4189ADA0B8, 0840DC0F30430C708896859ABEFEBB9802EE6544F0BEE7C16EFCBC991B49C43C ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:48:45.0526 0x2144 amdkmdag - ok
11:48:45.0619 0x2144 [ 51F027DFFEDFB8D763FABFFA06B56E6D, 85C6173B910E90C399A0AE3000C6527E390B72B8550618FA91D4E979793DB19C ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
11:48:45.0635 0x2144 amdkmdap - ok
11:48:45.0682 0x2144 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:48:45.0682 0x2144 AmdPPM - ok
11:48:45.0713 0x2144 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:48:45.0728 0x2144 amdsata - ok
11:48:45.0775 0x2144 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
11:48:45.0791 0x2144 amdsbs - ok
11:48:45.0806 0x2144 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:48:45.0806 0x2144 amdxata - ok
11:48:45.0838 0x2144 [ F9D46B6B322708BD5AFCC8767EBDC901, BD4872A62516D8326D43FD37A8BECEBADB80C51CD79506FD8A2013358710F774 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
11:48:45.0853 0x2144 amd_sata - ok
11:48:45.0900 0x2144 [ 329CC9C7E20DEEBCD4CD10816193EF14, FA217536D56EA0BFC783FC29919F529A9AF8E0F7B2A49AA452B218BC6F1E0366 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
11:48:45.0900 0x2144 amd_xata - ok
11:48:45.0931 0x2144 [ 80B9412C4DE09147581FC935FB4C97AB, 0C9661F7B5EF7F9D61981790B7AB64E3375BD117962166619D0CC546A2D014D3 ] AppID C:\Windows\system32\drivers\appid.sys
11:48:45.0931 0x2144 AppID - ok
11:48:45.0962 0x2144 [ F71CA01C24FC3798A717B5A6F682F9AD, 8CF1C209E7BBBAD02D6D087293C0B681CDA3170AF119CA2916C2708D8801E749 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:48:45.0962 0x2144 AppIDSvc - ok
11:48:46.0009 0x2144 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
11:48:46.0009 0x2144 Appinfo - ok
11:48:46.0056 0x2144 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
11:48:46.0072 0x2144 arc - ok
11:48:46.0103 0x2144 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:48:46.0118 0x2144 arcsas - ok
11:48:46.0399 0x2144 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:48:46.0399 0x2144 aspnet_state - ok
11:48:46.0430 0x2144 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:48:46.0446 0x2144 AsyncMac - ok
11:48:46.0462 0x2144 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
11:48:46.0477 0x2144 atapi - ok
11:48:46.0524 0x2144 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47, 172240231981162F67DD2CF13C6D8C807EFFCE9C24B476F2942BC3E1F41C1A71 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
11:48:46.0524 0x2144 AtiHDAudioService - ok
11:48:46.0602 0x2144 [ 2C1B6A64294F2182DC4999F923873974, 6D611636D849631BB1F852DC03A98BBFEC4D797A2707CA63427E187F0725A796 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:48:46.0633 0x2144 AudioEndpointBuilder - ok
11:48:46.0680 0x2144 [ 2C1B6A64294F2182DC4999F923873974, 6D611636D849631BB1F852DC03A98BBFEC4D797A2707CA63427E187F0725A796 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:48:46.0711 0x2144 AudioSrv - ok
11:48:46.0758 0x2144 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:48:46.0774 0x2144 AxInstSV - ok
11:48:46.0867 0x2144 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
11:48:46.0898 0x2144 b06bdrv - ok
11:48:46.0945 0x2144 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:48:46.0961 0x2144 b57nd60a - ok
11:48:47.0008 0x2144 [ 09A19C806110CE839111850EC27E65F5, 828251F2183AA42F9556F820025A612CDC52E57424C10738F7A4640CAB7E06E7 ] bcbtums C:\Windows\system32\drivers\bcbtums.sys
11:48:47.0023 0x2144 bcbtums - ok
11:48:47.0304 0x2144 [ 461E574D7967E895640109A371A912A5, 910C7063E9370FC1968E8F75E5350915ED1AFF54B265A86A28A77EE27529E8C3 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
11:48:47.0585 0x2144 BCM43XX - ok
11:48:47.0647 0x2144 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
11:48:47.0663 0x2144 BDESVC - ok
11:48:47.0694 0x2144 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
11:48:47.0694 0x2144 Beep - ok
11:48:47.0756 0x2144 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
11:48:47.0803 0x2144 BFE - ok
11:48:47.0881 0x2144 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
11:48:47.0912 0x2144 BITS - ok
11:48:47.0959 0x2144 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
11:48:47.0975 0x2144 blbdrive - ok
11:48:48.0022 0x2144 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:48:48.0022 0x2144 bowser - ok
11:48:48.0053 0x2144 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
11:48:48.0068 0x2144 BrFiltLo - ok
11:48:48.0084 0x2144 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
11:48:48.0084 0x2144 BrFiltUp - ok
11:48:48.0162 0x2144 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
11:48:48.0178 0x2144 Browser - ok
11:48:48.0240 0x2144 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:48:48.0256 0x2144 Brserid - ok
11:48:48.0287 0x2144 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:48:48.0287 0x2144 BrSerWdm - ok
11:48:48.0302 0x2144 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:48:48.0302 0x2144 BrUsbMdm - ok
11:48:48.0334 0x2144 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:48:48.0334 0x2144 BrUsbSer - ok
11:48:48.0380 0x2144 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
11:48:48.0380 0x2144 BthEnum - ok
11:48:48.0412 0x2144 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
11:48:48.0412 0x2144 BTHMODEM - ok
11:48:48.0458 0x2144 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
11:48:48.0458 0x2144 BthPan - ok
11:48:48.0505 0x2144 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
11:48:48.0536 0x2144 BTHPORT - ok
11:48:48.0583 0x2144 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
11:48:48.0599 0x2144 bthserv - ok
11:48:48.0630 0x2144 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
11:48:48.0630 0x2144 BTHUSB - ok
11:48:48.0708 0x2144 [ 0E78584D5FACA0509DFA97BD8B635075, 5362BF3A7237361C4ACA64946BBA61F7C79737FFC35CC8E042A45CB9BE15132F ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
11:48:48.0755 0x2144 btwampfl - ok
11:48:48.0786 0x2144 [ 409C4117E6027672EF41E68ACE1468AD, 8FB0A11E5147EEB245527E68FCD8FEC4BF5DC820BA1F99F983CDA10829DB4F5D ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
11:48:48.0817 0x2144 btwaudio - ok
11:48:48.0848 0x2144 [ 8CA7CABD13316ABACE386D9F380B4CF3, 6BB8142760E3440543991A6C2A2B5CB7450E7936C9A9F9038622AAC0D79C7667 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
11:48:48.0864 0x2144 btwavdt - ok
11:48:49.0160 0x2144 [ 1249EDE2280F9A1564C946AFDDCD59D5, 53DBE9FF35A229C013F017130ABC77F6632EA740545492CD741778B0E3705025 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
11:48:49.0207 0x2144 btwdins - ok
11:48:49.0238 0x2144 [ 41933521A618475644B6E8D8487AF326, A50D6CF096E45E4EA2491D61CFE165C8C8A8956E699519C4314918DE1FD31056 ] BTWDPAN C:\Windows\system32\DRIVERS\btwdpan.sys
11:48:49.0254 0x2144 BTWDPAN - ok
11:48:49.0270 0x2144 [ B9354F9F111C64F2495B60F1E24CB453, 67B3F5867B00F84832EF5AD649D817D27B3F200351C7C53579A63D30F8E2BFDD ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
11:48:49.0270 0x2144 btwl2cap - ok
11:48:49.0316 0x2144 [ 71A04F2D9DEB21B162561EB574D7D629, C4E477F38CA3C76A966DA9145ABA55EE316BDEC84FE647DB06BCB1604EFE1A94 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
11:48:49.0316 0x2144 btwrchid - ok
11:48:49.0512 0x2144 [ 1F79342D9EB530A48742F651E570983A, 99E0B613C23FA8591E248DFA6FF2D3EE19E262BE6E070A0E43E256B69687017F ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
11:48:49.0576 0x2144 c2cautoupdatesvc - ok
11:48:49.0719 0x2144 [ E4938E0A376CF0B9D989EE5C0A146891, 9DF6AB5781CD60862D9664CA9A8AF0696A1FB6D09D804CD8DE9630F40DE59E90 ] c2cpnrsvc C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
11:48:49.0807 0x2144 c2cpnrsvc - ok
11:48:49.0853 0x2144 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:48:49.0869 0x2144 cdfs - ok
11:48:49.0900 0x2144 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\drivers\cdrom.sys
11:48:49.0916 0x2144 cdrom - ok
11:48:49.0963 0x2144 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
11:48:49.0963 0x2144 CertPropSvc - ok
11:48:49.0994 0x2144 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
11:48:49.0994 0x2144 circlass - ok
11:48:50.0025 0x2144 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
11:48:50.0041 0x2144 CLFS - ok
11:48:50.0165 0x2144 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:48:50.0181 0x2144 clr_optimization_v2.0.50727_32 - ok
11:48:50.0306 0x2144 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:48:50.0306 0x2144 clr_optimization_v2.0.50727_64 - ok
11:48:50.0571 0x2144 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:48:50.0587 0x2144 clr_optimization_v4.0.30319_32 - ok
11:48:50.0633 0x2144 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:48:50.0649 0x2144 clr_optimization_v4.0.30319_64 - ok
11:48:50.0696 0x2144 [ 50F92C943F18B070F166D019DFAB3D9A, A997EAFFC1598B1D0A9E1A4475F25418CA8AA6B703B53A71B1AF028E247C9950 ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
11:48:50.0696 0x2144 clwvd - ok
11:48:50.0727 0x2144 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
11:48:50.0727 0x2144 CmBatt - ok
11:48:50.0789 0x2144 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:48:50.0789 0x2144 cmdide - ok
11:48:50.0945 0x2144 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
11:48:50.0961 0x2144 CNG - ok
11:48:51.0008 0x2144 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
11:48:51.0008 0x2144 Compbatt - ok
11:48:51.0070 0x2144 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:48:51.0070 0x2144 CompositeBus - ok
11:48:51.0086 0x2144 COMSysApp - ok
11:48:51.0117 0x2144 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:48:51.0117 0x2144 crcdisk - ok
11:48:51.0179 0x2144 [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:48:51.0179 0x2144 CryptSvc - ok
11:48:51.0226 0x2144 [ 44BDDEB03C84A1C993C992FFB5700357, 29080E9A434BB2A932783B0B5104BC9E3C514A0FFB387123B75F4F4045E353BC ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
11:48:51.0226 0x2144 CVirtA - ok
11:48:51.0367 0x2144 [ 66257CB4E4FB69887CDDC71663741435, A072C2868EC3CB773F1C512C9E07D152920794969E302199E8265CFFFD3EFC2D ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
11:48:51.0429 0x2144 CVPND - ok
11:48:51.0491 0x2144 [ CC8E52DAA9826064BA464DBE531F2BB5, 28150B5DDB4DB42839EBB4F3672EB575373046B1676938111904290DFF6DEC8E ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
11:48:51.0569 0x2144 CVPNDRVA - ok
11:48:51.0647 0x2144 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:48:51.0679 0x2144 DcomLaunch - ok
11:48:51.0725 0x2144 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
11:48:51.0741 0x2144 defragsvc - ok
11:48:51.0788 0x2144 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:48:51.0803 0x2144 DfsC - ok
11:48:51.0866 0x2144 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
11:48:51.0881 0x2144 Dhcp - ok
11:48:51.0897 0x2144 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
11:48:51.0897 0x2144 discache - ok
11:48:51.0944 0x2144 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
11:48:51.0944 0x2144 Disk - ok
11:48:51.0991 0x2144 [ 00770F01499F40A7477BFFA84A544E89, AFA96A57EFEE9B403A0CF3FE1DB83506950B9EB629023273BE2DAAE9EECD4017 ] DisplayLinkUsbIo_x64 C:\Windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.4.51572.0.sys
11:48:51.0991 0x2144 DisplayLinkUsbIo_x64 - ok
11:48:52.0037 0x2144 [ 05CB5910B3CA6019FC3CCA815EE06FFB, 8FA532ED500BB1F08E8034A6125BDD53B74D5E6AB0A83A6185B07AAFCD90AA82 ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
11:48:52.0053 0x2144 DNE - ok
11:48:52.0100 0x2144 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:48:52.0115 0x2144 Dnscache - ok
11:48:52.0178 0x2144 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
11:48:52.0193 0x2144 dot3svc - ok
11:48:52.0209 0x2144 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
11:48:52.0225 0x2144 DPS - ok
11:48:52.0271 0x2144 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:48:52.0271 0x2144 drmkaud - ok
11:48:52.0381 0x2144 [ F59E2FE2687A5C30598F9099F318EB73, 80A0B1CC758BD3C4AEAB8E5804120D8A145F918B527F41DEF02A0E4EBE170F37 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:48:52.0427 0x2144 DXGKrnl - ok
11:48:52.0459 0x2144 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
11:48:52.0474 0x2144 EapHost - ok
11:48:52.0693 0x2144 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
11:48:52.0833 0x2144 ebdrv - ok
11:48:52.0895 0x2144 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
11:48:52.0911 0x2144 EFS - ok
11:48:53.0129 0x2144 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:48:53.0161 0x2144 ehRecvr - ok
11:48:53.0192 0x2144 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
11:48:53.0192 0x2144 ehSched - ok
11:48:53.0254 0x2144 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:48:53.0285 0x2144 elxstor - ok
11:48:53.0317 0x2144 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:48:53.0317 0x2144 ErrDev - ok
11:48:53.0410 0x2144 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
11:48:53.0426 0x2144 EventSystem - ok
11:48:53.0473 0x2144 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
11:48:53.0488 0x2144 exfat - ok
11:48:53.0504 0x2144 ezSharedSvc - ok
11:48:53.0519 0x2144 FactoryTalk Activation Service - ok
11:48:53.0551 0x2144 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:48:53.0566 0x2144 fastfat - ok
11:48:53.0613 0x2144 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
11:48:53.0660 0x2144 Fax - ok
11:48:53.0691 0x2144 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
11:48:53.0691 0x2144 fdc - ok
11:48:53.0753 0x2144 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
11:48:53.0753 0x2144 fdPHost - ok
11:48:53.0785 0x2144 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
11:48:53.0785 0x2144 FDResPub - ok
11:48:53.0847 0x2144 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:48:53.0863 0x2144 FileInfo - ok
11:48:53.0878 0x2144 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:48:53.0894 0x2144 Filetrace - ok
11:48:53.0909 0x2144 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
11:48:53.0925 0x2144 flpydisk - ok
11:48:53.0956 0x2144 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:48:53.0987 0x2144 FltMgr - ok
11:48:54.0081 0x2144 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
11:48:54.0143 0x2144 FontCache - ok
11:48:54.0190 0x2144 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:48:54.0190 0x2144 FontCache3.0.0.0 - ok
11:48:54.0221 0x2144 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:48:54.0221 0x2144 FsDepends - ok
11:48:54.0268 0x2144 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:48:54.0268 0x2144 Fs_Rec - ok
11:48:54.0284 0x2144 FTActivationBoost - ok
11:48:54.0331 0x2144 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:48:54.0346 0x2144 fvevol - ok
11:48:54.0377 0x2144 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:48:54.0393 0x2144 gagp30kx - ok
11:48:54.0424 0x2144 [ A1F556318931B9EA276F4E2DA2C1791C, 1E5564A9B213689C56BFBBEC1A7BBFAD78DF1FB55422171C0680935338C5DE57 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
11:48:54.0440 0x2144 ggflt - ok
11:48:54.0471 0x2144 [ 7F56A3E09A6AD40B07E4EFAD34A40A18, E0EC4293035162E9EFA89A45FFF26B5BC829F7BB7F4D2D5A2CAA5E88AC6DC0C9 ] ggsomc C:\Windows\system32\DRIVERS\ggsomc.sys
11:48:54.0487 0x2144 ggsomc - ok
11:48:54.0518 0x2144 globalUpdate - ok
11:48:54.0533 0x2144 globalUpdatem - ok
11:48:54.0596 0x2144 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
11:48:54.0627 0x2144 gpsvc - ok
11:48:54.0674 0x2144 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:48:54.0674 0x2144 hcw85cir - ok
11:48:54.0721 0x2144 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:48:54.0736 0x2144 HdAudAddService - ok
11:48:54.0752 0x2144 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:48:54.0767 0x2144 HDAudBus - ok
11:48:54.0783 0x2144 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
11:48:54.0799 0x2144 HidBatt - ok
11:48:54.0830 0x2144 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
11:48:54.0830 0x2144 HidBth - ok
11:48:54.0877 0x2144 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
11:48:54.0877 0x2144 HidIr - ok
11:48:54.0955 0x2144 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
11:48:54.0955 0x2144 hidserv - ok
11:48:55.0001 0x2144 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:48:55.0001 0x2144 HidUsb - ok
11:48:55.0048 0x2144 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:48:55.0064 0x2144 hkmsvc - ok
11:48:55.0095 0x2144 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:48:55.0111 0x2144 HomeGroupListener - ok
11:48:55.0157 0x2144 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:48:55.0173 0x2144 HomeGroupProvider - ok
11:48:55.0251 0x2144 HP Support Assistant Service - ok
11:48:55.0329 0x2144 [ 6A181452D4E240B8ECC7614B9A19BDE9, 3E458A737DA597DF007D278E9D81F2BF259AB4B97A4C188CEDAEA1F144B1074F ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
11:48:55.0345 0x2144 HPClientSvc - ok
11:48:55.0376 0x2144 [ 4E0BEC0F78096FFD6D3314B497FC49D3, 15B545815D0C80102963FFF13B6643CC9A74717137C1CBA45345B18912E72DB6 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
11:48:55.0376 0x2144 hpdskflt - ok
11:48:55.0532 0x2144 [ DBDC0581D4506C13E6BEF48D14B1C55B, 264F8F225EB1CD0240EC3195A595CF057A5081725121A2DE56909D2E73BDD207 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
11:48:56.0218 0x2144 hpqwmiex - ok
11:48:56.0249 0x2144 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:48:56.0265 0x2144 HpSAMD - ok
11:48:56.0296 0x2144 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278, E85A7BF1CFE52BA7D663A1ED48A4F8874EFBDDF48979138F7E3E24817705B6A1 ] hpsrv C:\Windows\system32\Hpservice.exe
11:48:56.0296 0x2144 hpsrv - ok
11:48:56.0359 0x2144 [ 491CE9B6321FB74E4B37AF2C47F98434, DCB996386B10A3198D7EACEAB74D838399908FD443577918B7E55D47930165A0 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
11:48:56.0405 0x2144 HPWMISVC - ok
11:48:56.0452 0x2144 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:48:56.0499 0x2144 HTTP - ok
11:48:56.0515 0x2144 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:48:56.0515 0x2144 hwpolicy - ok
11:48:56.0561 0x2144 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
11:48:56.0561 0x2144 i8042prt - ok
11:48:56.0608 0x2144 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:48:56.0624 0x2144 iaStorV - ok
11:48:56.0764 0x2144 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:48:56.0811 0x2144 idsvc - ok
11:48:56.0827 0x2144 IEEtwCollectorService - ok
11:48:56.0889 0x2144 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
11:48:56.0889 0x2144 iirsp - ok
11:48:57.0029 0x2144 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
11:48:57.0076 0x2144 IKEEXT - ok
11:48:57.0154 0x2144 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
11:48:57.0154 0x2144 intelide - ok
11:48:57.0217 0x2144 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\drivers\intelppm.sys
11:48:57.0232 0x2144 intelppm - ok
11:48:57.0279 0x2144 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:48:57.0295 0x2144 IPBusEnum - ok

