Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Enable Real Time Protection Avira Free antivirus


  • This topic is locked This topic is locked
12 replies to this topic

#1 ges1382

ges1382

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 11 March 2017 - 11:54 AM

Hi guys,
I've tried several time reinstalling Avira Free antivirus and other antivirus programs but cant turn on real time protection in any of them.
Also I've tried Avira Rescue cd and kaspersky rescue cd in boot mode and there was nothing.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2017 01
Ran by Behnam (11-03-2017 20:22:56)
Running from C:\Users\Behnam\Downloads\Programs
Windows 7 Ultimate Service Pack 1 (X64) (2013-11-04 09:12:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1254058753-1630089084-417405892-500 - Administrator - Disabled)
Behnam (S-1-5-21-1254058753-1630089084-417405892-1000 - Administrator - Enabled) => C:\Users\Behnam
Guest (S-1-5-21-1254058753-1630089084-417405892-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Avira Antivirus (Disabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat X Pro - English, Russian (HKLM-x32\...\{AC76BA86-1048-8780-7760-000000000005}) (Version: 10.1.0 - Adobe Systems)
Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Advanced Uninstaller PRO - Version 10 (HKLM-x32\...\AU10_is1) (Version: 10 - Innovative Solutions)
Argente Utilities 1.0.4.0 (HKLM-x32\...\Argente Utilities_is1) (Version: 1.0.4.0 - Argente Software)
ATI Catalyst Install Manager (HKLM\...\{0C23986C-11FF-C8B3-1CBC-591EBA542882}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
AutoCAD 2012 - English (HKLM\...\AutoCAD 2012 - English) (Version: 18.2.51.0 - Autodesk)
AutoCAD 2012 - English (Version: 18.2.51.0 - Autodesk) Hidden
AutoCAD 2012 Language Pack - English (Version: 18.2.51.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}) (Version: 2.0.90 - Autodesk)
Autodesk Material Library 2012 (HKLM-x32\...\{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2012 (HKLM-x32\...\{65420DC9-306E-4371-905F-F4DC3B418E52}) (Version: 2.5.0.8 - Autodesk)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.25.154 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{1f8bb480-f5d7-4414-a6ea-28e005509ae4}) (Version: 1.2.81.6390 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.81.6390 - Avira Operations GmbH & Co. KG) Hidden
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
ccc-core-static (x32 Version: 2011.0316.116.298 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.2.0287 - DT Soft Ltd)
EndNote X7 (HKLM-x32\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.1.0.7705 - Thomson Reuters)
Foxit Reader 5.1 (HKLM-x32\...\Foxit Reader_is1) (Version: 5.1.4.104 - Foxit Corporation)
GeoStructural Analysis - Abutment (x32 Version: 16.6.1 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Beam (x32 Version: 16.6.2 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Cantilever Wall (x32 Version: 16.6.1 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Earth Pressures (x32 Version: 16.6.1 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Gabion Wall (x32 Version: 16.6.1 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Gravity Wall (x32 Version: 16.6.1 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Ground Loss (x32 Version: 16.6.1 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Masonry Wall (x32 Version: 16.6.1 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Micropile (x32 Version: 16.6.1 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - MSE Wall (x32 Version: 16.7.1 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Nailed Slopes (x32 Version: 16.6.1 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Pile CPT (x32 Version: 16.8.1 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Pile Group (x32 Version: 16.7.1 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Piles (x32 Version: 16.6.1 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Plate (x32 Version: 16.6.2 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Prefab Wall (x32 Version: 16.6.1 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Rock Stability (x32 Version: 16.6.1 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Settlement (x32 Version: 16.6.2 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Sheeting Check (x32 Version: 16.6.1 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Sheeting Design (x32 Version: 16.6.1 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Slope Stability (x32 Version: 16.7.2 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Spread Footing (x32 Version: 16.5.2 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Task Manager (Terrain) (x32 Version: 16.6.2 - Fine spol. s r.o.) Hidden
GeoStructural Analysis (HKLM-x32\...\GEO5Bentley v1) (Version: - Fine spol. s r.o.)
GeoStudio 2007 (HKLM-x32\...\{91F5D4FD-EF0E-404F-B98C-C7A94430DBEA}) (Version: 7.1.0 - GEO-SLOPE International Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP HotKey Support (HKLM\...\{EF5E8060-95BA-43CC-B1C1-878B0ACA569E}) (Version: 4.0.3.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6300.0 - IDT)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
ITE9135 Driver Install 64bit (HKLM-x32\...\InstallShield_{D82F05C3-BE68-4A5B-9011-924F025BC481}) (Version: 1.00.0000 - Geniatech)
ITE9135 Driver Install 64bit (x32 Version: 1.00.0000 - Geniatech) Hidden
Jumpstart Installation Program (HKLM-x32\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version: - Atheros)
K-Lite Codec Pack 7.1.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.1.0 - )
K-Lite Codec Pack 9.2.0 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.2.0 - )
Lantern (HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\Lantern) (Version: 3.6.3 - Brave New Software Project, Inc.)
LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.25.20150529 - LG Electronics)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.12.3.0 - LG Electronics)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2005) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
mp3schneiden (HKLM-x32\...\mp3schneiden_is1) (Version: 4.0 - Abelssoft)
PDF Password Remover v3.1 (HKLM-x32\...\PDF Password Remover v3.1_is1) (Version: - VeryPDF.com Inc)
Plaxis 8.2 Update Pack 4 (HKLM-x32\...\{AB29BE83-1112-4219-8B29-559FB73E2BF8}) (Version: - )
Plaxis 8.x (HKLM-x32\...\{7B070BE0-4A7E-4914-8DF4-D5F1B3F9ED0E}) (Version: - )
Potplayer (HKLM-x32\...\PotPlayer) (Version: - Kakao Corp.)
Security Task Manager 2.1i (HKLM-x32\...\Security Task Manager) (Version: 2.1i - Neuber Software)
Telegram Desktop version 1.0.14 (HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.0.14 - Telegram Messenger LLP)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinRAR 5.30 beta 1 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.30.1 - win.rar GmbH)
XMedia Recode version 3.2.0.1 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.0.1 - XMedia Recode)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1254058753-1630089084-417405892-1000_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1254058753-1630089084-417405892-1000_Classes\CLSID\{B77E471C-FBF3-4CB5-880F-D7528AD4B349}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1254058753-1630089084-417405892-1000_Classes\CLSID\{C92FB640-AD4D-498A-9979-A51A2540C977}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1254058753-1630089084-417405892-1000_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1254058753-1630089084-417405892-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acadficn.dll (Autodesk, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {324C4813-B1DB-4EE7-ACDE-A73460153A1B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {651126AB-FBFE-48CD-972D-043AD5452CD3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {78BBD103-2DA7-4B4F-B0F9-7533ECDD119B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
Task: {9E2EB924-9F60-4AA0-BD5E-6464B7BA166F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {E2FA9276-36BD-47C2-A978-2B100E855E95} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-12-15 14:45 - 2011-12-15 14:45 - 00043520 _____ () C:\Windows\system32\CSRSRV.dll
2009-07-14 02:49 - 2009-07-14 05:11 - 00036864 _____ () C:\Windows\system32\pcwum.dll
2009-07-14 02:49 - 2009-07-14 05:11 - 00036864 _____ () C:\Windows\system32\pcwum.DLL
2009-07-14 02:49 - 2009-07-14 05:11 - 00036864 _____ () C:\Windows\System32\pcwum.dll
2009-07-14 02:49 - 2009-07-14 05:11 - 00036864 _____ () c:\windows\system32\pcwum.dll
2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2017-01-27 21:16 - 2011-10-26 17:41 - 00126464 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2011-03-14 14:20 - 2011-03-14 14:20 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-03-16 01:14 - 2011-03-16 01:14 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2017-02-06 23:02 - 2017-02-01 12:31 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-06 23:02 - 2017-02-01 12:31 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2017-02-14 23:09 - 2017-02-02 12:30 - 17840216 _____ () C:\Users\Behnam\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.221\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1254058753-1630089084-417405892-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\1-se.com -> 1-se.com

