Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer apparently infected. Help needed.


  • This topic is locked This topic is locked
11 replies to this topic

#1 Souhomes

Souhomes

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 29 May 2015 - 10:54 AM

Hi! The main symptom is unusual slowness of the pc whatever I do including after ending most cpu/memory consuming processes and applications. Another alarming symptom that added to this in the course of my various attempts to try and fix the problem was the failure to run a virus scan in safe mode with the "no endpoint found" message (strange enough, the scan runs normally in full mode and reveals no infection). I am using Avast free antivirus, Comodo firewall and regularly ran Spybot S&D and Malwarebyte scans. Itried all the three of them in safe mode. I ran antivirus scan from bootable media (I had to use Bitdefender; Avast did not work with unresponsive mouse/keyboard). I also ran several scans with AdwCleaner. Two items drew my attention as being suspect: a Google Chrome extension whose name is a long series of consonants and a registry entry saying "proxy override". I  performed the cleaning checking all entries, but both kept popping up after every scan. Attached are my first and latest AdwCleaner logs as well as the FRST logs. Your help would be most appreciated.

 

Attached Files



BC AdBot (Login to Remove)

 


#2 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:53 AM

Posted 30 May 2015 - 06:57 PM

Hello Souhomes,

Welcome to Bleeping Computer! :welcome:

My name is Cody and I'll be helping you clean up your computer. :)

I will reply to your posts as soon as possible -- typically within 24 hours. In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.

Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.

==========================================================================

Some points for you to keep in mind:
  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. 
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.
==========================================================================

Let's see a fresh FRST log. Please remember to post all logs directly to the thread (not as attachments) unless specifically asked. :)

Farbar Recovery Scan Tool (FRST) With Addition.txt
  • Launch FRST.
  • Check the Addition.txt radio button.
  • Click the Scan button.
  • A new FRST.txt log and Addition.txt log will be produced. Include the contents of this log in your next post.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#3 Souhomes

Souhomes
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 31 May 2015 - 03:48 AM

Hi Cody! Thank you very much for your availability to help me and thanks to all of your in this fantastic site. You are doing a great job.

All your points are well taken and I'll do my best to follow them scrupulously.

I haven't done any further attempt since posting here.

Now, here are the logs as requested:

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by Mohsen (administrator) on AS-SAHIB on 31-05-2015 10:09:07
Running from Z:\Baramij\Anti-viruses & firewalls
Loaded Profiles: Mohsen (Available Profiles: Mohsen)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
() C:\Program Files\Synergy\synergyd.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2launcher.exe
(Farbar) \\192.168.0.11\home\Baramij\Anti-viruses & firewalls\Farbar Recovery Scan Tool 64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1426136 2015-04-21] (COMODO)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-05-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-05-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13876952 2015-05-17] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-05-22] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-792543359-1632790942-562346129-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3903056 2015-05-20] (Tonec Inc.)
HKU\S-1-5-21-792543359-1632790942-562346129-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-05-08] (Siber Systems)
HKU\S-1-5-21-792543359-1632790942-562346129-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-02-16] (Piriform Ltd)
HKU\S-1-5-21-792543359-1632790942-562346129-1000\...\Policies\Explorer: [NoInstrumentation] 0
Startup: C:\Users\Mohsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2013-01-08]
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Mohsen\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Mohsen\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Mohsen\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-01] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-08-07] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-08-07] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-08-07] (Acronis)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Mohsen\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Mohsen\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Mohsen\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
BootExecute: autocheck autochk * auto_reactivate \\?\Volume{870ace9b-d8b8-11e1-8925-806e6f6e6963}\bootwiz\asrm.binPartizan