Mahtab · Nov 11, 2014

11:48:57.0341 0x2144 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

11:48:57.0341 0x2144 IpFilterDriver - ok

11:48:57.0419 0x2144 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

11:48:57.0451 0x2144 iphlpsvc - ok

11:48:57.0497 0x2144 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

11:48:57.0513 0x2144 IPMIDRV - ok

11:48:57.0544 0x2144 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys

11:48:57.0560 0x2144 IPNAT - ok

11:48:57.0591 0x2144 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys

11:48:57.0591 0x2144 IRENUM - ok

11:48:57.0622 0x2144 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys

11:48:57.0622 0x2144 isapnp - ok

11:48:57.0700 0x2144 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

11:48:57.0716 0x2144 iScsiPrt - ok

11:48:57.0747 0x2144 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

11:48:57.0747 0x2144 kbdclass - ok

11:48:57.0794 0x2144 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

11:48:57.0794 0x2144 kbdhid - ok

11:48:57.0825 0x2144 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe

11:48:57.0841 0x2144 KeyIso - ok

11:48:57.0872 0x2144 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

11:48:57.0887 0x2144 KSecDD - ok

11:48:57.0934 0x2144 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

11:48:57.0934 0x2144 KSecPkg - ok

11:48:57.0981 0x2144 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

11:48:57.0981 0x2144 ksthunk - ok

11:48:58.0043 0x2144 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll

11:48:58.0059 0x2144 KtmRm - ok

11:48:58.0121 0x2144 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll

11:48:58.0137 0x2144 LanmanServer - ok

11:48:58.0199 0x2144 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

11:48:58.0231 0x2144 LanmanWorkstation - ok

11:48:58.0293 0x2144 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

11:48:58.0293 0x2144 lltdio - ok

11:48:58.0355 0x2144 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll

11:48:58.0371 0x2144 lltdsvc - ok

11:48:58.0387 0x2144 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll

11:48:58.0402 0x2144 lmhosts - ok

11:48:58.0465 0x2144 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

11:48:58.0480 0x2144 LSI_FC - ok

11:48:58.0496 0x2144 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

11:48:58.0511 0x2144 LSI_SAS - ok

11:48:58.0558 0x2144 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

11:48:58.0558 0x2144 LSI_SAS2 - ok

11:48:58.0589 0x2144 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

11:48:58.0589 0x2144 LSI_SCSI - ok

11:48:58.0636 0x2144 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys

11:48:58.0636 0x2144 luafv - ok

11:48:58.0730 0x2144 [ 5C3669B71657F22E67A1D4BD49D2CBE7, 7CAE59AA6CA9CBBD70BBD707A155FB169BF3F71096275BF7C0F415B6A092C671 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

11:48:58.0730 0x2144 MBAMProtector - ok

11:48:58.0948 0x2144 [ 6D8A2EE4244630B290A837E79C0F37A1, 6783BBC0BDC93E4D6D43531A1AD0DF5CD26C3BBFA6384927C5CF65AD97FB04AD ] MBAMScheduler C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

11:48:59.0026 0x2144 MBAMScheduler - ok

11:48:59.0167 0x2144 [ 09D4503CBB6ADB3A54E7C7A75090B728, 6139EA3338FD64205481EDEC813A44F8D395FDA7B67AA431DA61F3631C3EDAE6 ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

11:48:59.0213 0x2144 MBAMService - ok

11:48:59.0291 0x2144 [ 26C43960C99EE861A5D0EDC4DCF3B1C3, 6238FB8E785652040CCE3E7044EA52066CE1BF173A1467474D64A3AB214B6BCD ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys

11:48:59.0291 0x2144 MBAMSwissArmy - ok

11:48:59.0369 0x2144 [ 95EF63A7827D4E3A229CBBCB42619E93, FA38DD035B2C4FC82B60868F49D45A39FBBC96096AAD5A2C8BD752A250255BA7 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys

11:48:59.0385 0x2144 MBAMWebAccessControl - ok

11:48:59.0432 0x2144 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

11:48:59.0447 0x2144 Mcx2Svc - ok

11:48:59.0494 0x2144 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys

11:48:59.0510 0x2144 megasas - ok

11:48:59.0588 0x2144 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

11:48:59.0603 0x2144 MegaSR - ok

11:48:59.0650 0x2144 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll

11:48:59.0666 0x2144 MMCSS - ok

11:48:59.0697 0x2144 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys

11:48:59.0697 0x2144 Modem - ok

11:48:59.0728 0x2144 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

11:48:59.0728 0x2144 monitor - ok

11:48:59.0775 0x2144 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

11:48:59.0775 0x2144 mouclass - ok

11:48:59.0806 0x2144 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

11:48:59.0806 0x2144 mouhid - ok

11:48:59.0837 0x2144 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

11:48:59.0837 0x2144 mountmgr - ok

11:48:59.0900 0x2144 [ 28048289E32294004A86935CC40A3252, D397C3BAD6BCDA33FA0982E10677598E8BDF69A0933D19A36873CB45BA4FB819 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

11:48:59.0900 0x2144 MozillaMaintenance - ok

11:48:59.0962 0x2144 [ 6439D1E559D08BD8A1465A8943357053, 0E300508C22D12FBA3BE566B722F574CBE1B4A1A305356B92B8EA8B86267071B ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

11:48:59.0978 0x2144 MpFilter - ok

11:49:00.0025 0x2144 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys

11:49:00.0040 0x2144 mpio - ok

11:49:00.0071 0x2144 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

11:49:00.0071 0x2144 mpsdrv - ok

11:49:00.0149 0x2144 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll

11:49:00.0196 0x2144 MpsSvc - ok

11:49:00.0259 0x2144 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

11:49:00.0259 0x2144 MRxDAV - ok

11:49:00.0337 0x2144 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

11:49:00.0337 0x2144 mrxsmb - ok

11:49:00.0399 0x2144 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

11:49:00.0415 0x2144 mrxsmb10 - ok

11:49:00.0446 0x2144 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

11:49:00.0446 0x2144 mrxsmb20 - ok

11:49:00.0493 0x2144 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys

11:49:00.0493 0x2144 msahci - ok

11:49:00.0555 0x2144 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys

11:49:00.0555 0x2144 msdsm - ok

11:49:00.0617 0x2144 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe

11:49:00.0633 0x2144 MSDTC - ok

11:49:00.0680 0x2144 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys

11:49:00.0680 0x2144 Msfs - ok

11:49:00.0711 0x2144 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

11:49:00.0711 0x2144 mshidkmdf - ok

11:49:00.0758 0x2144 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

11:49:00.0758 0x2144 msisadrv - ok

11:49:00.0805 0x2144 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

11:49:00.0820 0x2144 MSiSCSI - ok

11:49:00.0836 0x2144 msiserver - ok

11:49:00.0851 0x2144 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

11:49:00.0867 0x2144 MSKSSRV - ok

11:49:00.0992 0x2144 [ F0D5494D8B177C37E16966262F5D0F68, DD63427DFFD9DD2BEC8336F6AD1BEFE347012331631DC5FEC65E83B1EACDBC67 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe

11:49:00.0992 0x2144 MsMpSvc - ok

11:49:01.0070 0x2144 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

11:49:01.0070 0x2144 MSPCLOCK - ok

11:49:01.0101 0x2144 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

11:49:01.0101 0x2144 MSPQM - ok

11:49:01.0179 0x2144 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

11:49:01.0195 0x2144 MsRPC - ok

11:49:01.0257 0x2144 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

11:49:01.0257 0x2144 mssmbios - ok

11:49:01.0273 0x2144 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

11:49:01.0273 0x2144 MSTEE - ok

11:49:01.0319 0x2144 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

11:49:01.0319 0x2144 MTConfig - ok

11:49:01.0351 0x2144 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys

11:49:01.0351 0x2144 Mup - ok

11:49:01.0444 0x2144 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll

11:49:01.0460 0x2144 napagent - ok

11:49:01.0522 0x2144 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

11:49:01.0538 0x2144 NativeWifiP - ok

11:49:01.0647 0x2144 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys

11:49:01.0694 0x2144 NDIS - ok

11:49:01.0725 0x2144 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

11:49:01.0741 0x2144 NdisCap - ok

11:49:01.0756 0x2144 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

11:49:01.0756 0x2144 NdisTapi - ok

11:49:01.0787 0x2144 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

11:49:01.0787 0x2144 Ndisuio - ok

11:49:01.0819 0x2144 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

11:49:01.0834 0x2144 NdisWan - ok

11:49:01.0850 0x2144 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

11:49:01.0865 0x2144 NDProxy - ok

11:49:01.0897 0x2144 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

11:49:01.0897 0x2144 NetBIOS - ok

11:49:01.0943 0x2144 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

11:49:01.0959 0x2144 NetBT - ok

11:49:02.0006 0x2144 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe

11:49:02.0006 0x2144 Netlogon - ok

11:49:02.0068 0x2144 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll

11:49:02.0084 0x2144 Netman - ok

11:49:02.0146 0x2144 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:49:02.0162 0x2144 NetMsmqActivator - ok

11:49:02.0193 0x2144 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:49:02.0193 0x2144 NetPipeActivator - ok

11:49:02.0240 0x2144 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll

11:49:02.0271 0x2144 netprofm - ok

11:49:02.0287 0x2144 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:49:02.0302 0x2144 NetTcpActivator - ok

11:49:02.0318 0x2144 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:49:02.0333 0x2144 NetTcpPortSharing - ok

11:49:02.0380 0x2144 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

11:49:02.0380 0x2144 nfrd960 - ok

11:49:02.0411 0x2144 [ F9EEFFC65C68A45001D1349E652B8B6F, E5F223129416083A12A85D48C65B2C8D1BF1124110399938E144308C89F9241D ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys

11:49:02.0427 0x2144 NisDrv - ok

11:49:02.0489 0x2144 [ 9690F420A99364C1E5C439914B0DE25C, 6C6E0B27C4255001FE5F1EAD911DE1A8BF922C405B0C8031A6BD253CEB1D02A6 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe

11:49:02.0505 0x2144 NisSrv - ok

11:49:02.0552 0x2144 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll

11:49:02.0567 0x2144 NlaSvc - ok

11:49:02.0614 0x2144 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys

11:49:02.0614 0x2144 Npfs - ok

11:49:02.0661 0x2144 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll

11:49:02.0661 0x2144 nsi - ok

11:49:02.0692 0x2144 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

11:49:02.0692 0x2144 nsiproxy - ok

11:49:02.0895 0x2144 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

11:49:02.0973 0x2144 Ntfs - ok

11:49:03.0004 0x2144 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys

11:49:03.0020 0x2144 Null - ok

11:49:03.0067 0x2144 [ A85B4F2EF3A7304A5399EF0526423040, E45854691BA6AE36E53C2922CC93FF13DC2D84CBE7FE13A2F0B1CE1C16D1D158 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys

11:49:03.0098 0x2144 NVENETFD - ok

11:49:03.0160 0x2144 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys

11:49:03.0160 0x2144 nvraid - ok

11:49:03.0207 0x2144 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys

11:49:03.0223 0x2144 nvstor - ok

11:49:03.0254 0x2144 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

11:49:03.0269 0x2144 nv_agp - ok

11:49:03.0410 0x2144 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

11:49:03.0441 0x2144 odserv - ok

11:49:03.0488 0x2144 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

11:49:03.0488 0x2144 ohci1394 - ok

11:49:03.0535 0x2144 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

11:49:03.0550 0x2144 ose - ok

11:49:03.0628 0x2144 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

11:49:03.0644 0x2144 p2pimsvc - ok

11:49:03.0706 0x2144 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll

11:49:03.0722 0x2144 p2psvc - ok

11:49:03.0753 0x2144 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys

11:49:03.0753 0x2144 Parport - ok

11:49:03.0815 0x2144 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys

11:49:03.0815 0x2144 partmgr - ok

11:49:03.0878 0x2144 [ 256390425414F90FCBC12F525A84EB11, A4992020BF6A239AD8A77125426E2C39980C9ABC971C4DBCB24B358F946AD7F9 ] PcaSvc C:\Windows\System32\pcasvc.dll

