TechSpot

Can't get rid of DOS/Rovnix.W

By Mahtab
Nov 10, 2014
  1. Hi,
    My computer has been infected with DOS/Rovnix.W and despite several scans, in safe mode since it cannot complete the scans in normal mode and shuts down or goes to blue screen, and manual registery cleaning I couldn't get rid of it. My computer doesn't go to blue screen anymore but MSE still shows the malware and is unable to delete it completely. I would appreciate your help.
     
  2. Mahtab

    Mahtab TS Rookie Topic Starter Posts: 26

    For this issue:
    Category: Virus

    Description: This program is dangerous and replicates by infecting other files.

    Recommended action: Remove this software immediately.

    Items:
    rootkit:Rovnix->Vbr::Rovnix

    Step 2: MBAM Log
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 11/10/2014
    Scan Time: 4:56:50 PM
    Logfile: ScanLog.txt
    Administrator: Yes

    Version: 2.00.3.1025
    Malware Database: v2014.11.10.05
    Rootkit Database: v2014.11.08.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Mahtab

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 359510
    Time Elapsed: 45 min, 46 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)


    Step 3: DDS
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/8/2012 2:30:25 PM
    System Uptime: 11/10/2014 5:44:57 PM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 3387
    Processor: AMD E-450 APU with Radeon(tm) HD Graphics | Socket FT1 | 1650/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 438 GiB total, 348.355 GiB free.
    D: is FIXED (NTFS) - 24 GiB total, 2.514 GiB free.
    E: is FIXED (FAT32) - 4 GiB total, 1.08 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Teredo Tunneling Adapter
    Device ID: ROOT\*TEREDO\0000
    Manufacturer: Microsoft
    Name: Teredo Tunneling Pseudo-Interface
    PNP Device ID: ROOT\*TEREDO\0000
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco Systems VPN Adapter for 64-bit Windows
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco Systems VPN Adapter for 64-bit Windows
    PNP Device ID: ROOT\NET\0000
    Service: CVirtA
    .
    ==== System Restore Points ===================
    .
    RP282: 10/19/2014 2:05:57 PM - Windows Update
    RP283: 10/24/2014 12:10:16 PM - Windows Update
    RP284: 10/27/2014 5:46:02 PM - Windows Update
    RP285: 10/31/2014 3:36:07 PM - Windows Update
    RP286: 11/4/2014 11:50:14 AM - Windows Update
    RP287: 11/6/2014 8:34:53 PM - Removed Arena 13.90.00000 .
    RP288: 11/7/2014 10:08:12 PM - Windows Update
    .
    ==== Image File Execution Options =============
    .
    .
    ==== Installed Programs ======================
    .
    .
    ==== End Of File ===========================




    *These files seems incomplete to me but I didn't recieve any errors saying the scans were not successful. Also the DDS created only the Attach.txt and not the other file. I did disable my firewall and disconnected from internet. Please let me know what I should be doing next.
     
  3. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  4. Mahtab

    Mahtab TS Rookie Topic Starter Posts: 26

    TDSSKiller Log

    11:47:13.0909 0x1624 TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
    11:48:19.0252 0x1624 ============================================================
    11:48:19.0252 0x1624 Current date / time: 2014/11/11 11:48:19.0252
    11:48:19.0252 0x1624 SystemInfo:
    11:48:19.0252 0x1624
    11:48:19.0252 0x1624 OS Version: 6.1.7601 ServicePack: 1.0
    11:48:19.0252 0x1624 Product type: Workstation
    11:48:19.0268 0x1624 ComputerName: MAHTAB-HP
    11:48:19.0268 0x1624 UserName: Mahtab
    11:48:19.0268 0x1624 Windows directory: C:\Windows
    11:48:19.0268 0x1624 System windows directory: C:\Windows
    11:48:19.0268 0x1624 Running under WOW64
    11:48:19.0268 0x1624 Processor architecture: Intel x64
    11:48:19.0268 0x1624 Number of processors: 2
    11:48:19.0268 0x1624 Page size: 0x1000
    11:48:19.0268 0x1624 Boot type: Normal boot
    11:48:19.0268 0x1624 ============================================================
    11:48:20.0328 0x1624 KLMD registered as C:\Windows\system32\drivers\79599235.sys
    11:48:21.0717 0x1624 System UUID: {441F15F9-8E09-A47B-6F09-212AAE324194}
    11:48:24.0135 0x1624 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    11:48:24.0166 0x1624 ============================================================
    11:48:24.0166 0x1624 \Device\Harddisk0\DR0:
    11:48:24.0197 0x1624 MBR partitions:
    11:48:24.0197 0x1624 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
    11:48:24.0197 0x1624 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x36BBA000
    11:48:24.0197 0x1624 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x36C1E000, BlocksNum 0x2F78000
    11:48:24.0197 0x1624 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x39B96000, BlocksNum 0x7EF830
    11:48:24.0197 0x1624 ============================================================
    11:48:24.0353 0x1624 C: <-> \Device\Harddisk0\DR0\Partition2
    11:48:24.0494 0x1624 D: <-> \Device\Harddisk0\DR0\Partition3
    11:48:24.0556 0x1624 E: <-> \Device\Harddisk0\DR0\Partition4
    11:48:24.0556 0x1624 ============================================================
    11:48:24.0556 0x1624 Initialize success
    11:48:24.0556 0x1624 ============================================================
    11:48:27.0255 0x2144 ============================================================
    11:48:27.0255 0x2144 Scan started
    11:48:27.0255 0x2144 Mode: Manual;
    11:48:27.0255 0x2144 ============================================================
    11:48:27.0255 0x2144 KSN ping started
    11:48:41.0095 0x2144 KSN ping finished: true
    11:48:42.0281 0x2144 ================ Scan system memory ========================
    11:48:42.0281 0x2144 System memory - ok
    11:48:42.0281 0x2144 ================ Scan services =============================
    11:48:42.0780 0x2144 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    11:48:42.0796 0x2144 1394ohci - ok
    11:48:42.0874 0x2144 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5, C3CC58D636B18DF77C4C4B384AD1DE78418716A0606E564DBC63782D5EA02905 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
    11:48:42.0874 0x2144 Accelerometer - ok
    11:48:42.0952 0x2144 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    11:48:42.0967 0x2144 ACPI - ok
    11:48:43.0030 0x2144 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    11:48:43.0030 0x2144 AcpiPmi - ok
    11:48:43.0201 0x2144 [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    11:48:43.0217 0x2144 AdobeARMservice - ok
    11:48:43.0560 0x2144 [ 2637233632CCD1837A1A57A43CAF00A4, 848026C6C9B38FD9F70BC7B2306BF4F5DD395726D4FDD6A18B29354921191DC5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    11:48:43.0576 0x2144 AdobeFlashPlayerUpdateSvc - ok
    11:48:43.0638 0x2144 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    11:48:43.0669 0x2144 adp94xx - ok
    11:48:43.0700 0x2144 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
    11:48:43.0716 0x2144 adpahci - ok
    11:48:43.0747 0x2144 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    11:48:43.0763 0x2144 adpu320 - ok
    11:48:43.0810 0x2144 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    11:48:43.0810 0x2144 AeLookupSvc - ok
    11:48:43.0981 0x2144 [ A6FB9DB8F1A86861D955FD6975977AE0, 788C6EE50719227D7A9B7F08C8D5E1289FCD0E8AC23A1021A5093D2E8368F696 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
    11:48:43.0997 0x2144 AESTFilters - ok
    11:48:44.0059 0x2144 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
    11:48:44.0090 0x2144 AFD - ok
    11:48:44.0122 0x2144 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
    11:48:44.0137 0x2144 agp440 - ok
    11:48:44.0168 0x2144 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
    11:48:44.0168 0x2144 ALG - ok
    11:48:44.0215 0x2144 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
    11:48:44.0215 0x2144 aliide - ok
    11:48:44.0262 0x2144 [ 310F88A93C3B02E3D1F906FB57B9E01E, C12CF7005F681305FA4A945C77E0C6C6AD674037187030FA506EA85DB37CA68C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    11:48:44.0278 0x2144 AMD External Events Utility - ok
    11:48:44.0309 0x2144 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
    11:48:44.0309 0x2144 amdide - ok
    11:48:44.0340 0x2144 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    11:48:44.0356 0x2144 AmdK8 - ok
    11:48:44.0917 0x2144 [ 62DDF55680F8C53E4B8DDE4189ADA0B8, 0840DC0F30430C708896859ABEFEBB9802EE6544F0BEE7C16EFCBC991B49C43C ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    11:48:45.0526 0x2144 amdkmdag - ok
    11:48:45.0619 0x2144 [ 51F027DFFEDFB8D763FABFFA06B56E6D, 85C6173B910E90C399A0AE3000C6527E390B72B8550618FA91D4E979793DB19C ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    11:48:45.0635 0x2144 amdkmdap - ok
    11:48:45.0682 0x2144 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    11:48:45.0682 0x2144 AmdPPM - ok
    11:48:45.0713 0x2144 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    11:48:45.0728 0x2144 amdsata - ok
    11:48:45.0775 0x2144 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    11:48:45.0791 0x2144 amdsbs - ok
    11:48:45.0806 0x2144 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
    11:48:45.0806 0x2144 amdxata - ok
    11:48:45.0838 0x2144 [ F9D46B6B322708BD5AFCC8767EBDC901, BD4872A62516D8326D43FD37A8BECEBADB80C51CD79506FD8A2013358710F774 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
    11:48:45.0853 0x2144 amd_sata - ok
    11:48:45.0900 0x2144 [ 329CC9C7E20DEEBCD4CD10816193EF14, FA217536D56EA0BFC783FC29919F529A9AF8E0F7B2A49AA452B218BC6F1E0366 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
    11:48:45.0900 0x2144 amd_xata - ok
    11:48:45.0931 0x2144 [ 80B9412C4DE09147581FC935FB4C97AB, 0C9661F7B5EF7F9D61981790B7AB64E3375BD117962166619D0CC546A2D014D3 ] AppID C:\Windows\system32\drivers\appid.sys
    11:48:45.0931 0x2144 AppID - ok
    11:48:45.0962 0x2144 [ F71CA01C24FC3798A717B5A6F682F9AD, 8CF1C209E7BBBAD02D6D087293C0B681CDA3170AF119CA2916C2708D8801E749 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    11:48:45.0962 0x2144 AppIDSvc - ok
    11:48:46.0009 0x2144 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
    11:48:46.0009 0x2144 Appinfo - ok
    11:48:46.0056 0x2144 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
    11:48:46.0072 0x2144 arc - ok
    11:48:46.0103 0x2144 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
    11:48:46.0118 0x2144 arcsas - ok
    11:48:46.0399 0x2144 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    11:48:46.0399 0x2144 aspnet_state - ok
    11:48:46.0430 0x2144 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    11:48:46.0446 0x2144 AsyncMac - ok
    11:48:46.0462 0x2144 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
    11:48:46.0477 0x2144 atapi - ok
    11:48:46.0524 0x2144 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47, 172240231981162F67DD2CF13C6D8C807EFFCE9C24B476F2942BC3E1F41C1A71 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
    11:48:46.0524 0x2144 AtiHDAudioService - ok
    11:48:46.0602 0x2144 [ 2C1B6A64294F2182DC4999F923873974, 6D611636D849631BB1F852DC03A98BBFEC4D797A2707CA63427E187F0725A796 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    11:48:46.0633 0x2144 AudioEndpointBuilder - ok
    11:48:46.0680 0x2144 [ 2C1B6A64294F2182DC4999F923873974, 6D611636D849631BB1F852DC03A98BBFEC4D797A2707CA63427E187F0725A796 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    11:48:46.0711 0x2144 AudioSrv - ok
    11:48:46.0758 0x2144 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
    11:48:46.0774 0x2144 AxInstSV - ok
    11:48:46.0867 0x2144 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
    11:48:46.0898 0x2144 b06bdrv - ok
    11:48:46.0945 0x2144 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    11:48:46.0961 0x2144 b57nd60a - ok
    11:48:47.0008 0x2144 [ 09A19C806110CE839111850EC27E65F5, 828251F2183AA42F9556F820025A612CDC52E57424C10738F7A4640CAB7E06E7 ] bcbtums C:\Windows\system32\drivers\bcbtums.sys
    11:48:47.0023 0x2144 bcbtums - ok
    11:48:47.0304 0x2144 [ 461E574D7967E895640109A371A912A5, 910C7063E9370FC1968E8F75E5350915ED1AFF54B265A86A28A77EE27529E8C3 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
    11:48:47.0585 0x2144 BCM43XX - ok
    11:48:47.0647 0x2144 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
    11:48:47.0663 0x2144 BDESVC - ok
    11:48:47.0694 0x2144 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
    11:48:47.0694 0x2144 Beep - ok
    11:48:47.0756 0x2144 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
    11:48:47.0803 0x2144 BFE - ok
    11:48:47.0881 0x2144 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
    11:48:47.0912 0x2144 BITS - ok
    11:48:47.0959 0x2144 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
    11:48:47.0975 0x2144 blbdrive - ok
    11:48:48.0022 0x2144 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    11:48:48.0022 0x2144 bowser - ok
    11:48:48.0053 0x2144 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    11:48:48.0068 0x2144 BrFiltLo - ok
    11:48:48.0084 0x2144 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    11:48:48.0084 0x2144 BrFiltUp - ok
    11:48:48.0162 0x2144 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
    11:48:48.0178 0x2144 Browser - ok
    11:48:48.0240 0x2144 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    11:48:48.0256 0x2144 Brserid - ok
    11:48:48.0287 0x2144 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    11:48:48.0287 0x2144 BrSerWdm - ok
    11:48:48.0302 0x2144 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    11:48:48.0302 0x2144 BrUsbMdm - ok
    11:48:48.0334 0x2144 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    11:48:48.0334 0x2144 BrUsbSer - ok
    11:48:48.0380 0x2144 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
    11:48:48.0380 0x2144 BthEnum - ok
    11:48:48.0412 0x2144 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    11:48:48.0412 0x2144 BTHMODEM - ok
    11:48:48.0458 0x2144 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
    11:48:48.0458 0x2144 BthPan - ok
    11:48:48.0505 0x2144 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
    11:48:48.0536 0x2144 BTHPORT - ok
    11:48:48.0583 0x2144 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
    11:48:48.0599 0x2144 bthserv - ok
    11:48:48.0630 0x2144 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
    11:48:48.0630 0x2144 BTHUSB - ok
    11:48:48.0708 0x2144 [ 0E78584D5FACA0509DFA97BD8B635075, 5362BF3A7237361C4ACA64946BBA61F7C79737FFC35CC8E042A45CB9BE15132F ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
    11:48:48.0755 0x2144 btwampfl - ok
    11:48:48.0786 0x2144 [ 409C4117E6027672EF41E68ACE1468AD, 8FB0A11E5147EEB245527E68FCD8FEC4BF5DC820BA1F99F983CDA10829DB4F5D ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
    11:48:48.0817 0x2144 btwaudio - ok
    11:48:48.0848 0x2144 [ 8CA7CABD13316ABACE386D9F380B4CF3, 6BB8142760E3440543991A6C2A2B5CB7450E7936C9A9F9038622AAC0D79C7667 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
    11:48:48.0864 0x2144 btwavdt - ok
    11:48:49.0160 0x2144 [ 1249EDE2280F9A1564C946AFDDCD59D5, 53DBE9FF35A229C013F017130ABC77F6632EA740545492CD741778B0E3705025 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    11:48:49.0207 0x2144 btwdins - ok
    11:48:49.0238 0x2144 [ 41933521A618475644B6E8D8487AF326, A50D6CF096E45E4EA2491D61CFE165C8C8A8956E699519C4314918DE1FD31056 ] BTWDPAN C:\Windows\system32\DRIVERS\btwdpan.sys
    11:48:49.0254 0x2144 BTWDPAN - ok
    11:48:49.0270 0x2144 [ B9354F9F111C64F2495B60F1E24CB453, 67B3F5867B00F84832EF5AD649D817D27B3F200351C7C53579A63D30F8E2BFDD ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
    11:48:49.0270 0x2144 btwl2cap - ok
    11:48:49.0316 0x2144 [ 71A04F2D9DEB21B162561EB574D7D629, C4E477F38CA3C76A966DA9145ABA55EE316BDEC84FE647DB06BCB1604EFE1A94 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
    11:48:49.0316 0x2144 btwrchid - ok
    11:48:49.0512 0x2144 [ 1F79342D9EB530A48742F651E570983A, 99E0B613C23FA8591E248DFA6FF2D3EE19E262BE6E070A0E43E256B69687017F ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    11:48:49.0576 0x2144 c2cautoupdatesvc - ok
    11:48:49.0719 0x2144 [ E4938E0A376CF0B9D989EE5C0A146891, 9DF6AB5781CD60862D9664CA9A8AF0696A1FB6D09D804CD8DE9630F40DE59E90 ] c2cpnrsvc C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    11:48:49.0807 0x2144 c2cpnrsvc - ok
    11:48:49.0853 0x2144 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    11:48:49.0869 0x2144 cdfs - ok
    11:48:49.0900 0x2144 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\drivers\cdrom.sys
    11:48:49.0916 0x2144 cdrom - ok
    11:48:49.0963 0x2144 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
    11:48:49.0963 0x2144 CertPropSvc - ok
    11:48:49.0994 0x2144 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
    11:48:49.0994 0x2144 circlass - ok
    11:48:50.0025 0x2144 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
    11:48:50.0041 0x2144 CLFS - ok
    11:48:50.0165 0x2144 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    11:48:50.0181 0x2144 clr_optimization_v2.0.50727_32 - ok
    11:48:50.0306 0x2144 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    11:48:50.0306 0x2144 clr_optimization_v2.0.50727_64 - ok
    11:48:50.0571 0x2144 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    11:48:50.0587 0x2144 clr_optimization_v4.0.30319_32 - ok
    11:48:50.0633 0x2144 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    11:48:50.0649 0x2144 clr_optimization_v4.0.30319_64 - ok
    11:48:50.0696 0x2144 [ 50F92C943F18B070F166D019DFAB3D9A, A997EAFFC1598B1D0A9E1A4475F25418CA8AA6B703B53A71B1AF028E247C9950 ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
    11:48:50.0696 0x2144 clwvd - ok
    11:48:50.0727 0x2144 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
    11:48:50.0727 0x2144 CmBatt - ok
    11:48:50.0789 0x2144 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
    11:48:50.0789 0x2144 cmdide - ok
    11:48:50.0945 0x2144 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
    11:48:50.0961 0x2144 CNG - ok
    11:48:51.0008 0x2144 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    11:48:51.0008 0x2144 Compbatt - ok
    11:48:51.0070 0x2144 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    11:48:51.0070 0x2144 CompositeBus - ok
    11:48:51.0086 0x2144 COMSysApp - ok
    11:48:51.0117 0x2144 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    11:48:51.0117 0x2144 crcdisk - ok
    11:48:51.0179 0x2144 [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc C:\Windows\system32\cryptsvc.dll
    11:48:51.0179 0x2144 CryptSvc - ok
    11:48:51.0226 0x2144 [ 44BDDEB03C84A1C993C992FFB5700357, 29080E9A434BB2A932783B0B5104BC9E3C514A0FFB387123B75F4F4045E353BC ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
    11:48:51.0226 0x2144 CVirtA - ok
    11:48:51.0367 0x2144 [ 66257CB4E4FB69887CDDC71663741435, A072C2868EC3CB773F1C512C9E07D152920794969E302199E8265CFFFD3EFC2D ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    11:48:51.0429 0x2144 CVPND - ok
    11:48:51.0491 0x2144 [ CC8E52DAA9826064BA464DBE531F2BB5, 28150B5DDB4DB42839EBB4F3672EB575373046B1676938111904290DFF6DEC8E ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
    11:48:51.0569 0x2144 CVPNDRVA - ok
    11:48:51.0647 0x2144 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
    11:48:51.0679 0x2144 DcomLaunch - ok
    11:48:51.0725 0x2144 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
    11:48:51.0741 0x2144 defragsvc - ok
    11:48:51.0788 0x2144 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    11:48:51.0803 0x2144 DfsC - ok
    11:48:51.0866 0x2144 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
    11:48:51.0881 0x2144 Dhcp - ok
    11:48:51.0897 0x2144 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
    11:48:51.0897 0x2144 discache - ok
    11:48:51.0944 0x2144 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
    11:48:51.0944 0x2144 Disk - ok
    11:48:51.0991 0x2144 [ 00770F01499F40A7477BFFA84A544E89, AFA96A57EFEE9B403A0CF3FE1DB83506950B9EB629023273BE2DAAE9EECD4017 ] DisplayLinkUsbIo_x64 C:\Windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.4.51572.0.sys
    11:48:51.0991 0x2144 DisplayLinkUsbIo_x64 - ok
    11:48:52.0037 0x2144 [ 05CB5910B3CA6019FC3CCA815EE06FFB, 8FA532ED500BB1F08E8034A6125BDD53B74D5E6AB0A83A6185B07AAFCD90AA82 ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
    11:48:52.0053 0x2144 DNE - ok
    11:48:52.0100 0x2144 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    11:48:52.0115 0x2144 Dnscache - ok
    11:48:52.0178 0x2144 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
    11:48:52.0193 0x2144 dot3svc - ok
    11:48:52.0209 0x2144 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
    11:48:52.0225 0x2144 DPS - ok
    11:48:52.0271 0x2144 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    11:48:52.0271 0x2144 drmkaud - ok
    11:48:52.0381 0x2144 [ F59E2FE2687A5C30598F9099F318EB73, 80A0B1CC758BD3C4AEAB8E5804120D8A145F918B527F41DEF02A0E4EBE170F37 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    11:48:52.0427 0x2144 DXGKrnl - ok
    11:48:52.0459 0x2144 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
    11:48:52.0474 0x2144 EapHost - ok
    11:48:52.0693 0x2144 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
    11:48:52.0833 0x2144 ebdrv - ok
    11:48:52.0895 0x2144 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
    11:48:52.0911 0x2144 EFS - ok
    11:48:53.0129 0x2144 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    11:48:53.0161 0x2144 ehRecvr - ok
    11:48:53.0192 0x2144 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
    11:48:53.0192 0x2144 ehSched - ok
    11:48:53.0254 0x2144 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    11:48:53.0285 0x2144 elxstor - ok
    11:48:53.0317 0x2144 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
    11:48:53.0317 0x2144 ErrDev - ok
    11:48:53.0410 0x2144 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
    11:48:53.0426 0x2144 EventSystem - ok
    11:48:53.0473 0x2144 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
    11:48:53.0488 0x2144 exfat - ok
    11:48:53.0504 0x2144 ezSharedSvc - ok
    11:48:53.0519 0x2144 FactoryTalk Activation Service - ok
    11:48:53.0551 0x2144 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    11:48:53.0566 0x2144 fastfat - ok
    11:48:53.0613 0x2144 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
    11:48:53.0660 0x2144 Fax - ok
    11:48:53.0691 0x2144 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
    11:48:53.0691 0x2144 fdc - ok
    11:48:53.0753 0x2144 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
    11:48:53.0753 0x2144 fdPHost - ok
    11:48:53.0785 0x2144 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
    11:48:53.0785 0x2144 FDResPub - ok
    11:48:53.0847 0x2144 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    11:48:53.0863 0x2144 FileInfo - ok
    11:48:53.0878 0x2144 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    11:48:53.0894 0x2144 Filetrace - ok
    11:48:53.0909 0x2144 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    11:48:53.0925 0x2144 flpydisk - ok
    11:48:53.0956 0x2144 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    11:48:53.0987 0x2144 FltMgr - ok
    11:48:54.0081 0x2144 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
    11:48:54.0143 0x2144 FontCache - ok
    11:48:54.0190 0x2144 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    11:48:54.0190 0x2144 FontCache3.0.0.0 - ok
    11:48:54.0221 0x2144 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    11:48:54.0221 0x2144 FsDepends - ok
    11:48:54.0268 0x2144 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    11:48:54.0268 0x2144 Fs_Rec - ok
    11:48:54.0284 0x2144 FTActivationBoost - ok
    11:48:54.0331 0x2144 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    11:48:54.0346 0x2144 fvevol - ok
    11:48:54.0377 0x2144 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    11:48:54.0393 0x2144 gagp30kx - ok
    11:48:54.0424 0x2144 [ A1F556318931B9EA276F4E2DA2C1791C, 1E5564A9B213689C56BFBBEC1A7BBFAD78DF1FB55422171C0680935338C5DE57 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
    11:48:54.0440 0x2144 ggflt - ok
    11:48:54.0471 0x2144 [ 7F56A3E09A6AD40B07E4EFAD34A40A18, E0EC4293035162E9EFA89A45FFF26B5BC829F7BB7F4D2D5A2CAA5E88AC6DC0C9 ] ggsomc C:\Windows\system32\DRIVERS\ggsomc.sys
    11:48:54.0487 0x2144 ggsomc - ok
    11:48:54.0518 0x2144 globalUpdate - ok
    11:48:54.0533 0x2144 globalUpdatem - ok
    11:48:54.0596 0x2144 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
    11:48:54.0627 0x2144 gpsvc - ok
    11:48:54.0674 0x2144 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    11:48:54.0674 0x2144 hcw85cir - ok
    11:48:54.0721 0x2144 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    11:48:54.0736 0x2144 HdAudAddService - ok
    11:48:54.0752 0x2144 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    11:48:54.0767 0x2144 HDAudBus - ok
    11:48:54.0783 0x2144 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    11:48:54.0799 0x2144 HidBatt - ok
    11:48:54.0830 0x2144 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    11:48:54.0830 0x2144 HidBth - ok
    11:48:54.0877 0x2144 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
    11:48:54.0877 0x2144 HidIr - ok
    11:48:54.0955 0x2144 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
    11:48:54.0955 0x2144 hidserv - ok
    11:48:55.0001 0x2144 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    11:48:55.0001 0x2144 HidUsb - ok
    11:48:55.0048 0x2144 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
    11:48:55.0064 0x2144 hkmsvc - ok
    11:48:55.0095 0x2144 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    11:48:55.0111 0x2144 HomeGroupListener - ok
    11:48:55.0157 0x2144 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    11:48:55.0173 0x2144 HomeGroupProvider - ok
    11:48:55.0251 0x2144 HP Support Assistant Service - ok
    11:48:55.0329 0x2144 [ 6A181452D4E240B8ECC7614B9A19BDE9, 3E458A737DA597DF007D278E9D81F2BF259AB4B97A4C188CEDAEA1F144B1074F ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    11:48:55.0345 0x2144 HPClientSvc - ok
    11:48:55.0376 0x2144 [ 4E0BEC0F78096FFD6D3314B497FC49D3, 15B545815D0C80102963FFF13B6643CC9A74717137C1CBA45345B18912E72DB6 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
    11:48:55.0376 0x2144 hpdskflt - ok
    11:48:55.0532 0x2144 [ DBDC0581D4506C13E6BEF48D14B1C55B, 264F8F225EB1CD0240EC3195A595CF057A5081725121A2DE56909D2E73BDD207 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    11:48:56.0218 0x2144 hpqwmiex - ok
    11:48:56.0249 0x2144 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    11:48:56.0265 0x2144 HpSAMD - ok
    11:48:56.0296 0x2144 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278, E85A7BF1CFE52BA7D663A1ED48A4F8874EFBDDF48979138F7E3E24817705B6A1 ] hpsrv C:\Windows\system32\Hpservice.exe
    11:48:56.0296 0x2144 hpsrv - ok
    11:48:56.0359 0x2144 [ 491CE9B6321FB74E4B37AF2C47F98434, DCB996386B10A3198D7EACEAB74D838399908FD443577918B7E55D47930165A0 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    11:48:56.0405 0x2144 HPWMISVC - ok
    11:48:56.0452 0x2144 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    11:48:56.0499 0x2144 HTTP - ok
    11:48:56.0515 0x2144 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    11:48:56.0515 0x2144 hwpolicy - ok
    11:48:56.0561 0x2144 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    11:48:56.0561 0x2144 i8042prt - ok
    11:48:56.0608 0x2144 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    11:48:56.0624 0x2144 iaStorV - ok
    11:48:56.0764 0x2144 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    11:48:56.0811 0x2144 idsvc - ok
    11:48:56.0827 0x2144 IEEtwCollectorService - ok
    11:48:56.0889 0x2144 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    11:48:56.0889 0x2144 iirsp - ok
    11:48:57.0029 0x2144 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
    11:48:57.0076 0x2144 IKEEXT - ok
    11:48:57.0154 0x2144 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
    11:48:57.0154 0x2144 intelide - ok
    11:48:57.0217 0x2144 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\drivers\intelppm.sys
    11:48:57.0232 0x2144 intelppm - ok
    11:48:57.0279 0x2144 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    11:48:57.0295 0x2144 IPBusEnum - ok
     