There are 11227 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 06:04 - 2017-03-05 23:44 - 00002442 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.nero.com
127.0.0.1 csmg.lgmobile.com
127.0.0.1 lge.com
127.0.0.1 lgmobile.com
127.0.0.1 gdms.lge.com
127.0.0.1 csmgdl.lgmobile.com0.0.0.0 anchorfree.net
0.0.0.0 rss2search.com
0.0.0.0 techbrowsing.com
0.0.0.0 box.anchorfree.net
0.0.0.0 www.mefeedia.com
0.0.0.0 www.anchorfree.net
0.0.0.0 www.mefeedia.com
0.0.0.0 anchorfree.us
0.0.0.0 a433.com
0.0.0.0 anchorfree.net
0.0.0.0 rpt.anchorfree.net
0.0.0.0 delivery.anchorfree.us/land.php
0.0.0.0 hsselite.com
0.0.0.0 www.hsselite.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1254058753-1630089084-417405892-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Behnam\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 188.159.159.159 - 188.158.158.158
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AESTFilters => 2
MSCONFIG\Services: Autodesk Content Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: jswpbapi => 2
MSCONFIG\Services: jswpsapi => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: wscsvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk => C:\Windows\pss\TMMonitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Behnam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: jswtrayutil => "C:\Program Files (x86)\Jumpstart\jswtrayutil.exe"
MSCONFIG\startupreg: Lantern => "C:\Users\Behnam\AppData\Roaming\Lantern\lantern.exe" -clear-proxy-settings
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: ooVoo.exe => C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3D744922-0E59-4796-9D28-AE6D2AECBEB0}] => (Allow) LPort=443
FirewallRules: [{DA1FD26A-5A61-4BE6-AC3A-11C98ACFBE1C}] => (Allow) LPort=443
FirewallRules: [{3F41FA6F-F1CF-4159-81B0-CF3519300A71}] => (Allow) LPort=37674
FirewallRules: [{A215A239-6BE4-420A-8800-2AD488D02457}] => (Allow) LPort=37674
FirewallRules: [{F94E8874-4EF9-46AB-86AE-16D119B891C0}] => (Allow) LPort=37675
FirewallRules: [{36F04F5C-FE97-4DB6-8E2E-DE422B1F01B3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{E078A1BD-DFFF-4D94-8892-1213AAF35CFB}C:\users\behnam\appdata\local\temp\bduninstall\x32\pcsftool.exe] => (Block) C:\users\behnam\appdata\local\temp\bduninstall\x32\pcsftool.exe
FirewallRules: [UDP Query User{E923A90F-2520-4929-8A6E-5390695D12D0}C:\users\behnam\appdata\local\temp\bduninstall\x32\pcsftool.exe] => (Block) C:\users\behnam\appdata\local\temp\bduninstall\x32\pcsftool.exe
FirewallRules: [TCP Query User{42545134-C5F6-4DAE-A8D4-970B5F90FDB3}C:\users\behnam\appdata\local\temp\bduninstall\x64\pcsftool.exe] => (Block) C:\users\behnam\appdata\local\temp\bduninstall\x64\pcsftool.exe
FirewallRules: [UDP Query User{476996FE-5D53-4928-B1D9-DD13F0CC472A}C:\users\behnam\appdata\local\temp\bduninstall\x64\pcsftool.exe] => (Block) C:\users\behnam\appdata\local\temp\bduninstall\x64\pcsftool.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Anchorfree HSS VPN Adapter
Description: Anchorfree HSS VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Anchorfree HSS VPN Adapter
Service: taphss6
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/11/2017 08:02:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/11/2017 08:02:10 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (03/11/2017 07:54:39 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0xD0000022
6.1.7601.17514

Error: (03/11/2017 07:51:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/11/2017 07:50:28 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (03/11/2017 12:35:06 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{326f29c8-4590-11e3-9139-806e6f6e6963},0x80000000,0x00000003,...). hr = 0x80070005, Access is denied.
.


Operation:
Removing auto-release shadow copies
Loading provider

Context:
Execution Context: System Provider

Error: (03/11/2017 12:34:19 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume (C:) was not defragmented because an error was encountered: Access is denied. (0x80070005)

Error: (03/11/2017 12:29:26 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\lg electronics\lg pc suite\LGPCSuite.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (03/11/2017 12:28:47 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Autodesk\AutoCAD 2012 - English\FaroImporter.exe".
Dependent Assembly FARO.LS,processorArchitecture="x86",publicKeyToken="1d23f5635ba800ab",type="win32",version="1.1.406.58" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/11/2017 12:26:00 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume (C:) was not defragmented because an error was encountered: Access is denied. (0x80070005)


System errors:
=============
Error: (03/11/2017 08:04:20 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Avira Mail Protection service terminated with service-specific error Incorrect function.
.

Error: (03/11/2017 08:04:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avnetflt service failed to start due to the following error:
A device attached to the system is not functioning.

Error: (03/11/2017 08:04:20 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avipbb
avkmgr

Error: (03/11/2017 08:04:20 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Avira Mail Protection service hung on starting.

Error: (03/11/2017 08:02:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The libwasys service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (03/11/2017 08:02:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avnetflt service failed to start due to the following error:
A device attached to the system is not functioning.

Error: (03/11/2017 08:02:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Sentinel service failed to start due to the following error:
This driver has been blocked from loading

Error: (03/11/2017 08:02:15 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\SENTINEL.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (03/11/2017 08:02:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avgntflt service failed to start due to the following error:
A device attached to the system is not functioning.

Error: (03/11/2017 08:02:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The libwamf service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


CodeIntegrity:
===================================
Date: 2017-03-11 20:02:16.287
Description: N/A

Date: 2017-03-11 20:02:16.147
Description: N/A

Date: 2017-03-11 20:02:09.348
Description: N/A

Date: 2017-03-11 20:02:09.224
Description: N/A

Date: 2017-03-11 19:50:34.836
Description: N/A

Date: 2017-03-11 19:50:34.680
Description: N/A

Date: 2017-03-11 19:50:27.741
Description: N/A

Date: 2017-03-11 19:50:27.632
Description: N/A

Date: 2017-03-10 23:44:40.226
Description: N/A

Date: 2017-03-10 23:44:40.101
Description: N/A


==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU M 480 @ 2.67GHz
Percentage of memory in use: 44%
Total physical RAM: 3951.43 MB
Available physical RAM: 2178.7 MB
Total Virtual: 7901.05 MB
Available Virtual: 5471.14 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.66 GB) (Free:57.04 GB) NTFS
Drive d: () (Fixed) (Total:117.18 GB) (Free:46.69 GB) NTFS
Drive e: (Proffesional) (Fixed) (Total:117.18 GB) (Free:43.99 GB) NTFS
Drive f: () (Fixed) (Total:129.35 GB) (Free:23.73 GB) NTFS
Drive g: (09144147282) (Removable) (Total:3.77 GB) (Free:3.44 GB) FAT32
Drive j: (09144147282-2) (Fixed) (Total:1862.98 GB) (Free:1605.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D2C16FE5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 16F2A91F)

Partition: GPT.

========================================================
Disk: 2 (Size: 3.8 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=3.8 GB) - (Type=0B)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 11 March 2017 - 03:56 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,720 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:42 PM

Posted 11 March 2017 - 03:55 PM

Greetings ges1382 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

When you ran a FRST scan a FRST.txt document should have been saved in the C:\Users\Behnam\Downloads\Programs folder. Please copy and paste the information in your reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 ges1382

ges1382
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 12 March 2017 - 07:12 AM

Hi Gary, Thanks in advanced.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-03-2017 01
Ran by Behnam (administrator) on BEHNAM-PC (12-03-2017 15:37:41)
Running from C:\Users\Behnam\Downloads\Programs
Loaded Profiles: Behnam (Available Profiles: Behnam)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2011-03-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-10-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [909744 2017-02-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [63432 2017-01-19] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3581816 2013-11-04] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2011-01-20] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2012-11-16] (Tonec Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 188.159.159.159 188.158.158.158
Tcpip\..\Interfaces\{4272427A-AF2F-4EF2-9F5A-888316B61063}: [DhcpNameServer] 188.159.159.159 188.158.158.158
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-1254058753-1630089084-417405892-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-1254058753-1630089084-417405892-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1254058753-1630089084-417405892-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-06-06] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-06-06] (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-06-06] (Adobe Systems Incorporated)
Toolbar: HKU\.DEFAULT -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-1254058753-1630089084-417405892-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2011-12-15] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-12-15] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2011-12-15] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-12-15] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Behnam\AppData\Roaming\Mozilla\Firefox\Profiles\n9w49z1i.default [2017-03-11]
FF NetworkProxy: Mozilla\Firefox\Profiles\n9w49z1i.default -> backup.ftp", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\n9w49z1i.default -> backup.ftp_port", 54281
FF NetworkProxy: Mozilla\Firefox\Profiles\n9w49z1i.default -> backup.socks", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\n9w49z1i.default -> backup.socks_port", 54281
FF NetworkProxy: Mozilla\Firefox\Profiles\n9w49z1i.default -> backup.ssl", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\n9w49z1i.default -> backup.ssl_port", 54281
FF NetworkProxy: Mozilla\Firefox\Profiles\n9w49z1i.default -> ftp", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\n9w49z1i.default -> ftp_port", 54282
FF NetworkProxy: Mozilla\Firefox\Profiles\n9w49z1i.default -> http", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\n9w49z1i.default -> http_port", 54282
FF NetworkProxy: Mozilla\Firefox\Profiles\n9w49z1i.default -> share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\n9w49z1i.default -> socks", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\n9w49z1i.default -> socks_port", 54282
FF NetworkProxy: Mozilla\Firefox\Profiles\n9w49z1i.default -> ssl", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\n9w49z1i.default -> ssl_port", 54282
FF NetworkProxy: Mozilla\Firefox\Profiles\n9w49z1i.default -> type", 
FF Extension: (WinToFlash Suggestor) - C:\Users\Behnam\AppData\Roaming\Mozilla\Firefox\Profiles\n9w49z1i.default\Extensions\{285ACFBB-8E53-4feb-90E6-F02A128927F3}.xpi [2012-05-25] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-11-04] [not signed]
FF HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Behnam\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Behnam\AppData\Roaming\IDM\idmmzcc5 [2013-11-04] [not signed]
FF HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Behnam\AppData\Roaming\IDM\idmmzcc5
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2011-07-19] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Behnam\AppData\Local\Google\Chrome\User Data\Default [2017-03-12]
CHR Extension: (Google Docs) - C:\Users\Behnam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-12]
CHR Extension: (Google Drive) - C:\Users\Behnam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Behnam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Behnam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (PadGet Add-on  افزونه پادگت) - C:\Users\Behnam\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajeggoodcichjamjakpcpcpojbolmjp [2015-04-19] [UpdateUrl: hxxp://pad.um.ac.ir/padget/updatechrome.php] <==== ATTENTION
CHR Extension: (Google Docs Offline) - C:\Users\Behnam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (IDM Integration) - C:\Users\Behnam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm [2014-06-12]
CHR Extension: (Lazarus: Form Recovery) - C:\Users\Behnam\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2017-03-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Behnam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Behnam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Behnam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-10]
CHR HKLM-x32\...\Chrome\Extension: [acaoakiamfeidcmgooclgeleejkbaecf] - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2013-04-25]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"9f5eed76f9bfc3aa" => service could not be unlocked. <===== ATTENTION
 