11:49:03.0893 0x2144 PcaSvc - ok

11:49:03.0925 0x2144 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys

11:49:03.0940 0x2144 pci - ok

11:49:03.0987 0x2144 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys

11:49:03.0987 0x2144 pciide - ok

11:49:04.0034 0x2144 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

11:49:04.0049 0x2144 pcmcia - ok

11:49:04.0096 0x2144 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys

11:49:04.0096 0x2144 pcw - ok

11:49:04.0205 0x2144 [ 946010CDFA91469351B22E2620CEBCD8, F099C92706D42ADC289B72724F7932E5D4F62A427AEC967DDB0A1D728AE59A63 ] PEAUTH C:\Windows\system32\drivers\peauth.sys

11:49:04.0237 0x2144 PEAUTH - ok

11:49:04.0517 0x2144 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe

11:49:04.0517 0x2144 PerfHost - ok

11:49:04.0767 0x2144 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll

11:49:04.0829 0x2144 pla - ok

11:49:04.0907 0x2144 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

11:49:04.0923 0x2144 PlugPlay - ok

11:49:05.0017 0x2144 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

11:49:05.0032 0x2144 PNRPAutoReg - ok

11:49:05.0079 0x2144 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

11:49:05.0110 0x2144 PNRPsvc - ok

11:49:05.0188 0x2144 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

11:49:05.0219 0x2144 PolicyAgent - ok

11:49:05.0297 0x2144 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll

11:49:05.0313 0x2144 Power - ok

11:49:05.0360 0x2144 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

11:49:05.0360 0x2144 PptpMiniport - ok

11:49:05.0391 0x2144 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys

11:49:05.0407 0x2144 Processor - ok

11:49:05.0453 0x2144 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll

11:49:05.0469 0x2144 ProfSvc - ok

11:49:05.0500 0x2144 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe

11:49:05.0500 0x2144 ProtectedStorage - ok

11:49:05.0563 0x2144 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys

11:49:05.0578 0x2144 Psched - ok

11:49:05.0703 0x2144 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

11:49:05.0765 0x2144 ql2300 - ok

11:49:05.0812 0x2144 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

11:49:05.0812 0x2144 ql40xx - ok

11:49:05.0875 0x2144 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll

11:49:05.0890 0x2144 QWAVE - ok

11:49:05.0921 0x2144 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

11:49:05.0937 0x2144 QWAVEdrv - ok

11:49:05.0968 0x2144 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

11:49:05.0968 0x2144 RasAcd - ok

11:49:06.0015 0x2144 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

11:49:06.0015 0x2144 RasAgileVpn - ok

11:49:06.0093 0x2144 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll

11:49:06.0109 0x2144 RasAuto - ok

11:49:06.0155 0x2144 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

11:49:06.0171 0x2144 Rasl2tp - ok

11:49:06.0218 0x2144 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll

11:49:06.0249 0x2144 RasMan - ok

11:49:06.0265 0x2144 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

11:49:06.0280 0x2144 RasPppoe - ok

11:49:06.0327 0x2144 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

11:49:06.0327 0x2144 RasSstp - ok

11:49:06.0374 0x2144 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

11:49:06.0389 0x2144 rdbss - ok

11:49:06.0436 0x2144 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

11:49:06.0436 0x2144 rdpbus - ok

11:49:06.0467 0x2144 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

11:49:06.0467 0x2144 RDPCDD - ok

11:49:06.0499 0x2144 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

11:49:06.0514 0x2144 RDPENCDD - ok

11:49:06.0545 0x2144 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

11:49:06.0561 0x2144 RDPREFMP - ok

11:49:06.0655 0x2144 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

11:49:06.0655 0x2144 RdpVideoMiniport - ok

11:49:06.0733 0x2144 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

11:49:06.0748 0x2144 RDPWD - ok

11:49:06.0811 0x2144 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

11:49:06.0842 0x2144 rdyboost - ok

11:49:06.0935 0x2144 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll

11:49:06.0951 0x2144 RemoteAccess - ok

11:49:07.0045 0x2144 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll

11:49:07.0045 0x2144 RemoteRegistry - ok

11:49:07.0107 0x2144 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

11:49:07.0123 0x2144 RFCOMM - ok

11:49:07.0216 0x2144 [ DD313735DA6029E3364D0A54091874DC, 77FC4DC4380DA613FB206F9F4B90A5602C17F7C36CFD12142FDBC315EC1C7598 ] RNADiagnosticsService C:\Program Files (x86)\Common Files\Rockwell\RNADiagnosticsSrv.exe

11:49:07.0279 0x2144 RNADiagnosticsService - ok

11:49:07.0325 0x2144 [ 18F60539E2B05A25F389765BA212EC48, 7B57A39B9D02EACC6B4A3AEFFECD30CA49B785E9C2E6391DBAA0B6ADE0F00163 ] RNADiagReceiver C:\Program Files (x86)\Common Files\Rockwell\RNADiagReceiver.exe

11:49:07.0497 0x2144 RNADiagReceiver - ok

11:49:07.0544 0x2144 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

11:49:07.0559 0x2144 RpcEptMapper - ok

11:49:07.0606 0x2144 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe

11:49:07.0606 0x2144 RpcLocator - ok

11:49:07.0669 0x2144 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll

11:49:07.0684 0x2144 RpcSs - ok

11:49:07.0747 0x2144 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

11:49:07.0762 0x2144 rspndr - ok

11:49:07.0809 0x2144 [ 135A64530D7699AD48F29D73A658DD11, 35838AE8ACFD9047C68DD0C8910557A82998E5CD778D5B98D4767AFA4BCE85BB ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys

11:49:07.0825 0x2144 RSUSBSTOR - ok

11:49:07.0887 0x2144 [ 8EDD7060FF6599D3EF949AEB698145A4, 4691B0CAE568CDF80BC85B22FF1FA7736A3E8D464D2A40D41FDB46DF3BB8AB8D ] RsvcHost C:\Program Files (x86)\Common Files\Rockwell\RsvcHost.exe

11:49:08.0027 0x2144 RsvcHost - ok

11:49:08.0121 0x2144 [ EE082E06A82FF630351D1E0EBBD3D8D0, 537F1A4108BDA72E8DD271466E7B7FCF39D4D55E4129AB35A409AB7AF2E7D219 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

11:49:08.0152 0x2144 RTL8167 - ok

11:49:08.0183 0x2144 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe

11:49:08.0199 0x2144 SamSs – ok

11:49:08.0246 0x2144 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

Mahtab · Nov 11, 2014

11:49:08.0246 0x2144 sbp2port - ok

11:49:08.0308 0x2144 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll

11:49:08.0324 0x2144 SCardSvr - ok

11:49:08.0371 0x2144 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

11:49:08.0371 0x2144 scfilter - ok

11:49:08.0464 0x2144 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll

11:49:08.0511 0x2144 Schedule - ok

11:49:08.0558 0x2144 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll

11:49:08.0573 0x2144 SCPolicySvc - ok

11:49:08.0620 0x2144 [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys

11:49:08.0620 0x2144 sdbus - ok

11:49:08.0667 0x2144 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll

11:49:08.0683 0x2144 SDRSVC - ok

11:49:08.0714 0x2144 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys

11:49:08.0714 0x2144 secdrv - ok

11:49:08.0745 0x2144 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll

11:49:08.0745 0x2144 seclogon - ok

11:49:08.0792 0x2144 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll

11:49:08.0792 0x2144 SENS - ok

11:49:08.0870 0x2144 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll

11:49:08.0885 0x2144 SensrSvc - ok

11:49:08.0963 0x2144 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys

11:49:08.0963 0x2144 Serenum - ok

11:49:09.0057 0x2144 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys

11:49:09.0073 0x2144 Serial - ok

11:49:09.0119 0x2144 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys

11:49:09.0119 0x2144 sermouse - ok

11:49:09.0260 0x2144 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll

11:49:09.0275 0x2144 SessionEnv - ok

11:49:09.0322 0x2144 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

11:49:09.0322 0x2144 sffdisk - ok

11:49:09.0369 0x2144 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

11:49:09.0369 0x2144 sffp_mmc - ok

11:49:09.0431 0x2144 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

11:49:09.0431 0x2144 sffp_sd - ok

11:49:09.0478 0x2144 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

11:49:09.0494 0x2144 sfloppy - ok

11:49:09.0587 0x2144 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll

11:49:09.0603 0x2144 SharedAccess - ok

11:49:09.0681 0x2144 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

11:49:09.0712 0x2144 ShellHWDetection - ok

11:49:09.0775 0x2144 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

11:49:09.0775 0x2144 SiSRaid2 - ok

11:49:09.0837 0x2144 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

11:49:09.0837 0x2144 SiSRaid4 - ok

11:49:09.0977 0x2144 [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

11:49:09.0993 0x2144 SkypeUpdate - ok

11:49:10.0055 0x2144 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys

11:49:10.0055 0x2144 Smb - ok

11:49:10.0149 0x2144 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

11:49:10.0149 0x2144 SNMPTRAP - ok

11:49:10.0305 0x2144 [ 3A4F2C0BB87A0895ABEBA341AA1E341B, 4DADEEF3C5D181502D6F4A00FBBF3B001FA626E49569FB330D7AE2955CC7DE08 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe

11:49:10.0414 0x2144 Sony PC Companion - ok

11:49:10.0477 0x2144 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys

11:49:10.0477 0x2144 spldr - ok

11:49:10.0570 0x2144 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe

11:49:10.0586 0x2144 Spooler - ok

11:49:10.0851 0x2144 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe

11:49:11.0007 0x2144 sppsvc - ok

11:49:11.0085 0x2144 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll

11:49:11.0085 0x2144 sppuinotify - ok

11:49:11.0163 0x2144 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys

11:49:11.0179 0x2144 srv - ok

11:49:11.0241 0x2144 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

11:49:11.0257 0x2144 srv2 - ok

11:49:11.0335 0x2144 [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS

11:49:11.0350 0x2144 SrvHsfHDA - ok

11:49:11.0459 0x2144 [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS

11:49:11.0537 0x2144 SrvHsfV92 - ok

11:49:11.0600 0x2144 [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

11:49:11.0631 0x2144 SrvHsfWinac - ok

11:49:11.0678 0x2144 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

11:49:11.0693 0x2144 srvnet - ok

11:49:11.0787 0x2144 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

11:49:11.0803 0x2144 SSDPSRV - ok

11:49:11.0849 0x2144 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll

11:49:11.0849 0x2144 SstpSvc - ok

11:49:12.0052 0x2144 [ 7EAE822E0153D5815FF842FD57D2A49E, 6DD1F5059CF00B407330A552AF2B3042CE7D2C577C367D0B9A7F3A0E496DD654 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe

11:49:12.0083 0x2144 STacSV - ok

11:49:12.0130 0x2144 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys

11:49:12.0146 0x2144 stexstor - ok

11:49:12.0224 0x2144 [ 6EFE5345D1C187973760AF3B7B10F636, A5D74BFA4519B2EE8F1824DF9FA27DED6A43EAF5ADDA39FE89504D4FADFF6997 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys

11:49:12.0255 0x2144 STHDA - ok

11:49:12.0364 0x2144 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll

11:49:12.0395 0x2144 stisvc - ok

11:49:12.0442 0x2144 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys

11:49:12.0458 0x2144 swenum - ok

11:49:12.0536 0x2144 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll

11:49:12.0567 0x2144 swprv - ok

11:49:12.0692 0x2144 [ BD40D01D81669B02CB8366EB10DE95A8, 901CF3FEA4B20EF1FBE63CBED7537120DD3CAB7EF3EA66E1609514772FE40D41 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

11:49:12.0754 0x2144 SynTP - ok

11:49:12.0957 0x2144 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll

11:49:13.0035 0x2144 SysMain - ok

11:49:13.0082 0x2144 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll

11:49:13.0082 0x2144 TabletInputService - ok

11:49:13.0144 0x2144 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll

11:49:13.0160 0x2144 TapiSrv - ok

11:49:13.0207 0x2144 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll

11:49:13.0207 0x2144 TBS - ok

11:49:13.0378 0x2144 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

11:49:13.0472 0x2144 Tcpip - ok

11:49:13.0581 0x2144 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

11:49:13.0659 0x2144 TCPIP6 - ok

11:49:13.0737 0x2144 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

11:49:13.0753 0x2144 tcpipreg - ok

11:49:13.0831 0x2144 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

11:49:13.0831 0x2144 TDPIPE - ok

11:49:13.0909 0x2144 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

11:49:13.0909 0x2144 TDTCP - ok

11:49:13.0955 0x2144 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

11:49:13.0971 0x2144 tdx - ok

11:49:14.0018 0x2144 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys

11:49:14.0018 0x2144 TermDD - ok

11:49:14.0111 0x2144 [ 4FC4C50985E5B840F4D72E57286887B8, 0BCBB4A938803AE3A3532B6D8FFC85594AA9AEF5D8F9792684841BEA8780AE9E ] TermService C:\Windows\System32\termsrv.dll

11:49:14.0143 0x2144 TermService - ok

11:49:14.0189 0x2144 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll

11:49:14.0205 0x2144 Themes - ok

11:49:14.0252 0x2144 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll

11:49:14.0252 0x2144 THREADORDER - ok

11:49:14.0299 0x2144 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll

11:49:14.0314 0x2144 TrkWks - ok

11:49:14.0392 0x2144 [ 370A6907DDF79532A39319492B1FA38A, 46AECC5160F04FC3FFE4D37B404CCBBD1C5DC1501C2CEEE8284FF544DBDF10F8 ] truecrypt C:\Windows\system32\drivers\truecrypt.sys

11:49:14.0423 0x2144 truecrypt - ok

11:49:14.0517 0x2144 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

11:49:14.0533 0x2144 TrustedInstaller - ok

11:49:14.0626 0x2144 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

11:49:14.0626 0x2144 tssecsrv - ok

11:49:14.0689 0x2144 [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

11:49:14.0689 0x2144 TsUsbFlt - ok

11:49:14.0735 0x2144 [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

11:49:14.0751 0x2144 TsUsbGD - ok

11:49:14.0798 0x2144 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

11:49:14.0798 0x2144 tunnel - ok

11:49:14.0891 0x2144 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

11:49:14.0907 0x2144 uagp35 - ok

11:49:15.0001 0x2144 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

11:49:15.0032 0x2144 udfs - ok

11:49:15.0141 0x2144 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe

11:49:15.0141 0x2144 UI0Detect - ok

11:49:15.0188 0x2144 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

11:49:15.0188 0x2144 uliagpkx - ok

11:49:15.0235 0x2144 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys

11:49:15.0235 0x2144 umbus - ok

11:49:15.0297 0x2144 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys

11:49:15.0297 0x2144 UmPass - ok

11:49:15.0344 0x2144 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll

11:49:15.0359 0x2144 upnphost - ok

11:49:15.0437 0x2144 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

11:49:15.0437 0x2144 usbaudio - ok

11:49:15.0500 0x2144 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

11:49:15.0515 0x2144 usbccgp - ok

11:49:15.0562 0x2144 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys

11:49:15.0562 0x2144 usbcir - ok

11:49:15.0609 0x2144 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

11:49:15.0625 0x2144 usbehci - ok

11:49:15.0671 0x2144 [ 1196EAD6FF3714BB6B17590ADC5B61CF, 3D0BF3FEB4B61354124D565BB1B63520491FC976AFD9A26BA1E6BE8AF873DFEE ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys

11:49:15.0671 0x2144 usbfilter - ok

11:49:15.0734 0x2144 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

11:49:15.0749 0x2144 usbhub - ok

11:49:15.0812 0x2144 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

11:49:15.0812 0x2144 usbohci - ok

11:49:15.0859 0x2144 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys

11:49:15.0859 0x2144 usbprint - ok

11:49:15.0905 0x2144 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

11:49:15.0921 0x2144 USBSTOR - ok

11:49:15.0952 0x2144 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

11:49:15.0952 0x2144 usbuhci - ok

11:49:16.0030 0x2144 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

11:49:16.0046 0x2144 usbvideo - ok

11:49:16.0108 0x2144 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll

11:49:16.0124 0x2144 UxSms - ok

11:49:16.0171 0x2144 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe

11:49:16.0171 0x2144 VaultSvc - ok

11:49:16.0217 0x2144 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

11:49:16.0233 0x2144 vdrvroot - ok

11:49:16.0295 0x2144 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe

11:49:16.0327 0x2144 vds - ok

11:49:16.0389 0x2144 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

11:49:16.0389 0x2144 vga - ok

11:49:16.0420 0x2144 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys

11:49:16.0420 0x2144 VgaSave - ok

11:49:16.0498 0x2144 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

11:49:16.0498 0x2144 vhdmp - ok

11:49:16.0561 0x2144 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys

11:49:16.0576 0x2144 viaide - ok

11:49:16.0623 0x2144 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys

11:49:16.0639 0x2144 volmgr - ok

11:49:16.0701 0x2144 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

11:49:16.0717 0x2144 volmgrx - ok

11:49:16.0795 0x2144 [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap C:\Windows\system32\drivers\volsnap.sys

11:49:16.0810 0x2144 volsnap - ok

11:49:16.0919 0x2144 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

11:49:16.0935 0x2144 vsmraid - ok

11:49:17.0091 0x2144 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe

11:49:17.0169 0x2144 VSS - ok

11:49:17.0216 0x2144 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

11:49:17.0216 0x2144 vwifibus - ok

11:49:17.0263 0x2144 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

11:49:17.0278 0x2144 vwififlt - ok

11:49:17.0325 0x2144 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll

11:49:17.0356 0x2144 W32Time - ok

11:49:17.0419 0x2144 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

11:49:17.0419 0x2144 WacomPen - ok

11:49:17.0450 0x2144 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

11:49:17.0465 0x2144 WANARP - ok

11:49:17.0497 0x2144 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

11:49:17.0497 0x2144 Wanarpv6 - ok

11:49:17.0606 0x2144 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

11:49:17.0668 0x2144 WatAdminSvc - ok

11:49:17.0824 0x2144 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe

11:49:17.0887 0x2144 wbengine - ok

11:49:17.0933 0x2144 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

11:49:17.0949 0x2144 WbioSrvc - ok

11:49:18.0011 0x2144 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll

11:49:18.0027 0x2144 wcncsvc - ok

11:49:18.0058 0x2144 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

11:49:18.0074 0x2144 WcsPlugInService - ok

11:49:18.0121 0x2144 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys

11:49:18.0136 0x2144 Wd - ok

11:49:18.0230 0x2144 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

11:49:18.0261 0x2144 Wdf01000 - ok

11:49:18.0323 0x2144 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll

11:49:18.0323 0x2144 WdiServiceHost - ok

11:49:18.0355 0x2144 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll

11:49:18.0370 0x2144 WdiSystemHost - ok

11:49:18.0448 0x2144 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll

11:49:18.0464 0x2144 WebClient - ok

11:49:18.0526 0x2144 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll

11:49:18.0542 0x2144 Wecsvc - ok

11:49:18.0573 0x2144 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll

11:49:18.0589 0x2144 wercplsupport - ok

11:49:18.0620 0x2144 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll

11:49:18.0635 0x2144 WerSvc - ok

11:49:18.0682 0x2144 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

11:49:18.0682 0x2144 WfpLwf - ok

11:49:18.0713 0x2144 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys

11:49:18.0729 0x2144 WIMMount - ok

11:49:18.0791 0x2144 WinDefend - ok

11:49:18.0885 0x2144 WinHttpAutoProxySvc - ok

11:49:19.0025 0x2144 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

11:49:19.0057 0x2144 Winmgmt - ok

11:49:19.0228 0x2144 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll

11:49:19.0322 0x2144 WinRM - ok

11:49:19.0462 0x2144 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

11:49:19.0462 0x2144 WinUsb - ok

11:49:19.0587 0x2144 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll

11:49:19.0618 0x2144 Wlansvc - ok

11:49:19.0946 0x2144 [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

11:49:20.0055 0x2144 wlidsvc - ok

11:49:20.0149 0x2144 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

11:49:20.0149 0x2144 WmiAcpi - ok

11:49:20.0227 0x2144 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

11:49:20.0242 0x2144 wmiApSrv - ok

11:49:20.0289 0x2144 WMPNetworkSvc - ok

11:49:20.0351 0x2144 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll

11:49:20.0367 0x2144 WPCSvc - ok

11:49:20.0398 0x2144 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

11:49:20.0414 0x2144 WPDBusEnum - ok

11:49:20.0492 0x2144 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

11:49:20.0492 0x2144 ws2ifsl - ok

11:49:20.0539 0x2144 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll

11:49:20.0539 0x2144 wscsvc - ok

11:49:20.0570 0x2144 WSearch - ok

11:49:20.0819 0x2144 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll

11:49:20.0929 0x2144 wuauserv - ok

11:49:21.0007 0x2144 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

11:49:21.0007 0x2144 WudfPf - ok

11:49:21.0085 0x2144 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

11:49:21.0100 0x2144 WUDFRd - ok

11:49:21.0178 0x2144 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

11:49:21.0178 0x2144 wudfsvc - ok

11:49:21.0241 0x2144 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll

11:49:21.0256 0x2144 WwanSvc - ok

11:49:21.0412 0x2144 ================ Scan global ===============================

11:49:21.0537 0x2144 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll

11:49:21.0584 0x2144 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll

11:49:21.0615 0x2144 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll

11:49:21.0662 0x2144 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll

11:49:21.0724 0x2144 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe

11:49:21.0740 0x2144 [ Global ] - ok

11:49:21.0740 0x2144 ================ Scan MBR ==================================

11:49:21.0771 0x2144 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

11:49:22.0208 0x2144 \Device\Harddisk0\DR0 - ok

11:49:22.0208 0x2144 ================ Scan VBR ==================================

11:49:22.0223 0x2144 [ 9C088C21F309F1C56963300D95486AC0 ] \Device\Harddisk0\DR0\Partition1

11:49:22.0239 0x2144 \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )

11:49:22.0239 0x2144 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected

11:49:24.0829 0x2144 [ 88B04AACBC74A42C465C769F4A5DC1D4 ] \Device\Harddisk0\DR0\Partition2

11:49:24.0860 0x2144 \Device\Harddisk0\DR0\Partition2 - ok

11:49:24.0891 0x2144 [ 46C73383AE28D44FE66C28CE71DD9EA4 ] \Device\Harddisk0\DR0\Partition3

11:49:24.0891 0x2144 \Device\Harddisk0\DR0\Partition3 - ok

11:49:24.0938 0x2144 [ 4D3E76F81A40CE7EB0552D10C151BEA3 ] \Device\Harddisk0\DR0\Partition4

11:49:24.0938 0x2144 \Device\Harddisk0\DR0\Partition4 - ok

11:49:24.0938 0x2144 ================ Scan generic autorun ======================

11:49:24.0938 0x2144 SynTPEnh - ok

11:49:25.0078 0x2144 [ 17265E4D66956B0959F35E88F2DE68B7, 04FA171FBA7EB40A4DDA6E0126AE25C35AC8F536D1F207CEDE76181581050B3D ] C:\Program Files\IDT\WDM\sttray64.exe

11:49:25.0125 0x2144 SysTrayApp - ok

11:49:25.0172 0x2144 [ 9C7B8B8C27F8E15BACBE91DC8E75B1CD, 200117BDDC8919A80B77AA257BB8C5FC73213AE2C69858C1FE4DAA3ECEE64D20 ] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe

11:49:25.0187 0x2144 SetDefault - ok

11:49:25.0390 0x2144 [ FCB1D74BCC52E843747D27ECC44F15BF, A636D2CAE52AB01E02B61A1822D1FBCD82D94DAE557EB82EC81853BEEFEC7339 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

11:49:25.0421 0x2144 StartCCC - ok

11:49:25.0515 0x2144 [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

11:49:25.0562 0x2144 Adobe ARM - ok

11:49:25.0702 0x2144 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe

11:49:25.0749 0x2144 Sidebar - ok

11:49:25.0780 0x2144 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe

11:49:25.0796 0x2144 mctadmin - ok

11:49:25.0874 0x2144 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe

11:49:25.0921 0x2144 Sidebar - ok

11:49:25.0936 0x2144 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe

11:49:25.0936 0x2144 mctadmin - ok

11:49:26.0077 0x2144 [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe

11:49:26.0139 0x2144 Sidebar - ok

11:49:28.0261 0x2144 [ E3EA22E9C36B483FB6588F870EE433EE, 09DD55E421FB598AA2F9EB4921AEC31FF137EA48E6A091BCF06FDCB0C89E9297 ] C:\Program Files (x86)\ownCloud\owncloud.exe

11:49:28.0963 0x2144 ownCloud - ok

11:49:29.0368 0x2144 [ B66E0842FCF485F3E2D41BF0BA10966F, 966B8386B2D060167E8EAAE478509013A8729FE2CF11F890D3F9DCDA90768F34 ] C:\Users\Mahtab\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

11:49:29.0415 0x2144 Spotify Web Helper - ok

11:49:29.0446 0x2144 Skype - ok

11:49:29.0462 0x2144 Ogics - ok

11:49:29.0524 0x2144 Adworks - ok

11:49:29.0774 0x2144 [ 432BE6CF7311062633459EEF6B242FB5, 890C1734ED1EF6B2422A9B21D6205CF91E014ADD8A7F41AA5A294FCF60631A7B ] C:\Windows\SysWOW64\regsvr32.exe

11:49:29.0774 0x2144 YZPack - ok

11:49:29.0789 0x2144 Ziugexa - ok

11:49:29.0789 0x2144 Waiting for KSN requests completion. In queue: 12

11:49:30.0803 0x2144 Waiting for KSN requests completion. In queue: 12

11:49:31.0817 0x2144 Waiting for KSN requests completion. In queue: 12

11:49:32.0909 0x2144 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x61000 ( enabled : updated )

11:49:32.0956 0x2144 Win FW state via NFP2: enabled

11:49:35.0499 0x2144 ============================================================

11:49:35.0499 0x2144 Scan finished

11:49:35.0499 0x2144 ============================================================

11:49:35.0530 0x1e1c Detected object count: 1

11:49:35.0530 0x1e1c Actual detected object count: 1

11:49:50.0179 0x1e1c \Device\Harddisk0\DR0\Partition1 - copied to quarantine

11:49:53.0033 0x1e1c \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot

11:49:53.0080 0x1e1c \Device\Harddisk0\DR0\Partition1 - ok

11:49:53.0080 0x1e1c \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Cure

11:49:53.0221 0x1e1c KLMD registered as C:\Windows\system32\drivers\71624201.sys

11:50:01.0130 0x10ac Deinitialize success

Broni · Nov 11, 2014

Very good

Re-run DDS and see if you'll get both logs this time around.

Next...

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download

Malwarebytes Anti-Rootkit to your desktop.

Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
Double click on downloaded file. OK self extracting prompt.
MBAR will start. Click "Next" to continue.
Click in the following screen "Update" to obtain the latest malware definitions.
Once the update is complete select "Next" and click "Scan".
When the scan is finished and no malware has been found select "Exit".
If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
- "mbar-log-{date} (xx-xx-xx).txt"
- "system-log.txt"

Mahtab · Nov 12, 2014

RKreport

RogueKiller V10.0.5.0 [Nov 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Mahtab [Administrator]
Mode : Delete -- Date : 11/12/2014 15:46:41

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 20 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\globalUpdate (C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\globalUpdatem (C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\globalUpdate (C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\globalUpdatem (C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\globalUpdate (C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\globalUpdatem (C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc) -> Not selected
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
[PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Not selected
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 131.180.0.26 131.180.0.25 [NETHERLANDS (NL)][NETHERLANDS (NL)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 131.180.0.26 131.180.0.25 [NETHERLANDS (NL)][NETHERLANDS (NL)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 131.180.0.26 131.180.0.25 [NETHERLANDS (NL)][NETHERLANDS (NL)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A29B2435-2FC4-4389-9FC1-CD5E93FD1E15} | DhcpNameServer : 131.180.0.26 131.180.0.25 [NETHERLANDS (NL)][NETHERLANDS (NL)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A29B2435-2FC4-4389-9FC1-CD5E93FD1E15} | DhcpNameServer : 131.180.0.26 131.180.0.25 [NETHERLANDS (NL)][NETHERLANDS (NL)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A29B2435-2FC4-4389-9FC1-CD5E93FD1E15} | DhcpNameServer : 131.180.0.26 131.180.0.25 [NETHERLANDS (NL)][NETHERLANDS (NL)] -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547550A9E384 SATA Disk Device +++++
--- User ---
[MBR] 1a21fc73b5b110a440eee8b330009daa
[BSP] 5b1a3f168a49886404eca43681f6c6ad : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 448372 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 918675456 | Size: 24304 MB
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 968450048 | Size: 4063 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_11122014_145714.log - RKreport_DEL_11122014_153614.log - RKreport_SCN_11122014_154419.log