  5. Mahtab

    Mahtab TS Rookie Topic Starter Posts: 26

    11:48:57.0341 0x2144 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

    11:48:57.0341 0x2144 IpFilterDriver - ok

    11:48:57.0419 0x2144 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

    11:48:57.0451 0x2144 iphlpsvc - ok

    11:48:57.0497 0x2144 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

    11:48:57.0513 0x2144 IPMIDRV - ok

    11:48:57.0544 0x2144 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys

    11:48:57.0560 0x2144 IPNAT - ok

    11:48:57.0591 0x2144 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys

    11:48:57.0591 0x2144 IRENUM - ok

    11:48:57.0622 0x2144 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys

    11:48:57.0622 0x2144 isapnp - ok

    11:48:57.0700 0x2144 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

    11:48:57.0716 0x2144 iScsiPrt - ok

    11:48:57.0747 0x2144 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

    11:48:57.0747 0x2144 kbdclass - ok

    11:48:57.0794 0x2144 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

    11:48:57.0794 0x2144 kbdhid - ok

    11:48:57.0825 0x2144 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe

    11:48:57.0841 0x2144 KeyIso - ok

    11:48:57.0872 0x2144 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

    11:48:57.0887 0x2144 KSecDD - ok

    11:48:57.0934 0x2144 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

    11:48:57.0934 0x2144 KSecPkg - ok

    11:48:57.0981 0x2144 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

    11:48:57.0981 0x2144 ksthunk - ok

    11:48:58.0043 0x2144 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll

    11:48:58.0059 0x2144 KtmRm - ok

    11:48:58.0121 0x2144 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll

    11:48:58.0137 0x2144 LanmanServer - ok

    11:48:58.0199 0x2144 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

    11:48:58.0231 0x2144 LanmanWorkstation - ok

    11:48:58.0293 0x2144 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

    11:48:58.0293 0x2144 lltdio - ok

    11:48:58.0355 0x2144 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll

    11:48:58.0371 0x2144 lltdsvc - ok

    11:48:58.0387 0x2144 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll

    11:48:58.0402 0x2144 lmhosts - ok

    11:48:58.0465 0x2144 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

    11:48:58.0480 0x2144 LSI_FC - ok

    11:48:58.0496 0x2144 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

    11:48:58.0511 0x2144 LSI_SAS - ok

    11:48:58.0558 0x2144 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

    11:48:58.0558 0x2144 LSI_SAS2 - ok

    11:48:58.0589 0x2144 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

    11:48:58.0589 0x2144 LSI_SCSI - ok

    11:48:58.0636 0x2144 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys

    11:48:58.0636 0x2144 luafv - ok

    11:48:58.0730 0x2144 [ 5C3669B71657F22E67A1D4BD49D2CBE7, 7CAE59AA6CA9CBBD70BBD707A155FB169BF3F71096275BF7C0F415B6A092C671 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

    11:48:58.0730 0x2144 MBAMProtector - ok

    11:48:58.0948 0x2144 [ 6D8A2EE4244630B290A837E79C0F37A1, 6783BBC0BDC93E4D6D43531A1AD0DF5CD26C3BBFA6384927C5CF65AD97FB04AD ] MBAMScheduler C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

    11:48:59.0026 0x2144 MBAMScheduler - ok

    11:48:59.0167 0x2144 [ 09D4503CBB6ADB3A54E7C7A75090B728, 6139EA3338FD64205481EDEC813A44F8D395FDA7B67AA431DA61F3631C3EDAE6 ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

    11:48:59.0213 0x2144 MBAMService - ok

    11:48:59.0291 0x2144 [ 26C43960C99EE861A5D0EDC4DCF3B1C3, 6238FB8E785652040CCE3E7044EA52066CE1BF173A1467474D64A3AB214B6BCD ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys

    11:48:59.0291 0x2144 MBAMSwissArmy - ok

    11:48:59.0369 0x2144 [ 95EF63A7827D4E3A229CBBCB42619E93, FA38DD035B2C4FC82B60868F49D45A39FBBC96096AAD5A2C8BD752A250255BA7 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys

    11:48:59.0385 0x2144 MBAMWebAccessControl - ok

    11:48:59.0432 0x2144 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

    11:48:59.0447 0x2144 Mcx2Svc - ok

    11:48:59.0494 0x2144 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys

    11:48:59.0510 0x2144 megasas - ok

    11:48:59.0588 0x2144 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

    11:48:59.0603 0x2144 MegaSR - ok

    11:48:59.0650 0x2144 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll

    11:48:59.0666 0x2144 MMCSS - ok

    11:48:59.0697 0x2144 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys

    11:48:59.0697 0x2144 Modem - ok

    11:48:59.0728 0x2144 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

    11:48:59.0728 0x2144 monitor - ok

    11:48:59.0775 0x2144 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

    11:48:59.0775 0x2144 mouclass - ok

    11:48:59.0806 0x2144 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

    11:48:59.0806 0x2144 mouhid - ok

    11:48:59.0837 0x2144 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

    11:48:59.0837 0x2144 mountmgr - ok

    11:48:59.0900 0x2144 [ 28048289E32294004A86935CC40A3252, D397C3BAD6BCDA33FA0982E10677598E8BDF69A0933D19A36873CB45BA4FB819 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

    11:48:59.0900 0x2144 MozillaMaintenance - ok

    11:48:59.0962 0x2144 [ 6439D1E559D08BD8A1465A8943357053, 0E300508C22D12FBA3BE566B722F574CBE1B4A1A305356B92B8EA8B86267071B ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

    11:48:59.0978 0x2144 MpFilter - ok

    11:49:00.0025 0x2144 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys

    11:49:00.0040 0x2144 mpio - ok

    11:49:00.0071 0x2144 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

    11:49:00.0071 0x2144 mpsdrv - ok

    11:49:00.0149 0x2144 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll

    11:49:00.0196 0x2144 MpsSvc - ok

    11:49:00.0259 0x2144 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

    11:49:00.0259 0x2144 MRxDAV - ok

    11:49:00.0337 0x2144 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

    11:49:00.0337 0x2144 mrxsmb - ok

    11:49:00.0399 0x2144 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

    11:49:00.0415 0x2144 mrxsmb10 - ok

    11:49:00.0446 0x2144 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

    11:49:00.0446 0x2144 mrxsmb20 - ok

    11:49:00.0493 0x2144 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys

    11:49:00.0493 0x2144 msahci - ok

    11:49:00.0555 0x2144 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys

    11:49:00.0555 0x2144 msdsm - ok

    11:49:00.0617 0x2144 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe

    11:49:00.0633 0x2144 MSDTC - ok

    11:49:00.0680 0x2144 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys

    11:49:00.0680 0x2144 Msfs - ok

    11:49:00.0711 0x2144 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

    11:49:00.0711 0x2144 mshidkmdf - ok

    11:49:00.0758 0x2144 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

    11:49:00.0758 0x2144 msisadrv - ok

    11:49:00.0805 0x2144 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

    11:49:00.0820 0x2144 MSiSCSI - ok

    11:49:00.0836 0x2144 msiserver - ok

    11:49:00.0851 0x2144 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

    11:49:00.0867 0x2144 MSKSSRV - ok

    11:49:00.0992 0x2144 [ F0D5494D8B177C37E16966262F5D0F68, DD63427DFFD9DD2BEC8336F6AD1BEFE347012331631DC5FEC65E83B1EACDBC67 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe

    11:49:00.0992 0x2144 MsMpSvc - ok

    11:49:01.0070 0x2144 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

    11:49:01.0070 0x2144 MSPCLOCK - ok

    11:49:01.0101 0x2144 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

    11:49:01.0101 0x2144 MSPQM - ok

    11:49:01.0179 0x2144 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

    11:49:01.0195 0x2144 MsRPC - ok

    11:49:01.0257 0x2144 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

    11:49:01.0257 0x2144 mssmbios - ok

    11:49:01.0273 0x2144 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

    11:49:01.0273 0x2144 MSTEE - ok

    11:49:01.0319 0x2144 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

    11:49:01.0319 0x2144 MTConfig - ok

    11:49:01.0351 0x2144 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys

    11:49:01.0351 0x2144 Mup - ok

    11:49:01.0444 0x2144 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll

    11:49:01.0460 0x2144 napagent - ok

    11:49:01.0522 0x2144 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

    11:49:01.0538 0x2144 NativeWifiP - ok

    11:49:01.0647 0x2144 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys

    11:49:01.0694 0x2144 NDIS - ok

    11:49:01.0725 0x2144 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

    11:49:01.0741 0x2144 NdisCap - ok

    11:49:01.0756 0x2144 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

    11:49:01.0756 0x2144 NdisTapi - ok

    11:49:01.0787 0x2144 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

    11:49:01.0787 0x2144 Ndisuio - ok

    11:49:01.0819 0x2144 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

    11:49:01.0834 0x2144 NdisWan - ok

    11:49:01.0850 0x2144 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

    11:49:01.0865 0x2144 NDProxy - ok

    11:49:01.0897 0x2144 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

    11:49:01.0897 0x2144 NetBIOS - ok

    11:49:01.0943 0x2144 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

    11:49:01.0959 0x2144 NetBT - ok

    11:49:02.0006 0x2144 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe

    11:49:02.0006 0x2144 Netlogon - ok

    11:49:02.0068 0x2144 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll

    11:49:02.0084 0x2144 Netman - ok

    11:49:02.0146 0x2144 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    11:49:02.0162 0x2144 NetMsmqActivator - ok