S4 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1115552 2017-02-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [487424 2017-02-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [487424 2017-02-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1519144 2017-02-15] (Avira Operations GmbH & Co. KG)
S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349096 2017-01-19] (Avira Operations GmbH & Co. KG)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company)
S4 jswpbapi; C:\Program Files (x86)\Jumpstart\jswpbapi.exe [265216 2008-09-26] (Atheros Communications, Inc.) [File not signed]
S4 jswpsapi; C:\Program Files (x86)\Jumpstart\jswpsapi.exe [954368 2008-09-26] (Atheros Communications, Inc.) [File not signed]
S4 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-11-04] () [File not signed]
U2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 9f5eed76f9bfc3aa; C:\Windows\System32\Drivers\9f5eed76f9bfc3aa.sys [69592 2016-12-01] () <===== ATTENTION Necurs Rootkit?
S3 amdide; C:\Windows\system32\drivers\amdide.sys [15440 2009-07-14] () [File not signed]
S3 AmdK8; C:\Windows\system32\drivers\amdk8.sys [64512 2009-07-14] () [File not signed]
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [6862848 2011-03-16] () [File not signed]
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [264192 2011-03-16] () [File not signed]
S3 AmdPPM; C:\Windows\system32\drivers\amdppm.sys [60928 2009-07-14] () [File not signed]
S3 amdsata; C:\Windows\system32\drivers\amdsata.sys [107904 2011-09-07] () [File not signed]
S3 amdsbs; C:\Windows\system32\drivers\amdsbs.sys [194128 2009-07-14] () [File not signed]
R0 amdxata; C:\Windows\System32\drivers\amdxata.sys [27008 2011-09-07] () [File not signed]
S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus64.sys [20992 2015-01-21] () [File not signed]
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2015-01-26] () [File not signed]
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2015-01-26] () [File not signed]
S3 AppID; C:\Windows\system32\drivers\appid.sys [61440 2010-11-21] () [File not signed]
S3 arc; C:\Windows\system32\drivers\arc.sys [87632 2009-07-14] () [File not signed]
S3 arcsas; C:\Windows\system32\drivers\arcsas.sys [97856 2009-07-14] () [File not signed]
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-14] () [File not signed]
R0 atapi; C:\Windows\System32\drivers\atapi.sys [24128 2009-07-14] () [File not signed]
R3 AtiHdmiService; C:\Windows\System32\drivers\AtiHdmi.sys [125456 2011-03-16] () [File not signed]
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176968 2017-02-15] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148104 2017-02-15] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-02-15] (Avira Operations GmbH & Co. KG)
S2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-02-15] (Avira Operations GmbH & Co. KG)
S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-11] () [File not signed]
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-11] () [File not signed]
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [28240 2009-07-14] () [File not signed]
R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl664.sys [3063360 2013-11-04] () [File not signed]
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-14] () [File not signed]
R1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [45056 2009-07-14] () [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2011-09-07] () [File not signed]
S3 BrFiltLo; C:\Windows\system32\drivers\BrFiltLo.sys [18432 2009-06-11] () [File not signed]
S3 BrFiltUp; C:\Windows\system32\drivers\BrFiltUp.sys [8704 2009-06-11] () [File not signed]
S3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2011-09-07] () [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-14] () [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-11] () [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-11] () [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-11] () [File not signed]
R3 BthEnum; C:\Windows\System32\DRIVERS\BthEnum.sys [41984 2009-07-14] () [File not signed]
R3 BTHMODEM; C:\Windows\System32\DRIVERS\bthmodem.sys [72192 2009-07-14] () [File not signed]
R3 BthPan; C:\Windows\System32\DRIVERS\bthpan.sys [118784 2009-07-14] () [File not signed]
S3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [552960 2011-09-07] () [File not signed]
R3 BTHUSB; C:\Windows\System32\Drivers\BTHUSB.sys [80384 2011-09-07] () [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-14] () [File not signed]
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2010-11-21] () [File not signed]
S3 circlass; C:\Windows\system32\drivers\circlass.sys [45568 2009-07-14] () [File not signed]
R0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-14] () [File not signed]
R3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [17664 2009-07-14] () [File not signed]
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [17488 2009-07-14] () [File not signed]
R0 CNG; C:\Windows\System32\Drivers\cng.sys [459232 2012-01-16] () [File not signed]
R0 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [21584 2009-07-14] () [File not signed]
R3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [38912 2010-11-21] () [File not signed]
S4 crcdisk; C:\Windows\system32\drivers\crcdisk.sys [24144 2009-07-14] () [File not signed]
R1 CSC; C:\Windows\System32\drivers\csc.sys [514560 2011-09-07] () [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2011-09-07] () [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-14] () [File not signed]
R0 Disk; C:\Windows\System32\drivers\disk.sys [73280 2009-07-14] () [File not signed]
S3 dmvsc; C:\Windows\system32\drivers\dmvsc.sys [71168 2010-11-21] () [File not signed]
S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2009-07-14] () [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-11-04] () [File not signed]
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [983920 2011-10-26] () [File not signed]
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] () [File not signed]
S3 elxstor; C:\Windows\system32\drivers\elxstor.sys [530496 2009-07-14] () [File not signed]
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2009-07-14] () [File not signed]
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-14] () [File not signed]
R3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-14] () [File not signed]
S3 fdc; C:\Windows\system32\drivers\fdc.sys [29696 2009-07-14] () [File not signed]
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] () [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] () [File not signed]
S3 flpydisk; C:\Windows\system32\drivers\flpydisk.sys [24576 2009-07-14] () [File not signed]
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2011-09-07] () [File not signed]
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-14] () [File not signed]
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23104 2009-07-14] () [File not signed]
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223248 2010-11-21] () [File not signed]
S3 gagp30kx; C:\Windows\system32\drivers\gagp30kx.sys [65088 2009-07-14] () [File not signed]
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [314368 2006-12-04] () [File not signed]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-11] () [File not signed]
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2010-11-21] () [File not signed]
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2010-11-21] () [File not signed]
S3 HidBatt; C:\Windows\system32\drivers\HidBatt.sys [26624 2009-07-14] () [File not signed]
S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [100864 2011-09-07] () [File not signed]
S3 HidIr; C:\Windows\system32\drivers\hidir.sys [46592 2009-07-14] () [File not signed]
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-21] () [File not signed]
R3 HpqKbFiltr; C:\Windows\System32\DRIVERS\HpqKbFiltr.sys [25912 2010-06-02] () [File not signed]
S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [78720 2010-11-21] () [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [753152 2012-01-16] () [File not signed]
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-21] () [File not signed]
R3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [105472 2009-07-14] () [File not signed]
S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [410496 2011-09-07] () [File not signed]
R2 IDMWFP; C:\Windows\System32\DRIVERS\idmwfp.sys [166576 2013-04-05] () [File not signed]
S3 iirsp; C:\Windows\system32\drivers\iirsp.sys [44112 2009-07-14] () [File not signed]
S3 intelide; C:\Windows\system32\drivers\intelide.sys [16960 2009-07-14] () [File not signed]
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-14] () [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-21] () [File not signed]
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2011-09-07] () [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] () [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] () [File not signed]
S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [20544 2009-07-14] () [File not signed]
S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [273776 2011-12-15] () [File not signed]
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2011-04-26] () [File not signed]
R1 JSWPSLWF; C:\Windows\System32\DRIVERS\jswpslwfx.sys [26624 2008-05-15] () [File not signed]
R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-14] () [File not signed]
S3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2011-10-26] () [File not signed]
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95600 2012-01-16] () [File not signed]
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [152432 2012-01-16] () [File not signed]
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] () [File not signed]
S2 libwamf; C:\Windows\System32\DRIVERS\libwamf.sys [22320 2017-03-10] (OPSWAT, Inc.)
S2 libwasys; C:\Windows\System32\DRIVERS\libwasys.sys [29488 2017-03-10] (OPSWAT, Inc.)
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] () [File not signed]
S3 LSI_FC; C:\Windows\system32\drivers\lsi_fc.sys [114752 2009-07-14] () [File not signed]
S3 LSI_SAS; C:\Windows\system32\drivers\lsi_sas.sys [106560 2009-07-14] () [File not signed]
S3 LSI_SAS2; C:\Windows\system32\drivers\lsi_sas2.sys [65600 2009-07-14] () [File not signed]
S3 LSI_SCSI; C:\Windows\system32\drivers\lsi_scsi.sys [115776 2009-07-14] () [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] () [File not signed]
S3 megasas; C:\Windows\system32\drivers\megasas.sys [35392 2009-07-14] () [File not signed]
S3 MegaSR; C:\Windows\system32\drivers\MegaSR.sys [284736 2009-07-14] () [File not signed]
R3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2011-11-30] () [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] () [File not signed]
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-14] () [File not signed]
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] () [File not signed]
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [95088 2011-10-26] () [File not signed]
S3 mpio; C:\Windows\system32\drivers\mpio.sys [157552 2011-10-26] () [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] () [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2011-12-31] () [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-10-26] () [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2011-10-26] () [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2012-01-16] () [File not signed]