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-792543359-1632790942-562346129-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-792543359-1632790942-562346129-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-792543359-1632790942-562346129-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-792543359-1632790942-562346129-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://sony.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-792543359-1632790942-562346129-1000 -> {74AD9B93-E984-447D-86BE-0E5B3EF78029} URL = http://www.google.com/search?hl=en&q={searchTerms}&rlz=1I7NNVC_enAT495
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-05-08] (Siber Systems Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-01] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)
BHO-x32: No Name -> {609D670F-B735-4da7-AC6D-F3BD358E325E} ->  No File
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-05-08] (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-22] (Oracle Corporation)
BHO-x32: IEExtension.VDownloaderBHO -> {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} -> C:\windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-06-15] (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-01] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-22] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-05-08] (Siber Systems Inc.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-05-08] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
Toolbar: HKU\S-1-5-21-792543359-1632790942-562346129-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)
Toolbar: HKU\S-1-5-21-792543359-1632790942-562346129-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-05-08] (Siber Systems Inc.)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Mohsen\AppData\Roaming\Mozilla\Firefox\Profiles\aktbxvfg.default-1397459738848
FF SearchEngineOrder.3: Bing
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-16] ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\windows\system32\npDeployJava1.dll [2012-08-31] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-07-30] (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-22] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-07-30] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-03-26] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-06-26] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-06-26] (NVIDIA Corporation)
FF Plugin-x32: @siber.com/RoboForm -> C:\Program Files (x86)\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll [2015-05-08] (Siber Systems Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2010-12-10] (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-792543359-1632790942-562346129-1000: vitzo.com/VDownloader -> C:\Program Files\VDownloader\Addons\npVDownloader.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Extension: British English Dictionary - C:\Users\Mohsen\AppData\Roaming\Mozilla\Firefox\Profiles\aktbxvfg.default-1397459738848\Extensions\en-GB@dictionaries.addons.mozilla.org [2015-03-31]
FF Extension: British English Dictionary (Updated) - C:\Users\Mohsen\AppData\Roaming\Mozilla\Firefox\Profiles\aktbxvfg.default-1397459738848\Extensions\en-gb@flyingtophat.co.uk [2015-01-06]
FF Extension: Dictionnaires français - C:\Users\Mohsen\AppData\Roaming\Mozilla\Firefox\Profiles\aktbxvfg.default-1397459738848\Extensions\fr-dicollecte@dictionaries.addons.mozilla.org [2015-03-01]
FF Extension: Italian dictionary - C:\Users\Mohsen\AppData\Roaming\Mozilla\Firefox\Profiles\aktbxvfg.default-1397459738848\Extensions\it-IT@dictionaries.addons.mozilla.org [2014-11-07]
FF Extension: English (GB) Language Pack - C:\Users\Mohsen\AppData\Roaming\Mozilla\Firefox\Profiles\aktbxvfg.default-1397459738848\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2014-05-04]
FF Extension: Google Translator for Firefox - C:\Users\Mohsen\AppData\Roaming\Mozilla\Firefox\Profiles\aktbxvfg.default-1397459738848\Extensions\translator@zoli.bod.xpi [2014-05-06]
FF HKLM\...\Firefox\Extensions: [support@vdownloader.com] - C:\Program Files\VDownloader\Addons\FireFox
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-06-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-01]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013-09-10]
FF HKU\S-1-5-21-792543359-1632790942-562346129-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Mohsen\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Mohsen\AppData\Roaming\IDM\idmmzcc5 [2015-05-21]
FF HKU\S-1-5-21-792543359-1632790942-562346129-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF HKU\S-1-5-21-792543359-1632790942-562346129-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Mohsen\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR Profile: C:\Users\Mohsen\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [eoccbpoodnckjdnackiffhjfkogfhnhh] - C:\Program Files\VDownloader\Addons\Chrome.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-06-15] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [91296 2011-06-15] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-01] (Avast Software s.r.o.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5540424 2015-04-21] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265816 2015-04-21] (COMODO)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-02-22] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2013-02-22] (Creative Labs) [File not signed]
S3 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
S3 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [61064 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 GsServer; C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe [5701848 2012-11-30] ()
S3 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23176 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-05-17] (Malwarebytes Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
S3 NVPDFSignService; C:\Program Files (x86)\neeviaPDF.com\PDFtoolbox\comObj\PDFsignCOM.exe [765824 2011-02-16] (Neevia Technology)
S3 NVPDFStampService; C:\Program Files (x86)\neeviaPDF.com\PDFtoolbox\comObj\PDFstampCOM.exe [723848 2011-02-16] (Neevia Technology)
R2 OS Selector; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2139536 2010-05-25] ()
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 Synergy; C:\Program Files\Synergy\synergyd.exe [304832 2015-04-21] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-03-28] (TeamViewer GmbH)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2014-02-25] ()
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [139352 2013-07-31] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [139352 2013-07-31] (SlySoft, Inc.)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-01] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-01] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-01] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-01] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20696 2015-04-01] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [797280 2015-04-01] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2015-04-01] (COMODO)
S3 epmntdrv; C:\windows\system32\epmntdrv.sys [17480 2012-12-21] () [File not signed]
S3 epmntdrv; C:\windows\SysWOW64\epmntdrv.sys [14920 2012-12-21] () [File not signed]
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [57480 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [51336 2011-12-22] () [File not signed]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [19592 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [189576 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [9800 2012-12-21] () [File not signed]
S3 EuGdiDrv; C:\windows\SysWOW64\EuGdiDrv.sys [9160 2012-12-21] () [File not signed]
S3 FsUsbExDisk; C:\windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] () [File not signed]
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2015-04-01] (COMODO)
S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1558656 2010-07-14] (Creative Technology Ltd.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-05-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-05-17] (Malwarebytes Corporation)
R3 NWVoltron; C:\Windows\System32\DRIVERS\NWVoltron.sys [28920 2013-02-04] ()
R3 NWWakeFilterV; C:\Windows\System32\DRIVERS\NWWakeFilterV.sys [16632 2013-02-04] (n/a)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [35816 2015-01-06] (Greatis Software)
R2 risdsnpe; C:\Windows\system32\drivers\risdsnxc64.sys [98816 2011-06-02] (REDC)
S3 Rockusb; C:\Windows\System32\DRIVERS\rockusb.sys [66704 2013-09-09] (Fuzhou Rockchip Electronics Co,Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-07-29] (Duplex Secure Ltd.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-06-19] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2014-06-19] (Acronis)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2015-02-28] (Microsoft Corporation)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-06-19] (Acronis International GmbH)
R3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2011-11-17] (Wondershare)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-29 17:36 - 2015-05-31 10:09 - 00000000 ____D () C:\FRST
2015-05-29 09:47 - 2015-05-29 09:47 - 00001790 _____ () C:\windows\SysWOW64\PARTIZAN.TXT
2015-05-29 09:41 - 2015-05-29 09:41 - 00040208 _____ (Greatis Software) C:\windows\system32\Partizan.exe
2015-05-29 01:30 - 2015-05-29 01:30 - 00113528 _____ () C:\Users\Mohsen\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-29 01:17 - 2015-05-30 17:29 - 00000168 _____ () C:\windows\setupact.log
2015-05-29 01:17 - 2015-05-29 01:18 - 00423432 _____ () C:\windows\system32\FNTCACHE.DAT
2015-05-29 01:17 - 2015-05-29 01:17 - 00000330 _____ () C:\windows\PFRO.log
2015-05-29 01:17 - 2015-05-29 01:17 - 00000000 _____ () C:\windows\setuperr.log
2015-05-22 17:04 - 2015-05-30 21:23 - 00000000 ____D () C:\Users\Mohsen\www.apowersoft.com
2015-05-22 16:59 - 2015-05-22 16:56 - 00097888 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-05-22 13:38 - 2015-05-22 13:38 - 00003156 _____ () C:\windows\System32\Tasks\{D70035B9-4D55-4FC7-BF8B-DF1A82631317}
2015-05-22 13:35 - 2015-05-22 13:35 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-22 13:35 - 2015-05-22 13:35 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-22 13:34 - 2015-05-22 13:33 - 00561248 _____ (Oracle Corporation) C:\Users\Mohsen\Downloads\jxpiinstall.exe
2015-05-22 13:31 - 2015-05-22 13:32 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-05-22 13:31 - 2015-05-22 13:31 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-05-22 13:31 - 2015-05-22 13:31 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe
2015-05-22 13:31 - 2015-05-22 13:31 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-05-22 13:31 - 2015-05-22 13:31 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-05-22 13:31 - 2015-05-22 13:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-05-22 13:31 - 2015-05-22 13:31 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-05-22 13:31 - 2015-05-22 13:31 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe
2015-05-22 13:31 - 2015-05-22 13:31 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe
2015-05-22 13:31 - 2015-05-22 13:31 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-05-22 13:31 - 2015-05-22 13:31 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-05-22 13:31 - 2015-05-22 13:31 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-05-22 13:31 - 2015-05-22 13:31 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe
2015-05-22 13:31 - 2015-05-22 13:31 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-22 13:31 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-05-22 13:31 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-05-22 13:31 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-05-22 13:31 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-05-22 13:31 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-05-22 13:31 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-05-22 13:31 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-05-22 13:31 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-05-22 13:31 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-05-22 13:31 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-05-22 13:31 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-05-22 13:31 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-05-22 13:31 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-05-22 13:31 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-05-22 13:31 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-05-22 13:31 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-05-22 13:31 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-05-22 13:31 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-05-22 13:31 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-05-22 13:31 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-05-22 13:31 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-05-22 13:31 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-05-22 13:31 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-05-22 13:31 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-05-22 13:31 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
2015-05-22 13:31 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-05-22 13:31 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-05-22 13:30 - 2015-05-22 13:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-05-22 13:30 - 2015-05-22 13:30 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-05-22 13:30 - 2015-05-22 13:30 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-05-22 13:30 - 2015-05-22 13:30 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-05-22 13:30 - 2015-05-22 13:30 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-05-22 13:21 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys
2015-05-22 10:39 - 2015-05-01 19:26 - 00364472 _____ (Avast Software s.r.o.) C:\windows\system32\aswBoot.exe
2015-05-21 20:50 - 2015-05-29 11:02 - 00000000 ____D () C:\AdwCleaner
2015-05-20 15:57 - 2015-05-20 14:55 - 00197616 _____ (Tonec Inc.) C:\windows\system32\Drivers\idmwfp.sys
2015-05-20 11:00 - 2015-05-20 11:00 - 24971776 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 19691008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 14401536 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 12828672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 06025728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 02352128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-05-20 11:00 - 2015-05-20 11:00 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-05-20 11:00 - 2015-05-20 11:00 - 01882112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-05-20 11:00 - 2015-05-20 11:00 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00664576 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-05-20 11:00 - 2015-05-20 11:00 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-05-20 11:00 - 2015-05-20 11:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-05-20 11:00 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-05-20 11:00 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-05-20 11:00 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-05-20 11:00 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-05-20 11:00 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-05-20 11:00 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-05-20 11:00 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-05-20 11:00 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-05-20 11:00 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-05-20 11:00 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-05-20 11:00 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-05-20 11:00 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-05-20 11:00 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-05-20 11:00 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-05-20 11:00 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-05-20 10:59 - 2015-05-20 10:59 - 03204608 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-05-20 10:59 - 2015-05-20 10:59 - 02311168 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
2015-05-20 10:59 - 2015-05-20 10:59 - 01647104 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-05-20 10:59 - 2015-05-20 10:59 - 01250816 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-05-20 10:59 - 2015-05-20 10:59 - 01179136 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-05-20 10:59 - 2015-05-20 10:59 - 00342016 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-05-20 10:59 - 2015-05-20 10:59 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-05-20 10:59 - 2015-05-20 10:59 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2015-05-20 10:59 - 2015-05-20 10:59 - 00123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2015-05-20 10:59 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-05-20 10:59 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-05-20 10:59 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-05-20 10:52 - 2015-05-20 10:52 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-05-20 10:52 - 2015-05-20 10:52 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-05-20 10:52 - 2015-05-20 10:52 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2015-05-20 10:52 - 2015-05-20 10:52 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2015-05-20 10:52 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-05-20 10:52 - 2015-03-14 05:21 - 01632768 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-05-20 10:52 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2015-05-20 10:51 - 2015-05-20 10:51 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-05-20 10:51 - 2015-05-20 10:51 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-05-20 10:51 - 2015-05-20 10:51 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-05-20 10:51 - 2015-05-20 10:51 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-05-20 10:51 - 2015-05-20 10:51 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-05-20 10:51 - 2015-05-20 10:51 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-05-20 10:51 - 2015-05-20 10:51 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2015-05-17 08:58 - 2015-05-17 09:00 - 07164176 _____ (Dolby Laboratories) C:\windows\system32\R4EEP64A.dll
2015-05-17 08:58 - 2015-05-17 09:00 - 07087448 _____ (Dolby Laboratories) C:\windows\system32\DDPP64A.dll
2015-05-17 08:58 - 2015-05-17 09:00 - 06242576 _____ (Dolby Laboratories) C:\windows\system32\DDPP64AF3.dll
2015-05-17 08:58 - 2015-05-17 09:00 - 01939800 _____ (Dolby Laboratories) C:\windows\system32\DDPD64A.dll
2015-05-17 08:58 - 2015-05-17 09:00 - 01933584 _____ (Dolby Laboratories) C:\windows\system32\DDPD64AF3.dll
2015-05-17 08:58 - 2015-05-17 09:00 - 00434960 _____ (Dolby Laboratories) C:\windows\system32\R4EED64A.dll
2015-05-17 08:58 - 2015-05-17 09:00 - 00336144 _____ (Dolby Laboratories) C:\windows\system32\DDPO64AF3.dll
2015-05-17 08:58 - 2015-05-17 09:00 - 00315736 _____ (Dolby Laboratories) C:\windows\system32\DDPO64A.dll
2015-05-17 08:58 - 2015-05-17 09:00 - 00284944 _____ (Dolby Laboratories) C:\windows\system32\DDPA64F3.dll
2015-05-17 08:58 - 2015-05-17 09:00 - 00261464 _____ (Dolby Laboratories) C:\windows\system32\DDPA64.dll
2015-05-17 08:58 - 2015-05-17 09:00 - 00141584 _____ (Dolby Laboratories) C:\windows\system32\R4EEL64A.dll
2015-05-17 08:58 - 2015-05-17 09:00 - 00124176 _____ (Dolby Laboratories) C:\windows\system32\R4EEA64A.dll
2015-05-17 08:58 - 2015-05-17 09:00 - 00075024 _____ (Dolby Laboratories) C:\windows\system32\R4EEG64A.dll
2015-05-17 08:58 - 2015-05-17 08:58 - 04467928 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RTKVHD64.sys
2015-05-17 08:58 - 2015-05-17 08:58 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkApi64.dll
2015-05-17 08:58 - 2015-05-17 08:58 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\FMAPO64.dll
2015-05-17 08:58 - 2015-05-17 08:58 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtPgEx64.dll
2015-05-17 08:58 - 2015-05-17 08:58 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RltkAPO64.dll
2015-05-17 08:58 - 2015-05-17 08:58 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTSnMg64.cpl
2015-05-17 08:58 - 2015-05-17 08:58 - 02041432 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioEQ64.dll
2015-05-17 08:58 - 2015-05-17 08:58 - 01739992 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RCoInstII64.dll
2015-05-17 08:58 - 2015-05-17 08:58 - 01316056 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTCOM64.dll
2015-05-17 08:58 - 2015-05-17 08:58 - 00947760 _____ (Sony Corporation) C:\windows\system32\SFSS_APO.dll
2015-05-17 08:58 - 2015-05-17 08:58 - 00663296 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioAPO30.dll
2015-05-17 08:58 - 2015-05-17 08:58 - 00662784 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxVolumeSDAPO.dll
2015-05-17 08:58 - 2015-05-17 08:58 - 00631000 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtDataProc64.dll
2015-05-17 08:58 - 2015-05-17 08:58 - 00560328 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTAC64.dll
2015-05-17 08:58 - 2015-05-17 08:58 - 00168816 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkCfg64.dll
2015-05-17 08:58 - 2015-05-17 08:58 - 00113576 _____ (Real Sound Lab SIA) C:\windows\system32\CONEQMSAPOGUILibrary.dll
2015-05-17 08:58 - 2015-05-05 18:11 - 02014958 _____ () C:\windows\system32\Drivers\RTAIODAT.DAT
2015-05-17 08:58 - 2015-01-19 18:10 - 72113152 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RCoRes64.dat
2015-05-17 08:58 - 2014-08-14 19:16 - 05804772 _____ () C:\windows\system32\Drivers\rtvienna.dat
2015-05-17 08:56 - 2015-05-17 08:56 - 02825944 _____ (Realtek Semiconductor Corp.) C:\windows\RtlExUpd.dll
2015-05-17 00:47 - 2015-05-17 00:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-01 19:31 - 2015-05-01 19:31 - 00000000 ____D () C:\Users\Mohsen\AppData\Roaming\AVAST Software
2015-05-01 19:30 - 2015-05-01 19:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-05-01 19:29 - 2015-05-04 15:54 - 00000000 ____D () C:\windows\System32\Tasks\AVAST Software
2015-05-01 19:27 - 2015-05-30 17:29 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2015-05-01 19:27 - 2015-05-01 19:26 - 01047320 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswSnx.sys
2015-05-01 19:27 - 2015-05-01 19:26 - 00442264 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswSP.sys
2015-05-01 19:27 - 2015-05-01 19:26 - 00272248 _____ () C:\windows\system32\Drivers\aswVmm.sys
2015-05-01 19:27 - 2015-05-01 19:26 - 00137288 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswStm.sys
2015-05-01 19:27 - 2015-05-01 19:26 - 00093528 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswRdr2.sys
2015-05-01 19:27 - 2015-05-01 19:26 - 00089944 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswMonFlt.sys
2015-05-01 19:27 - 2015-05-01 19:26 - 00065736 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2015-05-01 19:27 - 2015-05-01 19:26 - 00029168 _____ () C:\windows\system32\Drivers\aswHwid.sys
2015-05-01 19:26 - 2015-05-01 19:26 - 00043112 _____ (Avast Software s.r.o.) C:\windows\avastSS.scr
2015-05-01 19:24 - 2015-05-01 19:24 - 00000000 ____D () C:\Program Files\AVAST Software
2015-05-01 18:59 - 2015-05-01 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 10:06 - 2014-02-14 20:59 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-05-31 10:06 - 2012-09-08 23:40 - 00003930 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{D5D37CD1-AC8D-4D5E-8BD6-1DE904DAE305}
2015-05-31 10:06 - 2012-07-29 09:15 - 00001068 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-30 22:14 - 2012-07-28 15:38 - 01248464 _____ () C:\windows\WindowsUpdate.log
2015-05-30 17:44 - 2012-07-29 09:15 - 00001064 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-29 21:22 - 2009-07-14 06:45 - 00031968 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-29 21:22 - 2009-07-14 06:45 - 00031968 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-29 20:58 - 2012-07-30 11:26 - 00741134 _____ () C:\windows\system32\perfh00C.dat
2015-05-29 20:58 - 2012-07-30 11:26 - 00483616 _____ () C:\windows\system32\perfh001.dat
2015-05-29 20:58 - 2012-07-30 11:26 - 00151002 _____ () C:\windows\system32\perfc00C.dat
2015-05-29 20:58 - 2012-07-30 11:26 - 00096364 _____ () C:\windows\system32\perfc001.dat
2015-05-29 20:58 - 2012-01-11 00:29 - 00692626 _____ () C:\windows\system32\perfh007.dat
2015-05-29 20:58 - 2012-01-11 00:29 - 00150538 _____ () C:\windows\system32\perfc007.dat
2015-05-29 20:58 - 2009-07-14 07:13 - 03087176 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-29 10:03 - 2014-11-15 16:04 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-29 09:47 - 2012-01-10 15:49 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-29 09:47 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-29 09:44 - 2012-08-21 20:06 - 00000000 ____D () C:\Users\Mohsen\AppData\Roaming\DMCache
2015-05-29 09:41 - 2015-02-16 18:31 - 00000000 ____D () C:\@RestoreQuarantine
2015-05-29 01:00 - 2012-07-29 09:15 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-29 00:09 - 2013-02-23 15:50 - 00000000 ____D () C:\Users\Mohsen\AppData\Roaming\TeamViewer
2015-05-29 00:08 - 2012-12-30 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync
2015-05-29 00:08 - 2012-07-29 10:09 - 00000000 ____D () C:\Users\Mohsen\AppData\Local\CrashDumps
2015-05-28 21:40 - 2009-07-14 07:08 - 00032620 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-05-26 21:46 - 2012-09-04 23:44 - 00000000 ____D () C:\Users\Mohsen\AppData\Roaming\Mp3tag
2015-05-23 14:16 - 2012-08-29 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2015-05-23 13:49 - 2014-06-10 22:39 - 00000000 ____D () C:\Users\Mohsen\AppData\Roaming\Apowersoft
2015-05-23 13:48 - 2012-07-29 17:37 - 00000000 ____D () C:\Users\Mohsen\AppData\Roaming\Skype
2015-05-22 18:25 - 2013-11-27 13:10 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-22 17:04 - 2012-07-28 15:39 - 00000000 ____D () C:\Users\Mohsen
2015-05-22 16:56 - 2013-09-06 18:44 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-22 16:36 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2015-05-22 13:58 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\ar-SA
2015-05-22 13:58 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\ar-SA
2015-05-22 13:57 - 2015-04-22 06:34 - 00000000 ___SD () C:\windows\SysWOW64\GWX
2015-05-22 13:57 - 2015-04-22 06:34 - 00000000 ___SD () C:\windows\system32\GWX
2015-05-22 13:57 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\AdvancedInstallers
2015-05-22 09:51 - 2009-07-14 06:45 - 00000000 ____D () C:\windows\Setup
2015-05-21 19:57 - 2012-08-21 20:06 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-05-21 18:44 - 2012-08-21 20:06 - 00000000 ____D () C:\Users\Mohsen\AppData\Roaming\IDM
2015-05-21 18:37 - 2012-07-28 15:43 - 00000000 ____D () C:\Users\Mohsen\AppData\Local\Adobe
2015-05-20 11:46 - 2013-09-06 16:02 - 00000000 ____D () C:\windows\system32\MRT
2015-05-20 11:19 - 2012-07-30 11:50 - 140425016 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-05-17 09:27 - 2012-07-28 18:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-17 09:15 - 2015-03-26 08:06 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-05-17 09:13 - 2014-11-15 16:04 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-17 09:13 - 2014-11-15 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-17 09:13 - 2014-11-15 16:03 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-05-17 09:13 - 2014-11-15 16:03 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-05-17 09:13 - 2014-11-15 16:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-17 09:13 - 2012-08-18 10:51 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-05-17 09:02 - 2012-01-10 15:45 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-05-17 09:01 - 2012-01-10 15:45 - 00000000 ____D () C:\windows\SysWOW64\RTCOM
2015-05-17 08:58 - 2012-01-10 15:45 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-05-17 08:58 - 2012-01-10 15:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-15 10:06 - 2012-07-29 09:15 - 00004064 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-15 10:06 - 2012-07-29 09:15 - 00003812 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-09 19:24 - 2013-01-12 23:39 - 00000000 ____D () C:\Users\Mohsen\AppData\Roaming\vlc
2015-05-08 20:11 - 2013-09-10 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2015-05-03 13:56 - 2012-08-11 15:05 - 00000000 ____D () C:\Users\Mohsen\AppData\Roaming\Nitro PDF
2015-05-02 12:01 - 2012-01-10 17:02 - 00000000 ____D () C:\ProgramData\Skype
2015-05-01 21:05 - 2013-09-08 14:01 - 00000000 ____D () C:\Users\Mohsen\AppData\Roaming\Dropbox
2015-05-01 20:25 - 2012-08-14 00:33 - 00000354 _____ () C:\windows\Ripper.INI
2015-05-01 19:07 - 2012-07-29 09:15 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-05-01 18:59 - 2012-09-04 23:44 - 00000986 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2015-05-01 18:59 - 2012-09-04 23:44 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2015-05-01 18:37 - 2015-04-28 14:35 - 00000501 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2015-05-01 17:37 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF

==================== Files in the root of some directories =======

2013-12-20 12:30 - 2014-02-04 18:45 - 4216840 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\vcredist.exe
2012-08-11 14:34 - 2009-08-27 17:50 - 0000701 _____ () C:\Users\Mohsen\AppData\Roaming\init.dll
2012-08-11 14:34 - 2009-09-15 09:14 - 0000701 _____ () C:\Users\Mohsen\AppData\Roaming\sound.dll
2014-11-16 22:15 - 2014-11-16 22:54 - 0000600 _____ () C:\Users\Mohsen\AppData\Roaming\winscp.rnd
2014-05-04 07:21 - 2014-05-04 07:21 - 0000001 _____ () C:\Users\Mohsen\AppData\Local\llftool.4.25.agreement
2013-09-07 21:22 - 2015-04-18 23:37 - 0000600 _____ () C:\Users\Mohsen\AppData\Local\PUTTY.RND
2013-12-09 19:32 - 2013-12-10 23:30 - 0000040 ___SH () C:\ProgramData\.zreglib
2013-02-22 19:14 - 2009-11-17 16:54 - 0002844 _____ () C:\ProgramData\CfSB1240.ini
2013-02-20 20:04 - 2013-02-20 20:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-30 01:16

==================== End of log ============================

 

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by Mohsen at 2015-05-31 10:10:13
Running from Z:\Baramij\Anti-viruses & firewalls
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-792543359-1632790942-562346129-500 - Administrator - Disabled)
Gast (S-1-5-21-792543359-1632790942-562346129-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-792543359-1632790942-562346129-1048 - Limited - Enabled)
Mohsen (S-1-5-21-792543359-1632790942-562346129-1000 - Administrator - Enabled) => C:\Users\Mohsen

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29462 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acronis True Image 2014 (HKLM-x32\...\{1F91344A-B963-4431-89E8-4F80DEE282BE}Visible) (Version: 17.0.5560 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.5560 - Acronis) Hidden
Acronis Disk Director Home (HKLM-x32\...\{9CCC78EF-027E-40E0-9B61-39932C65E3FE}) (Version: 11.0.216 - Acronis)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.07 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Aiseesoft iTunes Backup Genius 2.1.2 (HKLM-x32\...\{8A0947D0-A565-4694-85FB-F47049D8CD66}_is1) (Version: 2.1.2 - Aiseesoft Studio)
Alive YouTube Video Converter (version 1.2.6.9) (HKLM-x32\...\Alive YouTube Video Converter_is1) (Version:  - AliveMedia, Inc.)
Alt.Binz 0.25.0 (HKLM-x32\...\Alt.Binz) (Version: 0.25.0 - Rdl)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Any Video Converter Professional 3.3.3 (HKLM-x32\...\Any Video Converter Professional_is1) (Version:  - Any-Video-Converter.com)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.3.5.0 - SlySoft)
Apago PDF Shrink 4.5 (HKLM-x32\...\Apago PDF Shrink) (Version: 4.5 - Apago, Inc.)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Family Paint (HKLM-x32\...\{2B2F5B94-F377-41A2-8DA8-899BC538A4E1}) (Version: 1.0.100 - ArcSoft)
ArcSoft WebCam Companion 4 (HKLM-x32\...\{B77DE05C-7C84-4011-B93F-A29D0D2840F4}) (Version: 4.0.444 - ArcSoft)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.03.00 - ASUSTeK Computer Inc.)
Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 3.0 - Atheros)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
B1 Free Archiver (HKLM-x32\...\B1FreeArchiver) (Version: 1.4.69.4546 - Catalina Group Ltd)
BackupSF version 2.7 (HKLM-x32\...\{FED16A43-758E-4D08-A5FD-6DEEBB8B19CC}_is1) (Version: 2.7 - EasySector)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.3.0.110 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre 64bit (HKLM\...\{39CE621D-C455-4054-8824-712AAAE0C60C}) (Version: 2.22.0 - Kovid Goyal)
CamStudio OSS Desktop Recorder (HKLM-x32\...\{FD9C31B6-F572-414D-81E3-89368C97A125}_is1) (Version: 2.6 Beta r294 - CamStudio Open Source Dev Team)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
COMODO Firewall (HKLM\...\{D32EF4F9-1506-434E-A813-3D4C0AA50300}) (Version: 7.0.53315.4132 - COMODO Security Solutions Inc.)
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-792543359-1632790942-562346129-1000\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.124 - Corel Inc.)
Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.02 - Creative Technology Limited)
Creative Media Toolbox 6 (Shared Components) (HKLM-x32\...\Uninstaller_B4736000_Creative Media Toolbox 6) (Version: 2.80.12 - Creative Labs)
Creative Smart Recorder (HKLM-x32\...\Smart Recorder) (Version: 2.20 - Creative Technology Limited)
Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DiskAid 6.7.6.0 (HKLM\...\DiskAid_is1) (Version: 6.7.6.0 - DigiDNA)
DRAE (HKLM-x32\...\DRAE) (Version: 1.0.0.0 - RAE)
Dropbox (HKU\S-1-5-21-792543359-1632790942-562346129-1000\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
DVDFab 9.1.1.5 (07/12/2013) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
EaseUS Partition Master 9.2.1 Professional (HKLM-x32\...\EaseUS Partition Master Professional Edition_is1) (Version:  - EaseUS)
EaseUS Todo Backup Advanced Server 4.0 (HKLM-x32\...\EaseUS Todo Backup Advanced Server 4.0_is1) (Version: 4.0.0.1 - CHENGDU YIWO Tech Development Co., Ltd)
EasyBCD 2.1.2 (HKLM-x32\...\EasyBCD) (Version: 2.1.2 - NeoSmart Technologies)
Encyclopaedia of Islam (HKLM-x32\...\{797F1B3F-DAB4-48A3-9931-761755B5FF39}) (Version: 1.0.1 - Disk@d)
Encyclopaedia Universalis 2010 (HKLM-x32\...\Encyclopaedia Universalis 2010) (Version: 2010.0.0.0 - Encyclopaedia Universalis)
Evernote v. 4.4 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.4.0.4848 - Evernote Corp.)
FileZilla Client 3.10.3 (HKU\S-1-5-21-792543359-1632790942-562346129-1000\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
Fotogaléria (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Free Video Flip and Rotate version 1.0.9.128 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 1.0.9.128 - DVDVideoSoft Ltd.)
FreeFileSync 6.15 (HKLM-x32\...\FreeFileSync_is1) (Version: 6.15 - www.FreeFileSync.org)
Galeria de Fotografias (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galerie foto (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 9.3.8.5 - Siber Systems)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hard Disk Low Level Format Tool 4.25 (HKLM-x32\...\Hard Disk Low Level Format Tool_is1) (Version:  - HDDGURU)
Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version:  - HDS)
iFunbox (v2.9.2421.748), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.9.2421.748 - )
iMazing 1.1.2.0 (HKLM\...\iMazing_is1) (Version: 1.1.2.0 - DigiDNA)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
IZArc 4.1.7 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.7 - Ivan Zahariev)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Kindle Auto eBook Converter 0.4.50 (HKLM-x32\...\Kindle Auto eBook Converter) (Version: 0.4.50 - The Messenger)
K-Lite Codec Pack 10.1.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.1.0 - )
Le Monde diplomatique (remove only) (HKLM-x32\...\diplo) (Version:  - )
Le Petit Robert 2009 (HKLM\...\PR1CD2009) (Version:  - Le Robert)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Media Gallery (Version: 1.5.0.17250 - Your Company Name) Hidden
Media Go (HKLM-x32\...\{0F895695-33CC-4203-9C47-25EF2AC9441C}) (Version: 1.7.254 - Sony)
MediaBox Editor Studio 1.10 (HKLM-x32\...\MediaBox Editor Studio_is1) (Version: 1.10 - )
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Mini-stream Ripper 3.1.3.2.2010.06.24 (HKLM-x32\...\Mini-stream Ripper_is1) (Version:  - Mini-stream Software, Inc.)
Mixxx 1.11.0 (64-bit) (HKLM-x32\...\Mixxx (1.11.0)) (Version: 1.11.0 - The Mixxx Development Team)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mp3tag v2.70 (HKLM-x32\...\Mp3tag) (Version: v2.70 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-792543359-1632790942-562346129-1000\...\MyFreeCodec) (Version:  - )
Neevia PDFtoolbox v3.4 (HKLM-x32\...\Neevia PDFtoolbox suite_is1) (Version:  - neeviaPDF.com)
Nitro Reader 3 (HKLM\...\{4436B9BD-CA66-4D69-9091-2D2EB62F09AD}) (Version: 3.5.2.10 - Nitro)
Noise Reduction Plug-in 2.0i (HKLM-x32\...\{DC35AABA-EA0A-41C1-8462-F60A201DFF9B}) (Version: 2.0.455 - Sony)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9 - )
NVIDIA 3D Vision Treiber 269.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 269.01 - NVIDIA Corporation)
NVIDIA Grafiktreiber 269.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 269.01 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.11.0621 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.0621 - NVIDIA Corporation)
PDF Rider 0.6.1 (HKLM-x32\...\{6DF94034-2D3C-4D67-ABE7-1C728399B963}_is1) (Version:  - Francesco Tonucci)
PDFTigerDriver (HKLM-x32\...\{AEM384L1-28E3-1232-1233-1JD74JDIEK32}_is1) (Version:  - )
Poczta usługi Windows Live (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Polyglot 3000 (Version 3.67) (HKLM\...\Polyglot 3000_is1) (Version:  - Likasoft)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Raccolta foto (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7503 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Remote Keyboard (x32 Version: 1.1.1.07060 - Sony Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller Pro 2.5.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.9 - VS Revo Group, Ltd.)
RoboForm 7-9-13-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-13-5 - Siber Systems)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.0.12094_27 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.0.12094_27 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14034.12 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14034.12 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden
Sony Corporation (Version: 1.0.0 - Default Company Name) Hidden
Sound Forge Pro 10.0 (HKLM-x32\...\{9660B18F-EC12-11DF-B006-0013D3D69929}) (Version: 10.0.491 - Sony)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Synergy (64-bit) (HKLM\...\{36763803-9645-457B-A6D1-E10B7F74C6FC}) (Version: 1.7.1 - The Synergy Project)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version:  - )
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.39052 - TeamViewer)
The Collins-Robert French Dictionary (HKLM\...\GRCDVD) (Version:  - Le Robert)
UBitMenu UK (HKLM-x32\...\{C8748FFB-1713-4e95-B3DF-4F1622D96F93}_is1) (Version: 01.04 - UBit Schweiz AG)
UltraISO 8.0 Premium Edition (HKLM-x32\...\UltraISO_is1) (Version:  - )
UnHackMe 7.60 release (HKLM-x32\...\UnHackMe_is1) (Version:  - Greatis Software, LLC.)
USB Sound Blaster HD (HKLM-x32\...\{3BE06146-8ADC-47D7-9AD5-E5CABF1FF90C}) (Version: 1.0 - Creative Technology Limited)
VAIO - Remote-Tastatur  (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.1.0.07060 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.7.0.05270 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.7.0.05270 - Sony Corporation) Hidden
Valokuvavalikoima (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
Vidomi (remove only) (HKLM-x32\...\Vidomi) (Version:  - )
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-792543359-1632790942-562346129-1000\...\WinDirStat) (Version:  - )
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinSCP 5.5.6 (HKLM-x32\...\winscp3_is1) (Version: 5.5.6 - Martin Prikryl)
WinX HD Video Converter Deluxe 3.12.2 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version:  - Digiarty Software,Inc.)
Wondershare iPhone Ringtone Converter(Build 1.0.3.0) (HKLM-x32\...\Wondershare iPhone Ringtone Converter_is1) (Version:  - Aimersoft Software)
Wondershare LiveBoot 2012 (Build 7.0.1) (HKLM-x32\...\Wondershare LiveBoot 2012_is1) (Version:  - Wondershare Software Co., Ltd.)
Wondershare Streaming Audio Recorder(Build 2.2.0) (HKLM-x32\...\Wondershare Streaming Audio Recorder_is1) (Version: 2.2.0.4 - Wondershare Software)
Xilisoft Video Converter Platinum (HKU\S-1-5-21-792543359-1632790942-562346129-1000\...\Xilisoft Video Converter Platinum) (Version: 7.0.1.1221 - Xilisoft)
Συλλογή φωτογραφιών (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Основи Windows Live (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 16.4.3522.0110 - Корпорация Майкрософт) Hidden
Фотоальбом (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Фотогалерия (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Фотографии (общедоступная версия) (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Фотоколекція (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-792543359-1632790942-562346129-1000_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1EECE05E-9468-D082-0870-9DEF85889A47} No File
CustomCLSID: HKU\S-1-5-21-792543359-1632790942-562346129-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-792543359-1632790942-562346129-1000_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {5CDF5358-9468-D082-0EC3-AEAD85889A47} No File
CustomCLSID: HKU\S-1-5-21-792543359-1632790942-562346129-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-792543359-1632790942-562346129-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-792543359-1632790942-562346129-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-792543359-1632790942-562346129-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-792543359-1632790942-562346129-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-792543359-1632790942-562346129-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-792543359-1632790942-562346129-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-792543359-1632790942-562346129-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-792543359-1632790942-562346129-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