    11:49:02.0193 0x2144 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    11:49:02.0193 0x2144 NetPipeActivator - ok

    11:49:02.0240 0x2144 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll

    11:49:02.0271 0x2144 netprofm - ok

    11:49:02.0287 0x2144 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    11:49:02.0302 0x2144 NetTcpActivator - ok

    11:49:02.0318 0x2144 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    11:49:02.0333 0x2144 NetTcpPortSharing - ok

    11:49:02.0380 0x2144 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

    11:49:02.0380 0x2144 nfrd960 - ok

    11:49:02.0411 0x2144 [ F9EEFFC65C68A45001D1349E652B8B6F, E5F223129416083A12A85D48C65B2C8D1BF1124110399938E144308C89F9241D ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys

    11:49:02.0427 0x2144 NisDrv - ok

    11:49:02.0489 0x2144 [ 9690F420A99364C1E5C439914B0DE25C, 6C6E0B27C4255001FE5F1EAD911DE1A8BF922C405B0C8031A6BD253CEB1D02A6 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe

    11:49:02.0505 0x2144 NisSrv - ok

    11:49:02.0552 0x2144 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll

    11:49:02.0567 0x2144 NlaSvc - ok

    11:49:02.0614 0x2144 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys

    11:49:02.0614 0x2144 Npfs - ok

    11:49:02.0661 0x2144 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll

    11:49:02.0661 0x2144 nsi - ok

    11:49:02.0692 0x2144 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

    11:49:02.0692 0x2144 nsiproxy - ok

    11:49:02.0895 0x2144 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

    11:49:02.0973 0x2144 Ntfs - ok

    11:49:03.0004 0x2144 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys

    11:49:03.0020 0x2144 Null - ok

    11:49:03.0067 0x2144 [ A85B4F2EF3A7304A5399EF0526423040, E45854691BA6AE36E53C2922CC93FF13DC2D84CBE7FE13A2F0B1CE1C16D1D158 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys

    11:49:03.0098 0x2144 NVENETFD - ok

    11:49:03.0160 0x2144 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys

    11:49:03.0160 0x2144 nvraid - ok

    11:49:03.0207 0x2144 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys

    11:49:03.0223 0x2144 nvstor - ok

    11:49:03.0254 0x2144 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

    11:49:03.0269 0x2144 nv_agp - ok

    11:49:03.0410 0x2144 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

    11:49:03.0441 0x2144 odserv - ok

    11:49:03.0488 0x2144 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

    11:49:03.0488 0x2144 ohci1394 - ok

    11:49:03.0535 0x2144 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

    11:49:03.0550 0x2144 ose - ok

    11:49:03.0628 0x2144 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

    11:49:03.0644 0x2144 p2pimsvc - ok

    11:49:03.0706 0x2144 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll

    11:49:03.0722 0x2144 p2psvc - ok

    11:49:03.0753 0x2144 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys

    11:49:03.0753 0x2144 Parport - ok

    11:49:03.0815 0x2144 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys

    11:49:03.0815 0x2144 partmgr - ok

    11:49:03.0878 0x2144 [ 256390425414F90FCBC12F525A84EB11, A4992020BF6A239AD8A77125426E2C39980C9ABC971C4DBCB24B358F946AD7F9 ] PcaSvc C:\Windows\System32\pcasvc.dll

    11:49:03.0893 0x2144 PcaSvc - ok

    11:49:03.0925 0x2144 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys

    11:49:03.0940 0x2144 pci - ok

    11:49:03.0987 0x2144 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys

    11:49:03.0987 0x2144 pciide - ok

    11:49:04.0034 0x2144 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

    11:49:04.0049 0x2144 pcmcia - ok

    11:49:04.0096 0x2144 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys

    11:49:04.0096 0x2144 pcw - ok

    11:49:04.0205 0x2144 [ 946010CDFA91469351B22E2620CEBCD8, F099C92706D42ADC289B72724F7932E5D4F62A427AEC967DDB0A1D728AE59A63 ] PEAUTH C:\Windows\system32\drivers\peauth.sys

    11:49:04.0237 0x2144 PEAUTH - ok

    11:49:04.0517 0x2144 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe

    11:49:04.0517 0x2144 PerfHost - ok

    11:49:04.0767 0x2144 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll

    11:49:04.0829 0x2144 pla - ok

    11:49:04.0907 0x2144 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

    11:49:04.0923 0x2144 PlugPlay - ok

    11:49:05.0017 0x2144 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

    11:49:05.0032 0x2144 PNRPAutoReg - ok

    11:49:05.0079 0x2144 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

    11:49:05.0110 0x2144 PNRPsvc - ok

    11:49:05.0188 0x2144 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

    11:49:05.0219 0x2144 PolicyAgent - ok

    11:49:05.0297 0x2144 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll

    11:49:05.0313 0x2144 Power - ok

    11:49:05.0360 0x2144 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

    11:49:05.0360 0x2144 PptpMiniport - ok

    11:49:05.0391 0x2144 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys

    11:49:05.0407 0x2144 Processor - ok

    11:49:05.0453 0x2144 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll

    11:49:05.0469 0x2144 ProfSvc - ok

    11:49:05.0500 0x2144 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe

    11:49:05.0500 0x2144 ProtectedStorage - ok

    11:49:05.0563 0x2144 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys

    11:49:05.0578 0x2144 Psched - ok

    11:49:05.0703 0x2144 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

    11:49:05.0765 0x2144 ql2300 - ok

    11:49:05.0812 0x2144 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

    11:49:05.0812 0x2144 ql40xx - ok

    11:49:05.0875 0x2144 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll

    11:49:05.0890 0x2144 QWAVE - ok

    11:49:05.0921 0x2144 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

    11:49:05.0937 0x2144 QWAVEdrv - ok

    11:49:05.0968 0x2144 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

    11:49:05.0968 0x2144 RasAcd - ok

    11:49:06.0015 0x2144 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

    11:49:06.0015 0x2144 RasAgileVpn - ok

    11:49:06.0093 0x2144 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll

    11:49:06.0109 0x2144 RasAuto - ok

    11:49:06.0155 0x2144 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

    11:49:06.0171 0x2144 Rasl2tp - ok

    11:49:06.0218 0x2144 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll

    11:49:06.0249 0x2144 RasMan - ok

    11:49:06.0265 0x2144 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

    11:49:06.0280 0x2144 RasPppoe - ok

    11:49:06.0327 0x2144 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

    11:49:06.0327 0x2144 RasSstp - ok

    11:49:06.0374 0x2144 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

    11:49:06.0389 0x2144 rdbss - ok

    11:49:06.0436 0x2144 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

    11:49:06.0436 0x2144 rdpbus - ok

    11:49:06.0467 0x2144 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

    11:49:06.0467 0x2144 RDPCDD - ok

    11:49:06.0499 0x2144 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

    11:49:06.0514 0x2144 RDPENCDD - ok

    11:49:06.0545 0x2144 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

    11:49:06.0561 0x2144 RDPREFMP - ok

    11:49:06.0655 0x2144 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

    11:49:06.0655 0x2144 RdpVideoMiniport - ok

    11:49:06.0733 0x2144 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

    11:49:06.0748 0x2144 RDPWD - ok

    11:49:06.0811 0x2144 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

    11:49:06.0842 0x2144 rdyboost - ok

    11:49:06.0935 0x2144 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll

    11:49:06.0951 0x2144 RemoteAccess - ok

    11:49:07.0045 0x2144 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll

    11:49:07.0045 0x2144 RemoteRegistry - ok

    11:49:07.0107 0x2144 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

    11:49:07.0123 0x2144 RFCOMM - ok

    11:49:07.0216 0x2144 [ DD313735DA6029E3364D0A54091874DC, 77FC4DC4380DA613FB206F9F4B90A5602C17F7C36CFD12142FDBC315EC1C7598 ] RNADiagnosticsService C:\Program Files (x86)\Common Files\Rockwell\RNADiagnosticsSrv.exe

    11:49:07.0279 0x2144 RNADiagnosticsService - ok

    11:49:07.0325 0x2144 [ 18F60539E2B05A25F389765BA212EC48, 7B57A39B9D02EACC6B4A3AEFFECD30CA49B785E9C2E6391DBAA0B6ADE0F00163 ] RNADiagReceiver C:\Program Files (x86)\Common Files\Rockwell\RNADiagReceiver.exe

    11:49:07.0497 0x2144 RNADiagReceiver - ok

    11:49:07.0544 0x2144 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

    11:49:07.0559 0x2144 RpcEptMapper - ok

    11:49:07.0606 0x2144 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe

    11:49:07.0606 0x2144 RpcLocator - ok

    11:49:07.0669 0x2144 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll

    11:49:07.0684 0x2144 RpcSs - ok

    11:49:07.0747 0x2144 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

    11:49:07.0762 0x2144 rspndr - ok

    11:49:07.0809 0x2144 [ 135A64530D7699AD48F29D73A658DD11, 35838AE8ACFD9047C68DD0C8910557A82998E5CD778D5B98D4767AFA4BCE85BB ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys

    11:49:07.0825 0x2144 RSUSBSTOR - ok

    11:49:07.0887 0x2144 [ 8EDD7060FF6599D3EF949AEB698145A4, 4691B0CAE568CDF80BC85B22FF1FA7736A3E8D464D2A40D41FDB46DF3BB8AB8D ] RsvcHost C:\Program Files (x86)\Common Files\Rockwell\RsvcHost.exe

    11:49:08.0027 0x2144 RsvcHost - ok

    11:49:08.0121 0x2144 [ EE082E06A82FF630351D1E0EBBD3D8D0, 537F1A4108BDA72E8DD271466E7B7FCF39D4D55E4129AB35A409AB7AF2E7D219 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

    11:49:08.0152 0x2144 RTL8167 - ok

    11:49:08.0183 0x2144 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe

    11:49:08.0199 0x2144 SamSs – ok

    11:49:08.0246 0x2144 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
     
  6. Mahtab

    Mahtab TS Rookie Topic Starter Posts: 26

    11:49:08.0246 0x2144 sbp2port - ok

    11:49:08.0308 0x2144 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll

    11:49:08.0324 0x2144 SCardSvr - ok

    11:49:08.0371 0x2144 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

    11:49:08.0371 0x2144 scfilter - ok

    11:49:08.0464 0x2144 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll

    11:49:08.0511 0x2144 Schedule - ok

    11:49:08.0558 0x2144 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll

    11:49:08.0573 0x2144 SCPolicySvc - ok

    11:49:08.0620 0x2144 [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys

    11:49:08.0620 0x2144 sdbus - ok

    11:49:08.0667 0x2144 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll

    11:49:08.0683 0x2144 SDRSVC - ok

    11:49:08.0714 0x2144 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys

    11:49:08.0714 0x2144 secdrv - ok

    11:49:08.0745 0x2144 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll

    11:49:08.0745 0x2144 seclogon - ok

    11:49:08.0792 0x2144 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll

    11:49:08.0792 0x2144 SENS - ok

    11:49:08.0870 0x2144 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll

    11:49:08.0885 0x2144 SensrSvc - ok

    11:49:08.0963 0x2144 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys

    11:49:08.0963 0x2144 Serenum - ok

    11:49:09.0057 0x2144 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys

    11:49:09.0073 0x2144 Serial - ok

    11:49:09.0119 0x2144 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys

    11:49:09.0119 0x2144 sermouse - ok

    11:49:09.0260 0x2144 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll

    11:49:09.0275 0x2144 SessionEnv - ok

    11:49:09.0322 0x2144 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

    11:49:09.0322 0x2144 sffdisk - ok

    11:49:09.0369 0x2144 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

    11:49:09.0369 0x2144 sffp_mmc - ok

    11:49:09.0431 0x2144 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

    11:49:09.0431 0x2144 sffp_sd - ok

    11:49:09.0478 0x2144 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

    11:49:09.0494 0x2144 sfloppy - ok

    11:49:09.0587 0x2144 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll

    11:49:09.0603 0x2144 SharedAccess - ok

    11:49:09.0681 0x2144 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

    11:49:09.0712 0x2144 ShellHWDetection - ok

    11:49:09.0775 0x2144 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

    11:49:09.0775 0x2144 SiSRaid2 - ok

    11:49:09.0837 0x2144 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

    11:49:09.0837 0x2144 SiSRaid4 - ok

    11:49:09.0977 0x2144 [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

    11:49:09.0993 0x2144 SkypeUpdate - ok

    11:49:10.0055 0x2144 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys

    11:49:10.0055 0x2144 Smb - ok

    11:49:10.0149 0x2144 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

    11:49:10.0149 0x2144 SNMPTRAP - ok

    11:49:10.0305 0x2144 [ 3A4F2C0BB87A0895ABEBA341AA1E341B, 4DADEEF3C5D181502D6F4A00FBBF3B001FA626E49569FB330D7AE2955CC7DE08 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe

    11:49:10.0414 0x2144 Sony PC Companion - ok

    11:49:10.0477 0x2144 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys

    11:49:10.0477 0x2144 spldr - ok

    11:49:10.0570 0x2144 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe

    11:49:10.0586 0x2144 Spooler - ok

    11:49:10.0851 0x2144 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe

    11:49:11.0007 0x2144 sppsvc - ok

    11:49:11.0085 0x2144 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll

    11:49:11.0085 0x2144 sppuinotify - ok

    11:49:11.0163 0x2144 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys

    11:49:11.0179 0x2144 srv - ok

    11:49:11.0241 0x2144 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

    11:49:11.0257 0x2144 srv2 - ok

    11:49:11.0335 0x2144 [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS

    11:49:11.0350 0x2144 SrvHsfHDA - ok

    11:49:11.0459 0x2144 [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS

    11:49:11.0537 0x2144 SrvHsfV92 - ok

    11:49:11.0600 0x2144 [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

    11:49:11.0631 0x2144 SrvHsfWinac - ok

    11:49:11.0678 0x2144 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

    11:49:11.0693 0x2144 srvnet - ok

    11:49:11.0787 0x2144 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

    11:49:11.0803 0x2144 SSDPSRV - ok

    11:49:11.0849 0x2144 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll

    11:49:11.0849 0x2144 SstpSvc - ok

    11:49:12.0052 0x2144 [ 7EAE822E0153D5815FF842FD57D2A49E, 6DD1F5059CF00B407330A552AF2B3042CE7D2C577C367D0B9A7F3A0E496DD654 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe

    11:49:12.0083 0x2144 STacSV - ok

    11:49:12.0130 0x2144 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys

    11:49:12.0146 0x2144 stexstor - ok

    11:49:12.0224 0x2144 [ 6EFE5345D1C187973760AF3B7B10F636, A5D74BFA4519B2EE8F1824DF9FA27DED6A43EAF5ADDA39FE89504D4FADFF6997 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys

    11:49:12.0255 0x2144 STHDA - ok

    11:49:12.0364 0x2144 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll

    11:49:12.0395 0x2144 stisvc - ok

    11:49:12.0442 0x2144 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys

    11:49:12.0458 0x2144 swenum - ok

    11:49:12.0536 0x2144 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll

    11:49:12.0567 0x2144 swprv - ok

    11:49:12.0692 0x2144 [ BD40D01D81669B02CB8366EB10DE95A8, 901CF3FEA4B20EF1FBE63CBED7537120DD3CAB7EF3EA66E1609514772FE40D41 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

    11:49:12.0754 0x2144 SynTP - ok

    11:49:12.0957 0x2144 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll

    11:49:13.0035 0x2144 SysMain - ok

    11:49:13.0082 0x2144 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll

    11:49:13.0082 0x2144 TabletInputService - ok

    11:49:13.0144 0x2144 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll

    11:49:13.0160 0x2144 TapiSrv - ok

    11:49:13.0207 0x2144 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll

    11:49:13.0207 0x2144 TBS - ok

    11:49:13.0378 0x2144 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

    11:49:13.0472 0x2144 Tcpip - ok

    11:49:13.0581 0x2144 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

    11:49:13.0659 0x2144 TCPIP6 - ok

    11:49:13.0737 0x2144 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

    11:49:13.0753 0x2144 tcpipreg - ok

    11:49:13.0831 0x2144 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

    11:49:13.0831 0x2144 TDPIPE - ok

    11:49:13.0909 0x2144 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

    11:49:13.0909 0x2144 TDTCP - ok

    11:49:13.0955 0x2144 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

    11:49:13.0971 0x2144 tdx - ok

    11:49:14.0018 0x2144 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys

    11:49:14.0018 0x2144 TermDD - ok

    11:49:14.0111 0x2144 [ 4FC4C50985E5B840F4D72E57286887B8, 0BCBB4A938803AE3A3532B6D8FFC85594AA9AEF5D8F9792684841BEA8780AE9E ] TermService C:\Windows\System32\termsrv.dll

    11:49:14.0143 0x2144 TermService - ok

    11:49:14.0189 0x2144 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll

    11:49:14.0205 0x2144 Themes - ok

    11:49:14.0252 0x2144 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll

    11:49:14.0252 0x2144 THREADORDER - ok

    11:49:14.0299 0x2144 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll

    11:49:14.0314 0x2144 TrkWks - ok

    11:49:14.0392 0x2144 [ 370A6907DDF79532A39319492B1FA38A, 46AECC5160F04FC3FFE4D37B404CCBBD1C5DC1501C2CEEE8284FF544DBDF10F8 ] truecrypt C:\Windows\system32\drivers\truecrypt.sys