Mahtab · Nov 12, 2014

DDS log
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344 BrowserJavaVersion: 11.25.2
Run by Mahtab at 14:17:58 on 2014-11-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1033.18.3689.1730 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Common Files\Rockwell\RsvcHost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\ownCloud\owncloud.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\Mahtab\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\System32\regsvr32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\Eyes Relax\EyesRelax.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Users\Mahtab\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/
uSearch Bar = Preserve
mStart Page = www.google.com
mSearch Page = www.google.com
mDefault_Page_URL = www.google.com
mDefault_Search_URL = www.google.com
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ownCloud] C:\Program Files (x86)\ownCloud\owncloud.exe
uRun: [Spotify Web Helper] "C:\Users\Mahtab\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Ogics] regsvr32.exe C:\Users\Mahtab\AppData\Local\Ogics\hpd5400t.DLL
uRun: [Adworks] C:\Users\Mahtab\AppData\Local\Adworks\tmpEC4B.exe
uRun: [YZPack] C:\Windows\SysWOW64\regsvr32.exe C:\Users\Mahtab\AppData\Local\Adworks\DL___werr.DLL
uRun: [Ziugexa] "C:\Users\Mahtab\AppData\Roaming\Wamaino\agemeg.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Mahtab\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Mahtab\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EYESRE~1.LNK - C:\Windows\Installer\{9C890D28-9671-4DC2-B017-D5327B9062C8}\EyeIcon.ico
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
TCP: NameServer = 131.180.0.26 131.180.0.25
TCP: Interfaces\{1FA7A8FC-4259-42E6-8A21-3A8EC9E47E85} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{65DC6107-D38E-4256-800D-201A5EB7B5E4} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{70F157B4-344E-4CF9-8CE0-BA9678C9C022} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{93854D8B-FFF4-425C-9F33-FC1207D235F6} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{A29B2435-2FC4-4389-9FC1-CD5E93FD1E15} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{A29B2435-2FC4-4389-9FC1-CD5E93FD1E15} : DHCPNameServer = 131.180.0.26 131.180.0.25
TCP: Interfaces\{A29B2435-2FC4-4389-9FC1-CD5E93FD1E15}\05E484D294E6475627E656470247F6567616E676 : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{A29B2435-2FC4-4389-9FC1-CD5E93FD1E15}\65746573531393244354535434 : DHCPNameServer = 192.168.2.254 195.121.1.34 195.121.1.66
TCP: Interfaces\{A29B2435-2FC4-4389-9FC1-CD5E93FD1E15}\65746573531393431354837313 : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{A29B2435-2FC4-4389-9FC1-CD5E93FD1E15}\65746573531393431354837313 : DHCPNameServer = 192.168.2.254 195.121.1.34 195.121.1.66
TCP: Interfaces\{A29B2435-2FC4-4389-9FC1-CD5E93FD1E15}\74964656F6E63756 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A29B2435-2FC4-4389-9FC1-CD5E93FD1E15}\75C414E4D2033454543353 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A29B2435-2FC4-4389-9FC1-CD5E93FD1E15}\A554130303 : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{A29B2435-2FC4-4389-9FC1-CD5E93FD1E15}\A597F507279667164756F5641433344393 : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\SupTab\SEARCH~1.DLL
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-mSearch Page = www.google.com
x64-mDefault_Search_URL = www.google.com
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 146.0.75.27 www.google-analytics.com.
Hosts: 146.0.75.27 google-analytics.com.
Hosts: 146.0.75.27 connect.facebook.net.
Hosts: 107.181.187.40 www.google-analytics.com.
Hosts: 107.181.187.40 google-analytics.com.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mahtab\AppData\Roaming\Mozilla\Firefox\Profiles\uoyj9pye.default-1405177281631\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-4-16 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-4-16 40064]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-5-21 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-6-29 204288]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-10 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-10 968504]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 125584]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-18 115216]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-5-21 133672]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2012-5-21 620584]
R3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\System32\drivers\btwdpan.sys [2012-5-21 89640]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-5-21 39976]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-11-10 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-11-10 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-11-10 63704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-5-21 250984]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-5-21 539240]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-5-21 53376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 FactoryTalk Activation Service;FactoryTalk Activation Service;C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe --> C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe [?]
S2 FTActivationBoost;FactoryTalk Activation Helper;"C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe" --> C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe [?]
S2 globalUpdate;globalUpdate Update Service (globalUpdate);C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc --> C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [?]
S2 HP Support Assistant Service;HP Support Assistant Service;"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" --> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 DisplayLinkUsbIo_x64;DisplayLinkUsbIo_x64;C:\Windows\System32\drivers\DisplayLinkUsbIo_x64_7.4.51572.0.sys [2013-10-8 46384]
S3 ggflt;SOMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2014-9-24 16088]
S3 ggsomc;SOMC USB Flash Driver;C:\Windows\System32\drivers\ggsomc.sys [2014-9-24 30424]
S3 globalUpdatem;globalUpdate Update Service (globalUpdatem);C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc --> C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [?]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-15 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-4 19456]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-7-22 155824]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-4 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-4 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-10 1255736]
.
=============== Created Last 30 ================
.
2014-11-11 16:29:12 118896 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\temp\tmp96E8.exe
2014-11-11 10:53:04 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CF732089-01F4-4BA2-9606-B992E344EEC8}\offreg.dll
2014-11-11 10:49:50 -------- d-----w- C:\TDSSKiller_Quarantine
2014-11-11 09:41:09 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3D9E5B99-8215-4A44-A4BE-9E7664BB36F3}\gapaengine.dll
2014-11-11 09:38:24 11627712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CF732089-01F4-4BA2-9606-B992E344EEC8}\mpengine.dll
2014-11-10 17:47:56 11627712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-10 12:04:55 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-10 11:55:01 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-10 11:55:01 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-10 11:55:00 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-10 11:54:58 -------- d-----w- C:\ProgramData\Malwarebytes
2014-11-10 11:54:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-10 10:11:30 -------- d-----w- C:\Users\Mahtab\AppData\Roaming\Ziiqsig
2014-11-10 10:11:16 -------- d-----w- C:\Users\Mahtab\AppData\Roaming\Zopomu
2014-11-10 10:11:10 -------- d-----w- C:\Users\Mahtab\AppData\Roaming\Enigiga
2014-11-10 10:11:01 -------- d-----w- C:\Users\Mahtab\AppData\Roaming\Xexoer
2014-11-10 10:10:54 -------- d-----w- C:\Users\Mahtab\AppData\Roaming\Quhyco
2014-11-10 10:10:47 -------- d-----w- C:\Users\Mahtab\AppData\Roaming\Azpuum
2014-11-10 10:10:37 -------- d-----w- C:\Users\Mahtab\AppData\Roaming\Wamaino
2014-11-09 22:37:11 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-09 22:37:11 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-09 22:27:22 0 ----a-w- C:\Windows\ativpsrm.bin
2014-11-01 22:15:53 -------- d-----w- C:\Users\Mahtab\AppData\Roaming\Odyrpyar
2014-11-01 17:01:15 -------- d-----w- C:\Users\Mahtab\AppData\Local\Ogics
2014-11-01 16:59:46 -------- d-----w- C:\Users\Mahtab\AppData\Local\Adworks
2014-11-01 16:56:23 2688512 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
2014-10-23 09:23:31 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-19 11:09:55 -------- d-----w- C:\49d9623b07f70104715a
2014-10-15 17:51:00 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-15 17:49:54 842240 ----a-w- C:\Windows\System32\blackbox.dll
2014-10-15 17:48:59 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2014-10-15 17:46:20 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-15 17:46:18 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-15 17:46:11 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-15 17:46:00 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-10-15 17:44:58 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-10-15 17:44:57 871936 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2014-10-15 17:44:56 360448 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2014-10-15 17:44:55 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-10-15 17:44:54 977408 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-10-15 17:44:54 293040 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2014-10-15 17:44:53 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-10-15 17:43:01 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-10-15 17:43:01 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-15 17:42:16 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2014-10-15 17:42:16 37376 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2014-10-15 17:42:14 269312 ----a-w- C:\Windows\SysWow64\aaclient.dll
2014-10-15 17:42:14 1050112 ----a-w- C:\Windows\SysWow64\mstsc.exe
2014-10-15 17:42:13 4922368 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-10-15 17:42:12 322560 ----a-w- C:\Windows\System32\aaclient.dll
2014-10-15 17:42:11 1125888 ----a-w- C:\Windows\System32\mstsc.exe
2014-10-15 17:42:08 5780480 ----a-w- C:\Windows\System32\mstscax.dll
2014-10-15 17:42:06 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-10-15 17:41:14 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-10-15 17:41:14 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-10-15 17:40:47 681984 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-15 17:40:43 235520 ----a-w- C:\Windows\System32\winsta.dll
2014-10-15 17:40:42 157696 ----a-w- C:\Windows\SysWow64\winsta.dll
2014-10-15 17:40:41 212480 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2014-10-15 17:40:41 150528 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2014-10-15 17:40:39 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-10-15 17:40:36 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-10-15 17:40:35 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-10-15 17:40:33 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-10-15 17:40:32 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-10-15 17:40:31 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2014-10-15 17:38:55 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-15 17:38:55 67072 ----a-w- C:\Windows\SysWow64\packager.dll
.
==================== Find3M ====================
.
2014-10-30 11:25:26 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-23 09:19:50 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-24 13:13:52 30424 ----a-w- C:\Windows\System32\drivers\ggsomc.sys
2014-09-24 13:13:52 16088 ----a-w- C:\Windows\System32\drivers\ggflt.sys
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-19 03:11:28 693176 ----a-w- C:\Windows\System32\winload.efi
2014-08-19 03:10:10 616352 ----a-w- C:\Windows\System32\winresume.efi
2014-08-19 03:08:04 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-08-19 03:08:04 50176 ----a-w- C:\Windows\System32\srclient.dll
2014-08-19 03:08:03 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2014-08-19 03:07:51 58880 ----a-w- C:\Windows\System32\appidapi.dll
2014-08-19 03:07:51 32256 ----a-w- C:\Windows\System32\appidsvc.dll
2014-08-19 03:07:33 296960 ----a-w- C:\Windows\System32\rstrui.exe
2014-08-19 03:07:11 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2014-08-19 03:07:11 146944 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2014-08-19 02:41:39 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-08-19 02:06:56 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
.
============= FINISH: 14:22:32.06 ===============

Mahtab · Nov 12, 2014

Attach txt from DDS
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/8/2012 2:30:25 PM
System Uptime: 11/12/2014 2:06:31 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 3387
Processor: AMD E-450 APU with Radeon(tm) HD Graphics | Socket FT1 | 825/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 438 GiB total, 350.325 GiB free.
D: is FIXED (NTFS) - 24 GiB total, 2.514 GiB free.
E: is FIXED (FAT32) - 4 GiB total, 1.08 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter for 64-bit Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter for 64-bit Windows
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP283: 10/24/2014 12:10:16 PM - Windows Update
RP284: 10/27/2014 5:46:02 PM - Windows Update
RP285: 10/31/2014 3:36:07 PM - Windows Update
RP286: 11/4/2014 11:50:14 AM - Windows Update
RP287: 11/6/2014 8:34:53 PM - Removed Arena 13.90.00000 .
RP288: 11/7/2014 10:08:12 PM - Windows Update
RP289: 11/11/2014 10:34:46 AM - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 146.0.75.27 www.google-analytics.com.
Hosts: 146.0.75.27 google-analytics.com.
Hosts: 146.0.75.27 connect.facebook.net.
Hosts: 107.181.187.40 www.google-analytics.com.
Hosts: 107.181.187.40 google-analytics.com.
Hosts: 107.181.187.40 connect.facebook.net.
Hosts: 85.17.81.55 www.google-analytics.com.
Hosts: 85.17.81.55 google-analytics.com.
Hosts: 85.17.81.55 connect.facebook.net.
.
==== Installed Programs ======================
.
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader XI (11.0.09)
Adobe Shockwave Player 12.0
AMD APP SDK Runtime
AMD Media Foundation Decoders
AMD VISION Engine Control Center
ATI Catalyst Install Manager
BitTorrent
Broadcom 802.11 Wireless LAN Adapter
Broadcom Bluetooth Software
Broadcom InConcert Maestro
CamStudio version 2.7
Cash And The City version 1.3.7.0 freeware
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco Systems VPN Client 5.0.07.0290
CyberLink YouCam
D3DX10
Dropbox
EndNote X6
ESU for Microsoft Windows 7 SP1
Eyes Relax
FactoryTalk Activation Manager 3.30 (CPR 9 SR 3)
Glary Utilities 2.44.0.1450
Hewlett-Packard ACLM.NET v1.1.2.0
HP 3D DriveGuard
HP Auto
HP Client Services
HP CoolSense
HP Customer Experience Enhancements
HP Documentation
HP Launch Box
HP On Screen Display
HP Power Manager
HP Quick Launch
HP QuickWeb
HP Recovery Manager
HP Security Assistant
HP Setup
HP Setup Manager
HP Software Framework
IDT Audio
Java 8 Update 25
Java 8 Update 25 (64-bit)
Java Auto Updater
Java SE Development Kit 8 Update 20 (64-bit)
Junk Mail filter update
Malwarebytes Anti-Malware version 2.0.3.1025
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 33.1 (x86 en-US)
Mozilla Maintenance Service
MPC-HC 1.7.1
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
opensource
ownCloud
Paint.NET v3.5.10
PDFill PDF Editor with FREE Writer and FREE Tools
Photo Common
Photo Gallery
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
ResearchSoft Direct Export Helper
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2883031) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2883032) 32-Bit Edition
Skype Click to Call
Skype™ 6.21
Sony Mobile Update Engine
Sony PC Companion 2.10.226
Spotify
SweetPacks bundle uninstaller
swMSM
Synaptics TouchPad Driver
TrueCrypt
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2899475) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Manager for SweetPacks 1.1
Vensim Professional
VLC media player 2.1.1
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR 4.01 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
11/12/2014 2:20:13 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.187.1884.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.11104.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
11/12/2014 2:10:08 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:DOS/Rovnix.W&threatid=2147684242 Name: Virus

OS/Rovnix.W ID: 2147684242 Severity: Severe Category: Virus Path: file:_C:\TDSSKiller_Quarantine\11.11.2014_11.48.19\boot0000\boot0000\tsk0000.dta Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Clean Action Status: No additional actions required Error Code: 0x8007065b Error description: Function failed during execution. Signature Version: AV: 1.187.1884.0, AS: 1.187.1884.0, NIS: 113.24.0.0 Engine Version: AM: 1.1.11104.0, NIS: 2.1.11005.0
11/12/2014 2:09:52 PM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The system cannot find the file specified.
11/12/2014 2:09:51 PM, Error: Service Control Manager [7000] - The globalUpdate Update Service (globalUpdate) service failed to start due to the following error: The system cannot find the file specified.
11/12/2014 2:07:41 PM, Error: Service Control Manager [7000] - The FactoryTalk Activation Helper service failed to start due to the following error: The system cannot find the file specified.
11/12/2014 2:07:34 PM, Error: Service Control Manager [7000] - The FactoryTalk Activation Service service failed to start due to the following error: The system cannot find the file specified.
11/11/2014 5:26:10 PM, Error: Service Control Manager [7011] - A timeout (85000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
11/11/2014 11:54:35 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:DOS/Rovnix.W&threatid=2147684242 Name: Virus

OS/Rovnix.W ID: 2147684242 Severity: Severe Category: Virus Path: file:_C:\TDSSKiller_Quarantine\11.11.2014_11.48.19\boot0000\boot0000\tsk0000.dta Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Clean Action Status: No additional actions required Error Code: 0x8007065b Error description: Function failed during execution. Signature Version: AV: 1.187.1884.0, AS: 1.187.1884.0, NIS: 113.24.0.0 Engine Version: AM: 1.1.11104.0, NIS: 2.1.11005.0
.
==== End Of File ===========================

Mahtab · Nov 12, 2014

mbar-log

Malwarebytes Anti-Rootkit BETA 1.08.0.1001
www.malwarebytes.org

Database version: v2014.11.12.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17358
Mahtab :: MAHTAB-HP [administrator]

11/12/2014 4:18:48 PM
mbar-log-2014-11-12 (16-18-48).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 360371
Time elapsed: 1 hour(s), 2 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Mahtab\AppData\Local\Temp\55DC.tmp (Trojan.Agent.FSAVXGen) -> Delete on reboot. [dc0b1e1cfc80de58cd519ef40cf5a060]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Mahtab · Nov 12, 2014

System-log

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17358

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 1.646000 GHz
Memory total: 3868622848, free: 2283417600

Downloaded database version: v2014.11.12.07
Downloaded database version: v2014.11.11.01
=======================================
Initializing...
------------ Kernel report ------------
11/12/2014 16:18:05
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\amdsata.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\truecrypt.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\dne64x.sys
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\RtsUStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\Drivers\CVPNDRVA.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\drivers\bcbtums.sys
\??\C:\Windows\system32\drivers\btwampfl.sys
\??\C:\Windows\system32\drivers\HIDPARSE.SYS
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\drivers\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwl2cap.sys
\SystemRoot\system32\DRIVERS\btwdpan.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8003f31060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000065\
Lower Device Object: 0xfffffa8003c839c0
Lower Device Driver Name: \Driver\amd_sata\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8003f31060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8003f31b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003f31060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8003f30040, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa8003c85040, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa8003c837a0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8003c839c0, DeviceName: \Device\00000065\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 97441560

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 407552
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 409600 Numsec = 918265856

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 918675456 Numsec = 49774592

Partition 3 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 968450048 Numsec = 8321072

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Infected: C:\Users\Mahtab\AppData\Local\Temp\55DC.tmp --> [Trojan.Agent.FSAVXGen]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

Broni · Nov 12, 2014

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

Mahtab · Nov 13, 2014

After running Combofix I couldn't connect to internet so I restore to the point prior to running it. Do I have to run the scan again or the restore didn't affect the scan?