08-05-2015 20:02:33 Windows Update
15-05-2015 04:03:21 Windows Update
17-05-2015 08:57:09 Installé Realtek High Definition Audio Driver
18-05-2015 06:53:26 Windows Update
20-05-2015 11:01:07 Windows Update
22-05-2015 13:32:28 Windows Update
23-05-2015 13:58:05 Revo Uninstaller Pro's restore point - Streaming Audio Recorder version 3.4.5
29-05-2015 00:58:01 Revo Uninstaller Pro's restore point - Google Chrome

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-11-07 17:09 - 2015-05-29 09:35 - 00450843 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1248A0AF-874D-40FC-B6BD-7B46A75E8EAE} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-04-21] (COMODO)
Task: {1C662CC4-2203-4841-8503-742D28711B3E} - System32\Tasks\{D2C91FD2-D8CA-46EF-84AA-BC58B97BF3E5} => C:\Users\Mohsen\Downloads\dreamView\dreamview.exe
Task: {2138CCCD-06ED-4633-9085-4CEE51B8C5F6} - System32\Tasks\{80140962-71BD-4219-B124-873D1F6A6133} => pcalua.exe -a "F:\TorrentDownloads\Acronis True Image Home 2014 17 Build 5560+BootCD [ChingLiu]\Activation\ActivationAcronisTIH.exe" -d "F:\TorrentDownloads\Acronis True Image Home 2014 17 Build 5560+BootCD [ChingLiu]\Activation"
Task: {25FDDE4F-1D90-4CC9-9ACF-D046EF816592} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-05-08] (Siber Systems)
Task: {2667420E-405F-45C6-A948-467541EB2960} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-04-21] (COMODO)
Task: {2CDAB879-1B10-4D59-AEFB-801AF005DE07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-07] (Google Inc.)
Task: {414B21F3-03B6-4114-B893-6155E3CC710B} - System32\Tasks\{55856A47-884C-4854-BB42-0CDF86DBA4A3} => C:\Program Files (x86)\iPhoneBrowser\iPhoneBrowser.exe
Task: {4C4C3FF9-D7CD-40B9-8985-27F808170D10} - System32\Tasks\{AA941C94-07E2-482C-B208-4E1F966B60E1} => pcalua.exe -a "D:\Dropbox\Applications\WinDirStat 1.1.2.exe" -d C:\Users\Mohsen\AppData\Roaming\IDM
Task: {5491F5D2-8084-4222-90AC-7F333A5968E7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {55ED3A19-9DA4-4534-B2D8-C3C9762C12CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-07] (Google Inc.)
Task: {5E9DD194-5A73-4874-B37A-B674D01384DF} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-04-14] ()
Task: {5EB45C22-507D-473C-978D-F94FBB7388BE} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2011-05-31] (Sony Corporation)
Task: {5F9AC347-C190-4D0D-A73F-5C384DFDE378} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-04-21] (COMODO)
Task: {6272053C-784C-43DB-AB74-0D561A3B2E4B} - System32\Tasks\{7DAE5C44-04A9-41BA-BD1D-65CC57F34760} => pcalua.exe -a T:\SETUP.EXE -d T:\
Task: {6619B3EB-933F-482C-A883-959CFC98B73C} - System32\Tasks\{FDB5D51C-1C3E-4D06-98A5-E6D519B0A437} => pcalua.exe -a "C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiInstall.exe" -d "C:\Program Files (x86)\ASUS\ASUS Ai Charger"
Task: {6E1CBE60-C06E-4000-9733-138C43F08A60} - System32\Tasks\AnVir Task Manager => C:\Program Files (x86)\AnVir Task Manager Free\anvir.exe
Task: {752C5EFA-EF73-463E-AAD1-FD99A4F4C286} - System32\Tasks\{5813C45D-82F9-42B5-8D2B-7F7353414331} => pcalua.exe -a "C:\Program Files (x86)\Acronis\TrueImageHome\ActivationAcronisTIH.exe" -d "C:\Program Files (x86)\Acronis\TrueImageHome"
Task: {7B7D4A8F-67FF-43AC-B620-834F431B5DD0} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMHMOJNMGMLJIMNMMJCNMJLJJMMMCNLMOMPMMJCNNJGMMMGMCNMJMMNMPMJJHMIMNMKJNJLMHMJNJICMIMCNIMCNHMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMOMCNNMJNPICMLMFMMJBJKJLIMJFMPMJNHICMMJBJKJLIMJJNBJCMCLAJHJMIKJBJJNKJCMJNNICMJNDJCMKJBJ"
Task: {7EE6AD05-01A5-43E9-8429-133D318EA6DE} - System32\Tasks\{9E781022-6308-4DDA-93BA-E382E7C1A683} => pcalua.exe -a T:\DJiNNiSO\install-EU2010-1.exe -d T:\DJiNNiSO
Task: {92CA7E0D-99B4-4CF7-A984-F4F658A3072D} - System32\Tasks\{6296BCCA-2779-4973-B570-2A6F605C7B5A} => pcalua.exe -a "C:\Program Files (x86)\Xilisoft\DVD Creator 6\Uninstall.exe"
Task: {9A2A66E5-0E91-4D16-8E1B-C65B489E6A8C} - System32\Tasks\CSBScheBoost => C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe
Task: {A2FF207A-8B9D-4FCE-979B-34509EFC47B7} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2015-01-03] (Greatis Software)
Task: {A6A201D0-53CA-4DB1-B35F-470696B979BB} - System32\Tasks\{98A39004-3618-49D9-882F-573364EAA840} => pcalua.exe -a T:\instalador\Win\DRAE.exe -d T:\instalador\Win
Task: {AA3C86D4-3ED0-4D2F-8DAA-8378C22BD840} - System32\Tasks\{D70035B9-4D55-4FC7-BF8B-DF1A82631317} => pcalua.exe -a C:\Users\Mohsen\Downloads\jxpiinstall.exe -d C:\Users\Mohsen\AppData\Roaming\IDM
Task: {B511AA21-747B-4B99-8A6F-4FFE812F7D21} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-01] (Avast Software s.r.o.)
Task: {C534284D-A1DD-4724-8CF7-84D666EAD207} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2011-05-31] (Sony Corporation)
Task: {C615EBFE-B949-4468-A3C6-117554809C81} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-22] (Microsoft Corporation)
Task: {CBC7D822-5863-404B-9F9A-9B5EB35F8CB1} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2011-05-31] (Sony Corporation)
Task: {E4658EEB-969F-430C-88F4-2464046E37FC} - System32\Tasks\{6CFFC458-9A67-499C-8381-B3FB740A6EE7} => pcalua.exe -a "C:\Program Files (x86)\ASUS\ASUS Ai Charger\InsCharger.exe" -d "C:\Program Files (x86)\ASUS\ASUS Ai Charger"
Task: {E4E1727D-8B15-4877-9D48-7822FA741681} - System32\Tasks\{34CCFC9B-576C-420F-A2EA-08BE633B1A54} => pcalua.exe -a "F:\Ai Charger_V1.03.00\Setup.exe" -d "F:\Ai Charger_V1.03.00"
Task: {E685CBE9-AD8E-4C2E-A02E-F782F32A74A4} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {EA6D5ED1-84FD-4C3B-A3DE-735EF563B5F6} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16] (Adobe Systems Incorporated)
Task: {F19B4E08-B52B-4C98-90AB-E5F7DE198037} - System32\Tasks\{DDCD7CB4-912F-41FB-94DD-23EBD5D62E2D} => C:\Users\Mohsen\Downloads\dreamView\dreamview.exe
Task: {F65BE291-B96E-4B80-A1AB-66848DFAC5C5} - System32\Tasks\{F6C8F188-005A-43F0-B52B-7931E3AEBF81} => pcalua.exe -a "C:\Program Files (x86)\DigiDNA\iMazing\iMazing.exe" -d "C:\Program Files (x86)\DigiDNA\iMazing"
Task: {F998D5AF-F8D2-44F5-9A20-59086EDF55B6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {FC21EBCF-AE61-4ECB-8F1D-D3310BD61F5F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-16] (Piriform Ltd)
Task: {FCDA3EAB-A15D-40F6-A2F1-D8DFF6CC0146} - System32\Tasks\{D11C9117-40C9-4F2B-961F-4D39DEF73B5C} => pcalua.exe -a D:\Dropbox\Applications\Install_CopyTrans_Suite.exe -d D:\Dropbox\Applications
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2012-07-30 17:15 - 2009-11-05 08:40 - 00085504 _____ () C:\windows\System32\cpwmon64.dll
2014-03-26 13:28 - 2011-03-01 00:37 - 00095008 _____ () C:\windows\System32\Primomonnt.dll
2015-04-21 19:08 - 2015-04-21 19:08 - 00304832 _____ () C:\Program Files\Synergy\synergyd.exe
2014-02-25 03:28 - 2014-02-25 03:28 - 00248736 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2010-05-25 20:53 - 2010-05-25 20:53 - 02139536 _____ () C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
2014-05-01 16:13 - 2014-05-01 16:13 - 00470016 _____ () C:\Users\Mohsen\AppData\Local\MEGAsync\ShellExtX64.dll
2015-03-29 12:25 - 2015-03-29 12:25 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-02-09 02:56 - 2011-02-09 02:56 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
2012-08-08 16:09 - 2012-07-20 14:39 - 02469888 _____ () C:\Program Files (x86)\IZArc\IZArcCM64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\windows\avastSS.scr:$CmdTcID
AlternateDataStreams: C:\windows\grep.exe:$CmdTcID
AlternateDataStreams: C:\windows\MBR.exe:$CmdTcID
AlternateDataStreams: C:\windows\NIRCMD.exe:$CmdTcID
AlternateDataStreams: C:\windows\PEV.exe:$CmdTcID
AlternateDataStreams: C:\windows\RtlExUpd.dll:$CmdTcID
AlternateDataStreams: C:\windows\sed.exe:$CmdTcID
AlternateDataStreams: C:\windows\SWREG.exe:$CmdTcID
AlternateDataStreams: C:\windows\SWSC.exe:$CmdTcID
AlternateDataStreams: C:\windows\SWXCACLS.exe:$CmdTcID
AlternateDataStreams: C:\windows\zip.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\aeinv.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\aelupsvc.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\aepdu.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\aepic.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\AERTAC64.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\aitstatic.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\appraiser.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\aswBoot.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\clfs.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\CONEQMSAPOGUILibrary.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\csrsrv.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\DDPA64.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\DDPA64F3.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\DDPD64A.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\DDPD64AF3.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\DDPO64A.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\DDPO64AF3.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\DDPP64A.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\DDPP64AF3.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\devinv.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\dns-sd.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\evr.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\FMAPO64.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\GEARAspi64.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\generaltel.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\ieetwcollectorres.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\windows\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\invagent.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\lpk.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\MaxxAudioAPO30.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\MaxxAudioEQ64.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\MaxxVolumeSDAPO.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\mf.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\mfps.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\msctf.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\msmmsp.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\msscp.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\MsSpellCheckingFacility.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\pcadm.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\pcaevts.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\pcalua.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\pcasvc.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\pcawrk.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\perftrack.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\quartz.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\R4EEA64A.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\R4EED64A.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\R4EEG64A.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\R4EEL64A.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\R4EEP64A.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\RCoInstII64.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\rdpcorets.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\RdpGroupPolicyExtension.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\rdpudd.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\relog.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\RltkAPO64.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\RTCOM64.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\RtDataProc64.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\RtkApi64.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\RtkCfg64.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\RtPgEx64.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\RTSnMg64.cpl:$CmdTcID
AlternateDataStreams: C:\windows\system32\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\setbcdlocale.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\SFSS_APO.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\smss.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\tzres.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\ubpm.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\usbaaplrc.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\wdi.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\winload.efi:$CmdTcID
AlternateDataStreams: C:\windows\system32\winload.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\winresume.efi:$CmdTcID
AlternateDataStreams: C:\windows\system32\winresume.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\wmp.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\windows\system32\wow64cpu.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\wow64win.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\wu.upgrade.ps.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\charmap.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\dns-sd.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\evr.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\GEARAspi.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\ieui.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\instnm.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\logman.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\lpk.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\mf.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\mfps.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\msctf.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\msrating.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\msscp.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\quartz.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\relog.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\sechost.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\setup16.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\tzres.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\ubpm.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\user.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\wdi.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\wmp.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\wow32.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\appid.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\aswHwid.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\aswMonFlt.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\aswRdr2.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\aswRvrt.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\aswSnx.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\aswSP.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\aswStm.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\aswVmm.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\cng.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\GEARAspiWDM.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\http.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\PEAuth.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\rndismp6.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\RTKVHD64.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\ssudbus.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\ssudmdm.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\tap0901.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\usb80236.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\usbaapl64.sys:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\Drivers\UnHackMeDrv.sys:$CmdTcID
AlternateDataStreams: C:\Users\Mohsen\Downloads\Ibrāhīm al-Qabbānī- Khāyef aqūl w-ahki.mp3:$CmdZnID
AlternateDataStreams: C:\Users\Mohsen\Downloads\jxpiinstall.exe:$CmdTcID
AlternateDataStreams: C:\Users\Mohsen\Downloads\Kayef aqul w ahki.mp3:$CmdZnID