    11:49:14.0423 0x2144 truecrypt - ok

    11:49:14.0517 0x2144 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

    11:49:14.0533 0x2144 TrustedInstaller - ok

    11:49:14.0626 0x2144 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

    11:49:14.0626 0x2144 tssecsrv - ok

    11:49:14.0689 0x2144 [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

    11:49:14.0689 0x2144 TsUsbFlt - ok

    11:49:14.0735 0x2144 [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

    11:49:14.0751 0x2144 TsUsbGD - ok

    11:49:14.0798 0x2144 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

    11:49:14.0798 0x2144 tunnel - ok

    11:49:14.0891 0x2144 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

    11:49:14.0907 0x2144 uagp35 - ok

    11:49:15.0001 0x2144 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

    11:49:15.0032 0x2144 udfs - ok

    11:49:15.0141 0x2144 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe

    11:49:15.0141 0x2144 UI0Detect - ok

    11:49:15.0188 0x2144 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

    11:49:15.0188 0x2144 uliagpkx - ok

    11:49:15.0235 0x2144 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys

    11:49:15.0235 0x2144 umbus - ok

    11:49:15.0297 0x2144 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys

    11:49:15.0297 0x2144 UmPass - ok

    11:49:15.0344 0x2144 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll

    11:49:15.0359 0x2144 upnphost - ok

    11:49:15.0437 0x2144 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

    11:49:15.0437 0x2144 usbaudio - ok

    11:49:15.0500 0x2144 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

    11:49:15.0515 0x2144 usbccgp - ok

    11:49:15.0562 0x2144 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys

    11:49:15.0562 0x2144 usbcir - ok

    11:49:15.0609 0x2144 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

    11:49:15.0625 0x2144 usbehci - ok

    11:49:15.0671 0x2144 [ 1196EAD6FF3714BB6B17590ADC5B61CF, 3D0BF3FEB4B61354124D565BB1B63520491FC976AFD9A26BA1E6BE8AF873DFEE ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys

    11:49:15.0671 0x2144 usbfilter - ok

    11:49:15.0734 0x2144 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

    11:49:15.0749 0x2144 usbhub - ok

    11:49:15.0812 0x2144 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

    11:49:15.0812 0x2144 usbohci - ok

    11:49:15.0859 0x2144 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys

    11:49:15.0859 0x2144 usbprint - ok

    11:49:15.0905 0x2144 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

    11:49:15.0921 0x2144 USBSTOR - ok

    11:49:15.0952 0x2144 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

    11:49:15.0952 0x2144 usbuhci - ok

    11:49:16.0030 0x2144 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

    11:49:16.0046 0x2144 usbvideo - ok

    11:49:16.0108 0x2144 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll

    11:49:16.0124 0x2144 UxSms - ok

    11:49:16.0171 0x2144 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe

    11:49:16.0171 0x2144 VaultSvc - ok

    11:49:16.0217 0x2144 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

    11:49:16.0233 0x2144 vdrvroot - ok

    11:49:16.0295 0x2144 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe

    11:49:16.0327 0x2144 vds - ok

    11:49:16.0389 0x2144 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

    11:49:16.0389 0x2144 vga - ok

    11:49:16.0420 0x2144 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys

    11:49:16.0420 0x2144 VgaSave - ok

    11:49:16.0498 0x2144 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

    11:49:16.0498 0x2144 vhdmp - ok

    11:49:16.0561 0x2144 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys

    11:49:16.0576 0x2144 viaide - ok

    11:49:16.0623 0x2144 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys

    11:49:16.0639 0x2144 volmgr - ok

    11:49:16.0701 0x2144 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

    11:49:16.0717 0x2144 volmgrx - ok

    11:49:16.0795 0x2144 [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap C:\Windows\system32\drivers\volsnap.sys

    11:49:16.0810 0x2144 volsnap - ok

    11:49:16.0919 0x2144 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

    11:49:16.0935 0x2144 vsmraid - ok

    11:49:17.0091 0x2144 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe

    11:49:17.0169 0x2144 VSS - ok

    11:49:17.0216 0x2144 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

    11:49:17.0216 0x2144 vwifibus - ok

    11:49:17.0263 0x2144 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

    11:49:17.0278 0x2144 vwififlt - ok

    11:49:17.0325 0x2144 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll

    11:49:17.0356 0x2144 W32Time - ok

    11:49:17.0419 0x2144 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

    11:49:17.0419 0x2144 WacomPen - ok

    11:49:17.0450 0x2144 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

    11:49:17.0465 0x2144 WANARP - ok

    11:49:17.0497 0x2144 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

    11:49:17.0497 0x2144 Wanarpv6 - ok

    11:49:17.0606 0x2144 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

    11:49:17.0668 0x2144 WatAdminSvc - ok

    11:49:17.0824 0x2144 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe

    11:49:17.0887 0x2144 wbengine - ok

    11:49:17.0933 0x2144 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

    11:49:17.0949 0x2144 WbioSrvc - ok

    11:49:18.0011 0x2144 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll

    11:49:18.0027 0x2144 wcncsvc - ok

    11:49:18.0058 0x2144 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

    11:49:18.0074 0x2144 WcsPlugInService - ok

    11:49:18.0121 0x2144 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys

    11:49:18.0136 0x2144 Wd - ok

    11:49:18.0230 0x2144 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

    11:49:18.0261 0x2144 Wdf01000 - ok

    11:49:18.0323 0x2144 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll

    11:49:18.0323 0x2144 WdiServiceHost - ok

    11:49:18.0355 0x2144 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll

    11:49:18.0370 0x2144 WdiSystemHost - ok

    11:49:18.0448 0x2144 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll

    11:49:18.0464 0x2144 WebClient - ok

    11:49:18.0526 0x2144 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll

    11:49:18.0542 0x2144 Wecsvc - ok

    11:49:18.0573 0x2144 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll

    11:49:18.0589 0x2144 wercplsupport - ok

    11:49:18.0620 0x2144 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll

    11:49:18.0635 0x2144 WerSvc - ok

    11:49:18.0682 0x2144 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

    11:49:18.0682 0x2144 WfpLwf - ok

    11:49:18.0713 0x2144 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys

    11:49:18.0729 0x2144 WIMMount - ok

    11:49:18.0791 0x2144 WinDefend - ok

    11:49:18.0885 0x2144 WinHttpAutoProxySvc - ok

    11:49:19.0025 0x2144 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

    11:49:19.0057 0x2144 Winmgmt - ok

    11:49:19.0228 0x2144 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll

    11:49:19.0322 0x2144 WinRM - ok

    11:49:19.0462 0x2144 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

    11:49:19.0462 0x2144 WinUsb - ok

    11:49:19.0587 0x2144 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll

    11:49:19.0618 0x2144 Wlansvc - ok

    11:49:19.0946 0x2144 [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    11:49:20.0055 0x2144 wlidsvc - ok

    11:49:20.0149 0x2144 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

    11:49:20.0149 0x2144 WmiAcpi - ok

    11:49:20.0227 0x2144 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

    11:49:20.0242 0x2144 wmiApSrv - ok

    11:49:20.0289 0x2144 WMPNetworkSvc - ok

    11:49:20.0351 0x2144 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll

    11:49:20.0367 0x2144 WPCSvc - ok

    11:49:20.0398 0x2144 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

    11:49:20.0414 0x2144 WPDBusEnum - ok

    11:49:20.0492 0x2144 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

    11:49:20.0492 0x2144 ws2ifsl - ok

    11:49:20.0539 0x2144 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll

    11:49:20.0539 0x2144 wscsvc - ok

    11:49:20.0570 0x2144 WSearch - ok

    11:49:20.0819 0x2144 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll

    11:49:20.0929 0x2144 wuauserv - ok

    11:49:21.0007 0x2144 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

    11:49:21.0007 0x2144 WudfPf - ok

    11:49:21.0085 0x2144 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

    11:49:21.0100 0x2144 WUDFRd - ok

    11:49:21.0178 0x2144 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

    11:49:21.0178 0x2144 wudfsvc - ok

    11:49:21.0241 0x2144 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll

    11:49:21.0256 0x2144 WwanSvc - ok

    11:49:21.0412 0x2144 ================ Scan global ===============================

    11:49:21.0537 0x2144 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll

    11:49:21.0584 0x2144 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll

    11:49:21.0615 0x2144 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll

    11:49:21.0662 0x2144 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll

    11:49:21.0724 0x2144 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe

    11:49:21.0740 0x2144 [ Global ] - ok

    11:49:21.0740 0x2144 ================ Scan MBR ==================================

    11:49:21.0771 0x2144 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

    11:49:22.0208 0x2144 \Device\Harddisk0\DR0 - ok

    11:49:22.0208 0x2144 ================ Scan VBR ==================================

    11:49:22.0223 0x2144 [ 9C088C21F309F1C56963300D95486AC0 ] \Device\Harddisk0\DR0\Partition1

    11:49:22.0239 0x2144 \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )

    11:49:22.0239 0x2144 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected

    11:49:24.0829 0x2144 [ 88B04AACBC74A42C465C769F4A5DC1D4 ] \Device\Harddisk0\DR0\Partition2

    11:49:24.0860 0x2144 \Device\Harddisk0\DR0\Partition2 - ok

    11:49:24.0891 0x2144 [ 46C73383AE28D44FE66C28CE71DD9EA4 ] \Device\Harddisk0\DR0\Partition3

    11:49:24.0891 0x2144 \Device\Harddisk0\DR0\Partition3 - ok

    11:49:24.0938 0x2144 [ 4D3E76F81A40CE7EB0552D10C151BEA3 ] \Device\Harddisk0\DR0\Partition4

    11:49:24.0938 0x2144 \Device\Harddisk0\DR0\Partition4 - ok

    11:49:24.0938 0x2144 ================ Scan generic autorun ======================

    11:49:24.0938 0x2144 SynTPEnh - ok

    11:49:25.0078 0x2144 [ 17265E4D66956B0959F35E88F2DE68B7, 04FA171FBA7EB40A4DDA6E0126AE25C35AC8F536D1F207CEDE76181581050B3D ] C:\Program Files\IDT\WDM\sttray64.exe

    11:49:25.0125 0x2144 SysTrayApp - ok

    11:49:25.0172 0x2144 [ 9C7B8B8C27F8E15BACBE91DC8E75B1CD, 200117BDDC8919A80B77AA257BB8C5FC73213AE2C69858C1FE4DAA3ECEE64D20 ] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe

    11:49:25.0187 0x2144 SetDefault - ok

    11:49:25.0390 0x2144 [ FCB1D74BCC52E843747D27ECC44F15BF, A636D2CAE52AB01E02B61A1822D1FBCD82D94DAE557EB82EC81853BEEFEC7339 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    11:49:25.0421 0x2144 StartCCC - ok

    11:49:25.0515 0x2144 [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    11:49:25.0562 0x2144 Adobe ARM - ok

    11:49:25.0702 0x2144 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe

    11:49:25.0749 0x2144 Sidebar - ok

    11:49:25.0780 0x2144 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe

    11:49:25.0796 0x2144 mctadmin - ok

    11:49:25.0874 0x2144 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe

    11:49:25.0921 0x2144 Sidebar - ok

    11:49:25.0936 0x2144 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe

    11:49:25.0936 0x2144 mctadmin - ok

    11:49:26.0077 0x2144 [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe

    11:49:26.0139 0x2144 Sidebar - ok

    11:49:28.0261 0x2144 [ E3EA22E9C36B483FB6588F870EE433EE, 09DD55E421FB598AA2F9EB4921AEC31FF137EA48E6A091BCF06FDCB0C89E9297 ] C:\Program Files (x86)\ownCloud\owncloud.exe

    11:49:28.0963 0x2144 ownCloud - ok

    11:49:29.0368 0x2144 [ B66E0842FCF485F3E2D41BF0BA10966F, 966B8386B2D060167E8EAAE478509013A8729FE2CF11F890D3F9DCDA90768F34 ] C:\Users\Mahtab\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

    11:49:29.0415 0x2144 Spotify Web Helper - ok

    11:49:29.0446 0x2144 Skype - ok

    11:49:29.0462 0x2144 Ogics - ok

    11:49:29.0524 0x2144 Adworks - ok

    11:49:29.0774 0x2144 [ 432BE6CF7311062633459EEF6B242FB5, 890C1734ED1EF6B2422A9B21D6205CF91E014ADD8A7F41AA5A294FCF60631A7B ] C:\Windows\SysWOW64\regsvr32.exe

    11:49:29.0774 0x2144 YZPack - ok

    11:49:29.0789 0x2144 Ziugexa - ok

    11:49:29.0789 0x2144 Waiting for KSN requests completion. In queue: 12

    11:49:30.0803 0x2144 Waiting for KSN requests completion. In queue: 12

    11:49:31.0817 0x2144 Waiting for KSN requests completion. In queue: 12

    11:49:32.0909 0x2144 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x61000 ( enabled : updated )

    11:49:32.0956 0x2144 Win FW state via NFP2: enabled

    11:49:35.0499 0x2144 ============================================================

    11:49:35.0499 0x2144 Scan finished

    11:49:35.0499 0x2144 ============================================================

    11:49:35.0530 0x1e1c Detected object count: 1

    11:49:35.0530 0x1e1c Actual detected object count: 1

    11:49:50.0179 0x1e1c \Device\Harddisk0\DR0\Partition1 - copied to quarantine

    11:49:53.0033 0x1e1c \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot

    11:49:53.0080 0x1e1c \Device\Harddisk0\DR0\Partition1 - ok

    11:49:53.0080 0x1e1c \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Cure

    11:49:53.0221 0x1e1c KLMD registered as C:\Windows\system32\drivers\71624201.sys

    11:50:01.0130 0x10ac Deinitialize success
     
  7. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Very good :)
    Re-run DDS and see if you'll get both logs this time around.

    Next...

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
     
  8. Mahtab

    Mahtab TS Rookie Topic Starter Posts: 26

    RKreport

    RogueKiller V10.0.5.0 [Nov 11 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Mahtab [Administrator]
    Mode : Delete -- Date : 11/12/2014 15:46:41

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 20 ¤¤¤
    [PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\globalUpdate (C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\globalUpdatem (C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\globalUpdate (C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\globalUpdatem (C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\globalUpdate (C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\globalUpdatem (C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc) -> Not selected
    [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
    [PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Not selected
    [PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 131.180.0.26 131.180.0.25 [NETHERLANDS (NL)][NETHERLANDS (NL)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 131.180.0.26 131.180.0.25 [NETHERLANDS (NL)][NETHERLANDS (NL)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 131.180.0.26 131.180.0.25 [NETHERLANDS (NL)][NETHERLANDS (NL)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A29B2435-2FC4-4389-9FC1-CD5E93FD1E15} | DhcpNameServer : 131.180.0.26 131.180.0.25 [NETHERLANDS (NL)][NETHERLANDS (NL)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A29B2435-2FC4-4389-9FC1-CD5E93FD1E15} | DhcpNameServer : 131.180.0.26 131.180.0.25 [NETHERLANDS (NL)][NETHERLANDS (NL)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A29B2435-2FC4-4389-9FC1-CD5E93FD1E15} | DhcpNameServer : 131.180.0.26 131.180.0.25 [NETHERLANDS (NL)][NETHERLANDS (NL)] -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: Hitachi HTS547550A9E384 SATA Disk Device +++++
    --- User ---
    [MBR] 1a21fc73b5b110a440eee8b330009daa
    [BSP] 5b1a3f168a49886404eca43681f6c6ad : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 448372 MB
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 918675456 | Size: 24304 MB
    3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 968450048 | Size: 4063 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_11122014_145714.log - RKreport_DEL_11122014_153614.log - RKreport_SCN_11122014_154419.log
     