R0 msahci; C:\Windows\System32\drivers\msahci.sys [31104 2010-11-21] () [File not signed]
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [140672 2011-09-07] () [File not signed]
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] ()
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] () [File not signed]
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] () [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] () [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] () [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] () [File not signed]
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-21] () [File not signed]
R1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [32320 2009-07-14] () [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] () [File not signed]
S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [15360 2009-07-14] () [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] () [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [951152 2011-12-31] () [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] () [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] () [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2011-11-30] () [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-21] () [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-21] () [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2012-01-16] () [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-21] () [File not signed]
S3 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [51264 2009-07-14] () [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] () [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2011-09-07] () [File not signed]
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1659776 2011-09-07] ()
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] () [File not signed]
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2011-09-07] () [File not signed]
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2011-09-07] () [File not signed]
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-14] () [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] () [File not signed]
S3 Parport; C:\Windows\system32\drivers\parport.sys [97280 2009-07-14] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2011-10-26] () [File not signed]
R0 pci; C:\Windows\System32\drivers\pci.sys [185200 2011-10-26] () [File not signed]
S3 pciide; C:\Windows\system32\drivers\pciide.sys [12352 2009-07-14] () [File not signed]
S3 pcmcia; C:\Windows\system32\drivers\pcmcia.sys [220752 2009-07-14] () [File not signed]
R3 pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [82816 2015-01-19] () [File not signed]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] () [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-21] () [File not signed]
S3 Processor; C:\Windows\system32\drivers\processr.sys [60416 2009-07-14] () [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-21] () [File not signed]
S3 ql2300; C:\Windows\system32\drivers\ql2300.sys [1524816 2009-07-14] () [File not signed]
S3 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [128592 2009-07-14] () [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] () [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] () [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] () [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-21] () [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2011-09-07] () [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [308736 2011-11-30] () [File not signed]
R3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [24064 2009-07-14] () [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] () [File not signed]
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [165888 2011-09-07] () [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] () [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] () [File not signed]
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [20992 2010-11-21] () [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2011-09-07] () [File not signed]
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2011-09-07] () [File not signed]
R3 RFCOMM; C:\Windows\System32\DRIVERS\rfcomm.sys [158720 2009-07-14] () [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] () [File not signed]
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [187392 2009-06-11] () [File not signed]
S3 s3cap; C:\Windows\system32\drivers\vms3cap.sys [6656 2010-11-21] () [File not signed]
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-21] () [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2011-09-07] () [File not signed]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-11] () [File not signed]
S2 Sentinel; C:\Windows\SysWOW64\Drivers\SENTINEL.SYS [76288 2002-12-17] (Rainbow Technologies, Inc.) [File not signed]
S3 Serenum; C:\Windows\system32\drivers\serenum.sys [23552 2009-07-14] () [File not signed]
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] () [File not signed]
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [26624 2009-07-14] () [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14848 2011-10-26] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2011-10-26] () [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2011-10-26] () [File not signed]
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [16896 2009-07-14] () [File not signed]
S3 SiSRaid2; C:\Windows\system32\drivers\SiSRaid2.sys [43584 2009-07-14] () [File not signed]
S3 SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [80464 2009-07-14] () [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] () [File not signed]
S3 Sntnlusb; C:\Windows\SysWOW64\DRIVERS\SNTNLUSB.SYS [26120 2002-12-17] (Rainbow Technologies Inc.)
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] () [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2012-01-16] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [408576 2011-10-26] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-09-07] () [File not signed]
S3 stexstor; C:\Windows\system32\drivers\stexstor.sys [24656 2009-07-14] () [File not signed]
R3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [515584 2010-09-08] () [File not signed]
R0 storflt; C:\Windows\System32\drivers\vmstorfl.sys [46464 2010-11-21] () [File not signed]
S3 storvsc; C:\Windows\system32\drivers\storvsc.sys [34688 2010-11-21] () [File not signed]
R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12496 2009-07-14] () [File not signed]
S3 Synth3dVsc; C:\Windows\system32\drivers\Synth3dVsc.sys [88960 2011-09-07] () [File not signed]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1901936 2011-12-31] () [File not signed]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1901936 2011-12-31] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45056 2010-11-21] () [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] () [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2009-07-14] () [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-21] () [File not signed]
R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [63360 2010-11-21] () [File not signed]
S3 terminpt; C:\Windows\system32\drivers\terminpt.sys [34816 2010-11-21] () [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-03-11] ()
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39424 2010-11-21] () [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [59392 2010-11-21] () [File not signed]
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [31232 2010-11-21] () [File not signed]
S3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [117248 2010-11-21] () [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2011-10-26] () [File not signed]
S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [64080 2009-07-14] () [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2011-10-26] () [File not signed]
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-14] () [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-21] () [File not signed]
S3 UmPass; C:\Windows\system32\drivers\umpass.sys [9728 2009-07-14] () [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99328 2011-10-26] () [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100352 2009-07-14] () [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [52736 2011-10-26] () [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2011-10-26] () [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2011-10-26] () [File not signed]
S3 usbprint; C:\Windows\system32\drivers\usbprint.sys [25088 2009-07-14] () [File not signed]
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2009-07-14] () [File not signed]
R3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-09-07] () [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2011-10-26] () [File not signed]
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185088 2011-09-07] () [File not signed]
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] () [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] () [File not signed]
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-21] () [File not signed]
S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] () [File not signed]
S3 vmbus; C:\Windows\system32\drivers\vmbus.sys [199552 2010-11-21] () [File not signed]
S3 VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [21760 2010-11-21] () [File not signed]
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [70512 2011-10-26] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363904 2011-09-07] () [File not signed]
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [296320 2011-09-07] () [File not signed]
S3 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [161872 2009-07-14] () [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] () [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [60416 2011-09-07] () [File not signed]
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [27776 2009-07-14] () [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2011-09-07] () [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2011-09-07] () [File not signed]
S3 Wd; C:\Windows\system32\drivers\wd.sys [21056 2009-07-14] () [File not signed]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [654928 2009-07-14] () [File not signed]
R0 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [19824 2011-12-31] () [File not signed]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] () [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-21] () [File not signed]
R3 WmiAcpi; C:\Windows\System32\DRIVERS\wmiacpi.sys [14336 2009-07-14] () [File not signed]
R1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] () [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [112128 2010-11-21] () [File not signed]
R3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [172544 2010-11-21] () [File not signed]
U5 9f5eed76f9bfc3aa;  <===== ATTENTION: Locked Service
S1 gvzkauso; \??\C:\Windows\system32\drivers\gvzkauso.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-12 00:23 - 2017-03-12 00:23 - 00000326 _____ C:\Users\Behnam\Downloads\regfix_64.zip
2017-03-12 00:05 - 2017-03-12 00:05 - 00000000 ____D C:\Users\Behnam\AppData\Local\VirtualStore
2017-03-12 00:04 - 2017-03-12 00:05 - 00000000 ____D C:\ProgramData\SecTaskMan