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7867 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-792543359-1632790942-562346129-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: Creative SB Monitoring Utility => RunDll32 sbavmon.dll,SBAVMonitor
MSCONFIG\startupreg: EaseUs Tray => "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"
MSCONFIG\startupreg: EaseUs Watch => "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"
MSCONFIG\startupreg: GRC V2 Hyperappel => C:\Program Files\Le Robert\The Collins-Robert French Dictionary\GRCHA.exe
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: Le Petit Robert V3 Hyperappel => C:\Program Files\Le Robert\Le Petit Robert 2009\RobertHA.exe
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
MSCONFIG\startupreg: SpywareTerminatorUpdater => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
MSCONFIG\startupreg: VolPanel => "C:\Program Files (x86)\Creative\USB Sound Blaster HD\Volume Panel\VolPanlu.exe" /r

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E6B5132C-0DF0-4D44-8CA4-C2D4289B9B50}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{90825073-EF01-4D45-8125-C8DB53EAA4F0}] => (Allow) C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe
FirewallRules: [{892AF3C4-66B4-44A7-AE75-AAD4076AE48A}] => (Allow) C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe
FirewallRules: [TCP Query User{DA27E649-3C51-4C4B-8B4A-4D54EDFE79B0}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{73F342F2-A46B-41C2-BFF6-DD95A02E3159}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{600675F9-0F61-49B8-9235-468286DABA92}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C48A5D72-CA11-4DEB-82DC-4E96E96979F4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{97E9F38B-C619-42F1-8657-6B8915303D01}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{8857CC12-5D17-4CB2-A25D-C5CB010E35B6}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{FDBCF7EB-D5B1-4EDE-AD3A-BF050C6340FF}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{BB90C149-F1B6-43F3-B8E7-B0AA495D5DF0}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{370A32C3-75C4-414C-80B4-366FD20B7447}] => (Allow) C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
FirewallRules: [{96997454-DD43-4168-A45E-A73ED725BB14}] => (Allow) C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
FirewallRules: [{F1BCC925-FFFC-4D18-8667-676EAD23B34C}] => (Allow) C:\Program Files\Siber Systems\GoodSync\GsExplorer.exe
FirewallRules: [{650DF3A7-8CC2-44F4-B1CC-E759F994FCEC}] => (Allow) C:\Program Files\Siber Systems\GoodSync\GsExplorer.exe
FirewallRules: [{CA846B07-F509-4805-AF93-E6C7C58AFC88}] => (Allow) C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
FirewallRules: [{33C6DB45-14C8-423D-BEC0-020A800849ED}] => (Allow) C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
FirewallRules: [{94E99E8F-AE30-4A4A-B6BD-EDF8AC7C1E81}] => (Allow) LPort=33333
FirewallRules: [{D6CD80AF-9194-49E3-9BDB-4C6DDDE324C4}] => (Allow) LPort=33338
FirewallRules: [{9B4845D7-6D10-44DC-8624-26D35319FA79}] => (Allow) C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{678C7AD5-572E-4102-BC50-BFD2E0120B9E}] => (Allow) C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{C9C8ADF9-380A-4CDA-873C-C18690891361}C:\users\mohsen\appdata\roaming\wuala\wuala.exe] => (Allow) C:\users\mohsen\appdata\roaming\wuala\wuala.exe
FirewallRules: [UDP Query User{0A4134B7-7DB0-40FE-B8A7-91A944E7FA76}C:\users\mohsen\appdata\roaming\wuala\wuala.exe] => (Allow) C:\users\mohsen\appdata\roaming\wuala\wuala.exe
FirewallRules: [{2FEA4999-D213-4173-A3C9-D9130434FE6D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{56BF891D-9E42-446E-A994-0B7DB904BED7}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{8BA3F2A3-F5C9-474E-B810-82A9C4C44E2D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{D161C5BC-A845-49FE-8513-A0D8FA1D9F05}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{5FDFA7D5-A7C3-48D9-A9AD-9EDCE6B16F2A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{54755A5E-7B61-4369-8887-3F935C3DF10D}] => (Allow) LPort=2869
FirewallRules: [{4DA5A449-B89D-4B07-8DE7-109B63E30357}] => (Allow) LPort=1900
FirewallRules: [{BADE4F84-4D7A-4CBF-B569-E7A643FA1A67}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{30977297-C0AA-4E77-855C-FA773E50FD10}] => (Allow) C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe
FirewallRules: [{44617DC7-123B-408E-8AA1-E7BADE1BC07D}] => (Allow) C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe
FirewallRules: [{1F19D1B1-3BDB-400F-8CB4-513395FC8F57}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{B202126F-2097-4CD9-9D5E-FC5F155BACC3}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{AE010EB4-42C9-49EF-A32D-266D3DD3687F}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe
FirewallRules: [{D4A50036-5F70-4318-84CE-4DF5A001462D}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe
FirewallRules: [{58BC009E-19FE-4FB3-AD66-0CE3A5564268}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D523D156-7195-4D97-B3F2-FF5E905608A0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{16190593-2295-4F40-A5BC-0055104BBA62}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2B063EBD-B4B3-4CCF-A500-4C7DDE82246B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AEF308A0-60A7-4CD4-8DBB-75AB04E0F567}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{50CD372D-1889-4F7C-A3BE-5DCC1DAE1E96}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{813426BA-59A4-4BD7-BDDA-380197D45C08}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{0D0CD3C0-0F1D-4F97-B66A-FCFD7C13A195}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{91D07AE5-08F8-4EAE-8295-F733C04C9FE0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{237D9A55-A05D-460B-9217-4F2E654AC4C2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D743879C-1FD9-449A-9E58-B5600AA527B7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2272F2AB-7FDE-41C4-86EE-FEA770BF8404}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{08DC5E99-D894-4E9F-AA20-524AF93B8C38}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{ED1BA53A-5FDD-4A1F-9965-5E069E3075E5}] => (Allow) C:\Program Files\Synergy\synergys.exe
FirewallRules: [{4F17D29A-407C-4E9D-8492-7D609C16BE3D}] => (Allow) LPort=30564
FirewallRules: [{C86264AE-8304-46AF-92EC-3E67EAB88D69}] => (Allow) LPort=30565
FirewallRules: [{0699C0C6-F247-4FDE-AF00-A7D23D6371CA}] => (Allow) LPort=30567
FirewallRules: [{4C6C4838-E9AA-4580-9F94-D0F6100F4ADD}] => (Allow) LPort=30569
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: NVIDIA High Definition Audio
Description: NVIDIA High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: NVHDA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: NVIDIA High Definition Audio
Description: NVIDIA High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: NVHDA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: NVIDIA High Definition Audio
Description: NVIDIA High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: NVHDA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/30/2015 11:11:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3073

Error: (05/30/2015 11:11:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3073

Error: (05/30/2015 11:11:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/30/2015 11:11:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2059

Error: (05/30/2015 11:11:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2059

Error: (05/30/2015 11:11:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/30/2015 11:11:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1060

Error: (05/30/2015 11:11:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1060

Error: (05/30/2015 11:11:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/30/2015 05:29:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 53066642


System errors:
=============
Error: (05/29/2015 08:57:29 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.

Error: (05/29/2015 08:56:59 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service.

Error: (05/29/2015 01:14:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The UsbClientService service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 200 milliseconds: Restart the service.

Error: (05/29/2015 01:14:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service Google Update (gupdate) service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/29/2015 01:14:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 7 time(s).

Error: (05/29/2015 01:14:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (05/29/2015 01:14:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/29/2015 01:14:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The IviRegMgr service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/29/2015 01:14:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/29/2015 01:14:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.


Microsoft Office:
=========================
Error: (05/30/2015 11:11:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3073

Error: (05/30/2015 11:11:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3073

Error: (05/30/2015 11:11:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/30/2015 11:11:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2059

Error: (05/30/2015 11:11:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2059

Error: (05/30/2015 11:11:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/30/2015 11:11:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1060

Error: (05/30/2015 11:11:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1060

Error: (05/30/2015 11:11:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/30/2015 05:29:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 53066642


CodeIntegrity Errors:
===================================
  Date: 2013-12-21 00:15:33.804
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-21 00:15:33.694
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-21 00:15:33.583
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-21 00:15:33.473
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-21 00:10:12.766
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-21 00:10:12.653
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-21 00:10:12.532
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-21 00:10:12.416
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-07 21:50:49.303
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-07 21:50:49.191
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 56%
Total physical RAM: 4077.23 MB
Available physical RAM: 1782.09 MB
Total Pagefile: 8152.68 MB
Available Pagefile: 4877.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Al-bayt) (Fixed) (Total:160.11 GB) (Free:18.39 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Khizana) (Fixed) (Total:90.07 GB) (Free:27.5 GB) NTFS
Drive e: (Backups) (Fixed) (Total:140.34 GB) (Free:140.08 GB) NTFS
Drive f: (Multimedia) (Fixed) (Total:240.06 GB) (Free:117.15 GB) NTFS
Drive g: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive z: (home) (Network) (Total:1250 GB) (Free:200.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 7E2B66BD)
Partition 1: (Not Active) - (Size=18.7 GB) - (Type=27)
Partition 2: (Not Active) - (Size=100 MB) - (Type=27)
Partition 3: (Active) - (Size=160.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=519.8 GB) - (Type=OF Extended)

==================== End of log ============================



#4 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:53 AM

Posted 01 June 2015 - 09:51 PM

Hello Souhomes,

Thank you very much for your availability to help me and thanks to all of your in this fantastic site. You are doing a great job. All your points are well taken and I'll do my best to follow them scrupulously. I haven't done any further attempt since posting here.

You're very welcome! We all enjoy the work we do here and are happy to help. Thank you for reading over my introductory post and taking note of things.
 
Now let's get down to business to figure out why your computer is acting slowly.  :)
 
========================================================

goGMWSt.gif P2P Warning

I see you have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent). I advise you avoid P2P file sharing programs; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infested with malware - wormsbackdoor TrojansIRCBots, and rootkits propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install malware. The best way to reduce the risk of infection is to avoid these types of web sites and P2P programs. Please read the following articles for more information.

Your P2P software can be removed by following the instructions below.

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the aforementioned program(s), right-click and click Uninstall. Follow the prompts.