  9. Mahtab

    Mahtab TS Rookie Topic Starter Posts: 26

    DDS log
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17344 BrowserJavaVersion: 11.25.2
    Run by Mahtab at 14:17:58 on 2014-11-12
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1033.18.3689.1730 [GMT 1:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    C:\Windows\SysWOW64\ezSharedSvcHost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Rockwell\RNADiagnosticsSrv.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files (x86)\Common Files\Rockwell\RsvcHost.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\ownCloud\owncloud.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Users\Mahtab\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Windows\System32\regsvr32.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\SysWOW64\regsvr32.exe
    C:\Program Files (x86)\Eyes Relax\EyesRelax.exe
    C:\Windows\SysWOW64\regsvr32.exe
    C:\Users\Mahtab\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.nl/
    uSearch Bar = Preserve
    mStart Page = www.google.com
    mSearch Page = www.google.com
    mDefault_Page_URL = www.google.com
    mDefault_Search_URL = www.google.com
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [ownCloud] C:\Program Files (x86)\ownCloud\owncloud.exe
    uRun: [Spotify Web Helper] "C:\Users\Mahtab\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [Ogics] regsvr32.exe C:\Users\Mahtab\AppData\Local\Ogics\hpd5400t.DLL
    uRun: [Adworks] C:\Users\Mahtab\AppData\Local\Adworks\tmpEC4B.exe
    uRun: [YZPack] C:\Windows\SysWOW64\regsvr32.exe C:\Users\Mahtab\AppData\Local\Adworks\DL___werr.DLL
    uRun: [Ziugexa] "C:\Users\Mahtab\AppData\Roaming\Wamaino\agemeg.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    StartupFolder: C:\Users\Mahtab\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Mahtab\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EYESRE~1.LNK - C:\Windows\Installer\{9C890D28-9671-4DC2-B017-D5327B9062C8}\EyeIcon.ico
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: EnableShellExecuteHooks = dword:1
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: HideFastUserSwitching = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    TCP: NameServer = 131.180.0.26 131.180.0.25
    TCP: Interfaces\{1FA7A8FC-4259-42E6-8A21-3A8EC9E47E85} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    TCP: Interfaces\{65DC6107-D38E-4256-800D-201A5EB7B5E4} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    TCP: Interfaces\{70F157B4-344E-4CF9-8CE0-BA9678C9C022} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    TCP: Interfaces\{93854D8B-FFF4-425C-9F33-FC1207D235F6} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    TCP: Interfaces\{A29B2435-2FC4-4389-9FC1-CD5E93FD1E15} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    TCP: Interfaces\{A29B2435-2FC4-4389-9FC1-CD5E93FD1E15} : DHCPNameServer = 131.180.0.26 131.180.0.25
    TCP: Interfaces\{A29B2435-2FC4-4389-9FC1-CD5E93FD1E15}\05E484D294E6475627E656470247F6567616E676 : DHCPNameServer = 8.8.8.8
    TCP: Interfaces\{A29B2435-2FC4-4389-9FC1-CD5E93FD1E15}\65746573531393244354535434 : DHCPNameServer = 192.168.2.254 195.121.1.34 195.121.1.66
    TCP: Interfaces\{A29B2435-2FC4-4389-9FC1-CD5E93FD1E15}\65746573531393431354837313 : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    TCP: Interfaces\{A29B2435-2FC4-4389-9FC1-CD5E93FD1E15}\65746573531393431354837313 : DHCPNameServer = 192.168.2.254 195.121.1.34 195.121.1.66
    TCP: Interfaces\{A29B2435-2FC4-4389-9FC1-CD5E93FD1E15}\74964656F6E63756 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{A29B2435-2FC4-4389-9FC1-CD5E93FD1E15}\75C414E4D2033454543353 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{A29B2435-2FC4-4389-9FC1-CD5E93FD1E15}\A554130303 : DHCPNameServer = 192.168.2.254
    TCP: Interfaces\{A29B2435-2FC4-4389-9FC1-CD5E93FD1E15}\A597F507279667164756F5641433344393 : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= C:\PROGRA~2\SupTab\SEARCH~1.DLL
    SSODL: WebCheck - <orphaned>
    LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
    x64-mSearch Page = www.google.com
    x64-mDefault_Search_URL = www.google.com
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 146.0.75.27 www.google-analytics.com.
    Hosts: 146.0.75.27 google-analytics.com.
    Hosts: 146.0.75.27 connect.facebook.net.
    Hosts: 107.181.187.40 www.google-analytics.com.
    Hosts: 107.181.187.40 google-analytics.com.
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Mahtab\AppData\Roaming\Mozilla\Firefox\Profiles\uoyj9pye.default-1405177281631\
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-4-16 79488]
    R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-4-16 40064]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-5-21 89600]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-6-29 204288]
    R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
    R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
    R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-10 1871160]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-10 968504]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 125584]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-18 115216]
    R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-5-21 133672]
    R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2012-5-21 620584]
    R3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\System32\drivers\btwdpan.sys [2012-5-21 89640]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-5-21 39976]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-11-10 25816]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-11-10 129752]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-11-10 63704]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-5-21 250984]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-5-21 539240]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-5-21 53376]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 FactoryTalk Activation Service;FactoryTalk Activation Service;C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe --> C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe [?]
    S2 FTActivationBoost;FactoryTalk Activation Helper;"C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe" --> C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe [?]
    S2 globalUpdate;globalUpdate Update Service (globalUpdate);C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc --> C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [?]
    S2 HP Support Assistant Service;HP Support Assistant Service;"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" --> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [?]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
    S3 DisplayLinkUsbIo_x64;DisplayLinkUsbIo_x64;C:\Windows\System32\drivers\DisplayLinkUsbIo_x64_7.4.51572.0.sys [2013-10-8 46384]
    S3 ggflt;SOMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2014-9-24 16088]
    S3 ggsomc;SOMC USB Flash Driver;C:\Windows\System32\drivers\ggsomc.sys [2014-9-24 30424]
    S3 globalUpdatem;globalUpdate Update Service (globalUpdatem);C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc --> C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [?]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-15 111616]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-4 19456]
    S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-7-22 155824]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-4 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-4 30208]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-10 1255736]
    .
    =============== Created Last 30 ================
    .
    2014-11-11 16:29:12 118896 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\temp\tmp96E8.exe
    2014-11-11 10:53:04 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CF732089-01F4-4BA2-9606-B992E344EEC8}\offreg.dll
    2014-11-11 10:49:50 -------- d-----w- C:\TDSSKiller_Quarantine
    2014-11-11 09:41:09 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3D9E5B99-8215-4A44-A4BE-9E7664BB36F3}\gapaengine.dll
    2014-11-11 09:38:24 11627712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CF732089-01F4-4BA2-9606-B992E344EEC8}\mpengine.dll
    2014-11-10 17:47:56 11627712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-11-10 12:04:55 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-11-10 11:55:01 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-11-10 11:55:01 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-11-10 11:55:00 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-11-10 11:54:58 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-11-10 11:54:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-11-10 10:11:30 -------- d-----w- C:\Users\Mahtab\AppData\Roaming\Ziiqsig
    2014-11-10 10:11:16 -------- d-----w- C:\Users\Mahtab\AppData\Roaming\Zopomu
    2014-11-10 10:11:10 -------- d-----w- C:\Users\Mahtab\AppData\Roaming\Enigiga
    2014-11-10 10:11:01 -------- d-----w- C:\Users\Mahtab\AppData\Roaming\Xexoer
    2014-11-10 10:10:54 -------- d-----w- C:\Users\Mahtab\AppData\Roaming\Quhyco
    2014-11-10 10:10:47 -------- d-----w- C:\Users\Mahtab\AppData\Roaming\Azpuum
    2014-11-10 10:10:37 -------- d-----w- C:\Users\Mahtab\AppData\Roaming\Wamaino
    2014-11-09 22:37:11 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-11-09 22:37:11 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-11-09 22:27:22 0 ----a-w- C:\Windows\ativpsrm.bin
    2014-11-01 22:15:53 -------- d-----w- C:\Users\Mahtab\AppData\Roaming\Odyrpyar
    2014-11-01 17:01:15 -------- d-----w- C:\Users\Mahtab\AppData\Local\Ogics
    2014-11-01 16:59:46 -------- d-----w- C:\Users\Mahtab\AppData\Local\Adworks
    2014-11-01 16:56:23 2688512 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
    2014-10-23 09:23:31 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-10-19 11:09:55 -------- d-----w- C:\49d9623b07f70104715a
    2014-10-15 17:51:00 3198976 ----a-w- C:\Windows\System32\win32k.sys
    2014-10-15 17:49:54 842240 ----a-w- C:\Windows\System32\blackbox.dll
    2014-10-15 17:48:59 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
    2014-10-15 17:46:20 276480 ----a-w- C:\Windows\System32\generaltel.dll
    2014-10-15 17:46:18 507392 ----a-w- C:\Windows\System32\aepdu.dll
    2014-10-15 17:46:11 424448 ----a-w- C:\Windows\System32\aeinv.dll
    2014-10-15 17:46:00 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-10-15 17:44:58 2309632 ----a-w- C:\Windows\System32\wininet.dll
    2014-10-15 17:44:57 871936 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
    2014-10-15 17:44:56 360448 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
    2014-10-15 17:44:55 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2014-10-15 17:44:54 977408 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
    2014-10-15 17:44:54 293040 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
    2014-10-15 17:44:53 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-10-15 17:43:01 3241472 ----a-w- C:\Windows\System32\msi.dll
    2014-10-15 17:43:01 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
    2014-10-15 17:42:16 44032 ----a-w- C:\Windows\System32\tsgqec.dll
    2014-10-15 17:42:16 37376 ----a-w- C:\Windows\SysWow64\tsgqec.dll
    2014-10-15 17:42:14 269312 ----a-w- C:\Windows\SysWow64\aaclient.dll
    2014-10-15 17:42:14 1050112 ----a-w- C:\Windows\SysWow64\mstsc.exe
    2014-10-15 17:42:13 4922368 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2014-10-15 17:42:12 322560 ----a-w- C:\Windows\System32\aaclient.dll
    2014-10-15 17:42:11 1125888 ----a-w- C:\Windows\System32\mstsc.exe
    2014-10-15 17:42:08 5780480 ----a-w- C:\Windows\System32\mstscax.dll
    2014-10-15 17:42:06 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
    2014-10-15 17:41:14 424448 ----a-w- C:\Windows\System32\rastls.dll
    2014-10-15 17:41:14 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
    2014-10-15 17:40:47 681984 ----a-w- C:\Windows\System32\termsrv.dll
    2014-10-15 17:40:43 235520 ----a-w- C:\Windows\System32\winsta.dll
    2014-10-15 17:40:42 157696 ----a-w- C:\Windows\SysWow64\winsta.dll
    2014-10-15 17:40:41 212480 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2014-10-15 17:40:41 150528 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2014-10-15 17:40:39 455168 ----a-w- C:\Windows\System32\winlogon.exe
    2014-10-15 17:40:36 86528 ----a-w- C:\Windows\System32\TSpkg.dll
    2014-10-15 17:40:35 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
    2014-10-15 17:40:33 22016 ----a-w- C:\Windows\System32\credssp.dll
    2014-10-15 17:40:32 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
    2014-10-15 17:40:31 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
    2014-10-15 17:38:55 77312 ----a-w- C:\Windows\System32\packager.dll
    2014-10-15 17:38:55 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    .
    ==================== Find3M ====================
    .
    2014-10-30 11:25:26 275080 ------w- C:\Windows\System32\MpSigStub.exe
    2014-10-23 09:19:50 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
    2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2014-09-24 13:13:52 30424 ----a-w- C:\Windows\System32\drivers\ggsomc.sys
    2014-09-24 13:13:52 16088 ----a-w- C:\Windows\System32\drivers\ggflt.sys
    2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
    2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
    2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
    2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
    2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
    2014-08-19 03:11:28 693176 ----a-w- C:\Windows\System32\winload.efi
    2014-08-19 03:10:10 616352 ----a-w- C:\Windows\System32\winresume.efi
    2014-08-19 03:08:04 503808 ----a-w- C:\Windows\System32\srcore.dll
    2014-08-19 03:08:04 50176 ----a-w- C:\Windows\System32\srclient.dll
    2014-08-19 03:08:03 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
    2014-08-19 03:07:51 58880 ----a-w- C:\Windows\System32\appidapi.dll
    2014-08-19 03:07:51 32256 ----a-w- C:\Windows\System32\appidsvc.dll
    2014-08-19 03:07:33 296960 ----a-w- C:\Windows\System32\rstrui.exe
    2014-08-19 03:07:11 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
    2014-08-19 03:07:11 146944 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
    2014-08-19 02:41:39 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
    2014-08-19 02:06:56 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
    .
    ============= FINISH: 14:22:32.06 ===============
     
  10. Mahtab

    Mahtab TS Rookie Topic Starter Posts: 26

    Attach txt from DDS
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/8/2012 2:30:25 PM
    System Uptime: 11/12/2014 2:06:31 PM (0 hours ago)
    .
    Motherboard: Hewlett-Packard | | 3387
    Processor: AMD E-450 APU with Radeon(tm) HD Graphics | Socket FT1 | 825/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 438 GiB total, 350.325 GiB free.
    D: is FIXED (NTFS) - 24 GiB total, 2.514 GiB free.
    E: is FIXED (FAT32) - 4 GiB total, 1.08 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Teredo Tunneling Adapter
    Device ID: ROOT\*TEREDO\0000
    Manufacturer: Microsoft
    Name: Teredo Tunneling Pseudo-Interface
    PNP Device ID: ROOT\*TEREDO\0000
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco Systems VPN Adapter for 64-bit Windows
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco Systems VPN Adapter for 64-bit Windows
    PNP Device ID: ROOT\NET\0000
    Service: CVirtA
    .
    ==== System Restore Points ===================
    .
    RP283: 10/24/2014 12:10:16 PM - Windows Update
    RP284: 10/27/2014 5:46:02 PM - Windows Update
    RP285: 10/31/2014 3:36:07 PM - Windows Update
    RP286: 11/4/2014 11:50:14 AM - Windows Update
    RP287: 11/6/2014 8:34:53 PM - Removed Arena 13.90.00000 .
    RP288: 11/7/2014 10:08:12 PM - Windows Update
    RP289: 11/11/2014 10:34:46 AM - Windows Update
    .
    ==== Hosts File Hijack ======================
    .
    Hosts: 146.0.75.27 www.google-analytics.com.
    Hosts: 146.0.75.27 google-analytics.com.
    Hosts: 146.0.75.27 connect.facebook.net.
    Hosts: 107.181.187.40 www.google-analytics.com.
    Hosts: 107.181.187.40 google-analytics.com.
    Hosts: 107.181.187.40 connect.facebook.net.
    Hosts: 85.17.81.55 www.google-analytics.com.
    Hosts: 85.17.81.55 google-analytics.com.
    Hosts: 85.17.81.55 connect.facebook.net.
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 15 ActiveX
    Adobe Flash Player 15 Plugin
    Adobe Reader XI (11.0.09)
    Adobe Shockwave Player 12.0
    AMD APP SDK Runtime
    AMD Media Foundation Decoders
    AMD VISION Engine Control Center
    ATI Catalyst Install Manager
    BitTorrent
    Broadcom 802.11 Wireless LAN Adapter
    Broadcom Bluetooth Software
    Broadcom InConcert Maestro
    CamStudio version 2.7
    Cash And The City version 1.3.7.0 freeware
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Cisco Systems VPN Client 5.0.07.0290
    CyberLink YouCam
    D3DX10
    Dropbox
    EndNote X6
    ESU for Microsoft Windows 7 SP1
    Eyes Relax
    FactoryTalk Activation Manager 3.30 (CPR 9 SR 3)
    Glary Utilities 2.44.0.1450
    Hewlett-Packard ACLM.NET v1.1.2.0
    HP 3D DriveGuard
    HP Auto
    HP Client Services
    HP CoolSense
    HP Customer Experience Enhancements
    HP Documentation
    HP Launch Box
    HP On Screen Display
    HP Power Manager
    HP Quick Launch
    HP QuickWeb
    HP Recovery Manager
    HP Security Assistant
    HP Setup
    HP Setup Manager
    HP Software Framework
    IDT Audio
    Java 8 Update 25
    Java 8 Update 25 (64-bit)
    Java Auto Updater
    Java SE Development Kit 8 Update 20 (64-bit)
    Junk Mail filter update
    Malwarebytes Anti-Malware version 2.0.3.1025
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Standard 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 33.1 (x86 en-US)
    Mozilla Maintenance Service
    MPC-HC 1.7.1
    MSVCRT
    MSVCRT_amd64
    MSVCRT110
    MSVCRT110_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    opensource
    ownCloud
    Paint.NET v3.5.10
    PDFill PDF Editor with FREE Writer and FREE Tools
    Photo Common
    Photo Gallery
    Realtek Ethernet Controller Driver
    Realtek USB 2.0 Card Reader
    ResearchSoft Direct Export Helper
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2883031) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2883032) 32-Bit Edition
    Skype Click to Call
    Skype™ 6.21
    Sony Mobile Update Engine
    Sony PC Companion 2.10.226
    Spotify
    SweetPacks bundle uninstaller
    swMSM
    Synaptics TouchPad Driver
    TrueCrypt
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2899475) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update Manager for SweetPacks 1.1
    Vensim Professional
    VLC media player 2.1.1
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WinRAR 4.01 (64-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/12/2014 2:20:13 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.187.1884.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.11104.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    11/12/2014 2:10:08 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:DOS/Rovnix.W&threatid=2147684242 Name: Virus:DOS/Rovnix.W ID: 2147684242 Severity: Severe Category: Virus Path: file:_C:\TDSSKiller_Quarantine\11.11.2014_11.48.19\boot0000\boot0000\tsk0000.dta Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Clean Action Status: No additional actions required Error Code: 0x8007065b Error description: Function failed during execution. Signature Version: AV: 1.187.1884.0, AS: 1.187.1884.0, NIS: 113.24.0.0 Engine Version: AM: 1.1.11104.0, NIS: 2.1.11005.0
    11/12/2014 2:09:52 PM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The system cannot find the file specified.
    11/12/2014 2:09:51 PM, Error: Service Control Manager [7000] - The globalUpdate Update Service (globalUpdate) service failed to start due to the following error: The system cannot find the file specified.
    11/12/2014 2:07:41 PM, Error: Service Control Manager [7000] - The FactoryTalk Activation Helper service failed to start due to the following error: The system cannot find the file specified.
    11/12/2014 2:07:34 PM, Error: Service Control Manager [7000] - The FactoryTalk Activation Service service failed to start due to the following error: The system cannot find the file specified.
    11/11/2014 5:26:10 PM, Error: Service Control Manager [7011] - A timeout (85000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    11/11/2014 11:54:35 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:DOS/Rovnix.W&threatid=2147684242 Name: Virus:DOS/Rovnix.W ID: 2147684242 Severity: Severe Category: Virus Path: file:_C:\TDSSKiller_Quarantine\11.11.2014_11.48.19\boot0000\boot0000\tsk0000.dta Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Clean Action Status: No additional actions required Error Code: 0x8007065b Error description: Function failed during execution. Signature Version: AV: 1.187.1884.0, AS: 1.187.1884.0, NIS: 113.24.0.0 Engine Version: AM: 1.1.11104.0, NIS: 2.1.11005.0
    .
    ==== End Of File ===========================
     
  11. Mahtab

    Mahtab TS Rookie Topic Starter Posts: 26

    mbar-log

    Malwarebytes Anti-Rootkit BETA 1.08.0.1001
    www.malwarebytes.org

    Database version: v2014.11.12.07

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.17358
    Mahtab :: MAHTAB-HP [administrator]

    11/12/2014 4:18:48 PM
    mbar-log-2014-11-12 (16-18-48).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 360371
    Time elapsed: 1 hour(s), 2 minute(s), 5 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\Mahtab\AppData\Local\Temp\55DC.tmp (Trojan.Agent.FSAVXGen) -> Delete on reboot. [dc0b1e1cfc80de58cd519ef40cf5a060]

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
     
  12. Mahtab

    Mahtab TS Rookie Topic Starter Posts: 26

    System-log

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.08.0.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17358

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
    CPU speed: 1.646000 GHz
    Memory total: 3868622848, free: 2283417600

    Downloaded database version: v2014.11.12.07
    Downloaded database version: v2014.11.11.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    11/12/2014 16:18:05
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\compbatt.sys
    \SystemRoot\system32\drivers\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\amdsata.sys
    \SystemRoot\system32\drivers\storport.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\DRIVERS\amd_sata.sys
    \SystemRoot\system32\DRIVERS\amd_xata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\DRIVERS\MpFilter.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\wd.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\system32\DRIVERS\hpdskflt.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\System32\drivers\truecrypt.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\drivers\blbdrive.sys
    \SystemRoot\system32\DRIVERS\amdppm.sys
    \SystemRoot\system32\DRIVERS\atikmpag.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbfilter.sys
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\bcmwl664.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\Accelerometer.sys
    \SystemRoot\system32\drivers\CmBatt.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\dne64x.sys
    \SystemRoot\system32\DRIVERS\clwvd.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\AtihdW76.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\stwrt64.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_amd_sata.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\System32\Drivers\RtsUStor.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\drivers\mrxdav.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\drivers\tcpipreg.sys
    \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
    \SystemRoot\system32\drivers\spsys.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \SystemRoot\system32\drivers\bcbtums.sys
    \??\C:\Windows\system32\drivers\btwampfl.sys
    \??\C:\Windows\system32\drivers\HIDPARSE.SYS
    \SystemRoot\System32\Drivers\BTHUSB.sys
    \SystemRoot\System32\Drivers\bthport.sys
    \SystemRoot\system32\DRIVERS\rfcomm.sys
    \SystemRoot\system32\drivers\BthEnum.sys
    \SystemRoot\system32\drivers\btwavdt.sys
    \SystemRoot\system32\drivers\btwaudio.sys
    \SystemRoot\system32\DRIVERS\btwl2cap.sys
    \SystemRoot\system32\DRIVERS\btwdpan.sys
    \SystemRoot\system32\DRIVERS\btwrchid.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8003f31060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000065\
    Lower Device Object: 0xfffffa8003c839c0
    Lower Device Driver Name: \Driver\amd_sata\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8003f31060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8003f31b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8003f31060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8003f30040, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
    DevicePointer: 0xfffffa8003c85040, DeviceName: Unknown, DriverName: \Driver\amd_xata\
    DevicePointer: 0xfffffa8003c837a0, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa8003c839c0, DeviceName: \Device\00000065\, DriverName: \Driver\amd_sata\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 97441560

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 407552
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600 Numsec = 918265856

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 918675456 Numsec = 49774592

    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 968450048 Numsec = 8321072

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Done!
    Infected: C:\Users\Mahtab\AppData\Local\Temp\55DC.tmp --> [Trojan.Agent.FSAVXGen]
    Scan finished
    Creating System Restore point...
    Cleaning up...
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
     
  13. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  14. Mahtab

    Mahtab TS Rookie Topic Starter Posts: 26

    After running Combofix I couldn't connect to internet so I restore to the point prior to running it. Do I have to run the scan again or the restore didn't affect the scan?