Combofix.txt
ComboFix 14-11-12.01 - Mahtab 11/13/2014 10:55:12.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1033.18.3689.2033 [GMT 1:00]
Gestart vanuit: c:\users\Mahtab\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Adblocker
c:\program files (x86)\Adblocker\laJRH.dat
c:\program files (x86)\Adblocker\laJRH.tlb
c:\program files (x86)\MySearch
c:\programdata\1404399636.bdinstall.bin
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\programdata\ntuser.pol
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json

Mahtab · Nov 13, 2014

c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
c:\users\Mahtab\AppData\Roaming\Mozilla\Firefox\Profiles\uoyj9pye.default-1405177281631\searchplugins\search.xml
c:\windows\SysWow64\WNLT
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_globalUpdate
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2014-10-13 to 2014-11-13 ))))))))))))))))))))))))))))))
.
.
2014-11-13 10:13 . 2014-11-13 10:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-13 09:20 . 2014-11-13 10:15 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B962A345-B19D-45D1-8435-D90644EDD3F6}\offreg.dll
2014-11-12 17:44 . 2014-10-01 10:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-12 17:44 . 2014-10-01 10:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-12 17:44 . 2014-11-12 17:44 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-11-12 15:44 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B962A345-B19D-45D1-8435-D90644EDD3F6}\mpengine.dll
2014-11-12 15:18 . 2014-11-13 09:17 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-11-12 15:18 . 2014-11-13 09:47 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-12 15:03 . 2014-10-01 10:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-12 14:44 . 2014-11-05 17:56 304640 ----a-w- c:\windows\system32\generaltel.dll
2014-11-12 14:44 . 2014-11-05 17:56 228864 ----a-w- c:\windows\system32\aepdu.dll
2014-11-12 14:44 . 2014-11-05 17:52 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-11-12 14:42 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll
2014-11-12 14:42 . 2014-10-25 01:32 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-11-12 14:40 . 2014-11-06 03:50 666624 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll
2014-11-12 14:39 . 2014-08-21 06:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2014-11-12 14:38 . 2014-09-19 09:42 28160 ----a-w- c:\windows\system32\secur32.dll
2014-11-12 14:38 . 2014-09-19 09:42 22016 ----a-w- c:\windows\system32\credssp.dll
2014-11-12 14:38 . 2014-09-19 09:23 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2014-11-12 14:38 . 2014-09-19 09:23 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-11-12 14:38 . 2014-09-19 09:22 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-11-12 13:44 . 2014-11-12 13:44 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-11-12 13:44 . 2014-11-12 13:44 -------- d-----w- c:\programdata\RogueKiller
2014-11-12 13:43 . 2014-10-10 00:57 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-11-12 13:43 . 2014-10-14 02:13 3241984 ----a-w- c:\windows\system32\msi.dll
2014-11-12 13:43 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-11-12 13:43 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-12 13:43 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-11-11 10:49 . 2014-11-11 10:49 -------- d-----w- C:\TDSSKiller_Quarantine
2014-11-11 09:41 . 2014-09-17 08:17 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D9E5B99-8215-4A44-A4BE-9E7664BB36F3}\gapaengine.dll
2014-11-11 09:38 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-10 11:54 . 2014-11-12 15:18 -------- d-----w- c:\programdata\Malwarebytes
2014-11-10 10:11 . 2014-11-10 13:00 -------- d-----w- c:\users\Mahtab\AppData\Roaming\Ziiqsig
2014-11-10 10:11 . 2014-11-10 13:00 -------- d-----w- c:\users\Mahtab\AppData\Roaming\Zopomu
2014-11-10 10:11 . 2014-11-10 13:00 -------- d-----w- c:\users\Mahtab\AppData\Roaming\Enigiga
2014-11-10 10:11 . 2014-11-10 13:00 -------- d-----w- c:\users\Mahtab\AppData\Roaming\Xexoer
2014-11-10 10:10 . 2014-11-10 13:00 -------- d-----w- c:\users\Mahtab\AppData\Roaming\Quhyco
2014-11-10 10:10 . 2014-11-10 13:00 -------- d-----w- c:\users\Mahtab\AppData\Roaming\Azpuum
2014-11-10 10:10 . 2014-11-10 15:10 -------- d-----w- c:\users\Mahtab\AppData\Roaming\Wamaino
2014-11-09 22:37 . 2014-11-10 10:15 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-09 22:37 . 2014-11-10 10:15 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-09 22:27 . 2014-11-09 22:27 0 ----a-w- c:\windows\ativpsrm.bin
2014-11-01 22:15 . 2014-11-02 10:17 -------- d-----w- c:\users\Mahtab\AppData\Roaming\Odyrpyar
2014-11-01 17:01 . 2014-11-09 15:36 -------- d-----w- c:\users\Mahtab\AppData\Local\Ogics
2014-11-01 16:59 . 2014-11-10 15:18 -------- d-----w- c:\users\Mahtab\AppData\Local\Adworks
2014-10-23 09:23 . 2014-10-23 09:14 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-23 09:21 . 2014-10-23 09:21 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-10-19 11:09 . 2014-10-19 11:10 -------- d-----w- C:\49d9623b07f70104715a
2014-10-15 17:49 . 2014-07-07 02:06 842240 ----a-w- c:\windows\system32\blackbox.dll
2014-10-15 17:48 . 2014-08-19 03:07 146944 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2014-10-15 17:42 . 2014-08-29 02:07 44032 ----a-w- c:\windows\system32\tsgqec.dll
2014-10-15 17:42 . 2014-08-29 01:44 37376 ----a-w- c:\windows\SysWow64\tsgqec.dll
2014-10-15 17:42 . 2014-08-29 01:44 269312 ----a-w- c:\windows\SysWow64\aaclient.dll
2014-10-15 17:42 . 2014-08-29 01:44 1050112 ----a-w- c:\windows\SysWow64\mstsc.exe
2014-10-15 17:42 . 2014-08-29 01:44 4922368 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-10-15 17:42 . 2014-08-29 02:07 322560 ----a-w- c:\windows\system32\aaclient.dll
2014-10-15 17:42 . 2014-08-29 02:06 1125888 ----a-w- c:\windows\system32\mstsc.exe
2014-10-15 17:42 . 2014-08-29 02:07 5780480 ----a-w- c:\windows\system32\mstscax.dll
2014-10-15 17:42 . 2014-08-29 02:07 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
2014-10-15 17:41 . 2014-09-04 05:23 424448 ----a-w- c:\windows\system32\rastls.dll
2014-10-15 17:41 . 2014-09-04 05:04 372736 ----a-w- c:\windows\SysWow64\rastls.dll
2014-10-15 17:40 . 2014-07-17 02:07 681984 ----a-w- c:\windows\system32\termsrv.dll
2014-10-15 17:40 . 2014-07-17 02:07 235520 ----a-w- c:\windows\system32\winsta.dll
2014-10-15 17:40 . 2014-07-17 01:40 157696 ----a-w- c:\windows\SysWow64\winsta.dll
2014-10-15 17:40 . 2014-07-17 02:07 150528 ----a-w- c:\windows\system32\rdpcorekmts.dll
2014-10-15 17:40 . 2014-07-17 01:21 212480 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2014-10-15 17:40 . 2014-07-17 02:07 455168 ----a-w- c:\windows\system32\winlogon.exe
2014-10-15 17:40 . 2014-07-17 01:21 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-12 18:00 . 2012-12-04 10:10 103374192 ----a-w- c:\windows\system32\MRT.exe
2014-11-01 16:56 . 2014-11-01 16:56 2688512 ----a-w- c:\programdata\Microsoft\Secure\Icons\IconsCacheHelper.dll
2014-10-31 16:56 . 2014-10-31 16:56 3507200 ----a-w- c:\programdata\Microsoft\Secure\Icons\SecureIconsProvider.dll
2014-10-30 11:25 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-23 09:19 . 2014-09-26 08:42 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-09-25 02:08 . 2014-10-01 09:10 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 09:10 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-24 13:13 . 2014-09-24 13:13 30424 ----a-w- c:\windows\system32\drivers\ggsomc.sys
2014-09-24 13:13 . 2014-09-24 13:13 16088 ----a-w- c:\windows\system32\drivers\ggflt.sys
2014-09-17 08:17 . 2012-10-02 09:08 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-09 22:11 . 2014-09-24 12:17 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 12:17 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-23 02:07 . 2014-08-28 08:20 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 08:20 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-18 16:15 . 2011-03-28 16:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"ownCloud"="c:\program files (x86)\ownCloud\owncloud.exe" [2014-09-04 17392487]
"Spotify Web Helper"="c:\users\Mahtab\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-10-25 1514040]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-10-01 22067296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-28 336384]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
.
c:\users\Mahtab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mahtab\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-13 36414624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Eyes Relax.lnk - c:\windows\Installer\{9C890D28-9671-4DC2-B017-D5327B9062C8}\EyeIcon.ico /silent [2013-11-2 22534]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
"HP Quick Launch"=c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
"HPOSD"=c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
"HP CoolSense"=c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
"Sweetpacks Communicator"=c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 FactoryTalk Activation Service;FactoryTalk Activation Service;c:\program files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe;c:\program files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe [x]
R2 FTActivationBoost;FactoryTalk Activation Helper;c:\program files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe;c:\program files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 DisplayLinkUsbIo_x64;DisplayLinkUsbIo_x64;c:\windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.4.51572.0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbIo_x64_7.4.51572.0.sys [x]
R3 ggflt;SOMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 ggsomc;SOMC USB Flash Driver;c:\windows\system32\DRIVERS\ggsomc.sys;c:\windows\SYSNATIVE\DRIVERS\ggsomc.sys [x]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe;c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
.
Inhoud van de 'Gedeelde Taken' map
.
2014-11-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-09 10:15]
.
2014-11-13 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2014-01-13 20:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-07-01 1128448]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-09-30 43320]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.nl/
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
Trusted Zone: tudelft.net\srv663
TCP: DhcpNameServer = 131.180.0.26 131.180.0.25
TCP: Interfaces\{1FA7A8FC-4259-42E6-8A21-3A8EC9E47E85}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{65DC6107-D38E-4256-800D-201A5EB7B5E4}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{70F157B4-344E-4CF9-8CE0-BA9678C9C022}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{93854D8B-FFF4-425C-9F33-FC1207D235F6}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{A29B2435-2FC4-4389-9FC1-CD5E93FD1E15}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{A29B2435-2FC4-4389-9FC1-CD5E93FD1E15}\65746573531393431354837313: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
FF - ProfilePath - c:\users\Mahtab\AppData\Roaming\Mozilla\Firefox\Profiles\uoyj9pye.default-1405177281631\
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
SafeBoot-06257176.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\Rockwell\RNADiagnosticsSrv.exe
c:\program files (x86)\Common Files\Rockwell\RsvcHost.exe
.
**************************************************************************
.
Voltooingstijd: 2014-11-13 11:25:33 - machine werd herstart
ComboFix-quarantined-files.txt 2014-11-13 10:25
.
Pre-Run: 375,440,207,872 bytes free
Post-Run: 375,069,884,416 bytes free
.
- - End Of File - - 2861943A717F2A648A5581E74C83438D
A36C5E4F47E84449FF07ED3517B43A31

Broni · Nov 13, 2014

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

Mahtab · Nov 15, 2014

# AdwCleaner v4.101 - Report created 15/11/2014 at 09:10:16
# Updated 09/11/2014 by Xplode
# Database : 2014-11-13.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mahtab - MAHTAB-HP
# Running from : C:\Users\Mahtab\Desktop\adwcleaner_4.101.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Computer Updater
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\ProgramData\Trusted Publisher
Folder Deleted : C:\ProgramData\NeaxtCOuP
Folder Deleted : C:\ProgramData\siave on
Folder Deleted : C:\ProgramData\b48cde32b02c436a
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Program Files (x86)\NeaxtCOuP
Folder Deleted : C:\Windows\SysWOW64\ARFC
Folder Deleted : C:\Windows\SysWOW64\jmdp
Folder Deleted : C:\Windows\System32\ljkb
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Mahtab\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Mahtab\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Mahtab\AppData\Local\torch
Folder Deleted : C:\Users\Mahtab\AppData\Roaming\337Games
Folder Deleted : C:\Users\Mahtab\AppData\Roaming\EZDownloader
Folder Deleted : C:\Users\Mahtab\AppData\Roaming\goforfiles
Folder Deleted : C:\Users\Mahtab\AppData\Roaming\Systweak
File Deleted : C:\Windows\System32\ImhxxpComm.dll
File Deleted : C:\Users\Mahtab\AppData\LocalLow\SkwConfig.bin

***** [ Scheduled Tasks ] *****

Task Deleted : DTChk
Task Deleted : GoforFilesUpdate

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Mahtab\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06E50566-0AB7-431C-841D-62794727DAF9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\Software\better_markit
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\Computer Updater
Key Deleted : HKLM\SOFTWARE\Default Tab
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\GoforFiles
Key Deleted : HKLM\SOFTWARE\PriceMeterLiveUpdate
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ea8fa6be-29be-4af2-9352-841f83215eb0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0409-0000-0000000FF1CE}
Key Deleted : [x64] HKLM\SOFTWARE\aartemisSoftware
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\237AA359BFA99C94484AF769ACA080AD
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\237AA359BFA99C94484AF769ACA080AD
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\237AA359BFA99C94484AF769ACA080AD
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

-\\ Mozilla Firefox v33.1 (x86 en-US)

-\\ Google Chrome v

-\\ Comodo Dragon v

*************************

AdwCleaner[R0].txt - [13194 octets] - [15/11/2014 09:02:16]
AdwCleaner[S0].txt - [12789 octets] - [15/11/2014 09:10:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12850 octets] ##########

Mahtab · Nov 15, 2014

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Home Premium x64
Ran by Mahtab on Sat 11/15/2014 at 9:20:51.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\PC Optimizer Pro64 startups.job

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\Mahtab\AppData\Roaming\mozilla\firefox\profiles\uoyj9pye.default-1405177281631\minidumps [2 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/15/2014 at 9:33:58.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mahtab · Nov 15, 2014

FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014
Ran by Mahtab (administrator) on MAHTAB-HP on 15-11-2014 10:52:29
Running from C:\Users\Mahtab\Desktop
Loaded Profile: Mahtab (Available profiles: Mahtab)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Rockwell Automation Inc.) C:\Program Files (x86)\Common Files\Rockwell\RNADiagnosticsSrv.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RsvcHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\ownCloud\owncloud.exe
(Spotify Ltd) C:\Users\Mahtab\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(mech) C:\Program Files (x86)\Eyes Relax\EyesRelax.exe
(Dropbox, Inc.) C:\Users\Mahtab\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2802472 2011-06-21] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-07-01] (IDT, Inc.)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [43320 2011-09-30] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-988024436-3456037487-3574863145-1001\...\Run: [ownCloud] => C:\Program Files (x86)\ownCloud\owncloud.exe [17392487 2014-09-04] ()
HKU\S-1-5-21-988024436-3456037487-3574863145-1001\...\Run: [Spotify Web Helper] => C:\Users\Mahtab\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-25] (Spotify Ltd)
HKU\S-1-5-21-988024436-3456037487-3574863145-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22067296 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-988024436-3456037487-3574863145-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-988024436-3456037487-3574863145-1001\...\Policies\system: [DisableChangePassword] 0
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Eyes Relax.lnk
ShortcutTarget: Eyes Relax.lnk -> C:\Windows\Installer\{9C890D28-9671-4DC2-B017-D5327B9062C8}\EyeIcon.ico ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
Startup: C:\Users\Mahtab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Mahtab\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?rd=1&ucc=NL&dcc=NL&opt=0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x522A673BE39DCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM-x32 - {5ABD9E06-E8BC-4DD4-A64E-55C360FBC51C} URL = http://www.amazon.co.uk/s/ref=azs_o...ode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-988024436-3456037487-3574863145-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.254 195.121.1.34 195.121.1.66
Tcpip\..\Interfaces\{1FA7A8FC-4259-42E6-8A21-3A8EC9E47E85}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{65DC6107-D38E-4256-800D-201A5EB7B5E4}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{70F157B4-344E-4CF9-8CE0-BA9678C9C022}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{93854D8B-FFF4-425C-9F33-FC1207D235F6}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{A29B2435-2FC4-4389-9FC1-CD5E93FD1E15}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Mahtab\AppData\Roaming\Mozilla\Firefox\Profiles\uoyj9pye.default-1405177281631
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-988024436-3456037487-3574863145-1001: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml
FF Extension: Connector.LOCTEST - C:\Users\Mahtab\AppData\Roaming\Mozilla\Firefox\Profiles\uoyj9pye.default-1405177281631\Extensions\{FFE33B60-4278-5C0F-7419-03225D9D83BF} [2014-11-01]
FF Extension: Modify Headers - C:\Users\Mahtab\AppData\Roaming\Mozilla\Firefox\Profiles\uoyj9pye.default-1405177281631\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2014-07-28]
FF Extension: Adblock Plus - C:\Users\Mahtab\AppData\Roaming\Mozilla\Firefox\Profiles\uoyj9pye.default-1405177281631\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-12]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-11-11]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Mahtab\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm [2014-07-03]
CHR Extension: (No Name) - C:\Users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm [2014-07-03]
CHR Extension: (No Name) - C:\Users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh [2014-07-08]
CHR Extension: (No Name) - C:\Users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh [2014-07-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S2 FactoryTalk Activation Service; C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe [X]
S2 FTActivationBoost; "C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe" [X]
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133672 2011-09-21] (Broadcom Corporation.)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-09-21] (Broadcom Corporation.)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.4.51572.0.sys [46384 2013-10-08] ()
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-09-24] (Sony Mobile Communications)
R4 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-15] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-12] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-15 10:52 - 2014-11-15 10:53 - 00016620 _____ () C:\Users\Mahtab\Desktop\FRST.txt
2014-11-15 10:52 - 2014-11-15 10:52 - 00000000 ____D () C:\FRST
2014-11-15 09:33 - 2014-11-15 09:33 - 00001009 _____ () C:\Users\Mahtab\Desktop\JRT.txt
2014-11-15 09:20 - 2014-11-15 09:20 - 00000000 ____D () C:\Windows\ERUNT
2014-11-15 09:02 - 2014-11-15 09:10 - 00000000 ____D () C:\AdwCleaner
2014-11-15 08:57 - 2014-11-15 08:57 - 02116608 _____ (Farbar) C:\Users\Mahtab\Desktop\FRST64.exe
2014-11-15 08:56 - 2014-11-15 08:57 - 01706808 _____ (Thisisu) C:\Users\Mahtab\Desktop\JRT.exe
2014-11-15 08:56 - 2014-11-15 08:56 - 02140160 _____ () C:\Users\Mahtab\Desktop\adwcleaner_4.101.exe
2014-11-13 11:25 - 2014-11-13 11:25 - 00093293 _____ () C:\ComboFix.txt
2014-11-13 10:51 - 2014-11-13 11:25 - 00000000 ____D () C:\Qoobox
2014-11-13 10:50 - 2014-11-13 13:58 - 00000000 ____D () C:\Windows\erdnt
2014-11-12 18:44 - 2014-11-12 18:44 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-12 18:44 - 2014-11-12 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-12 18:44 - 2014-11-12 18:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-12 18:44 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-12 18:44 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-12 18:42 - 2014-11-12 18:43 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Mahtab\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-12 16:18 - 2014-11-15 09:22 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-12 16:18 - 2014-11-13 13:58 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-12 16:17 - 2014-11-12 18:15 - 00000000 ____D () C:\Users\Mahtab\Desktop\mbar
2014-11-12 16:03 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-12 15:47 - 2014-11-12 15:47 - 00004864 _____ () C:\Users\Mahtab\Downloads\RKreport.txt
2014-11-12 14:44 - 2014-11-12 14:44 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-12 14:44 - 2014-11-12 14:44 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-12 14:36 - 2014-11-12 14:37 - 14439144 _____ (Malwarebytes Corp.) C:\Users\Mahtab\Desktop\mbar-1.08.0.1001.exe
2014-11-12 14:26 - 2014-11-12 14:27 - 14672984 _____ () C:\Users\Mahtab\Desktop\RogueKiller.exe
2014-11-12 14:23 - 2014-11-12 14:23 - 00014206 _____ () C:\Users\Mahtab\Downloads\attach.txt
2014-11-12 14:23 - 2014-11-12 14:22 - 00026035 _____ () C:\Users\Mahtab\Downloads\dds.txt
2014-11-12 14:14 - 2014-11-12 14:15 - 00688992 ____R (Swearware) C:\Users\Mahtab\Desktop\dds.scr
2014-11-11 12:34 - 2014-11-13 13:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-11 11:49 - 2014-11-13 13:56 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-11-11 11:46 - 2014-11-11 11:46 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Mahtab\Desktop\tdsskiller.exe
2014-11-10 12:54 - 2014-11-12 16:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-10 11:15 - 2014-11-15 10:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-10 11:15 - 2014-11-10 11:15 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-10 11:11 - 2014-11-10 14:00 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Zopomu
2014-11-10 11:11 - 2014-11-10 14:00 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Ziiqsig
2014-11-10 11:11 - 2014-11-10 14:00 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Xexoer
2014-11-10 11:11 - 2014-11-10 14:00 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Enigiga
2014-11-10 11:10 - 2014-11-10 16:10 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Wamaino
2014-11-10 11:10 - 2014-11-10 14:00 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Quhyco
2014-11-10 11:10 - 2014-11-10 14:00 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Azpuum
2014-11-09 23:37 - 2014-11-10 11:15 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-09 23:37 - 2014-11-10 11:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-09 23:27 - 2014-11-09 23:27 - 00000000 _____ () C:\Windows\ativpsrm.bin
2014-11-01 23:15 - 2014-11-02 11:17 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Odyrpyar
2014-11-01 19:47 - 2014-11-08 13:48 - 00000000 ____D () C:\Windows\Minidump
2014-11-01 18:12 - 2014-11-06 11:40 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-11-01 18:01 - 2014-11-09 16:36 - 00000000 ____D () C:\Users\Mahtab\AppData\Local\Ogics
2014-11-01 17:59 - 2014-11-10 16:18 - 00000000 ____D () C:\Users\Mahtab\AppData\Local\Adworks
2014-10-23 10:23 - 2014-10-23 10:14 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-23 10:23 - 2014-10-23 10:13 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-23 10:23 - 2014-10-23 10:13 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-19 12:09 - 2014-10-19 12:10 - 00000000 ____D () C:\49d9623b07f70104715a

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-15 10:53 - 2012-05-21 00:35 - 01777374 _____ () C:\Windows\WindowsUpdate.log
2014-11-15 10:51 - 2013-12-16 12:41 - 00000000 ____D () C:\Users\Mahtab\ownCloud
2014-11-15 09:25 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-15 09:22 - 2012-09-08 15:43 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A27F23F7-9039-4DF2-9D46-A262AA64BF4D}
2014-11-15 09:22 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-15 09:22 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-15 09:18 - 2012-09-09 12:06 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Skype
2014-11-15 09:16 - 2012-10-01 09:14 - 00000000 ___RD () C:\Users\Mahtab\Dropbox
2014-11-15 09:15 - 2012-10-01 09:10 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Dropbox
2014-11-15 09:13 - 2014-01-13 13:55 - 00000326 _____ () C:\Windows\Tasks\GlaryInitialize.job
2014-11-15 09:12 - 2010-11-21 04:47 - 00400596 _____ () C:\Windows\PFRO.log
2014-11-15 09:12 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-15 09:12 - 2009-07-14 05:51 - 00091195 _____ () C:\Windows\setupact.log
2014-11-15 08:59 - 2012-10-01 09:11 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-13 13:59 - 2014-05-07 08:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-13 13:59 - 2012-09-08 13:30 - 00000000 ____D () C:\Users\Mahtab
2014-11-13 13:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-13 13:58 - 2014-07-03 16:07 - 00000000 ____D () C:\Program Files (x86)\Adblocker
2014-11-13 13:58 - 2014-01-13 13:54 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities
2014-11-13 13:58 - 2012-05-21 10:13 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-13 13:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-11-13 13:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-13 13:56 - 2014-07-03 16:06 - 00000000 ____D () C:\Users\Mahtab\AppData\Local\Comodo
2014-11-13 13:56 - 2014-07-03 16:06 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-11-13 13:56 - 2014-07-03 16:06 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-11-13 13:56 - 2014-07-03 16:06 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-11-13 13:56 - 2014-07-03 16:06 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-11-13 13:56 - 2014-07-03 16:06 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-11-13 13:56 - 2014-07-03 16:06 - 00000000 ____D () C:\Users\Guest
2014-11-13 13:56 - 2014-07-03 16:06 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-11-13 13:56 - 2014-07-03 16:06 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-11-13 13:56 - 2014-07-03 16:06 - 00000000 ____D () C:\Users\Administrator
2014-11-13 13:56 - 2012-10-24 13:09 - 00000000 ____D () C:\Users\Mahtab\AppData\Local\Google
2014-11-13 13:56 - 2012-05-21 00:47 - 00000000 ____D () C:\ProgramData\Temp
2014-11-13 11:14 - 2009-07-14 03:34 - 83886080 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-11-13 11:14 - 2009-07-14 03:34 - 19136512 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-11-13 11:14 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-11-13 11:14 - 2009-07-14 03:34 - 00057344 _____ () C:\Windows\system32\config\SAM.bak
2014-11-13 11:14 - 2009-07-14 03:34 - 00024576 _____ () C:\Windows\system32\config\SECURITY.bak
2014-11-13 08:34 - 2013-08-24 13:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 18:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-12 18:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Cursors
2014-11-12 16:08 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2014-11-12 16:08 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\SysWOW64\sysprep
2014-11-12 16:08 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2014-11-12 16:08 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-11-12 16:08 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-11-12 16:08 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-12 16:08 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-11-12 16:08 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-11-12 16:08 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-11-12 16:08 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-12 16:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2014-11-12 16:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2014-11-12 16:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-11-12 16:07 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2014-11-12 16:07 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2014-11-12 16:07 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\system32\winrm
2014-11-12 16:07 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\system32\slmgr
2014-11-12 16:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2014-11-12 16:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-11-12 16:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-11-12 16:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2014-11-12 16:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-11-12 16:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\oobe
2014-11-12 16:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\migwiz
2014-11-12 16:06 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\system32\WCN
2014-11-12 16:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Setup
2014-11-12 16:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\MUI
2014-11-12 16:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-11-12 16:05 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2014-11-12 16:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\com
2014-11-12 14:06 - 2014-07-08 14:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-11 12:15 - 2012-10-19 08:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-11-11 12:15 - 2012-10-01 22:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-11 10:35 - 2013-03-01 15:34 - 00000000 ____D () C:\Users\Mahtab\AppData\Local\CrashDumps
2014-11-10 16:45 - 2011-08-31 19:05 - 00000000 ___HD () C:\HP
2014-11-09 23:37 - 2012-09-10 13:56 - 00000000 ____D () C:\Users\Mahtab\AppData\Local\Adobe
2014-11-08 13:48 - 2013-05-23 10:22 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\BitTorrent
2014-11-08 13:48 - 2011-10-23 15:31 - 00000000 ____D () C:\ProgramData\Skype
2014-11-06 20:50 - 2012-12-18 23:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-11-06 20:49 - 2013-02-20 05:35 - 00000000 ____D () C:\ProgramData\Rockwell Automation
2014-11-02 12:44 - 2014-07-03 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-11-02 12:39 - 2014-07-03 15:14 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-11-02 12:21 - 2013-10-19 12:07 - 00000000 ____D () C:\Program Files (x86)\Omnitrans International
2014-11-01 18:03 - 2009-07-14 06:13 - 01679012 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 18:05 - 2013-12-07 12:09 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\vlc
2014-10-26 16:00 - 2013-12-16 12:29 - 00000000 ____D () C:\Users\Mahtab\AppData\Local\ownCloud
2014-10-25 22:04 - 2013-11-25 14:04 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Spotify
2014-10-25 14:13 - 2013-11-25 14:05 - 00000000 ____D () C:\Users\Mahtab\AppData\Local\Spotify
2014-10-25 09:40 - 2013-02-18 21:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-23 13:23 - 2013-10-06 10:17 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-23 10:23 - 2013-10-06 10:14 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-23 10:19 - 2014-09-26 09:42 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-10-23 10:18 - 2014-09-25 17:59 - 00000000 ____D () C:\Program Files\Java
2014-10-23 10:13 - 2014-05-05 19:25 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-19 12:32 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-19 12:30 - 2009-07-14 05:45 - 00438416 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 12:00 - 2012-12-04 11:10 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Mahtab\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Mahtab\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzlp71h.dll
C:\Users\Mahtab\AppData\Local\Temp\install_flashplayer15x32_mssd_aaa_aih.exe
C:\Users\Mahtab\AppData\Local\Temp\Quarantine.exe
C:\Users\Mahtab\AppData\Local\Temp\sqlite3.dll
C:\Users\Mahtab\AppData\Local\Temp\tmp9de66716.exe
C:\Users\Mahtab\AppData\Local\Temp\tmpAC07.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-12 15:10