If you choose not to, please refrain from using the program(s) during this process.

========================================================

Note: Before performing the following FRST Fix, you need to move FRST.exe from it's current location on your computer (Z:\Baramij\Anti-viruses & firewalls) to your Desktop.

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-792543359-1632790942-562346129-1000\...\Policies\Explorer: [NoInstrumentation] 0
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-792543359-1632790942-562346129-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

========================================================

After that has finished, let's get a fresh FRST log.

Farbar Recovery Scan Tool (FRST)

  • Launch FRST.
  • Click the Scan button.
  • A new FRST.txt log will be produced. Include the contents of this log in your next post.

========================================================

Lastly, you mentioned you tried various tasks in Safe Mode.

While in Safe Mode was your computer's performance still slow? Please enter Safe Mode and test it again as well.

Please also let me know the current condition while in Windows normally.

Let me know about this in your next post.

========================================================

What I'd like to see in your next post:   :thumbsup2:

  • Acknowledgement of dangers associated with P2P software.
  • Fixlist.txt.
  • FRST.txt.
  • Computer performance while in Safe Mode.
  • Computer performance while in Windows normally.

Edited by TheShooter93, 01 June 2015 - 09:52 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#5 Souhomes

Souhomes
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 02 June 2015 - 01:08 PM

 


========================================================

What I'd like to see in your next post:   :thumbsup2:

  • Acknowledgement of dangers associated with P2P software.
  • Fixlist.txt.
  • FRST.txt.
  • Computer performance while in Safe Mode.
  • Computer performance while in Windows normally.

 

Hello again!

With regard to the P2P issue, I was of course aware of the risk but it was a calculated one as I used it on a very occasional basis with automatic start up disabled and no constant running in the background even though I knew it was unfair to the other people who share their stuff with the purpose to minimising the risk of infection. The last time I used it dates back to several weeks if not several months ago. In all cases, I followed your suggestion and uninstalled uTorrent.

As for the situation of the pc in general, before posting here, I had performed those various scans and fixes with AdwCleaner, Malwarebytes...etc as already reported. The computer semmed to be more or less working in a normal way, at least no longer slow. However there remained a couple of issues. First of all, every new scan with AdwCleaner reavealed the recurrence of the registry value saying "proxy override" as well the return of some mysterious Chrome extension which name consisted in a very long sequence of consonants. By the way, I cleared internet cache and history and uninstalled Chrome even before posting here pending your advice especially that I have browser synchornisation active with othe pcs and devices and I wasn't sure in case ther was something wrong with my extension the infection wouldn't propagate to/from the other devices. There was also a problem with my audio and ethernet drivers that didn't seem to work correctly and wouldn't update when using the automatic update function including search in the internet; but I don't know whether it is related to the potential infection. Finally, there was the issue of Avast scan not working in safe mode.

Now, as I said above, I unistalled the P2P software, run the fix script with FRST, restarted the pc and run a fresh scan. Below are the fix log and FRST scan log.

I don't have Google Chrome installed and I didn't attempt an AdwCleaner scan, so I can't tell you whether that couple of suspect items is still there. Let me know if I can reinstall Chrome and whether I need run AdwCleaner again!

The driver problem if of any relevance is still there.

And I tried an Avast quick scan in safe mode and received the usual message that says: "Unable to start scan. There are no more endpoints available from the endpoint mapper."

 

Here are the logs:

 

Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by Mohsen at 2015-06-02 07:52:34 Run:1
Running from D:\Users\Mohsen\Desktop
Loaded Profiles: Mohsen (Available Profiles: Mohsen)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-792543359-1632790942-562346129-1000\...\Policies\Explorer: [NoInstrumentation] 0
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-792543359-1632790942-562346129-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
*****************

HKU\S-1-5-21-792543359-1632790942-562346129-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoInstrumentation => value Removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully
"HKU\S-1-5-21-792543359-1632790942-562346129-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully

==== End of Fixlog 07:52:36 ====

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by Mohsen (administrator) on AS-SAHIB on 02-06-2015 08:56:01
Running from D:\Users\Mohsen\Desktop
Loaded Profiles: Mohsen (Available Profiles: Mohsen)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Greatis Software) C:\Program Files (x86)\UnHackMe\hackmon.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
() C:\Program Files\Synergy\synergyd.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
() C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) D:\Users\Mohsen\Desktop\Farbar Recovery Scan Tool 64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1426136 2015-04-21] (COMODO)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-05-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-05-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13876952 2015-05-17] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-05-22] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-792543359-1632790942-562346129-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3903056 2015-05-20] (Tonec Inc.)
HKU\S-1-5-21-792543359-1632790942-562346129-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-05-08] (Siber Systems)
HKU\S-1-5-21-792543359-1632790942-562346129-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-02-16] (Piriform Ltd)
Startup: C:\Users\Mohsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2013-01-08]
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Mohsen\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Mohsen\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Mohsen\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-01] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-08-07] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-08-07] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-08-07] (Acronis)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mohsen\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Mohsen\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Mohsen\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Mohsen\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
BootExecute: autocheck autochk * auto_reactivate \\?\Volume{870ace9b-d8b8-11e1-8925-806e6f6e6963}\bootwiz\asrm.binPartizan