    Combofix.txt
    ComboFix 14-11-12.01 - Mahtab 11/13/2014 10:55:12.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1033.18.3689.2033 [GMT 1:00]
    Gestart vanuit: c:\users\Mahtab\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Adblocker
    c:\program files (x86)\Adblocker\laJRH.dat
    c:\program files (x86)\Adblocker\laJRH.tlb
    c:\program files (x86)\MySearch
    c:\programdata\1404399636.bdinstall.bin
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
    c:\programdata\ntuser.pol
    c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
    c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
    c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
    c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
    c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
    c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
    c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
    c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
    c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
    c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
    c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
    c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
    c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
    c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
    c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
    c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
    c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
    c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
    c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
    c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
    c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
    c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
    c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
    c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
    c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
    c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
    c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
    c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
    c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
    c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
    c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
    c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
    c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
    c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
    c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
    c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
    c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
    c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
    c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
    c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
    c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
    c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
    c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
    c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
    c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
    c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
    c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
    c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
    c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
    c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
    c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
    c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
    c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
    c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
    c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
    c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
    c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
    c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
    c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
    c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
    c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
    c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
    c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
    c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
    c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
    c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
    c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
    c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
    c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
    c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
    c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
    c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
    c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
    c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
    c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
    c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
    c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
    c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
    c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
     
  15. Mahtab

    Mahtab TS Rookie Topic Starter Posts: 26

    c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
    c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
    c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
    c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
    c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
    c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
    c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
    c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
    c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
    c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
    c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
    c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
    c:\users\Mahtab\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
    c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
    c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
    c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
    c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
    c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
    c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
    c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
    c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
    c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
    c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
    c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
    c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
    c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
    c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
    c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
    c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
    c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
    c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
    c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
    c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
    c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
    c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
    c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
    c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
    c:\users\Mahtab\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
    c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
    c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
    c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
    c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
    c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
    c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
    c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
    c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
    c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
    c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
    c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
    c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
    c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
    c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
    c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
    c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
    c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
    c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
    c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
    c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
    c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
    c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
    c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
    c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
    c:\users\Mahtab\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
    c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
    c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
    c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
    c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
    c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
    c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
    c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
    c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
    c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
    c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
    c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
    c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
    c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
    c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
    c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
    c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
    c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
    c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
    c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
    c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
    c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
    c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
    c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
    c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
    c:\users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
    c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm
    c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\background.html
    c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\content.js
    c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\lsdb.js
    c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\manifest.json
    c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\147\ZMMgGq_a9Szt.js
    c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm
    c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\background.html
    c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\cmZrivUGJ.js
    c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\content.js
    c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\lsdb.js
    c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm\2.14\manifest.json
    c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh
    c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\background.html
    c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\content.js
    c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lhbanxMiL0.js
    c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\lsdb.js
    c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh\1.0\manifest.json
    c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh
    c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\background.html
    c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\content.js
    c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\h4JQa6.js
    c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\lsdb.js
    c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\manifest.json
    c:\users\Mahtab\AppData\Local\Torch\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh\2.1\newtab.html
    c:\users\Mahtab\AppData\Roaming\Mozilla\Firefox\Profiles\uoyj9pye.default-1405177281631\searchplugins\search.xml
    c:\windows\SysWow64\WNLT
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_globalUpdate
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2014-10-13 to 2014-11-13 ))))))))))))))))))))))))))))))
    .
    .
    2014-11-13 10:13 . 2014-11-13 10:13 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-11-13 09:20 . 2014-11-13 10:15 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B962A345-B19D-45D1-8435-D90644EDD3F6}\offreg.dll
    2014-11-12 17:44 . 2014-10-01 10:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-11-12 17:44 . 2014-10-01 10:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-11-12 17:44 . 2014-11-12 17:44 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2014-11-12 15:44 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B962A345-B19D-45D1-8435-D90644EDD3F6}\mpengine.dll
    2014-11-12 15:18 . 2014-11-13 09:17 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-11-12 15:18 . 2014-11-13 09:47 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-11-12 15:03 . 2014-10-01 10:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-11-12 14:44 . 2014-11-05 17:56 304640 ----a-w- c:\windows\system32\generaltel.dll
    2014-11-12 14:44 . 2014-11-05 17:56 228864 ----a-w- c:\windows\system32\aepdu.dll
    2014-11-12 14:44 . 2014-11-05 17:52 424448 ----a-w- c:\windows\system32\aeinv.dll
    2014-11-12 14:42 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll
    2014-11-12 14:42 . 2014-10-25 01:32 67584 ----a-w- c:\windows\SysWow64\packager.dll
    2014-11-12 14:40 . 2014-11-06 03:50 666624 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll
    2014-11-12 14:39 . 2014-08-21 06:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
    2014-11-12 14:38 . 2014-09-19 09:42 28160 ----a-w- c:\windows\system32\secur32.dll
    2014-11-12 14:38 . 2014-09-19 09:42 22016 ----a-w- c:\windows\system32\credssp.dll
    2014-11-12 14:38 . 2014-09-19 09:23 17408 ----a-w- c:\windows\SysWow64\credssp.dll
    2014-11-12 14:38 . 2014-09-19 09:23 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2014-11-12 14:38 . 2014-09-19 09:22 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2014-11-12 13:44 . 2014-11-12 13:44 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-11-12 13:44 . 2014-11-12 13:44 -------- d-----w- c:\programdata\RogueKiller
    2014-11-12 13:43 . 2014-10-10 00:57 3198976 ----a-w- c:\windows\system32\win32k.sys
    2014-11-12 13:43 . 2014-10-14 02:13 3241984 ----a-w- c:\windows\system32\msi.dll
    2014-11-12 13:43 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\SysWow64\msi.dll
    2014-11-12 13:43 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2014-11-12 13:43 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2014-11-11 10:49 . 2014-11-11 10:49 -------- d-----w- C:\TDSSKiller_Quarantine
    2014-11-11 09:41 . 2014-09-17 08:17 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D9E5B99-8215-4A44-A4BE-9E7664BB36F3}\gapaengine.dll
    2014-11-11 09:38 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-11-10 11:54 . 2014-11-12 15:18 -------- d-----w- c:\programdata\Malwarebytes
    2014-11-10 10:11 . 2014-11-10 13:00 -------- d-----w- c:\users\Mahtab\AppData\Roaming\Ziiqsig
    2014-11-10 10:11 . 2014-11-10 13:00 -------- d-----w- c:\users\Mahtab\AppData\Roaming\Zopomu
    2014-11-10 10:11 . 2014-11-10 13:00 -------- d-----w- c:\users\Mahtab\AppData\Roaming\Enigiga
    2014-11-10 10:11 . 2014-11-10 13:00 -------- d-----w- c:\users\Mahtab\AppData\Roaming\Xexoer
    2014-11-10 10:10 . 2014-11-10 13:00 -------- d-----w- c:\users\Mahtab\AppData\Roaming\Quhyco
    2014-11-10 10:10 . 2014-11-10 13:00 -------- d-----w- c:\users\Mahtab\AppData\Roaming\Azpuum
    2014-11-10 10:10 . 2014-11-10 15:10 -------- d-----w- c:\users\Mahtab\AppData\Roaming\Wamaino
    2014-11-09 22:37 . 2014-11-10 10:15 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-11-09 22:37 . 2014-11-10 10:15 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-11-09 22:27 . 2014-11-09 22:27 0 ----a-w- c:\windows\ativpsrm.bin
    2014-11-01 22:15 . 2014-11-02 10:17 -------- d-----w- c:\users\Mahtab\AppData\Roaming\Odyrpyar
    2014-11-01 17:01 . 2014-11-09 15:36 -------- d-----w- c:\users\Mahtab\AppData\Local\Ogics
    2014-11-01 16:59 . 2014-11-10 15:18 -------- d-----w- c:\users\Mahtab\AppData\Local\Adworks
    2014-10-23 09:23 . 2014-10-23 09:14 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2014-10-23 09:21 . 2014-10-23 09:21 -------- d-----w- c:\program files (x86)\Common Files\Java
    2014-10-19 11:09 . 2014-10-19 11:10 -------- d-----w- C:\49d9623b07f70104715a
    2014-10-15 17:49 . 2014-07-07 02:06 842240 ----a-w- c:\windows\system32\blackbox.dll
    2014-10-15 17:48 . 2014-08-19 03:07 146944 ----a-w- c:\windows\system32\appidpolicyconverter.exe
    2014-10-15 17:42 . 2014-08-29 02:07 44032 ----a-w- c:\windows\system32\tsgqec.dll
    2014-10-15 17:42 . 2014-08-29 01:44 37376 ----a-w- c:\windows\SysWow64\tsgqec.dll
    2014-10-15 17:42 . 2014-08-29 01:44 269312 ----a-w- c:\windows\SysWow64\aaclient.dll
    2014-10-15 17:42 . 2014-08-29 01:44 1050112 ----a-w- c:\windows\SysWow64\mstsc.exe
    2014-10-15 17:42 . 2014-08-29 01:44 4922368 ----a-w- c:\windows\SysWow64\mstscax.dll
    2014-10-15 17:42 . 2014-08-29 02:07 322560 ----a-w- c:\windows\system32\aaclient.dll
    2014-10-15 17:42 . 2014-08-29 02:06 1125888 ----a-w- c:\windows\system32\mstsc.exe
    2014-10-15 17:42 . 2014-08-29 02:07 5780480 ----a-w- c:\windows\system32\mstscax.dll
    2014-10-15 17:42 . 2014-08-29 02:07 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
    2014-10-15 17:41 . 2014-09-04 05:23 424448 ----a-w- c:\windows\system32\rastls.dll
    2014-10-15 17:41 . 2014-09-04 05:04 372736 ----a-w- c:\windows\SysWow64\rastls.dll
    2014-10-15 17:40 . 2014-07-17 02:07 681984 ----a-w- c:\windows\system32\termsrv.dll
    2014-10-15 17:40 . 2014-07-17 02:07 235520 ----a-w- c:\windows\system32\winsta.dll
    2014-10-15 17:40 . 2014-07-17 01:40 157696 ----a-w- c:\windows\SysWow64\winsta.dll
    2014-10-15 17:40 . 2014-07-17 02:07 150528 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2014-10-15 17:40 . 2014-07-17 01:21 212480 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2014-10-15 17:40 . 2014-07-17 02:07 455168 ----a-w- c:\windows\system32\winlogon.exe
    2014-10-15 17:40 . 2014-07-17 01:21 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-11-12 18:00 . 2012-12-04 10:10 103374192 ----a-w- c:\windows\system32\MRT.exe
    2014-11-01 16:56 . 2014-11-01 16:56 2688512 ----a-w- c:\programdata\Microsoft\Secure\Icons\IconsCacheHelper.dll
    2014-10-31 16:56 . 2014-10-31 16:56 3507200 ----a-w- c:\programdata\Microsoft\Secure\Icons\SecureIconsProvider.dll
    2014-10-30 11:25 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
    2014-10-23 09:19 . 2014-09-26 08:42 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2014-09-25 02:08 . 2014-10-01 09:10 371712 ----a-w- c:\windows\system32\qdvd.dll
    2014-09-25 01:40 . 2014-10-01 09:10 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
    2014-09-24 13:13 . 2014-09-24 13:13 30424 ----a-w- c:\windows\system32\drivers\ggsomc.sys
    2014-09-24 13:13 . 2014-09-24 13:13 16088 ----a-w- c:\windows\system32\drivers\ggflt.sys
    2014-09-17 08:17 . 2012-10-02 09:08 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2014-09-09 22:11 . 2014-09-24 12:17 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-09-09 21:47 . 2014-09-24 12:17 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2014-08-23 02:07 . 2014-08-28 08:20 404480 ----a-w- c:\windows\system32\gdi32.dll
    2014-08-23 01:45 . 2014-08-28 08:20 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
    2014-08-18 16:15 . 2011-03-28 16:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    "ownCloud"="c:\program files (x86)\ownCloud\owncloud.exe" [2014-09-04 17392487]
    "Spotify Web Helper"="c:\users\Mahtab\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-10-25 1514040]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-10-01 22067296]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-28 336384]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
    .
    c:\users\Mahtab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Mahtab\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-13 36414624]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Eyes Relax.lnk - c:\windows\Installer\{9C890D28-9671-4DC2-B017-D5327B9062C8}\EyeIcon.ico /silent [2013-11-2 22534]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    "HideFastUserSwitching"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "EnableShellExecuteHooks"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
    "HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
    "HP Quick Launch"=c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    "HPOSD"=c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    "HP CoolSense"=c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
    "Sweetpacks Communicator"=c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 FactoryTalk Activation Service;FactoryTalk Activation Service;c:\program files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe;c:\program files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe [x]
    R2 FTActivationBoost;FactoryTalk Activation Helper;c:\program files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe;c:\program files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe [x]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 DisplayLinkUsbIo_x64;DisplayLinkUsbIo_x64;c:\windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.4.51572.0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbIo_x64_7.4.51572.0.sys [x]
    R3 ggflt;SOMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
    R3 ggsomc;SOMC USB Flash Driver;c:\windows\system32\DRIVERS\ggsomc.sys;c:\windows\SYSNATIVE\DRIVERS\ggsomc.sys [x]
    R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe;c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
    S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
    S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
    S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
    S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
    .
    .
    --- Andere Services/Drivers In Geheugen ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2014-11-13 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-09 10:15]
    .
    2014-11-13 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files (x86)\Glary Utilities\initialize.exe [2014-01-13 20:06]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-07-01 1128448]
    "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-09-30 43320]
    .
    ------- Bijkomende Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.nl/
    mDefault_Search_URL = www.google.com
    mDefault_Page_URL = www.google.com
    mStart Page = www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    mSearch Page = www.google.com
    Trusted Zone: tudelft.net\srv663
    TCP: DhcpNameServer = 131.180.0.26 131.180.0.25
    TCP: Interfaces\{1FA7A8FC-4259-42E6-8A21-3A8EC9E47E85}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    TCP: Interfaces\{65DC6107-D38E-4256-800D-201A5EB7B5E4}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    TCP: Interfaces\{70F157B4-344E-4CF9-8CE0-BA9678C9C022}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    TCP: Interfaces\{93854D8B-FFF4-425C-9F33-FC1207D235F6}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    TCP: Interfaces\{A29B2435-2FC4-4389-9FC1-CD5E93FD1E15}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    TCP: Interfaces\{A29B2435-2FC4-4389-9FC1-CD5E93FD1E15}\65746573531393431354837313: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    FF - ProfilePath - c:\users\Mahtab\AppData\Roaming\Mozilla\Firefox\Profiles\uoyj9pye.default-1405177281631\
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Toolbar-Locked - (no file)
    SafeBoot-06257176.sys
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.15"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Andere Aktieve Processen ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    c:\windows\SysWOW64\ezSharedSvcHost.exe
    c:\program files (x86)\Common Files\Rockwell\RNADiagnosticsSrv.exe
    c:\program files (x86)\Common Files\Rockwell\RsvcHost.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2014-11-13 11:25:33 - machine werd herstart
    ComboFix-quarantined-files.txt 2014-11-13 10:25
    .
    Pre-Run: 375,440,207,872 bytes free
    Post-Run: 375,069,884,416 bytes free
    .
    - - End Of File - - 2861943A717F2A648A5581E74C83438D
    A36C5E4F47E84449FF07ED3517B43A31
     
  16. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  17. Mahtab

    Mahtab TS Rookie Topic Starter Posts: 26

    # AdwCleaner v4.101 - Report created 15/11/2014 at 09:10:16
    # Updated 09/11/2014 by Xplode
    # Database : 2014-11-13.1 [Live]
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Mahtab - MAHTAB-HP
    # Running from : C:\Users\Mahtab\Desktop\adwcleaner_4.101.exe
    # Option : Clean

    ***** [ Services ] *****

    [#] Service Deleted : globalUpdate
    [#] Service Deleted : globalUpdatem

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\apn
    Folder Deleted : C:\ProgramData\Computer Updater
    Folder Deleted : C:\ProgramData\PC Optimizer Pro
    Folder Deleted : C:\ProgramData\SweetIM
    Folder Deleted : C:\ProgramData\Trusted Publisher
    Folder Deleted : C:\ProgramData\NeaxtCOuP
    Folder Deleted : C:\ProgramData\siave on
    Folder Deleted : C:\ProgramData\b48cde32b02c436a
    Folder Deleted : C:\Program Files (x86)\globalUpdate
    Folder Deleted : C:\Program Files (x86)\SweetIM
    Folder Deleted : C:\Program Files (x86)\NeaxtCOuP
    Folder Deleted : C:\Windows\SysWOW64\ARFC
    Folder Deleted : C:\Windows\SysWOW64\jmdp
    Folder Deleted : C:\Windows\System32\ljkb
    Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
    Folder Deleted : C:\Users\Administrator\AppData\Local\torch
    Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
    Folder Deleted : C:\Users\Guest\AppData\Local\torch
    Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
    Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
    Folder Deleted : C:\Users\Mahtab\AppData\Local\Chromatic Browser
    Folder Deleted : C:\Users\Mahtab\AppData\Local\globalUpdate
    Folder Deleted : C:\Users\Mahtab\AppData\Local\torch
    Folder Deleted : C:\Users\Mahtab\AppData\Roaming\337Games
    Folder Deleted : C:\Users\Mahtab\AppData\Roaming\EZDownloader
    Folder Deleted : C:\Users\Mahtab\AppData\Roaming\goforfiles
    Folder Deleted : C:\Users\Mahtab\AppData\Roaming\Systweak
    File Deleted : C:\Windows\System32\ImhxxpComm.dll
    File Deleted : C:\Users\Mahtab\AppData\LocalLow\SkwConfig.bin