==================== End Of Log ============================

Mahtab · Nov 15, 2014

Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2014
Ran by Mahtab at 2014-11-15 10:54:03
Running from C:\Users\Mahtab\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
ATI Catalyst Install Manager (HKLM\...\{E686FBB0-B356-96BE-A9ED-2D8286AA0386}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
BitTorrent (HKU\S-1-5-21-988024436-3456037487-3574863145-1001\...\BitTorrent) (Version: 7.9.2.32241 - BitTorrent Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.100.82.86 - Broadcom Corporation)
Broadcom Bluetooth Software (HKLM\...\{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}) (Version: 6.5.0.2300 - Broadcom Corporation)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.5.2300 - Broadcom Corporation)
CamStudio version 2.7 (HKLM-x32\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
Cash And The City version 1.3.7.0 freeware (HKLM-x32\...\Cash And The City_is1) (Version: 1.3.7.0 freeware - Soft And The City)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4305 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-988024436-3456037487-3574863145-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
EndNote X6 (HKLM-x32\...\{86B3F2D6-AC2B-0016-8AE1-F2F77F781B0C}) (Version: 16.0.1.6599 - Thomson Reuters)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Eyes Relax (HKLM-x32\...\{9C890D28-9671-4DC2-B017-D5327B9062C8}) (Version: 0.87.4548 - mech)
FactoryTalk Activation Manager 3.30 (CPR 9 SR 3) (HKLM-x32\...\{89766D3B-F4FA-45B2-87F0-4C0FEB0AFE00}) (Version: 3.30.00.0148 - Rockwell Automation, Inc.)
Glary Utilities 2.44.0.1450 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.44.0.1450 - Glarysoft Ltd)
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP 3D DriveGuard (HKLM\...\{D683B960-F688-48E8-9425-AECA724A3FA6}) (Version: 4.1.9.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{4D5D18BA-FF9C-40DA-A3B9-661D76EC0FB1}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Launch Box (HKLM\...\{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}) (Version: 1.0.12 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}) (Version: 2.5.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{0576788F-2993-455F-80CD-980114095103}) (Version: 1.0.11 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15109.3899 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{DBFD2AA1-B1F5-4891-894E-F3E03B390922}) (Version: 4.5.1.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6351.0 - IDT)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MPC-HC 1.7.1 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.1.0 - MPC-HC Team)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
ownCloud (HKLM-x32\...\ownCloud) (Version: 1.6.3.3721 - ownCloud)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 9.0 - PlotSoft LLC)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.13.201409122125 - Sony Mobile Communications AB)
Sony PC Companion 2.10.226 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.226 - Sony)
Spotify (HKU\S-1-5-21-988024436-3456037487-3574863145-1001\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.12.1 - Synaptics Incorporated)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Vensim Professional (HKLM-x32\...\Vensim Professional) (Version: - )
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-988024436-3456037487-3574863145-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mahtab\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-988024436-3456037487-3574863145-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-988024436-3456037487-3574863145-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-988024436-3456037487-3574863145-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-988024436-3456037487-3574863145-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-988024436-3456037487-3574863145-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-988024436-3456037487-3574863145-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-988024436-3456037487-3574863145-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-988024436-3456037487-3574863145-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

04-11-2014 10:50:14 Windows Update
06-11-2014 19:34:53 Removed Arena 13.90.00000 .
07-11-2014 21:08:12 Windows Update
11-11-2014 09:34:46 Windows Update
12-11-2014 14:17:03 Language Pack Removal
12-11-2014 14:48:20 RestorePoint-12112014
12-11-2014 17:14:20 Malwarebytes Anti-Rootkit Restore Point
12-11-2014 17:56:59 Windows Update
13-11-2014 12:48:01 Restore Operation
13-11-2014 13:08:01 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-11-06 11:40 - 00001497 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
146.0.75.27 www.google-analytics.com.
146.0.75.27 google-analytics.com.
146.0.75.27 connect.facebook.net.
107.181.187.40 www.google-analytics.com.
107.181.187.40 google-analytics.com.
107.181.187.40 connect.facebook.net.
85.17.81.55 www.google-analytics.com.
85.17.81.55 google-analytics.com.
85.17.81.55 connect.facebook.net.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1F0FA6D7-3FD1-477B-B459-A36DE398BA0A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
Task: {294BCDEB-50BF-423C-BD53-20C2ED227FEC} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-07-06] (CyberLink)
Task: {4A2975F7-EECC-4B85-95F2-D5FD3156008D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-10] (Adobe Systems Incorporated)
Task: {5CB1F9E6-7448-4AAE-A2F5-3E493D354613} - \Security Center Update - 336887852 No Task File <==== ATTENTION
Task: {A041603A-DB64-49D7-B784-D5BFC265C476} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2012-04-06] (Glarysoft Ltd)
Task: {BBED204C-32DD-4A3D-B25E-FE59E6619D69} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {C4E1AB3B-22C5-4F7B-B524-29967CBFE166} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {F99260D6-90DE-4A59-A1F7-61C72A53916A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe

==================== Loaded Modules (whitelisted) =============

2014-09-04 14:55 - 2014-09-04 14:55 - 17392487 _____ () C:\Program Files (x86)\ownCloud\owncloud.exe
2011-06-28 22:38 - 2011-06-28 22:38 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-17 12:42 - 2011-06-17 12:42 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-02-01 12:10 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2010-03-23 13:26 - 2010-03-23 13:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2010-08-20 15:22 - 2010-08-20 15:22 - 00059752 _____ () C:\Program Files (x86)\Common Files\Rockwell\FTDiagnosticsODBCENU.dll
2014-07-17 16:23 - 2014-07-17 16:23 - 02163481 _____ () C:\Program Files (x86)\ownCloud\icui18n53.dll
2014-07-17 16:23 - 2014-07-17 16:23 - 01287718 _____ () C:\Program Files (x86)\ownCloud\icuuc53.dll
2014-07-17 16:23 - 2014-07-17 16:23 - 21539997 _____ () C:\Program Files (x86)\ownCloud\icudata53.dll
2014-06-20 08:59 - 2014-06-20 08:59 - 00095268 _____ () C:\Program Files (x86)\ownCloud\libgcc_s_sjlj-1.dll
2014-06-20 08:59 - 2014-06-20 08:59 - 00846908 _____ () C:\Program Files (x86)\ownCloud\libstdc++-6.dll
2014-06-20 06:12 - 2014-06-20 06:12 - 00144011 _____ () C:\Program Files (x86)\ownCloud\libpcre16-0.dll
2014-06-20 06:12 - 2014-06-20 06:12 - 00083490 _____ () C:\Program Files (x86)\ownCloud\zlib1.dll
2014-06-20 06:13 - 2014-06-20 06:13 - 01345107 _____ () C:\Program Files (x86)\ownCloud\libGLESv2.dll
2014-06-20 06:13 - 2014-06-20 06:13 - 00203045 _____ () C:\Program Files (x86)\ownCloud\libpng16-16.dll
2014-09-04 14:54 - 2014-09-04 14:54 - 17134418 _____ () C:\Program Files (x86)\ownCloud\libowncloudsync.dll
2014-09-04 14:54 - 2014-09-04 14:54 - 00777549 _____ () C:\Program Files (x86)\ownCloud\libocsync.dll
2014-06-26 09:47 - 2014-06-26 09:47 - 00157526 _____ () C:\Program Files (x86)\ownCloud\libneon-27.dll
2014-06-17 05:19 - 2014-06-17 05:19 - 00169101 _____ () C:\Program Files (x86)\ownCloud\libproxy.dll
2014-06-17 05:16 - 2014-06-17 05:16 - 00041592 _____ () C:\Program Files (x86)\ownCloud\libmodman.dll
2014-06-20 06:18 - 2014-06-20 06:18 - 01150462 _____ () C:\Program Files (x86)\ownCloud\libxml2-2.dll
2013-09-24 06:15 - 2013-09-24 06:15 - 00566268 _____ () C:\Program Files (x86)\ownCloud\libsqlite3-0.dll
2014-06-20 06:13 - 2014-06-20 06:13 - 00150394 _____ () C:\Program Files (x86)\ownCloud\libEGL.dll
2014-06-20 06:14 - 2014-06-20 06:14 - 00196540 _____ () C:\Program Files (x86)\ownCloud\libjpeg-8.dll
2014-06-20 06:22 - 2014-06-20 06:22 - 00246506 _____ () C:\Program Files (x86)\ownCloud\libwebp-4.dll
2014-06-20 07:13 - 2014-06-20 07:13 - 00228133 _____ () C:\Program Files (x86)\ownCloud\libxslt-1.dll
2014-06-17 06:59 - 2014-06-17 06:59 - 00059083 _____ () C:\Program Files (x86)\ownCloud\libqt5keychain.dll
2014-07-17 17:06 - 2014-07-17 17:06 - 00637003 _____ () C:\Program Files (x86)\ownCloud\platforms\qwindows.dll
2014-07-17 17:06 - 2014-07-17 17:06 - 00032046 _____ () C:\Program Files (x86)\ownCloud\imageformats\qgif.dll
2014-07-17 17:06 - 2014-07-17 17:06 - 00033454 _____ () C:\Program Files (x86)\ownCloud\imageformats\qico.dll
2014-07-17 17:06 - 2014-07-17 17:06 - 00047735 _____ () C:\Program Files (x86)\ownCloud\imageformats\qjpeg.dll
2014-07-17 17:06 - 2014-07-17 17:06 - 00060152 _____ () C:\Program Files (x86)\ownCloud\sqldrivers\qsqlite.dll
2014-11-15 09:15 - 2014-11-15 09:15 - 00043008 _____ () c:\users\mahtab\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzlp71h.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Mahtab\AppData\Roaming\Dropbox\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\06257176.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\06257176.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-988024436-3456037487-3574863145-500 - Administrator - Disabled)
Guest (S-1-5-21-988024436-3456037487-3574863145-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-988024436-3456037487-3574863145-1002 - Limited - Enabled)
Mahtab (S-1-5-21-988024436-3456037487-3574863145-1001 - Administrator - Enabled) => C:\Users\Mahtab

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (03/07/2014 10:29:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 79 seconds with 60 seconds of active time. This session ended with a crash.

Error: (03/07/2014 10:25:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 40636 seconds with 11220 seconds of active time. This session ended with a crash.

Error: (12/12/2013 09:57:16 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 515 seconds with 420 seconds of active time. This session ended with a crash.

Error: (06/13/2013 01:06:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4525 seconds with 0 seconds of active time. This session ended with a crash.

Error: (03/18/2013 05:17:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3126 seconds with 2460 seconds of active time. This session ended with a crash.

Error: (03/05/2013 11:33:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3729 seconds with 1860 seconds of active time. This session ended with a crash.

Error: (11/22/2012 09:36:25 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 972 seconds with 900 seconds of active time. This session ended with a crash.

CodeIntegrity Errors:
===================================
Date: 2014-11-13 11:10:47.959
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-11-13 11:10:47.803
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-06-18 13:43:19.719
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-15 16:41:16.493
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-15 16:40:26.547
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-15 16:31:05.295
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD E-450 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 39%
Total physical RAM: 3689.41 MB
Available physical RAM: 2242.02 MB
Total Pagefile: 7376.99 MB
Available Pagefile: 5378.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:437.86 GB) (Free:349.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:23.73 GB) (Free:2.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 97441560)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=437.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=23.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================

Broni · Nov 15, 2014

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Mahtab · Nov 16, 2014

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-11-2014
Ran by Mahtab at 2014-11-16 10:38:48 Run:1
Running from C:\Users\Mahtab\Desktop
Loaded Profiles: Mahtab & (Available profiles: Mahtab)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-988024436-3456037487-3574863145-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Plugin HKU\S-1-5-21-988024436-3456037487-3574863145-1001: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll No File
CHR dev: Chrome dev build detected! <======= ATTENTION
S2 FactoryTalk Activation Service; C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe [X]
S2 FTActivationBoost; "C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe" [X]
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]
2014-11-10 11:11 - 2014-11-10 14:00 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Zopomu
2014-11-10 11:11 - 2014-11-10 14:00 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Ziiqsig
2014-11-10 11:11 - 2014-11-10 14:00 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Xexoer
2014-11-10 11:11 - 2014-11-10 14:00 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Enigiga
2014-11-10 11:10 - 2014-11-10 16:10 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Wamaino
2014-11-10 11:10 - 2014-11-10 14:00 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Quhyco
2014-11-10 11:10 - 2014-11-10 14:00 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Azpuum
2014-11-01 23:15 - 2014-11-02 11:17 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Odyrpyar
C:\Users\Mahtab\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Mahtab\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzlp71h.dll
C:\Users\Mahtab\AppData\Local\Temp\install_flashplayer15x32_mssd_aaa_aih.exe
C:\Users\Mahtab\AppData\Local\Temp\Quarantine.exe
C:\Users\Mahtab\AppData\Local\Temp\sqlite3.dll
C:\Users\Mahtab\AppData\Local\Temp\tmp9de66716.exe
C:\Users\Mahtab\AppData\Local\Temp\tmpAC07.exe
Hosts:
Task: {5CB1F9E6-7448-4AAE-A2F5-3E493D354613} - \Security Center Update - 336887852 No Task File <==== ATTENTION

*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-988024436-3456037487-3574863145-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
FF Plugin HKU\S-1-5-21-988024436-3456037487-3574863145-1001: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll No File => Error: No automatic fix found for this entry.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
FactoryTalk Activation Service => Service deleted successfully.
FTActivationBoost => Service deleted successfully.
HP Support Assistant Service => Service deleted successfully.
C:\Users\Mahtab\AppData\Roaming\Zopomu => Moved successfully.
C:\Users\Mahtab\AppData\Roaming\Ziiqsig => Moved successfully.
C:\Users\Mahtab\AppData\Roaming\Xexoer => Moved successfully.
C:\Users\Mahtab\AppData\Roaming\Enigiga => Moved successfully.
C:\Users\Mahtab\AppData\Roaming\Wamaino => Moved successfully.
C:\Users\Mahtab\AppData\Roaming\Quhyco => Moved successfully.
C:\Users\Mahtab\AppData\Roaming\Azpuum => Moved successfully.
C:\Users\Mahtab\AppData\Roaming\Odyrpyar => Moved successfully.
C:\Users\Mahtab\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\Mahtab\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzlp71h.dll => Moved successfully.
C:\Users\Mahtab\AppData\Local\Temp\install_flashplayer15x32_mssd_aaa_aih.exe => Moved successfully.
C:\Users\Mahtab\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Mahtab\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Mahtab\AppData\Local\Temp\tmp9de66716.exe => Moved successfully.
C:\Users\Mahtab\AppData\Local\Temp\tmpAC07.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5CB1F9E6-7448-4AAE-A2F5-3E493D354613}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5CB1F9E6-7448-4AAE-A2F5-3E493D354613}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 336887852" => Key deleted successfully.

The system needed a reboot.

==== End of Fixlog ====

Broni · Nov 16, 2014

How is computer doing?

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Internet Explorer users - Click on this link to open ESET OnlineScan.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
- Double click on the http://www.bleepstatic.com/fhost/uploads/0/esetsmartinstaller_enu.png][/url] icon on your desktop.
  [/LIST]
  [*]Check [I]"YES, I accept the Terms of Use."[/I]
  [*]Click the [b]Start[/b] button.
  [*]Accept any security warnings from your browser.
  [*]Check [I]"Enable detection of potentially unwanted applications"[/I].
  [*]Click [I]Advanced settings[/I] and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
  Do NOT checkmark [I]"Use custom proxy settings"[/I]
  [*]Click the [b]Start[/b] button.
  [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  [*]When the scan completes, click [b]List Threats[/b]
  [*]Click [b]Export[/b], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  [*]Click the [b]Back[/b] button.
  [*]Click the [b]Finish[/b] button.
  [/LIST]

Mahtab · Nov 17, 2014

Security Check
Results of screen317's Security Check version 0.99.90
Windows 7 Service Pack 1 x64
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 25
Java version out of Date!
Adobe Flash Player 15.0.0.189
Adobe Reader XI
Mozilla Firefox (33.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Mahtab · Nov 17, 2014

FSS
Farbar Service Scanner Version: 21-07-2014
Ran by Mahtab (administrator) on 17-11-2014 at 16:24:02
Running from "C:\Users\Mahtab\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Solved Can't get rid of DOS/Rovnix.W

Posts: 26 +0

Posts: 26 +0

Posts: 56,041 +516

Posts: 26 +0

Posts: 26 +0

Posts: 26 +0

Posts: 56,041 +516

Posts: 26 +0

Posts: 26 +0

Posts: 26 +0

Posts: 26 +0

Posts: 26 +0

Posts: 56,041 +516

Posts: 26 +0

Posts: 26 +0

Posts: 56,041 +516

Posts: 26 +0

Posts: 26 +0

Posts: 26 +0

Posts: 26 +0

Posts: 56,041 +516

Attachments

Posts: 26 +0

Posts: 56,041 +516

Posts: 26 +0

Posts: 26 +0

Similar threads