2017-03-11 21:29 - 2017-03-11 21:29 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-03-11 21:28 - 2017-03-11 22:52 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-11 21:28 - 2017-02-28 00:19 - 00000000 ____D C:\Users\Behnam\Desktop\RogueKiller.12.9.9.0.x64
2017-03-11 21:25 - 2017-03-11 21:27 - 34885984 _____ (Adlice Software ) C:\Users\Behnam\Downloads\setup.exe
2017-03-11 21:20 - 2017-03-11 21:20 - 00000000 ____D C:\ProgramData\IDM
2017-03-11 21:17 - 2017-03-11 21:17 - 00001378 _____ C:\Users\Behnam\Downloads\mpsdrv.reg
2017-03-11 21:17 - 2017-03-11 21:17 - 00001166 _____ C:\Users\Behnam\Downloads\LEGACY_MPSDRV.reg
2017-03-11 21:16 - 2017-03-11 21:16 - 00006396 _____ C:\Users\Behnam\Downloads\MpsSvc.reg
2017-03-11 21:16 - 2017-03-11 21:16 - 00002634 _____ C:\Users\Behnam\Downloads\Winmgmt.reg
2017-03-11 21:02 - 2017-03-11 21:02 - 00000000 ____D C:\zoek
2017-03-11 20:52 - 2017-03-11 21:05 - 00003089 _____ C:\runcheck.txt
2017-03-11 20:52 - 2017-03-11 21:03 - 00000000 ____D C:\zoek_backup
2017-03-11 20:32 - 2017-03-11 20:40 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Behnam\Downloads\mbar-1.09.3.1001.exe
2017-03-10 23:57 - 2017-03-11 00:59 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2017-03-10 23:47 - 2017-03-10 23:47 - 00001132 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-03-10 23:41 - 2017-03-12 00:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-03-10 23:41 - 2017-03-10 23:41 - 00000000 ____D C:\Users\Behnam\AppData\Roaming\Avira
2017-03-10 23:40 - 2017-03-10 23:47 - 00000000 ____D C:\ProgramData\Avira
2017-03-10 23:40 - 2017-02-15 16:55 - 00176968 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-03-10 23:40 - 2017-02-15 16:55 - 00148104 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-03-10 23:40 - 2017-02-15 16:55 - 00078600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2017-03-10 23:40 - 2017-02-15 16:55 - 00051248 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2017-03-10 23:40 - 2017-02-15 16:55 - 00035328 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2017-03-10 23:20 - 2017-03-10 23:42 - 00452996 _____ C:\Windows\ntbtlog.txt
2017-03-10 23:02 - 2017-03-10 23:31 - 00000000 ____D C:\Program Files (x86)\Argente Utilities
2017-03-10 23:02 - 2017-03-10 23:02 - 00001033 _____ C:\Users\Public\Desktop\Argente Utilities.lnk
2017-03-10 23:02 - 2017-03-10 23:02 - 00000000 ____D C:\Users\Behnam\AppData\Roaming\Runscanner.net
2017-03-10 23:02 - 2017-03-10 23:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Argente Utilities
2017-03-10 23:00 - 2017-03-06 19:40 - 08351144 _____ (AVAST Software) C:\Users\Behnam\Desktop\avastclear.exe
2017-03-10 22:55 - 2017-03-10 22:55 - 00000000 ____D C:\ProgramData\BDLogging
2017-03-10 22:51 - 2017-03-10 22:51 - 00215024 _____ C:\Users\Public\Documents\cc_20170310_225146.reg
2017-03-10 22:50 - 2017-03-10 22:50 - 00002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-03-10 22:50 - 2017-03-10 22:50 - 00000782 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-03-10 22:50 - 2017-03-10 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-03-10 22:50 - 2017-03-10 22:50 - 00000000 ____D C:\Program Files\CCleaner
2017-03-10 22:37 - 2017-03-10 22:37 - 02975136 _____ (Avira Operations GmbH & Co. KG) C:\Users\Behnam\Desktop\avira_registry_cleaner_en.exe
2017-03-10 22:07 - 2017-03-10 22:25 - 00029488 _____ (OPSWAT, Inc.) C:\Windows\system32\Drivers\libwasys.sys
2017-03-10 22:07 - 2017-03-10 22:25 - 00022320 _____ (OPSWAT, Inc.) C:\Windows\system32\Drivers\libwamf.sys
2017-03-10 22:06 - 2017-01-12 02:37 - 00000000 ____D C:\Users\Behnam\Desktop\OESIS.Endpoint.Assessment.Tool.4.2.527.0
2017-03-10 19:54 - 2017-03-10 21:37 - 00001945 _____ C:\Windows\epplauncher.mif
2017-03-10 19:36 - 2017-03-10 19:43 - 313257984 _____ C:\Users\Behnam\Downloads\kav_rescue_10.iso
2017-03-09 23:25 - 2017-03-09 23:26 - 00000000 ____D C:\Users\Behnam\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2017-03-09 23:25 - 2017-03-09 23:25 - 00000000 ____D C:\Users\Behnam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2017-03-09 21:45 - 2017-03-10 23:47 - 00000000 ____D C:\Program Files (x86)\Avira
2017-03-09 21:37 - 2017-03-09 21:37 - 00000000 ____D C:\Users\Behnam\New folder
2017-03-09 08:54 - 2017-03-12 05:23 - 1299862408 _____ C:\Users\Behnam\Downloads\The_Lookout_2007_1080p_BrRip_Ganool_30NAMA.mkv
2017-03-09 02:21 - 2017-03-09 02:21 - 00000000 ___SD C:\ComboFix
2017-03-09 02:20 - 2017-03-10 22:19 - 00001958 _____ C:\Users\Behnam\Desktop\Rkill.txt
2017-03-09 01:50 - 2017-03-09 01:50 - 00000000 ____D C:\Windows\erdnt
2017-03-09 01:50 - 2017-03-09 01:50 - 00000000 ____D C:\Qoobox
2017-03-09 01:50 - 2011-06-26 10:15 - 00256000 _____ C:\Windows\PEV.exe
2017-03-09 01:50 - 2010-11-07 20:50 - 00208896 _____ C:\Windows\MBR.exe
2017-03-09 01:50 - 2009-04-20 08:26 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-03-09 01:50 - 2000-08-31 03:30 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-03-09 01:50 - 2000-08-31 03:30 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-03-09 01:50 - 2000-08-31 03:30 - 00098816 _____ C:\Windows\sed.exe
2017-03-09 01:50 - 2000-08-31 03:30 - 00080412 _____ C:\Windows\grep.exe
2017-03-09 01:50 - 2000-08-31 03:30 - 00068096 _____ C:\Windows\zip.exe
2017-03-09 01:49 - 2017-03-09 01:50 - 05660168 ____R (Swearware) C:\Users\Behnam\Desktop\ComboFix.exe
2017-03-09 01:32 - 2017-03-12 15:37 - 00000000 ____D C:\FRST
2017-03-09 01:18 - 2017-03-09 01:20 - 00000000 ____D C:\AdwCleaner
2017-03-09 01:17 - 2017-03-09 01:18 - 04031440 _____ C:\Users\Behnam\Downloads\adwcleaner_6.044.exe
2017-03-09 01:02 - 2017-03-09 01:02 - 00001158 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2017-03-09 01:02 - 2017-03-09 01:02 - 00001147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2017-03-09 01:02 - 2017-03-09 01:02 - 00001135 _____ C:\Users\Public\Desktop\Security Task Manager.lnk
2017-03-09 01:02 - 2017-03-09 01:02 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2017-03-09 01:00 - 2017-03-09 01:02 - 02967592 _____ C:\Users\Behnam\Downloads\SecurityTaskManager_Setup.exe
2017-03-09 00:41 - 2016-04-07 00:27 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Behnam\Desktop\rkill.exe
2017-03-09 00:05 - 2017-03-08 23:59 - 00661184 _____ (Sysinternals - www.sysinternals.com) C:\Users\Behnam\Desktop\autoruns.exe
2017-03-08 01:42 - 2017-03-08 01:42 - 00000000 ____D C:\Windows\rescache
2017-03-08 00:12 - 2017-03-08 00:12 - 00029196 _____ C:\ProgramData\agent.1488919327.bdinstall.bin
2017-03-08 00:10 - 2017-03-08 00:10 - 00001443 _____ C:\Users\Behnam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-08 00:10 - 2017-03-08 00:10 - 00001369 _____ C:\Users\Behnam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2017-03-07 19:15 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2017-03-07 08:34 - 2017-03-07 08:34 - 00000000 ____D C:\Program Files\Bitdefender Antivirus Free
2017-03-07 07:31 - 2017-03-07 07:31 - 00028792 _____ C:\ProgramData\agent.1488859294.bdinstall.bin
2017-03-06 20:32 - 2017-03-06 20:32 - 00046976 _____ C:\ProgramData\agent.1488819758.bdinstall.bin
2017-03-06 20:03 - 2017-03-06 20:03 - 00993608 ____C C:\Windows\system32\Drivers\aswSnx.sys
2017-03-06 20:03 - 2017-03-06 20:03 - 00547904 ____C C:\Windows\system32\Drivers\aswSP.sys
2017-03-06 20:03 - 2017-03-06 20:03 - 00337592 ____C C:\Windows\system32\Drivers\aswVmm.sys
2017-03-06 20:03 - 2017-03-06 20:03 - 00162528 ____C C:\Windows\system32\Drivers\aswStm.sys
2017-03-06 20:03 - 2017-03-06 20:03 - 00100640 ____C C:\Windows\system32\Drivers\aswRdr2.sys
2017-03-06 20:03 - 2017-03-06 20:03 - 00075704 ____C C:\Windows\system32\Drivers\aswRvrt.sys
2017-03-06 20:03 - 2017-03-06 20:03 - 00038296 ____C C:\Windows\system32\Drivers\aswHwid.sys
2017-03-06 19:27 - 2017-03-06 20:04 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-03-06 19:26 - 2017-03-06 19:26 - 00032088 ____C C:\Windows\system32\Drivers\aswKbd.sys
2017-02-15 19:26 - 2017-02-15 19:26 - 00001772 _____ C:\Users\Behnam\Desktop\Lantern.lnk
2017-02-15 19:26 - 2017-02-15 19:26 - 00000000 ____D C:\Users\Behnam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lantern
2017-02-15 19:26 - 2017-02-15 19:26 - 00000000 ____D C:\Users\Behnam\AppData\Roaming\Lantern
2017-02-15 19:26 - 2017-02-15 19:26 - 00000000 ____D C:\Users\Behnam\AppData\Roaming\byteexec
2017-02-15 19:07 - 2017-02-15 19:05 - 04964968 _____ C:\Users\Behnam\Desktop\psiphon-windows.exe
2017-02-10 14:06 - 2017-02-10 14:06 - 00035784 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-12 15:34 - 2009-07-14 08:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-12 09:54 - 2013-11-04 14:03 - 00000000 ____D C:\Users\Behnam\AppData\Roaming\DMCache
2017-03-12 09:31 - 2009-07-14 08:43 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-12 09:31 - 2009-07-14 06:50 - 00000000 ____D C:\Windows\inf
2017-03-12 08:17 - 2013-11-04 14:03 - 00000000 ____D C:\Users\Behnam\Downloads\Video
2017-03-12 00:38 - 2009-07-14 08:15 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-12 00:38 - 2009-07-14 08:15 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-11 21:27 - 2013-11-04 14:03 - 00000000 ____D C:\Users\Behnam\Downloads\Compressed
2017-03-11 21:03 - 2013-11-04 12:42 - 00000000 ____D C:\Users\Behnam
2017-03-11 21:03 - 2009-07-14 06:50 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-03-11 20:43 - 2013-11-04 14:03 - 00000000 ____D C:\Users\Behnam\AppData\Roaming\IDM
2017-03-10 23:31 - 2013-11-05 00:02 - 00000000 ____D C:\Windows\Panther
2017-03-10 23:31 - 2013-11-04 14:46 - 00000000 ____D C:\Windows\pss
2017-03-10 22:57 - 2016-09-20 14:19 - 00000000 ____D C:\Users\Behnam\AppData\Roaming\SyncDroid
2017-03-10 22:57 - 2014-06-13 19:28 - 00003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-03-10 22:57 - 2014-06-13 19:28 - 00003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-10 22:51 - 2014-06-12 18:04 - 00000000 ____D C:\Windows\Minidump
2017-03-10 22:51 - 2013-11-04 13:13 - 00000000 ____D C:\Users\Behnam\AppData\Roaming\DAEMON Tools Lite
2017-03-10 21:47 - 2016-12-04 23:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartupAdvanced Uninstaller
2017-03-10 20:15 - 2010-11-21 06:54 - 02420736 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-03-10 20:15 - 2010-11-21 06:53 - 00849920 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2017-03-09 23:50 - 2013-11-04 14:44 - 00001908 _____ C:\Windows\diagwrn.xml
2017-03-09 23:50 - 2013-11-04 14:44 - 00001908 _____ C:\Windows\diagerr.xml
2017-03-09 23:40 - 2014-06-12 23:24 - 00000252 _____ C:\Windows\system32\AF15IRTBL.bin
2017-03-08 23:59 - 2015-06-21 20:44 - 00000000 ____D C:\Users\Behnam\Downloads\Telegram Desktop
2017-03-08 23:57 - 2015-06-21 15:54 - 00000000 ____D C:\Users\Behnam\AppData\Roaming\Telegram Desktop
2017-03-07 22:28 - 2009-07-14 06:50 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-03-06 19:02 - 2015-01-19 18:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CloneDVD 7 Ultimate
2017-03-06 19:02 - 2009-07-14 09:02 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-03-06 18:58 - 2016-12-17 13:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Studios
2017-03-05 23:07 - 2015-10-24 03:14 - 00000000 ____D C:\Users\Behnam\AppData\Roaming\Psiphon3
2017-02-20 00:07 - 2009-07-14 08:38 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
 