    ***** [ Scheduled Tasks ] *****

    Task Deleted : DTChk
    Task Deleted : GoforFilesUpdate

    ***** [ Shortcuts ] *****

    Shortcut Disinfected : C:\Users\Mahtab\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
    Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
    Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
    Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06E50566-0AB7-431C-841D-62794727DAF9}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
    Key Deleted : HKCU\Software\Default Tab
    Key Deleted : HKCU\Software\GlobalUpdate
    Key Deleted : HKCU\Software\GoforFiles
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\powerpack
    Key Deleted : HKCU\Software\RegisteredApplicationsEx
    Key Deleted : HKCU\Software\SmartBar
    Key Deleted : HKCU\Software\SweetIM
    Key Deleted : HKCU\Software\systweak
    Key Deleted : HKCU\Software\WNLT
    Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    Key Deleted : HKCU\Software\AppDataLow\Software\better_markit
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
    Key Deleted : HKLM\SOFTWARE\Computer Updater
    Key Deleted : HKLM\SOFTWARE\Default Tab
    Key Deleted : HKLM\SOFTWARE\GlobalUpdate
    Key Deleted : HKLM\SOFTWARE\GoforFiles
    Key Deleted : HKLM\SOFTWARE\PriceMeterLiveUpdate
    Key Deleted : HKLM\SOFTWARE\SweetIM
    Key Deleted : HKLM\SOFTWARE\systweak
    Key Deleted : HKLM\SOFTWARE\Uniblue
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ea8fa6be-29be-4af2-9352-841f83215eb0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0409-0000-0000000FF1CE}
    Key Deleted : [x64] HKLM\SOFTWARE\aartemisSoftware
    Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\237AA359BFA99C94484AF769ACA080AD
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\237AA359BFA99C94484AF769ACA080AD
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\237AA359BFA99C94484AF769ACA080AD
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17344


    -\\ Mozilla Firefox v33.1 (x86 en-US)


    -\\ Google Chrome v


    -\\ Comodo Dragon v


    *************************

    AdwCleaner[R0].txt - [13194 octets] - [15/11/2014 09:02:16]
    AdwCleaner[S0].txt - [12789 octets] - [15/11/2014 09:10:16]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12850 octets] ##########
     
  18. Mahtab

    Mahtab TS Rookie Topic Starter Posts: 26

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.3.7 (11.08.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Mahtab on Sat 11/15/2014 at 9:20:51.01
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}



    ~~~ Files

    Successfully deleted: [File] C:\Windows\Tasks\PC Optimizer Pro64 startups.job



    ~~~ Folders



    ~~~ FireFox

    Emptied folder: C:\Users\Mahtab\AppData\Roaming\mozilla\firefox\profiles\uoyj9pye.default-1405177281631\minidumps [2 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 11/15/2014 at 9:33:58.10
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  19. Mahtab

    Mahtab TS Rookie Topic Starter Posts: 26

    FRST.txt
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014
    Ran by Mahtab (administrator) on MAHTAB-HP on 15-11-2014 10:52:29
    Running from C:\Users\Mahtab\Desktop
    Loaded Profile: Mahtab (Available profiles: Mahtab)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Rockwell Automation Inc.) C:\Program Files (x86)\Common Files\Rockwell\RNADiagnosticsSrv.exe
    (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RsvcHost.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    () C:\Program Files (x86)\ownCloud\owncloud.exe
    (Spotify Ltd) C:\Users\Mahtab\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (mech) C:\Program Files (x86)\Eyes Relax\EyesRelax.exe
    (Dropbox, Inc.) C:\Users\Mahtab\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2802472 2011-06-21] (Synaptics Incorporated)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-07-01] (IDT, Inc.)
    HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [43320 2011-09-30] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-28] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
    HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
    HKU\S-1-5-21-988024436-3456037487-3574863145-1001\...\Run: [ownCloud] => C:\Program Files (x86)\ownCloud\owncloud.exe [17392487 2014-09-04] ()
    HKU\S-1-5-21-988024436-3456037487-3574863145-1001\...\Run: [Spotify Web Helper] => C:\Users\Mahtab\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-25] (Spotify Ltd)
    HKU\S-1-5-21-988024436-3456037487-3574863145-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22067296 2014-10-01] (Skype Technologies S.A.)
    HKU\S-1-5-21-988024436-3456037487-3574863145-1001\...\Policies\system: [DisableLockWorkstation] 0
    HKU\S-1-5-21-988024436-3456037487-3574863145-1001\...\Policies\system: [DisableChangePassword] 0
    Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Eyes Relax.lnk
    ShortcutTarget: Eyes Relax.lnk -> C:\Windows\Installer\{9C890D28-9671-4DC2-B017-D5327B9062C8}\EyeIcon.ico ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
    ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
    Startup: C:\Users\Mahtab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Mahtab\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?rd=1&ucc=NL&dcc=NL&opt=0
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x522A673BE39DCF01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKLM-x32 - {5ABD9E06-E8BC-4DD4-A64E-55C360FBC51C} URL = http://www.amazon.co.uk/s/ref=azs_o...ode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKU\S-1-5-21-988024436-3456037487-3574863145-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.254 195.121.1.34 195.121.1.66
    Tcpip\..\Interfaces\{1FA7A8FC-4259-42E6-8A21-3A8EC9E47E85}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    Tcpip\..\Interfaces\{65DC6107-D38E-4256-800D-201A5EB7B5E4}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    Tcpip\..\Interfaces\{70F157B4-344E-4CF9-8CE0-BA9678C9C022}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    Tcpip\..\Interfaces\{93854D8B-FFF4-425C-9F33-FC1207D235F6}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    Tcpip\..\Interfaces\{A29B2435-2FC4-4389-9FC1-CD5E93FD1E15}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

    FireFox:
    ========
    FF ProfilePath: C:\Users\Mahtab\AppData\Roaming\Mozilla\Firefox\Profiles\uoyj9pye.default-1405177281631
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
    FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-988024436-3456037487-3574863145-1001: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll No File
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml
    FF Extension: Connector.LOCTEST - C:\Users\Mahtab\AppData\Roaming\Mozilla\Firefox\Profiles\uoyj9pye.default-1405177281631\Extensions\{FFE33B60-4278-5C0F-7419-03225D9D83BF} [2014-11-01]
    FF Extension: Modify Headers - C:\Users\Mahtab\AppData\Roaming\Mozilla\Firefox\Profiles\uoyj9pye.default-1405177281631\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2014-07-28]
    FF Extension: Adblock Plus - C:\Users\Mahtab\AppData\Roaming\Mozilla\Firefox\Profiles\uoyj9pye.default-1405177281631\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-12]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-11-11]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Users\Mahtab\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (No Name) - C:\Users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm [2014-07-03]
    CHR Extension: (No Name) - C:\Users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\epapnnjnlpaefihffbekhbhgchnebmbm [2014-07-03]
    CHR Extension: (No Name) - C:\Users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllbloaonfghohmkbkflcgpmajdhlelh [2014-07-08]
    CHR Extension: (No Name) - C:\Users\Mahtab\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmnkidmaomdnobpfncekjlodccikfkh [2014-07-03]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
    R4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
    S2 FactoryTalk Activation Service; C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe [X]
    S2 FTActivationBoost; "C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe" [X]
    S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133672 2011-09-21] (Broadcom Corporation.)
    R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-09-21] (Broadcom Corporation.)
    R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
    S3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.4.51572.0.sys [46384 2013-10-08] ()
    S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-09-24] (Sony Mobile Communications)
    R4 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-15] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-12] ()

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-15 10:52 - 2014-11-15 10:53 - 00016620 _____ () C:\Users\Mahtab\Desktop\FRST.txt
    2014-11-15 10:52 - 2014-11-15 10:52 - 00000000 ____D () C:\FRST
    2014-11-15 09:33 - 2014-11-15 09:33 - 00001009 _____ () C:\Users\Mahtab\Desktop\JRT.txt
    2014-11-15 09:20 - 2014-11-15 09:20 - 00000000 ____D () C:\Windows\ERUNT
    2014-11-15 09:02 - 2014-11-15 09:10 - 00000000 ____D () C:\AdwCleaner
    2014-11-15 08:57 - 2014-11-15 08:57 - 02116608 _____ (Farbar) C:\Users\Mahtab\Desktop\FRST64.exe
    2014-11-15 08:56 - 2014-11-15 08:57 - 01706808 _____ (Thisisu) C:\Users\Mahtab\Desktop\JRT.exe
    2014-11-15 08:56 - 2014-11-15 08:56 - 02140160 _____ () C:\Users\Mahtab\Desktop\adwcleaner_4.101.exe
    2014-11-13 11:25 - 2014-11-13 11:25 - 00093293 _____ () C:\ComboFix.txt
    2014-11-13 10:51 - 2014-11-13 11:25 - 00000000 ____D () C:\Qoobox
    2014-11-13 10:50 - 2014-11-13 13:58 - 00000000 ____D () C:\Windows\erdnt
    2014-11-12 18:44 - 2014-11-12 18:44 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-11-12 18:44 - 2014-11-12 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-11-12 18:44 - 2014-11-12 18:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-11-12 18:44 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-11-12 18:44 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-11-12 18:42 - 2014-11-12 18:43 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Mahtab\Downloads\mbam-setup-2.0.3.1025.exe
    2014-11-12 16:18 - 2014-11-15 09:22 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-11-12 16:18 - 2014-11-13 13:58 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-11-12 16:17 - 2014-11-12 18:15 - 00000000 ____D () C:\Users\Mahtab\Desktop\mbar
    2014-11-12 16:03 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-11-12 15:47 - 2014-11-12 15:47 - 00004864 _____ () C:\Users\Mahtab\Downloads\RKreport.txt
    2014-11-12 14:44 - 2014-11-12 14:44 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-11-12 14:44 - 2014-11-12 14:44 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-11-12 14:36 - 2014-11-12 14:37 - 14439144 _____ (Malwarebytes Corp.) C:\Users\Mahtab\Desktop\mbar-1.08.0.1001.exe
    2014-11-12 14:26 - 2014-11-12 14:27 - 14672984 _____ () C:\Users\Mahtab\Desktop\RogueKiller.exe
    2014-11-12 14:23 - 2014-11-12 14:23 - 00014206 _____ () C:\Users\Mahtab\Downloads\attach.txt
    2014-11-12 14:23 - 2014-11-12 14:22 - 00026035 _____ () C:\Users\Mahtab\Downloads\dds.txt
    2014-11-12 14:14 - 2014-11-12 14:15 - 00688992 ____R (Swearware) C:\Users\Mahtab\Desktop\dds.scr
    2014-11-11 12:34 - 2014-11-13 13:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-11-11 11:49 - 2014-11-13 13:56 - 00000000 ____D () C:\TDSSKiller_Quarantine
    2014-11-11 11:46 - 2014-11-11 11:46 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Mahtab\Desktop\tdsskiller.exe
    2014-11-10 12:54 - 2014-11-12 16:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-11-10 11:15 - 2014-11-15 10:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-11-10 11:15 - 2014-11-10 11:15 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-11-10 11:11 - 2014-11-10 14:00 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Zopomu
    2014-11-10 11:11 - 2014-11-10 14:00 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Ziiqsig
    2014-11-10 11:11 - 2014-11-10 14:00 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Xexoer
    2014-11-10 11:11 - 2014-11-10 14:00 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Enigiga
    2014-11-10 11:10 - 2014-11-10 16:10 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Wamaino
    2014-11-10 11:10 - 2014-11-10 14:00 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Quhyco
    2014-11-10 11:10 - 2014-11-10 14:00 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Azpuum
    2014-11-09 23:37 - 2014-11-10 11:15 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-11-09 23:37 - 2014-11-10 11:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-11-09 23:27 - 2014-11-09 23:27 - 00000000 _____ () C:\Windows\ativpsrm.bin
    2014-11-01 23:15 - 2014-11-02 11:17 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Odyrpyar
    2014-11-01 19:47 - 2014-11-08 13:48 - 00000000 ____D () C:\Windows\Minidump
    2014-11-01 18:12 - 2014-11-06 11:40 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
    2014-11-01 18:01 - 2014-11-09 16:36 - 00000000 ____D () C:\Users\Mahtab\AppData\Local\Ogics
    2014-11-01 17:59 - 2014-11-10 16:18 - 00000000 ____D () C:\Users\Mahtab\AppData\Local\Adworks
    2014-10-23 10:23 - 2014-10-23 10:14 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-10-23 10:23 - 2014-10-23 10:13 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-10-23 10:23 - 2014-10-23 10:13 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2014-10-19 12:09 - 2014-10-19 12:10 - 00000000 ____D () C:\49d9623b07f70104715a

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-15 10:53 - 2012-05-21 00:35 - 01777374 _____ () C:\Windows\WindowsUpdate.log
    2014-11-15 10:51 - 2013-12-16 12:41 - 00000000 ____D () C:\Users\Mahtab\ownCloud
    2014-11-15 09:25 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
    2014-11-15 09:22 - 2012-09-08 15:43 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A27F23F7-9039-4DF2-9D46-A262AA64BF4D}
    2014-11-15 09:22 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-11-15 09:22 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-11-15 09:18 - 2012-09-09 12:06 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Skype
    2014-11-15 09:16 - 2012-10-01 09:14 - 00000000 ___RD () C:\Users\Mahtab\Dropbox
    2014-11-15 09:15 - 2012-10-01 09:10 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Dropbox
    2014-11-15 09:13 - 2014-01-13 13:55 - 00000326 _____ () C:\Windows\Tasks\GlaryInitialize.job
    2014-11-15 09:12 - 2010-11-21 04:47 - 00400596 _____ () C:\Windows\PFRO.log
    2014-11-15 09:12 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-11-15 09:12 - 2009-07-14 05:51 - 00091195 _____ () C:\Windows\setupact.log
    2014-11-15 08:59 - 2012-10-01 09:11 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2014-11-13 13:59 - 2014-05-07 08:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-11-13 13:59 - 2012-09-08 13:30 - 00000000 ____D () C:\Users\Mahtab
    2014-11-13 13:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-11-13 13:58 - 2014-07-03 16:07 - 00000000 ____D () C:\Program Files (x86)\Adblocker
    2014-11-13 13:58 - 2014-01-13 13:54 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities
    2014-11-13 13:58 - 2012-05-21 10:13 - 00000000 ___RD () C:\Users\Public\Recorded TV
    2014-11-13 13:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
    2014-11-13 13:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
    2014-11-13 13:56 - 2014-07-03 16:06 - 00000000 ____D () C:\Users\Mahtab\AppData\Local\Comodo
    2014-11-13 13:56 - 2014-07-03 16:06 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
    2014-11-13 13:56 - 2014-07-03 16:06 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
    2014-11-13 13:56 - 2014-07-03 16:06 - 00000000 ____D () C:\Users\HomeGroupUser$
    2014-11-13 13:56 - 2014-07-03 16:06 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
    2014-11-13 13:56 - 2014-07-03 16:06 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
    2014-11-13 13:56 - 2014-07-03 16:06 - 00000000 ____D () C:\Users\Guest
    2014-11-13 13:56 - 2014-07-03 16:06 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
    2014-11-13 13:56 - 2014-07-03 16:06 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
    2014-11-13 13:56 - 2014-07-03 16:06 - 00000000 ____D () C:\Users\Administrator
    2014-11-13 13:56 - 2012-10-24 13:09 - 00000000 ____D () C:\Users\Mahtab\AppData\Local\Google
    2014-11-13 13:56 - 2012-05-21 00:47 - 00000000 ____D () C:\ProgramData\Temp
    2014-11-13 11:14 - 2009-07-14 03:34 - 83886080 _____ () C:\Windows\system32\config\SOFTWARE.bak
    2014-11-13 11:14 - 2009-07-14 03:34 - 19136512 _____ () C:\Windows\system32\config\SYSTEM.bak
    2014-11-13 11:14 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
    2014-11-13 11:14 - 2009-07-14 03:34 - 00057344 _____ () C:\Windows\system32\config\SAM.bak
    2014-11-13 11:14 - 2009-07-14 03:34 - 00024576 _____ () C:\Windows\system32\config\SECURITY.bak
    2014-11-13 08:34 - 2013-08-24 13:38 - 00000000 ____D () C:\Windows\system32\MRT
    2014-11-12 18:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
    2014-11-12 18:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Cursors
    2014-11-12 16:08 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\SysWOW64\winrm
    2014-11-12 16:08 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\SysWOW64\sysprep
    2014-11-12 16:08 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
    2014-11-12 16:08 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
    2014-11-12 16:08 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
    2014-11-12 16:08 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Defender
    2014-11-12 16:08 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\DVD Maker
    2014-11-12 16:08 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
    2014-11-12 16:08 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
    2014-11-12 16:08 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
    2014-11-12 16:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
    2014-11-12 16:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
    2014-11-12 16:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
    2014-11-12 16:07 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\SysWOW64\WCN
    2014-11-12 16:07 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
    2014-11-12 16:07 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\system32\winrm
    2014-11-12 16:07 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\system32\slmgr
    2014-11-12 16:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
    2014-11-12 16:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
    2014-11-12 16:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2014-11-12 16:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\com
    2014-11-12 16:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sysprep
    2014-11-12 16:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\oobe
    2014-11-12 16:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\migwiz
    2014-11-12 16:06 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\system32\WCN
    2014-11-12 16:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Setup
    2014-11-12 16:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\MUI
    2014-11-12 16:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
    2014-11-12 16:05 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
    2014-11-12 16:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\com
    2014-11-12 14:06 - 2014-07-08 14:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-11-11 12:15 - 2012-10-19 08:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    2014-11-11 12:15 - 2012-10-01 22:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-11-11 10:35 - 2013-03-01 15:34 - 00000000 ____D () C:\Users\Mahtab\AppData\Local\CrashDumps
    2014-11-10 16:45 - 2011-08-31 19:05 - 00000000 ___HD () C:\HP
    2014-11-09 23:37 - 2012-09-10 13:56 - 00000000 ____D () C:\Users\Mahtab\AppData\Local\Adobe
    2014-11-08 13:48 - 2013-05-23 10:22 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\BitTorrent
    2014-11-08 13:48 - 2011-10-23 15:31 - 00000000 ____D () C:\ProgramData\Skype
    2014-11-06 20:50 - 2012-12-18 23:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
    2014-11-06 20:49 - 2013-02-20 05:35 - 00000000 ____D () C:\ProgramData\Rockwell Automation
    2014-11-02 12:44 - 2014-07-03 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
    2014-11-02 12:39 - 2014-07-03 15:14 - 00000000 ____D () C:\ProgramData\boost_interprocess
    2014-11-02 12:21 - 2013-10-19 12:07 - 00000000 ____D () C:\Program Files (x86)\Omnitrans International
    2014-11-01 18:03 - 2009-07-14 06:13 - 01679012 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-10-29 18:05 - 2013-12-07 12:09 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\vlc
    2014-10-26 16:00 - 2013-12-16 12:29 - 00000000 ____D () C:\Users\Mahtab\AppData\Local\ownCloud
    2014-10-25 22:04 - 2013-11-25 14:04 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Spotify
    2014-10-25 14:13 - 2013-11-25 14:05 - 00000000 ____D () C:\Users\Mahtab\AppData\Local\Spotify
    2014-10-25 09:40 - 2013-02-18 21:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2014-10-23 13:23 - 2013-10-06 10:17 - 00000000 ____D () C:\ProgramData\Oracle
    2014-10-23 10:23 - 2013-10-06 10:14 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-10-23 10:19 - 2014-09-26 09:42 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
    2014-10-23 10:18 - 2014-09-25 17:59 - 00000000 ____D () C:\Program Files\Java
    2014-10-23 10:13 - 2014-05-05 19:25 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-10-19 12:32 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-10-19 12:30 - 2009-07-14 05:45 - 00438416 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-10-16 12:00 - 2012-12-04 11:10 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