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-792543359-1632790942-562346129-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-792543359-1632790942-562346129-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-792543359-1632790942-562346129-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://sony.msn.com
SearchScopes: HKU\S-1-5-21-792543359-1632790942-562346129-1000 -> {74AD9B93-E984-447D-86BE-0E5B3EF78029} URL = http://www.google.com/search?hl=en&q={searchTerms}&rlz=1I7NNVC_enAT495
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-05-08] (Siber Systems Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-01] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)
BHO-x32: No Name -> {609D670F-B735-4da7-AC6D-F3BD358E325E} ->  No File
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-05-08] (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-22] (Oracle Corporation)
BHO-x32: IEExtension.VDownloaderBHO -> {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} -> C:\windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-06-15] (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-01] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-22] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-05-08] (Siber Systems Inc.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-05-08] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
Toolbar: HKU\S-1-5-21-792543359-1632790942-562346129-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)
Toolbar: HKU\S-1-5-21-792543359-1632790942-562346129-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-05-08] (Siber Systems Inc.)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Mohsen\AppData\Roaming\Mozilla\Firefox\Profiles\aktbxvfg.default-1397459738848
FF SearchEngineOrder.3: Bing
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-16] ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\windows\system32\npDeployJava1.dll [2012-08-31] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-07-30] (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-22] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-07-30] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-03-26] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-06-26] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-06-26] (NVIDIA Corporation)
FF Plugin-x32: @siber.com/RoboForm -> C:\Program Files (x86)\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll [2015-05-08] (Siber Systems Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2010-12-10] (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-792543359-1632790942-562346129-1000: vitzo.com/VDownloader -> C:\Program Files\VDownloader\Addons\npVDownloader.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Extension: British English Dictionary - C:\Users\Mohsen\AppData\Roaming\Mozilla\Firefox\Profiles\aktbxvfg.default-1397459738848\Extensions\en-GB@dictionaries.addons.mozilla.org [2015-03-31]
FF Extension: British English Dictionary (Updated) - C:\Users\Mohsen\AppData\Roaming\Mozilla\Firefox\Profiles\aktbxvfg.default-1397459738848\Extensions\en-gb@flyingtophat.co.uk [2015-01-06]
FF Extension: Dictionnaires français - C:\Users\Mohsen\AppData\Roaming\Mozilla\Firefox\Profiles\aktbxvfg.default-1397459738848\Extensions\fr-dicollecte@dictionaries.addons.mozilla.org [2015-03-01]
FF Extension: Italian dictionary - C:\Users\Mohsen\AppData\Roaming\Mozilla\Firefox\Profiles\aktbxvfg.default-1397459738848\Extensions\it-IT@dictionaries.addons.mozilla.org [2014-11-07]
FF Extension: English (GB) Language Pack - C:\Users\Mohsen\AppData\Roaming\Mozilla\Firefox\Profiles\aktbxvfg.default-1397459738848\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2014-05-04]
FF Extension: Google Translator for Firefox - C:\Users\Mohsen\AppData\Roaming\Mozilla\Firefox\Profiles\aktbxvfg.default-1397459738848\Extensions\translator@zoli.bod.xpi [2014-05-06]
FF HKLM\...\Firefox\Extensions: [support@vdownloader.com] - C:\Program Files\VDownloader\Addons\FireFox
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-06-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-01]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013-09-10]
FF HKU\S-1-5-21-792543359-1632790942-562346129-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Mohsen\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Mohsen\AppData\Roaming\IDM\idmmzcc5 [2015-05-21]
FF HKU\S-1-5-21-792543359-1632790942-562346129-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF HKU\S-1-5-21-792543359-1632790942-562346129-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Mohsen\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR Profile: C:\Users\Mohsen\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [eoccbpoodnckjdnackiffhjfkogfhnhh] - C:\Program Files\VDownloader\Addons\Chrome.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-06-15] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [91296 2011-06-15] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-01] (Avast Software s.r.o.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5540424 2015-04-21] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265816 2015-04-21] (COMODO)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-02-22] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2013-02-22] (Creative Labs) [File not signed]
S3 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
S3 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [61064 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 GsServer; C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe [5701848 2012-11-30] ()
S3 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23176 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-05-17] (Malwarebytes Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
S3 NVPDFSignService; C:\Program Files (x86)\neeviaPDF.com\PDFtoolbox\comObj\PDFsignCOM.exe [765824 2011-02-16] (Neevia Technology)
S3 NVPDFStampService; C:\Program Files (x86)\neeviaPDF.com\PDFtoolbox\comObj\PDFstampCOM.exe [723848 2011-02-16] (Neevia Technology)
R2 OS Selector; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2139536 2010-05-25] ()
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 Synergy; C:\Program Files\Synergy\synergyd.exe [304832 2015-04-21] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-03-28] (TeamViewer GmbH)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2014-02-25] ()
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [139352 2013-07-31] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [139352 2013-07-31] (SlySoft, Inc.)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-01] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-01] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-01] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-01] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20696 2015-04-01] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [797280 2015-04-01] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2015-04-01] (COMODO)
S3 epmntdrv; C:\windows\system32\epmntdrv.sys [17480 2012-12-21] () [File not signed]
S3 epmntdrv; C:\windows\SysWOW64\epmntdrv.sys [14920 2012-12-21] () [File not signed]
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [57480 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [51336 2011-12-22] () [File not signed]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [19592 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [189576 2011-12-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [9800 2012-12-21] () [File not signed]
S3 EuGdiDrv; C:\windows\SysWOW64\EuGdiDrv.sys [9160 2012-12-21] () [File not signed]
S3 FsUsbExDisk; C:\windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] () [File not signed]
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2015-04-01] (COMODO)
S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1558656 2010-07-14] (Creative Technology Ltd.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-05-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-05-17] (Malwarebytes Corporation)
R3 NWVoltron; C:\Windows\System32\DRIVERS\NWVoltron.sys [28920 2013-02-04] ()
R3 NWWakeFilterV; C:\Windows\System32\DRIVERS\NWWakeFilterV.sys [16632 2013-02-04] (n/a)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [35816 2015-01-06] (Greatis Software)
R2 risdsnpe; C:\Windows\system32\drivers\risdsnxc64.sys [98816 2011-06-02] (REDC)
S3 Rockusb; C:\Windows\System32\DRIVERS\rockusb.sys [66704 2013-09-09] (Fuzhou Rockchip Electronics Co,Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-07-29] (Duplex Secure Ltd.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-06-19] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2014-06-19] (Acronis)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2015-02-28] (Microsoft Corporation)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-06-19] (Acronis International GmbH)
R3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2011-11-17] (Wondershare)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-01 19:17 - 2015-06-01 19:17 - 00000000 ____D () C:\Users\Mohsen\AppData\Local\GWX
2015-05-29 17:36 - 2015-06-02 08:56 - 00000000 ____D () C:\FRST
2015-05-29 09:47 - 2015-06-02 08:48 - 00000246 _____ () C:\windows\SysWOW64\PARTIZAN.TXT
2015-05-29 09:41 - 2015-05-29 09:41 - 00040208 _____ (Greatis Software) C:\windows\system32\Partizan.exe
2015-05-29 01:30 - 2015-05-29 01:30 - 00113528 _____ () C:\Users\Mohsen\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-29 01:17 - 2015-06-02 08:48 - 00000224 _____ () C:\windows\setupact.log
2015-05-29 01:17 - 2015-05-29 01:18 - 00423432 _____ () C:\windows\system32\FNTCACHE.DAT
2015-05-29 01:17 - 2015-05-29 01:17 - 00000330 _____ () C:\windows\PFRO.log
2015-05-29 01:17 - 2015-05-29 01:17 - 00000000 _____ () C:\windows\setuperr.log
2015-05-22 17:04 - 2015-06-01 20:19 - 00000000 ____D () C:\Users\Mohsen\www.apowersoft.com
2015-05-22 16:59 - 2015-05-22 16:56 - 00097888 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-05-22 13:38 - 2015-05-22 13:38 - 00003156 _____ () C:\windows\System32\Tasks\{D70035B9-4D55-4FC7-BF8B-DF1A82631317}
2015-05-22 13:35 - 2015-05-22 13:35 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-22 13:35 - 2015-05-22 13:35 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-22 13:34 - 2015-05-22 13:33 - 00561248 _____ (Oracle Corporation) C:\Users\Mohsen\Downloads\jxpiinstall.exe
2015-05-22 13:31 - 2015-05-22 13:32 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-05-22 13:31 - 2015-05-22 13:31 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-05-22 13:31 - 2015-05-22 13:31 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe
2015-05-22 13:31 - 2015-05-22 13:31 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-05-22 13:31 - 2015-05-22 13:31 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-05-22 13:31 - 2015-05-22 13:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-05-22 13:31 - 2015-05-22 13:31 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-05-22 13:31 - 2015-05-22 13:31 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe
2015-05-22 13:31 - 2015-05-22 13:31 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe
2015-05-22 13:31 - 2015-05-22 13:31 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-05-22 13:31 - 2015-05-22 13:31 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-05-22 13:31 - 2015-05-22 13:31 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-05-22 13:31 - 2015-05-22 13:31 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe
2015-05-22 13:31 - 2015-05-22 13:31 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-22 13:31 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-22 13:31 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-05-22 13:31 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-05-22 13:31 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-05-22 13:31 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-05-22 13:31 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-05-22 13:31 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-05-22 13:31 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-05-22 13:31 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-05-22 13:31 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-05-22 13:31 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-05-22 13:31 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-05-22 13:31 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-05-22 13:31 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-05-22 13:31 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-05-22 13:31 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-05-22 13:31 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-05-22 13:31 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-05-22 13:31 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-05-22 13:31 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-05-22 13:31 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-05-22 13:31 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-05-22 13:31 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-05-22 13:31 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-05-22 13:31 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-05-22 13:31 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
2015-05-22 13:31 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-05-22 13:31 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-05-22 13:30 - 2015-05-22 13:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-22 13:30 - 2015-05-22 13:31 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-05-22 13:30 - 2015-05-22 13:30 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-05-22 13:30 - 2015-05-22 13:30 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-05-22 13:30 - 2015-05-22 13:30 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-05-22 13:30 - 2015-05-22 13:30 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-05-22 13:21 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys
2015-05-22 10:39 - 2015-05-01 19:26 - 00364472 _____ (Avast Software s.r.o.) C:\windows\system32\aswBoot.exe
2015-05-21 20:50 - 2015-05-29 11:02 - 00000000 ____D () C:\AdwCleaner
2015-05-20 15:57 - 2015-05-20 14:55 - 00197616 _____ (Tonec Inc.) C:\windows\system32\Drivers\idmwfp.sys
2015-05-20 11:00 - 2015-05-20 11:00 - 24971776 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 19691008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 14401536 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 12828672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 06025728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 02352128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-05-20 11:00 - 2015-05-20 11:00 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-05-20 11:00 - 2015-05-20 11:00 - 01882112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-05-20 11:00 - 2015-05-20 11:00 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00664576 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-05-20 11:00 - 2015-05-20 11:00 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-05-20 11:00 - 2015-05-20 11:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-05-20 11:00 - 2015-05-20 11:00 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-05-20 11:00 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-05-20 11:00 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-05-20 11:00 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-05-20 11:00 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-05-20 11:00 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-05-20 11:00 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-05-20 11:00 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-05-20 11:00 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-05-20 11:00 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-05-20 11:00 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-05-20 11:00 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-05-20 11:00 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-05-20 11:00 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-05-20 11:00 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-05-20 11:00 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-05-20 10:59 - 2015-05-20 10:59 - 03204608 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-05-20 10:59 - 2015-05-20 10:59 - 02311168 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
2015-05-20 10:59 - 2015-05-20 10:59 - 01647104 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-05-20 10:59 - 2015-05-20 10:59 - 01250816 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-05-20 10:59 - 2015-05-20 10:59 - 01179136 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-05-20 10:59 - 2015-05-20 10:59 - 00342016 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-05-20 10:59 - 2015-05-20 10:59 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-05-20 10:59 - 2015-05-20 10:59 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2015-05-20 10:59 - 2015-05-20 10:59 - 00123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2015-05-20 10:59 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-05-20 10:59 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-05-20 10:59 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-05-20 10:52 - 2015-05-20 10:52 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-05-20 10:52 - 2015-05-20 10:52 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-05-20 10:52 - 2015-05-20 10:52 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2015-05-20 10:52 - 2015-05-20 10:52 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2015-05-20 10:52 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-05-20 10:52 - 2015-03-14 05:21 - 01632768 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-05-20 10:52 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2015-05-20 10:51 - 2015-05-20 10:51 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-05-20 10:51 - 2015-05-20 10:51 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-05-20 10:51 - 2015-05-20 10:51 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-05-20 10:51 - 2015-05-20 10:51 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-05-20 10:51 - 2015-05-20 10:51 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-05-20 10:51 - 2015-05-20 10:51 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-05-20 10:51 - 2015-05-20 10:51 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2015-05-17 08:58 - 2015-05-17 09:00 - 07164176 _____ (Dolby Laboratories) C:\windows\system32\R4EEP64A.dll
2015-05-17 08:58 - 2015-05-17 09:00 - 07087448 _____ (Dolby Laboratories) C:\windows\system32\DDPP64A.dll
2015-05-17 08:58 - 2015-05-17 09:00 - 06242576 _____ (Dolby Laboratories) C:\windows\system32\DDPP64AF3.dll
2015-05-17 08:58 - 2015-05-17 09:00 - 01939800 _____ (Dolby Laboratories) C:\windows\system32\DDPD64A.dll
2015-05-17 08:58 - 2015-05-17 09:00 - 01933584 _____ (Dolby Laboratories) C:\windows\system32\DDPD64AF3.dll
2015-05-17 08:58 - 2015-05-17 09:00 - 00434960 _____ (Dolby Laboratories) C:\windows\system32\R4EED64A.dll
2015-05-17 08:58 - 2015-05-17 09:00 - 00336144 _____ (Dolby Laboratories) C:\windows\system32\DDPO64AF3.dll
2015-05-17 08:58 - 2015-05-17 09:00 - 00315736 _____ (Dolby Laboratories) C:\windows\system32\DDPO64A.dll
2015-05-17 08:58 - 2015-05-17 09:00 - 00284944 _____ (Dolby Laboratories) C:\windows\system32\DDPA64F3.dll
2015-05-17 08:58 - 2015-05-17 09:00 - 00261464 _____ (Dolby Laboratories) C:\windows\system32\DDPA64.dll
2015-05-17 08:58 - 2015-05-17 09:00 - 00141584 _____ (Dolby Laboratories) C:\windows\system32\R4EEL64A.dll
2015-05-17 08:58 - 2015-05-17 09:00 - 00124176 _____ (Dolby Laboratories) C:\windows\system32\R4EEA64A.dll
2015-05-17 08:58 - 2015-05-17 09:00 - 00075024 _____ (Dolby Laboratories) C:\windows\system32\R4EEG64A.dll
2015-05-17 08:58 - 2015-05-17 08:58 - 04467928 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RTKVHD64.sys
2015-05-17 08:58 - 2015-05-17 08:58 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkApi64.dll
2015-05-17 08:58 - 2015-05-17 08:58 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\FMAPO64.dll
2015-05-17 08:58 - 2015-05-17 08:58 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtPgEx64.dll
2015-05-17 08:58 - 2015-05-17 08:58 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RltkAPO64.dll
2015-05-17 08:58 - 2015-05-17 08:58 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTSnMg64.cpl
2015-05-17 08:58 - 2015-05-17 08:58 - 02041432 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioEQ64.dll
2015-05-17 08:58 - 2015-05-17 08:58 - 01739992 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RCoInstII64.dll
2015-05-17 08:58 - 2015-05-17 08:58 - 01316056 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTCOM64.dll
2015-05-17 08:58 - 2015-05-17 08:58 - 00947760 _____ (Sony Corporation) C:\windows\system32\SFSS_APO.dll
2015-05-17 08:58 - 2015-05-17 08:58 - 00663296 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioAPO30.dll
2015-05-17 08:58 - 2015-05-17 08:58 - 00662784 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxVolumeSDAPO.dll
2015-05-17 08:58 - 2015-05-17 08:58 - 00631000 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtDataProc64.dll
2015-05-17 08:58 - 2015-05-17 08:58 - 00560328 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTAC64.dll
2015-05-17 08:58 - 2015-05-17 08:58 - 00168816 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkCfg64.dll
2015-05-17 08:58 - 2015-05-17 08:58 - 00113576 _____ (Real Sound Lab SIA) C:\windows\system32\CONEQMSAPOGUILibrary.dll
2015-05-17 08:58 - 2015-05-05 18:11 - 02014958 _____ () C:\windows\system32\Drivers\RTAIODAT.DAT
2015-05-17 08:58 - 2015-01-19 18:10 - 72113152 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RCoRes64.dat
2015-05-17 08:58 - 2014-08-14 19:16 - 05804772 _____ () C:\windows\system32\Drivers\rtvienna.dat
2015-05-17 08:56 - 2015-05-17 08:56 - 02825944 _____ (Realtek Semiconductor Corp.) C:\windows\RtlExUpd.dll
2015-05-17 00:47 - 2015-05-17 00:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-02 08:54 - 2012-07-28 15:38 - 01306869 _____ () C:\windows\WindowsUpdate.log
2015-06-02 08:50 - 2012-07-29 09:15 - 00001064 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-02 08:49 - 2012-01-10 15:49 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-06-02 08:49 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-06-02 08:40 - 2012-08-21 20:06 - 00000000 ____D () C:\Users\Mohsen\AppData\Roaming\DMCache
2015-06-02 08:25 - 2014-02-14 20:59 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-06-02 08:11 - 2012-07-29 09:15 - 00001068 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-01 19:54 - 2012-09-08 23:40 - 00003930 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{D5D37CD1-AC8D-4D5E-8BD6-1DE904DAE305}
2015-06-01 19:22 - 2009-07-14 06:45 - 00031968 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-01 19:22 - 2009-07-14 06:45 - 00031968 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-01 13:03 - 2015-05-01 19:27 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2015-05-31 22:50 - 2012-07-29 10:09 - 00000000 ____D () C:\Users\Mohsen\AppData\Local\CrashDumps
2015-05-31 22:44 - 2012-08-11 15:05 - 00000000 ____D () C:\Users\Mohsen\AppData\Roaming\Nitro PDF
2015-05-29 20:58 - 2012-07-30 11:26 - 00741134 _____ () C:\windows\system32\perfh00C.dat
2015-05-29 20:58 - 2012-07-30 11:26 - 00483616 _____ () C:\windows\system32\perfh001.dat
2015-05-29 20:58 - 2012-07-30 11:26 - 00151002 _____ () C:\windows\system32\perfc00C.dat
2015-05-29 20:58 - 2012-07-30 11:26 - 00096364 _____ () C:\windows\system32\perfc001.dat
2015-05-29 20:58 - 2012-01-11 00:29 - 00692626 _____ () C:\windows\system32\perfh007.dat
2015-05-29 20:58 - 2012-01-11 00:29 - 00150538 _____ () C:\windows\system32\perfc007.dat
2015-05-29 20:58 - 2009-07-14 07:13 - 03087176 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-29 10:03 - 2014-11-15 16:04 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-29 09:41 - 2015-02-16 18:31 - 00000000 ____D () C:\@RestoreQuarantine
2015-05-29 01:00 - 2012-07-29 09:15 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-29 00:09 - 2013-02-23 15:50 - 00000000 ____D () C:\Users\Mohsen\AppData\Roaming\TeamViewer
2015-05-29 00:08 - 2012-12-30 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync
2015-05-28 21:40 - 2009-07-14 07:08 - 00032620 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-05-26 21:46 - 2012-09-04 23:44 - 00000000 ____D () C:\Users\Mohsen\AppData\Roaming\Mp3tag
2015-05-23 14:16 - 2012-08-29 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2015-05-23 13:49 - 2014-06-10 22:39 - 00000000 ____D () C:\Users\Mohsen\AppData\Roaming\Apowersoft
2015-05-23 13:48 - 2012-07-29 17:37 - 00000000 ____D () C:\Users\Mohsen\AppData\Roaming\Skype
2015-05-22 18:25 - 2013-11-27 13:10 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-22 17:04 - 2012-07-28 15:39 - 00000000 ____D () C:\Users\Mohsen
2015-05-22 16:56 - 2013-09-06 18:44 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-22 16:36 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2015-05-22 13:58 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\ar-SA
2015-05-22 13:58 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\ar-SA
2015-05-22 13:57 - 2015-04-22 06:34 - 00000000 ___SD () C:\windows\SysWOW64\GWX
2015-05-22 13:57 - 2015-04-22 06:34 - 00000000 ___SD () C:\windows\system32\GWX
2015-05-22 13:57 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\AdvancedInstallers
2015-05-22 09:51 - 2009-07-14 06:45 - 00000000 ____D () C:\windows\Setup
2015-05-21 19:57 - 2012-08-21 20:06 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-05-21 18:44 - 2012-08-21 20:06 - 00000000 ____D () C:\Users\Mohsen\AppData\Roaming\IDM
2015-05-21 18:37 - 2012-07-28 15:43 - 00000000 ____D () C:\Users\Mohsen\AppData\Local\Adobe
2015-05-20 11:46 - 2013-09-06 16:02 - 00000000 ____D () C:\windows\system32\MRT
2015-05-20 11:19 - 2012-07-30 11:50 - 140425016 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-05-17 09:27 - 2012-07-28 18:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-17 09:15 - 2015-03-26 08:06 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-05-17 09:13 - 2014-11-15 16:04 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-17 09:13 - 2014-11-15 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-17 09:13 - 2014-11-15 16:03 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-05-17 09:13 - 2014-11-15 16:03 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-05-17 09:13 - 2014-11-15 16:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-17 09:13 - 2012-08-18 10:51 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-05-17 09:02 - 2012-01-10 15:45 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-05-17 09:01 - 2012-01-10 15:45 - 00000000 ____D () C:\windows\SysWOW64\RTCOM
2015-05-17 08:58 - 2012-01-10 15:45 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-05-17 08:58 - 2012-01-10 15:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-15 10:06 - 2012-07-29 09:15 - 00004064 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-15 10:06 - 2012-07-29 09:15 - 00003812 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-09 19:24 - 2013-01-12 23:39 - 00000000 ____D () C:\Users\Mohsen\AppData\Roaming\vlc
2015-05-08 20:11 - 2013-09-10 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2015-05-04 15:54 - 2015-05-01 19:29 - 00000000 ____D () C:\windows\System32\Tasks\AVAST Software