==================== Files in the root of some directories =======
 
2015-01-19 18:21 - 2015-01-19 21:49 - 0099384 _____ () C:\Users\Behnam\AppData\Roaming\inst.exe
2015-01-19 18:21 - 2015-01-19 21:49 - 0007859 _____ () C:\Users\Behnam\AppData\Roaming\pcouffin.cat
2015-01-19 18:21 - 2015-01-19 21:49 - 0001167 _____ () C:\Users\Behnam\AppData\Roaming\pcouffin.inf
2015-01-19 18:21 - 2015-01-19 21:49 - 0082816 _____ (VSO Software) C:\Users\Behnam\AppData\Roaming\pcouffin.sys
2016-08-17 17:43 - 2016-08-17 17:43 - 0341504 _____ () C:\Users\Behnam\AppData\Roaming\wsrv_6873af3c.dat
2014-02-27 13:17 - 2016-07-11 23:40 - 0007602 _____ () C:\Users\Behnam\AppData\Local\Resmon.ResmonCfg
2015-01-19 18:45 - 2015-01-19 18:45 - 0000040 ___SH () C:\ProgramData\.zreglib
2017-03-06 20:32 - 2017-03-06 20:32 - 0046976 _____ () C:\ProgramData\agent.1488819758.bdinstall.bin
2017-03-07 07:31 - 2017-03-07 07:31 - 0028792 _____ () C:\ProgramData\agent.1488859294.bdinstall.bin
2017-03-08 00:12 - 2017-03-08 00:12 - 0029196 _____ () C:\ProgramData\agent.1488919327.bdinstall.bin
 
Some files in TEMP:
====================
2017-03-11 20:52 - 2017-03-11 20:52 - 0476672 _____ () C:\Users\Behnam\AppData\Local\Temp\7za.exe
2017-03-11 20:52 - 2017-03-11 20:52 - 0020480 _____ (E Dev) C:\Users\Behnam\AppData\Local\Temp\DaS_21.exe
2017-03-11 21:28 - 2012-01-16 05:28 - 1740160 _____ (Microsoft Corporation) C:\Users\Behnam\AppData\Local\Temp\dllnt_dump.dll
2017-03-11 20:52 - 2017-03-11 20:52 - 0388608 _____ (Trend Micro Inc.) C:\Users\Behnam\AppData\Local\Temp\hijackthis.exe
2017-03-11 20:52 - 2017-03-11 20:52 - 0030720 _____ (NirSoft) C:\Users\Behnam\AppData\Local\Temp\NirCmd.exe
2017-03-11 20:52 - 2017-03-11 20:52 - 0256512 _____ () C:\Users\Behnam\AppData\Local\Temp\PEVZ.EXE
2017-03-11 20:31 - 2017-03-11 20:44 - 10873376 _____ () C:\Users\Behnam\AppData\Local\Temp\psiphon-tunnel-core.exe
2017-03-11 20:52 - 2017-03-11 20:52 - 0069632 _____ () C:\Users\Behnam\AppData\Local\Temp\remove.exe
2017-03-11 20:52 - 2017-03-11 20:52 - 0098816 _____ () C:\Users\Behnam\AppData\Local\Temp\sed.exe
2017-03-11 20:52 - 2017-03-11 20:52 - 0057344 _____ (Optimum X) C:\Users\Behnam\AppData\Local\Temp\shortcut.exe
2017-03-11 20:52 - 2017-03-11 20:52 - 0161792 _____ (SteelWerX) C:\Users\Behnam\AppData\Local\Temp\swreg.exe
2017-03-11 20:52 - 2017-03-11 20:52 - 0217088 _____ (SteelWerX) C:\Users\Behnam\AppData\Local\Temp\swxcacls.exe
2017-03-11 20:52 - 2017-03-11 20:52 - 0154232 _____ (Noël Danjou) C:\Users\Behnam\AppData\Local\Temp\wget.exe
2017-03-11 20:52 - 2017-03-11 20:52 - 0024064 _____ () C:\Users\Behnam\AppData\Local\Temp\zoek-delete.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys
[2011-09-07 18:37] - [2011-09-07 18:37] - 0296320 ____A () D41D8CD98F00B204E9800998ECF8427E
 
C:\Windows\system32\Drivers\volsnap.sys => no Company Name <===== ATTENTION
 
 
 
testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION
 
LastRegBack: 2017-03-11 00:28
 
==================== End of FRST.txt ============================


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,720 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:42 PM

Posted 12 March 2017 - 04:14 PM

Let's start by doing this.