    Some content of TEMP:
    ====================
    C:\Users\Mahtab\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Mahtab\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzlp71h.dll
    C:\Users\Mahtab\AppData\Local\Temp\install_flashplayer15x32_mssd_aaa_aih.exe
    C:\Users\Mahtab\AppData\Local\Temp\Quarantine.exe
    C:\Users\Mahtab\AppData\Local\Temp\sqlite3.dll
    C:\Users\Mahtab\AppData\Local\Temp\tmp9de66716.exe
    C:\Users\Mahtab\AppData\Local\Temp\tmpAC07.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-11-12 15:10

    ==================== End Of Log ============================
     
  20. Mahtab

    Mahtab TS Rookie Topic Starter Posts: 26

    Addition.txt
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2014
    Ran by Mahtab at 2014-11-15 10:54:03
    Running from C:\Users\Mahtab\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
    ATI Catalyst Install Manager (HKLM\...\{E686FBB0-B356-96BE-A9ED-2D8286AA0386}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
    BitTorrent (HKU\S-1-5-21-988024436-3456037487-3574863145-1001\...\BitTorrent) (Version: 7.9.2.32241 - BitTorrent Inc.)
    Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.100.82.86 - Broadcom Corporation)
    Broadcom Bluetooth Software (HKLM\...\{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}) (Version: 6.5.0.2300 - Broadcom Corporation)
    Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.5.2300 - Broadcom Corporation)
    CamStudio version 2.7 (HKLM-x32\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
    Cash And The City version 1.3.7.0 freeware (HKLM-x32\...\Cash And The City_is1) (Version: 1.3.7.0 freeware - Soft And The City)
    Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4305 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dropbox (HKU\S-1-5-21-988024436-3456037487-3574863145-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
    EndNote X6 (HKLM-x32\...\{86B3F2D6-AC2B-0016-8AE1-F2F77F781B0C}) (Version: 16.0.1.6599 - Thomson Reuters)
    ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
    Eyes Relax (HKLM-x32\...\{9C890D28-9671-4DC2-B017-D5327B9062C8}) (Version: 0.87.4548 - mech)
    FactoryTalk Activation Manager 3.30 (CPR 9 SR 3) (HKLM-x32\...\{89766D3B-F4FA-45B2-87F0-4C0FEB0AFE00}) (Version: 3.30.00.0148 - Rockwell Automation, Inc.)
    Glary Utilities 2.44.0.1450 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.44.0.1450 - Glarysoft Ltd)
    Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    HP 3D DriveGuard (HKLM\...\{D683B960-F688-48E8-9425-AECA724A3FA6}) (Version: 4.1.9.1 - Hewlett-Packard Company)
    HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
    HP Documentation (HKLM-x32\...\{4D5D18BA-FF9C-40DA-A3B9-661D76EC0FB1}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP Launch Box (HKLM\...\{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}) (Version: 1.0.12 - Hewlett-Packard Company)
    HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
    HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
    HP Quick Launch (HKLM-x32\...\{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}) (Version: 2.5.2 - Hewlett-Packard Company)
    HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
    HP Security Assistant (HKLM\...\{0576788F-2993-455F-80CD-980114095103}) (Version: 1.0.11 - Hewlett-Packard)
    HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15109.3899 - Hewlett-Packard Company)
    HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
    HP Software Framework (HKLM-x32\...\{DBFD2AA1-B1F5-4891-894E-F3E03B390922}) (Version: 4.5.1.1 - Hewlett-Packard Company)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6351.0 - IDT)
    Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
    Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
    MPC-HC 1.7.1 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.1.0 - MPC-HC Team)
    MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
    ownCloud (HKLM-x32\...\ownCloud) (Version: 1.6.3.3721 - ownCloud)
    Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
    PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 9.0 - PlotSoft LLC)
    Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
    ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - )
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
    Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
    Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.13.201409122125 - Sony Mobile Communications AB)
    Sony PC Companion 2.10.226 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.226 - Sony)
    Spotify (HKU\S-1-5-21-988024436-3456037487-3574863145-1001\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.12.1 - Synaptics Incorporated)
    TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Vensim Professional (HKLM-x32\...\Vensim Professional) (Version: - )
    VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
    Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-988024436-3456037487-3574863145-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mahtab\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-988024436-3456037487-3574863145-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-988024436-3456037487-3574863145-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-988024436-3456037487-3574863145-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-988024436-3456037487-3574863145-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-988024436-3456037487-3574863145-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-988024436-3456037487-3574863145-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-988024436-3456037487-3574863145-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-988024436-3456037487-3574863145-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mahtab\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    04-11-2014 10:50:14 Windows Update
    06-11-2014 19:34:53 Removed Arena 13.90.00000 .
    07-11-2014 21:08:12 Windows Update
    11-11-2014 09:34:46 Windows Update
    12-11-2014 14:17:03 Language Pack Removal
    12-11-2014 14:48:20 RestorePoint-12112014
    12-11-2014 17:14:20 Malwarebytes Anti-Rootkit Restore Point
    12-11-2014 17:56:59 Windows Update
    13-11-2014 12:48:01 Restore Operation
    13-11-2014 13:08:01 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 03:34 - 2014-11-06 11:40 - 00001497 _RASH C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    146.0.75.27 www.google-analytics.com.
    146.0.75.27 google-analytics.com.
    146.0.75.27 connect.facebook.net.
    107.181.187.40 www.google-analytics.com.
    107.181.187.40 google-analytics.com.
    107.181.187.40 connect.facebook.net.
    85.17.81.55 www.google-analytics.com.
    85.17.81.55 google-analytics.com.
    85.17.81.55 connect.facebook.net.


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {1F0FA6D7-3FD1-477B-B459-A36DE398BA0A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
    Task: {294BCDEB-50BF-423C-BD53-20C2ED227FEC} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-07-06] (CyberLink)
    Task: {4A2975F7-EECC-4B85-95F2-D5FD3156008D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-10] (Adobe Systems Incorporated)
    Task: {5CB1F9E6-7448-4AAE-A2F5-3E493D354613} - \Security Center Update - 336887852 No Task File <==== ATTENTION
    Task: {A041603A-DB64-49D7-B784-D5BFC265C476} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2012-04-06] (Glarysoft Ltd)
    Task: {BBED204C-32DD-4A3D-B25E-FE59E6619D69} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
    Task: {C4E1AB3B-22C5-4F7B-B524-29967CBFE166} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
    Task: {F99260D6-90DE-4A59-A1F7-61C72A53916A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-09-04 14:55 - 2014-09-04 14:55 - 17392487 _____ () C:\Program Files (x86)\ownCloud\owncloud.exe
    2011-06-28 22:38 - 2011-06-28 22:38 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2011-06-17 12:42 - 2011-06-17 12:42 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2013-02-01 12:10 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
    2010-03-23 13:26 - 2010-03-23 13:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
    2010-08-20 15:22 - 2010-08-20 15:22 - 00059752 _____ () C:\Program Files (x86)\Common Files\Rockwell\FTDiagnosticsODBCENU.dll
    2014-07-17 16:23 - 2014-07-17 16:23 - 02163481 _____ () C:\Program Files (x86)\ownCloud\icui18n53.dll
    2014-07-17 16:23 - 2014-07-17 16:23 - 01287718 _____ () C:\Program Files (x86)\ownCloud\icuuc53.dll
    2014-07-17 16:23 - 2014-07-17 16:23 - 21539997 _____ () C:\Program Files (x86)\ownCloud\icudata53.dll
    2014-06-20 08:59 - 2014-06-20 08:59 - 00095268 _____ () C:\Program Files (x86)\ownCloud\libgcc_s_sjlj-1.dll
    2014-06-20 08:59 - 2014-06-20 08:59 - 00846908 _____ () C:\Program Files (x86)\ownCloud\libstdc++-6.dll
    2014-06-20 06:12 - 2014-06-20 06:12 - 00144011 _____ () C:\Program Files (x86)\ownCloud\libpcre16-0.dll
    2014-06-20 06:12 - 2014-06-20 06:12 - 00083490 _____ () C:\Program Files (x86)\ownCloud\zlib1.dll
    2014-06-20 06:13 - 2014-06-20 06:13 - 01345107 _____ () C:\Program Files (x86)\ownCloud\libGLESv2.dll
    2014-06-20 06:13 - 2014-06-20 06:13 - 00203045 _____ () C:\Program Files (x86)\ownCloud\libpng16-16.dll
    2014-09-04 14:54 - 2014-09-04 14:54 - 17134418 _____ () C:\Program Files (x86)\ownCloud\libowncloudsync.dll
    2014-09-04 14:54 - 2014-09-04 14:54 - 00777549 _____ () C:\Program Files (x86)\ownCloud\libocsync.dll
    2014-06-26 09:47 - 2014-06-26 09:47 - 00157526 _____ () C:\Program Files (x86)\ownCloud\libneon-27.dll
    2014-06-17 05:19 - 2014-06-17 05:19 - 00169101 _____ () C:\Program Files (x86)\ownCloud\libproxy.dll
    2014-06-17 05:16 - 2014-06-17 05:16 - 00041592 _____ () C:\Program Files (x86)\ownCloud\libmodman.dll
    2014-06-20 06:18 - 2014-06-20 06:18 - 01150462 _____ () C:\Program Files (x86)\ownCloud\libxml2-2.dll
    2013-09-24 06:15 - 2013-09-24 06:15 - 00566268 _____ () C:\Program Files (x86)\ownCloud\libsqlite3-0.dll
    2014-06-20 06:13 - 2014-06-20 06:13 - 00150394 _____ () C:\Program Files (x86)\ownCloud\libEGL.dll
    2014-06-20 06:14 - 2014-06-20 06:14 - 00196540 _____ () C:\Program Files (x86)\ownCloud\libjpeg-8.dll
    2014-06-20 06:22 - 2014-06-20 06:22 - 00246506 _____ () C:\Program Files (x86)\ownCloud\libwebp-4.dll
    2014-06-20 07:13 - 2014-06-20 07:13 - 00228133 _____ () C:\Program Files (x86)\ownCloud\libxslt-1.dll
    2014-06-17 06:59 - 2014-06-17 06:59 - 00059083 _____ () C:\Program Files (x86)\ownCloud\libqt5keychain.dll
    2014-07-17 17:06 - 2014-07-17 17:06 - 00637003 _____ () C:\Program Files (x86)\ownCloud\platforms\qwindows.dll
    2014-07-17 17:06 - 2014-07-17 17:06 - 00032046 _____ () C:\Program Files (x86)\ownCloud\imageformats\qgif.dll
    2014-07-17 17:06 - 2014-07-17 17:06 - 00033454 _____ () C:\Program Files (x86)\ownCloud\imageformats\qico.dll
    2014-07-17 17:06 - 2014-07-17 17:06 - 00047735 _____ () C:\Program Files (x86)\ownCloud\imageformats\qjpeg.dll
    2014-07-17 17:06 - 2014-07-17 17:06 - 00060152 _____ () C:\Program Files (x86)\ownCloud\sqldrivers\qsqlite.dll
    2014-11-15 09:15 - 2014-11-15 09:15 - 00043008 _____ () c:\users\mahtab\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzlp71h.dll
    2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Mahtab\AppData\Roaming\Dropbox\bin\libcef.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\06257176.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\06257176.sys => ""="Driver"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-988024436-3456037487-3574863145-500 - Administrator - Disabled)
    Guest (S-1-5-21-988024436-3456037487-3574863145-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-988024436-3456037487-3574863145-1002 - Limited - Enabled)
    Mahtab (S-1-5-21-988024436-3456037487-3574863145-1001 - Administrator - Enabled) => C:\Users\Mahtab

    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Cisco Systems VPN Adapter for 64-bit Windows
    Description: Cisco Systems VPN Adapter for 64-bit Windows
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Cisco Systems
    Service: CVirtA
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================
    Error: (03/07/2014 10:29:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 79 seconds with 60 seconds of active time. This session ended with a crash.

    Error: (03/07/2014 10:25:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 40636 seconds with 11220 seconds of active time. This session ended with a crash.

    Error: (12/12/2013 09:57:16 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 515 seconds with 420 seconds of active time. This session ended with a crash.

    Error: (06/13/2013 01:06:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4525 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (03/18/2013 05:17:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3126 seconds with 2460 seconds of active time. This session ended with a crash.

    Error: (03/05/2013 11:33:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3729 seconds with 1860 seconds of active time. This session ended with a crash.

    Error: (11/22/2012 09:36:25 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 972 seconds with 900 seconds of active time. This session ended with a crash.


    CodeIntegrity Errors:
    ===================================
    Date: 2014-11-13 11:10:47.959
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-11-13 11:10:47.803
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-06-18 13:43:19.719
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-06-15 16:41:16.493
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-06-15 16:40:26.547
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-06-15 16:31:05.295
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: AMD E-450 APU with Radeon(tm) HD Graphics
    Percentage of memory in use: 39%
    Total physical RAM: 3689.41 MB
    Available physical RAM: 2242.02 MB
    Total Pagefile: 7376.99 MB
    Available Pagefile: 5378.69 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:437.86 GB) (Free:349.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (Recovery) (Fixed) (Total:23.73 GB) (Free:2.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 97441560)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=437.9 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=23.7 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

    ==================== End Of Log ============================
     
  21. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  22. Mahtab

    Mahtab TS Rookie Topic Starter Posts: 26

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-11-2014
    Ran by Mahtab at 2014-11-16 10:38:48 Run:1
    Running from C:\Users\Mahtab\Desktop
    Loaded Profiles: Mahtab & (Available profiles: Mahtab)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    Toolbar: HKU\S-1-5-21-988024436-3456037487-3574863145-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    FF Plugin HKU\S-1-5-21-988024436-3456037487-3574863145-1001: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll No File
    CHR dev: Chrome dev build detected! <======= ATTENTION
    S2 FactoryTalk Activation Service; C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe [X]
    S2 FTActivationBoost; "C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe" [X]
    S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]
    2014-11-10 11:11 - 2014-11-10 14:00 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Zopomu
    2014-11-10 11:11 - 2014-11-10 14:00 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Ziiqsig
    2014-11-10 11:11 - 2014-11-10 14:00 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Xexoer
    2014-11-10 11:11 - 2014-11-10 14:00 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Enigiga
    2014-11-10 11:10 - 2014-11-10 16:10 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Wamaino
    2014-11-10 11:10 - 2014-11-10 14:00 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Quhyco
    2014-11-10 11:10 - 2014-11-10 14:00 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Azpuum
    2014-11-01 23:15 - 2014-11-02 11:17 - 00000000 ____D () C:\Users\Mahtab\AppData\Roaming\Odyrpyar
    C:\Users\Mahtab\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Mahtab\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzlp71h.dll
    C:\Users\Mahtab\AppData\Local\Temp\install_flashplayer15x32_mssd_aaa_aih.exe
    C:\Users\Mahtab\AppData\Local\Temp\Quarantine.exe
    C:\Users\Mahtab\AppData\Local\Temp\sqlite3.dll
    C:\Users\Mahtab\AppData\Local\Temp\tmp9de66716.exe
    C:\Users\Mahtab\AppData\Local\Temp\tmpAC07.exe
    Hosts:
    Task: {5CB1F9E6-7448-4AAE-A2F5-3E493D354613} - \Security Center Update - 336887852 No Task File <==== ATTENTION

    *****************

    C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
    C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    HKU\S-1-5-21-988024436-3456037487-3574863145-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
    "HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
    FF Plugin HKU\S-1-5-21-988024436-3456037487-3574863145-1001: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll No File => Error: No automatic fix found for this entry.
    CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
    FactoryTalk Activation Service => Service deleted successfully.
    FTActivationBoost => Service deleted successfully.
    HP Support Assistant Service => Service deleted successfully.
    C:\Users\Mahtab\AppData\Roaming\Zopomu => Moved successfully.
    C:\Users\Mahtab\AppData\Roaming\Ziiqsig => Moved successfully.
    C:\Users\Mahtab\AppData\Roaming\Xexoer => Moved successfully.
    C:\Users\Mahtab\AppData\Roaming\Enigiga => Moved successfully.
    C:\Users\Mahtab\AppData\Roaming\Wamaino => Moved successfully.
    C:\Users\Mahtab\AppData\Roaming\Quhyco => Moved successfully.
    C:\Users\Mahtab\AppData\Roaming\Azpuum => Moved successfully.
    C:\Users\Mahtab\AppData\Roaming\Odyrpyar => Moved successfully.
    C:\Users\Mahtab\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
    C:\Users\Mahtab\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzlp71h.dll => Moved successfully.
    C:\Users\Mahtab\AppData\Local\Temp\install_flashplayer15x32_mssd_aaa_aih.exe => Moved successfully.
    C:\Users\Mahtab\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\Mahtab\AppData\Local\Temp\sqlite3.dll => Moved successfully.
    C:\Users\Mahtab\AppData\Local\Temp\tmp9de66716.exe => Moved successfully.
    C:\Users\Mahtab\AppData\Local\Temp\tmpAC07.exe => Moved successfully.
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5CB1F9E6-7448-4AAE-A2F5-3E493D354613}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5CB1F9E6-7448-4AAE-A2F5-3E493D354613}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 336887852" => Key deleted successfully.


    The system needed a reboot.

    ==== End of Fixlog ====
     
  23. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    How is computer doing?

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Internet Explorer users - Click on this link to open ESET OnlineScan.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the [img=[url]http://www.bleepstatic.com/fhost/uploads/0/esetsmartinstaller_enu.png][/url] icon on your desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.
    • Check "Enable detection of potentially unwanted applications".
    • Click Advanced settings and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
      Do NOT checkmark "Use custom proxy settings"
    • Click the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.
     
  24. Mahtab

    Mahtab TS Rookie Topic Starter Posts: 26

    Security Check
    Results of screen317's Security Check version 0.99.90
    Windows 7 Service Pack 1 x64
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Java 8 Update 25
    Java version out of Date!
    Adobe Flash Player 15.0.0.189
    Adobe Reader XI
    Mozilla Firefox (33.1)
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbam.exe
    Malwarebytes Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````
     
  25. Mahtab

    Mahtab TS Rookie Topic Starter Posts: 26

    FSS
    Farbar Service Scanner Version: 21-07-2014
    Ran by Mahtab (administrator) on 17-11-2014 at 16:24:02
    Running from "C:\Users\Mahtab\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...