==================== Files in the root of some directories =======

2013-12-20 12:30 - 2014-02-04 18:45 - 4216840 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\vcredist.exe
2012-08-11 14:34 - 2009-08-27 17:50 - 0000701 _____ () C:\Users\Mohsen\AppData\Roaming\init.dll
2012-08-11 14:34 - 2009-09-15 09:14 - 0000701 _____ () C:\Users\Mohsen\AppData\Roaming\sound.dll
2014-11-16 22:15 - 2014-11-16 22:54 - 0000600 _____ () C:\Users\Mohsen\AppData\Roaming\winscp.rnd
2014-05-04 07:21 - 2014-05-04 07:21 - 0000001 _____ () C:\Users\Mohsen\AppData\Local\llftool.4.25.agreement
2013-09-07 21:22 - 2015-04-18 23:37 - 0000600 _____ () C:\Users\Mohsen\AppData\Local\PUTTY.RND
2013-12-09 19:32 - 2013-12-10 23:30 - 0000040 ___SH () C:\ProgramData\.zreglib
2013-02-22 19:14 - 2009-11-17 16:54 - 0002844 _____ () C:\ProgramData\CfSB1240.ini
2013-02-20 20:04 - 2013-02-20 20:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-30 01:16

==================== End of log ============================

--



#6 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:53 AM

Posted 04 June 2015 - 08:32 AM

Hi Souhomes,

First of all, every new scan with AdwCleaner reavealed the recurrence of the registry value saying "proxy override" as well the return of some mysterious Chrome extension which name consisted in a very long sequence of consonants.

Regarding the "proxy override" entry, I do see this in one of the original logs you provided. Have you ever intentionally setup a proxy connection on your system?
 
As for Chrome Extensions, take a look at the following excerpt from the FRST logs you provided:


CHR HKLM\...\Chrome\Extension: [eoccbpoodnckjdnackiffhjfkogfhnhh] - C:\Program Files\VDownloader\Addons\Chrome.crx [Not Found] 
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20] 
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20] 
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-16]

As you can see, Chrome displays its extensions like this in many places. Looking at the file paths though, we can see that these are legitimate extensions.
 
Do you see any listed that you do not recognize/did not install yourself?

There was also a problem with my audio and ethernet drivers that didn't seem to work correctly and wouldn't update when using the automatic update function including search in the internet; but I don't know whether it is related to the potential infection.

I do not suggest downloading the drivers from Windows Update. Instead, go to your computer manufacturer's website and download the latest drivers from there.

Finally, there was the issue of Avast scan not working in safe mode.

Avast is not designed to run in Safe Mode. Instead, Avast offers a boot-time scan which is the same if not better than running it while in Safe Mode.
 
===========================================================
 
So far I have not seen any remaining infection(s) on your system, but we will do one more scan just to make sure we got everything.

ESET Online Scanner

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:

settings.png

  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

 

===========================================================

 

What I'd like to see in your next post:   :thumbsup2:

  • Intentional proxy?
  • Unrecognized extensions?
  • Drivers from manufacturer's website work?
  • ESET log.

Edited by TheShooter93, 04 June 2015 - 08:33 AM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#7 Souhomes

Souhomes
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 04 June 2015 - 12:38 PM


Regarding the "proxy override" entry, I do see this in one of the original logs you provided. Have you ever intentionally setup a proxy connection on your system?
 
As for Chrome Extensions, take a look at the following excerpt from the FRST logs you provided:

CHR HKLM\...\Chrome\Extension: [eoccbpoodnckjdnackiffhjfkogfhnhh] - C:\Program Files\VDownloader\Addons\Chrome.crx [Not Found] 
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20] 
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20] 
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-16]

As you can see, Chrome displays its extensions like this in many places. Looking at the file paths though, we can see that these are legitimate extensions.
 
Do you see any listed that you do not recognize/did not install yourself?

I do not suggest downloading the drivers from Windows Update. Instead, go to your computer manufacturer's website and download the latest drivers from there.

 

 

Avast is not designed to run in Safe Mode. Instead, Avast offers a boot-time scan which is the same if not better than running it while in Safe Mode.
 
===========================================================
 
So far I have not seen any remaining infection(s) on your system, but we will do one more scan just to make sure we got everything.

ESET Online Scanner

What I'd like to see in your next post:   :thumbsup2:

  • Intentional proxy?
  • Unrecognized extensions?
  • Drivers from manufacturer's website work?
  • ESET log.

 

Ok for Chrome extensions. You convinced me. I suppose I can reinstall it and enable the extensions that I disabled (IDM and Roboform password manager) without knowing those long funny series of characters referred to nothing else than these two innocuous tools.

I also take your point for the drivers although my manufacturer is not of much help in this particular case in spite of the company's reputation. But, at least, I know it is a separate issue.

With regard to Avast scan, I think I remember I could perform virus scan in safe mode. Maybe they changed the feature in their recent releases. This is not a big deal with your englightning suggestion concerning the scan on startup option.

Concerning the proxy settings, I never touched them. The following point might have to do with this.

I downloaded ESET online scan tool, disabled Avast shields and exited Comodo. When selecting run as administrator, I get the following message: "can not get update. is proxy configured?".

I made a quick google search and guess what? The first result directed me to another thread on this very forum: http://www.bleepingcomputer.com/forums/t/501757/cannot-get-update-eset-online-scanner-is-proxy-configured/

Yet, I chose to wait for your suggestions and refrained from following the steps described in that thread.

What do you want me to do next?



#8 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:53 AM

Posted 05 June 2015 - 02:06 PM

Hello Souhomes,

I downloaded ESET online scan tool, disabled Avast shields and exited Comodo. When selecting run as administrator, I get the following message: "can not get update. is proxy configured?".

Please see the following directions to disable any proxy that may be enabled in one of your browsers:

After the proxy settings are disabled try running ESET again. Don't forget to disable Avast and Comodo again also.

 

I do want to thank you for not taking steps without my direction. It's not about wanting all the power, I promise. It's so we know what steps have been taken and that helps us know where to go next in the troubleshooting process.  :)


Edited by TheShooter93, 05 June 2015 - 02:06 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#9 Souhomes

Souhomes
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 05 June 2015 - 04:14 PM

Cody, sorry to give you all this trouble, but I'm wondering whether we'll never make it and put an end to this story.

I followed scrupulously your instructions (internet options, connection, proxy settings...etc + disable avast shields and close Comodo). But, when running ESET scanner, I still get the same message as before. I checked the running processes with Task Manager and I spotted several ones relating to Avast (which is normal, since they don't even offer the option of totally exiting the program, but only that of disabling the shields) and of Comodo (that one is more strange as I theoretically closed the application). I tried to end the processes in question, and I got the message "access denied". I tried the force kill command run in administrator mode, but to no avail.

What can I do next?

 

EDIT: I think you can congratulate me after all! I finally managed to run the ESET online scan in safe mode with networking (I remembered that neither Comodo nor Avast services would load in safe mode, and it did work). I included in the scan "all users start program" and the system drive. The only threat the scan spotted was an already quarantined file from a previous scan by AdwCleaner, and I'm not even sure whether it is not a false positive:

 

\AdwCleaner\Quarantine\C\Program Files (x86)\B1 Free Archiver\installer.exe.vir    a variant of Win32/4Shared.T potentially unwanted application    cleaned by deleting - quarantined

 

As shown in the quotation, I chose to clean anyway and then ticked uniststall and delete quarantine before closing the scanner. Before resolving the ESET problem, I made an Avast boot time scan (you have drawn my attention to that feature in one of your prior posts). The scan didn't signal any infection, but only a few corrupted files. Here's the log:

 

06/05/2015 23:20
Scan of C:

Scan of *STARTUP-SHORT

Scan of *STARTUP

File C:\Users\Mohsen\AppData\Local\Temp\GLB6D21.tmp|>Wise0003.bin Error 42145 {Installer archive is corrupted.}
File C:\Users\Mohsen\AppData\Local\Temp\GLB93E3.tmp|>Wise0003.bin Error 42145 {Installer archive is corrupted.}
File C:\Users\Mohsen\Music\iTunes\iTunes Media\Mobile Applications\Smart Office 2 2.3.5 1.ipa|>Payload\Smart-Office.app\res\templates.mcf|>[Content_Types].xml Error 42125 {ZIP archive is corrupted.}
File C:\Users\Mohsen\Music\iTunes\iTunes Media\Mobile Applications\Smart Office 2 2.3.5.ipa|>Payload\Smart-Office.app\res\templates.mcf|>[Content_Types].xml Error 42125 {ZIP archive is corrupted.}
Number of searched folders: 52556
Number of tested files: 2200566
Number of infected files: 0

 

Perhaps you will give me a clean bill now, won't you?

 

 

 


Edited by Souhomes, 06 June 2015 - 07:10 AM.


#10 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:53 AM

Posted 07 June 2015 - 12:41 PM

I think you can congratulate me after all! I finally managed to run the ESET online scan in safe mode with networking (I remembered that neither Comodo nor Avast services would load in safe mode, and it did work).

It sounds like the proxy service was related to Avast or Comodo in this case, running in Safe Mode as you said, that enabled ESET to run. Good thinking!   :thumbup2:

Perhaps you will give me a clean bill now, won't you?

Yes I can - I saw no sign of infection in your most recent FRST log and the ESET scan found no additional malicious entries.
 
I do have one recommendation involving a piece of software on your computer, and then some final instructions. Please see below.
 
===================================================

Spybot S&D No Longer Recommended

MVPS.org is no longer recommending Spybot S&D due to poor testing results. (scroll down on the web site and read under Freeware Antispyware Products)

I strongly recommend uninstalling Spybot Search & Destroy. The presence of this program can make cleaning your computer more difficult.

StartControl PanelAdd/Remove Programs (or Programs and Features) and uninstall the program.

===================================================

All Clean!

Congratulations on your clean PC!   :thumbup2:
 
For keeping your PC clean, there are a few main things to keep tabs on: 
 
1) Make sure to keep your antivirus software up to date.
 
2) Keep Java, Adobe Flash Player, and Adobe Reader up to date.
 
3) Run periodic scans using your antivirus software and Malwarebyte's Antimalware
 
4) Most importantly, practice safe browsing. You are the ultimate protection tool.
 
=======================================================================
 
Download 51a5ce45263de-delfix.pngDelfix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.
 
Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

  • Activate UAC
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't need to copy and paste it into your next reply.
 
=======================================================================
 
Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:

In addition, here are some more links you might find of interest:

This thread will remain open for 48 hours after the posting of this "all-clean" for any questions you may have.


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#11 Souhomes

Souhomes
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 08 June 2015 - 12:15 AM

Thank you so much for the good news and for you patient assistance all the way through. Your piece of information concerning Spybot is well taken; this is news for me. This application has long been the most recommended with Malwarebytes. I've uninstalled  Spybot and will follow all the other recommendations. Thanks again and all the best.



#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:53 PM

Posted 10 June 2015 - 11:47 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users