===================================================

ESET Necurs Cleaner

--------------------
  • Download ESET Necurs Cleaner and save it to your desktop
  • Double click the icon and run the program
  • If you receive the message Threat not found press any key to close the program
  • If you receive the message Win32/Necurs has been found on your system, press Y to remove the infection
  • Once completed type Y and press Enter to reboot your computer
  • Copy and paste the contents of the ESETNecursCleaner.exe**date and random numbers**.log document located on your desktop
===================================================

Farbar's Recovery Scan Tool Search

--------------------
  • Launch FRST
  • Copy/paste the following in the Search Field
volsnap.sys
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET report
  • Search.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 ges1382

ges1382
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 13 March 2017 - 02:04 PM

WOW Gary you are brilliant, finally my AV is working

 

[2017.03.13 22:24:13.469] - 
[2017.03.13 22:24:13.471] -     ....................................
[2017.03.13 22:24:13.471] -   ..::::::::::::::::::....................
[2017.03.13 22:24:13.473] -   .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT..    Win32/Necurs
[2017.03.13 22:24:13.474] -  .::EE::::EE:SS:::::::.EE....EE....TT......   Version: 2.1.0.5
[2017.03.13 22:24:13.476] -  .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT......   Built: Sep 25 2014
[2017.03.13 22:24:13.477] -  .::EE:::::::::::::SS:.EE..........TT......
[2017.03.13 22:24:13.478] -   .::EEEEEE:::SSSSSS::..EEEEEE.....TT.....    Copyright © ESET, spol. s r.o.
[2017.03.13 22:24:13.478] -   ..::::::::::::::::::....................    1992-2013. All rights reserved.
[2017.03.13 22:24:13.479] -     ....................................
[2017.03.13 22:24:13.479] - 
[2017.03.13 22:24:13.479] - --------------------------------------------------------------------------------
[2017.03.13 22:24:13.479] - 
[2017.03.13 22:24:13.480] - INFO: OS: 6.1.7601 SP1
[2017.03.13 22:24:13.480] - INFO: Product Type: Workstation
[2017.03.13 22:24:13.480] - INFO: WoW64: True
[2017.03.13 22:24:13.480] - INFO: Machine guid: 9857BCAC-159C-4E24-A516-4DFCE1E6BDA7 
[2017.03.13 22:24:13.481] - 
[2017.03.13 22:24:15.710] - INFO: Scanning for system infection...
[2017.03.13 22:24:15.710] - --------------------------------------------------------------------------------
[2017.03.13 22:24:15.710] - 
[2017.03.13 22:24:15.710] - INFO: Found suspicious service - 9f5eed76f9bfc3aa
[2017.03.13 22:24:15.888] - INFO: INF_NCFMND05...
[2017.03.13 22:24:15.888] - INFO: Rootkit's service key - 9f5eed76f9bfc3aa
[2017.03.13 22:24:15.888] - INFO: Rootkit's path - C:\Windows\SYSTEM32\DRIVERS\9F5EED76F9BFC3AA.SYS
[2017.03.13 22:24:15.888] - INFO: INF_NCD02...
[2017.03.13 22:24:15.888] - INFO: Win32/Necurs found
[2017.03.13 22:24:20.277] - INFO: INF_NCCS01...
[2017.03.13 22:24:27.358] - INFO: Cleaning status: 2
[2017.03.13 22:24:31.229] - 
[2017.03.13 22:24:31.229] - --------------------------------------------------------------------------------
[2017.03.13 22:24:31.229] - INFO: System is rebooting...
[2017.03.13 22:24:31.268] - --------------------------------------------------------------------------------
[2017.03.13 22:24:31.268] - INFO: Logging finished successfully...
[2017.03.13 22:24:31.268] - --------------------------------------------------------------------------------
 
 
Farbar Recovery Scan Tool (x64) Version: 12-03-2017
Ran by Behnam (13-03-2017 22:31:31)
Running from C:\Users\Behnam\Downloads\Programs
Boot Mode: Normal
 
================== Search Files: "volsnap.sys" =============
 
C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.21728_none_745f8cdd2bd6a34c\volsnap.sys
[2011-09-07 18:37][2011-09-07 18:37] 0296320 ____A (Microsoft Corporation) 33A1623EE5977F09F5DDF6DF288CD6AF [File is digitally signed]
 
C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.21668_none_74344b472bf715e9\volsnap.sys
[2011-09-07 17:38][2011-09-07 17:38] 0296320 ____A (Microsoft Corporation) 879CE6AEA3FE874AD4C500B6B6198EB0 [File is digitally signed]
 
C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.21624_none_745b89cf2bda40c9\volsnap.sys
[2011-09-07 17:02][2011-09-07 17:02] 0295808 ____A (Microsoft Corporation) E7EBDFE3D4245499CE733D0148966FEF [File is digitally signed]
 
C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17567_none_73a9ae3212da5cc8\volsnap.sys
[2011-09-07 17:38][2011-09-07 17:38] 0296320 ____A (Microsoft Corporation) DF8126BD41180351A093A3AD2FC8903B [File is digitally signed]
 
C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2010-11-21 06:53][2010-11-21 06:53] 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639 [File is digitally signed]
 
C:\Windows\System32\DriverStore\FileRepository\volume.inf_amd64_neutral_facb6621bfb72427\volsnap.sys
[2011-09-07 17:02][2011-09-07 17:02] 0295808 ____A (Microsoft Corporation) E7EBDFE3D4245499CE733D0148966FEF [File is digitally signed]
 
C:\Windows\System32\DriverStore\FileRepository\volume.inf_amd64_neutral_e7c4cd5b40e03494\volsnap.sys
[2011-09-07 17:38][2011-09-07 17:38] 0296320 ____A (Microsoft Corporation) DF8126BD41180351A093A3AD2FC8903B [File is digitally signed]
 
C:\Windows\System32\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010-11-21 06:53][2010-11-21 06:53] 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639 [File is digitally signed]
 
C:\Windows\System32\DriverStore\FileRepository\volume.inf_amd64_neutral_9d956be9254f2a6d\volsnap.sys
[2011-09-07 18:37][2011-09-07 18:37] 0296320 ____A (Microsoft Corporation) 33A1623EE5977F09F5DDF6DF288CD6AF [File is digitally signed]
 
C:\Windows\System32\DriverStore\FileRepository\volume.inf_amd64_neutral_72593857239bbd71\volsnap.sys
[2011-09-07 17:38][2011-09-07 17:38] 0296320 ____A (Microsoft Corporation) 879CE6AEA3FE874AD4C500B6B6198EB0 [File is digitally signed]
 
C:\Windows\System32\drivers\volsnap.sys
[2011-09-07 18:37][2011-09-07 18:37] 0296320 ____A (Microsoft Corporation) 33A1623EE5977F09F5DDF6DF288CD6AF [File is digitally signed]
 
====== End of Search ======


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,720 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:42 PM

Posted 14 March 2017 - 10:53 AM

Glad that helped.

Please run a new FRST scan and copy/paste both reports in your reply.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 ges1382

ges1382
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 14 March 2017 - 03:02 PM

Thank you Gary, Here are the result of scan :

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-03-2017
Ran by Behnam (administrator) on BEHNAM-PC (14-03-2017 23:29:32)
Running from C:\Users\Behnam\Downloads\Programs
Loaded Profiles: Behnam (Available Profiles: Behnam)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2011-03-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-10-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [909744 2017-02-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [63432 2017-01-19] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3581816 2013-11-04] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2011-01-20] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2012-11-16] (Tonec Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 188.159.159.159 188.158.158.158
Tcpip\..\Interfaces\{4272427A-AF2F-4EF2-9F5A-888316B61063}: [DhcpNameServer] 188.159.159.159 188.158.158.158
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-1254058753-1630089084-417405892-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-1254058753-1630089084-417405892-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1254058753-1630089084-417405892-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-06-06] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-06-06] (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-06-06] (Adobe Systems Incorporated)
Toolbar: HKU\.DEFAULT -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-1254058753-1630089084-417405892-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2011-12-15] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-12-15] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2011-12-15] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-12-15] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Behnam\AppData\Roaming\Mozilla\Firefox\Profiles\n9w49z1i.default [2017-03-11]
FF NetworkProxy: Mozilla\Firefox\Profiles\n9w49z1i.default -> backup.ftp", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\n9w49z1i.default -> backup.ftp_port", 54281
FF NetworkProxy: Mozilla\Firefox\Profiles\n9w49z1i.default -> backup.socks", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\n9w49z1i.default -> backup.socks_port", 54281
FF NetworkProxy: Mozilla\Firefox\Profiles\n9w49z1i.default -> backup.ssl", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\n9w49z1i.default -> backup.ssl_port", 54281
FF NetworkProxy: Mozilla\Firefox\Profiles\n9w49z1i.default -> ftp", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\n9w49z1i.default -> ftp_port", 54282
FF NetworkProxy: Mozilla\Firefox\Profiles\n9w49z1i.default -> http", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\n9w49z1i.default -> http_port", 54282
FF NetworkProxy: Mozilla\Firefox\Profiles\n9w49z1i.default -> share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\n9w49z1i.default -> socks", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\n9w49z1i.default -> socks_port", 54282
FF NetworkProxy: Mozilla\Firefox\Profiles\n9w49z1i.default -> ssl", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\n9w49z1i.default -> ssl_port", 54282
FF NetworkProxy: Mozilla\Firefox\Profiles\n9w49z1i.default -> type", 
FF Extension: (WinToFlash Suggestor) - C:\Users\Behnam\AppData\Roaming\Mozilla\Firefox\Profiles\n9w49z1i.default\Extensions\{285ACFBB-8E53-4feb-90E6-F02A128927F3}.xpi [2012-05-25] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-11-04] [not signed]
FF HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Behnam\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Behnam\AppData\Roaming\IDM\idmmzcc5 [2013-11-04] [not signed]
FF HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Behnam\AppData\Roaming\IDM\idmmzcc5
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2011-07-19] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Behnam\AppData\Local\Google\Chrome\User Data\Default [2017-03-14]
CHR Extension: (Google Docs) - C:\Users\Behnam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-12]
CHR Extension: (Google Drive) - C:\Users\Behnam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Behnam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Behnam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (PadGet Add-on  افزونه پادگت) - C:\Users\Behnam\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajeggoodcichjamjakpcpcpojbolmjp [2015-04-19] [UpdateUrl: hxxp://pad.um.ac.ir/padget/updatechrome.php] <==== ATTENTION
CHR Extension: (Google Docs Offline) - C:\Users\Behnam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (IDM Integration) - C:\Users\Behnam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm [2014-06-12]
CHR Extension: (Lazarus: Form Recovery) - C:\Users\Behnam\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2017-03-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Behnam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Behnam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Behnam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-10]
CHR HKLM-x32\...\Chrome\Extension: [acaoakiamfeidcmgooclgeleejkbaecf] - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2013-04-25]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1115552 2017-02-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [487424 2017-02-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [487424 2017-02-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1519144 2017-02-15] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349096 2017-01-19] (Avira Operations GmbH & Co. KG)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company)
S4 jswpbapi; C:\Program Files (x86)\Jumpstart\jswpbapi.exe [265216 2008-09-26] (Atheros Communications, Inc.) [File not signed]
S4 jswpsapi; C:\Program Files (x86)\Jumpstart\jswpsapi.exe [954368 2008-09-26] (Atheros Communications, Inc.) [File not signed]
S4 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-11-04] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus64.sys [20992 2015-01-21] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2015-01-26] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2015-01-26] (LG Electronics Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176968 2017-02-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148104 2017-02-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-02-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-02-15] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-11-04] (DT Soft Ltd)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2011-04-26] (ITE                      )
S2 libwamf; C:\Windows\System32\DRIVERS\libwamf.sys [22320 2017-03-10] (OPSWAT, Inc.)
S2 libwasys; C:\Windows\System32\DRIVERS\libwasys.sys [29488 2017-03-10] (OPSWAT, Inc.)
S2 Sentinel; C:\Windows\SysWOW64\Drivers\SENTINEL.SYS [76288 2002-12-17] (Rainbow Technologies, Inc.) [File not signed]
S3 Sntnlusb; C:\Windows\SysWOW64\DRIVERS\SNTNLUSB.SYS [26120 2002-12-17] (Rainbow Technologies Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-03-11] ()
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2009-07-14] (Microsoft Corporation)
S1 gvzkauso; \??\C:\Windows\system32\drivers\gvzkauso.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-14 18:17 - 2014-05-14 19:53 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-03-14 18:17 - 2014-05-14 19:53 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-03-14 18:17 - 2014-05-14 19:53 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-03-14 18:17 - 2014-05-14 19:53 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-03-14 18:17 - 2014-05-14 19:53 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-03-14 18:17 - 2014-05-14 19:53 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-03-14 18:17 - 2014-05-14 19:53 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-03-14 18:17 - 2014-05-14 19:51 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-03-14 18:17 - 2014-05-14 19:50 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-03-14 18:17 - 2014-05-14 19:47 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-03-14 18:17 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-03-14 18:17 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-03-14 18:17 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-03-14 18:17 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-03-13 23:23 - 2017-03-13 23:23 - 00047970 _____ C:\Users\Behnam\Downloads\download.htm
2017-03-13 04:34 - 2017-03-13 06:16 - 734456742 _____ C:\Users\Behnam\Downloads\Soul_Kitchen_2009_720p_BrRip_Unknown_30NAMA.mkv
2017-03-12 15:52 - 2017-03-12 15:52 - 00262356 ____H C:\Windows\system32\mlfcache.dat
2017-03-12 15:48 - 2017-03-14 18:14 - 00000000 ____D C:\Users\Behnam\AppData\Roaming\Apple Computer
2017-03-12 15:48 - 2017-03-12 15:48 - 00001713 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-03-12 15:48 - 2017-03-12 15:48 - 00000000 ____D C:\Users\Behnam\AppData\Local\Apple Computer
2017-03-12 15:48 - 2017-03-12 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-03-12 15:47 - 2017-03-12 15:48 - 00000000 ____D C:\Program Files\iTunes
2017-03-12 15:47 - 2017-03-12 15:47 - 00000000 ____D C:\ProgramData\Apple Computer
2017-03-12 15:47 - 2017-03-12 15:47 - 00000000 ____D C:\Program Files\iPod
2017-03-12 15:46 - 2017-03-12 15:46 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-03-12 15:46 - 2017-03-12 15:46 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2017-03-12 15:46 - 2017-03-12 15:46 - 00000000 ____D C:\Users\Behnam\AppData\Local\Apple
2017-03-12 15:46 - 2017-03-12 15:46 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-03-12 15:45 - 2017-03-12 15:47 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-03-12 15:45 - 2017-03-12 15:45 - 00000000 ____D C:\Program Files\Bonjour
2017-03-12 15:45 - 2017-03-12 15:45 - 00000000 ____D C:\Program Files (x86)\Bonjour
2017-03-12 15:44 - 2017-03-12 15:46 - 00000000 ____D C:\ProgramData\Apple
2017-03-12 00:23 - 2017-03-12 00:23 - 00000326 _____ C:\Users\Behnam\Downloads\regfix_64.zip
2017-03-12 00:05 - 2017-03-12 00:05 - 00000000 ____D C:\Users\Behnam\AppData\Local\VirtualStore
2017-03-12 00:04 - 2017-03-12 00:05 - 00000000 ____D C:\ProgramData\SecTaskMan
2017-03-11 21:49 - 2017-03-14 07:13 - 628935279 _____ C:\Users\Behnam\Downloads\Elephant_2003_720p_BrRip_Ganool_30NAMA.mkv
2017-03-11 21:49 - 2017-03-13 04:34 - 846028148 _____ C:\Users\Behnam\Downloads\Head_On_2004_BrRip_Unknown_30NAMA.mkv
2017-03-11 21:48 - 2017-03-14 08:55 - 732495295 _____ C:\Users\Behnam\Downloads\The_Call_2013_720p_BrRip_ShAaNiG_30NAMA.mkv
2017-03-11 21:48 - 2017-03-14 05:45 - 787818632 _____ C:\Users\Behnam\Downloads\Summer.Hours.2008.720p.Otaghe8.com.mkv
2017-03-11 21:29 - 2017-03-11 21:29 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-03-11 21:28 - 2017-03-11 22:52 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-11 21:28 - 2017-02-28 00:19 - 00000000 ____D C:\Users\Behnam\Desktop\RogueKiller.12.9.9.0.x64
2017-03-11 21:25 - 2017-03-11 21:27 - 34885984 _____ (Adlice Software ) C:\Users\Behnam\Downloads\setup.exe
2017-03-11 21:20 - 2017-03-11 21:20 - 00000000 ____D C:\ProgramData\IDM
2017-03-11 21:17 - 2017-03-11 21:17 - 00001378 _____ C:\Users\Behnam\Downloads\mpsdrv.reg
2017-03-11 21:17 - 2017-03-11 21:17 - 00001166 _____ C:\Users\Behnam\Downloads\LEGACY_MPSDRV.reg
2017-03-11 21:16 - 2017-03-11 21:16 - 00006396 _____ C:\Users\Behnam\Downloads\MpsSvc.reg
2017-03-11 21:16 - 2017-03-11 21:16 - 00002634 _____ C:\Users\Behnam\Downloads\Winmgmt.reg
2017-03-11 21:02 - 2017-03-11 21:02 - 00000000 ____D C:\zoek
2017-03-11 20:52 - 2017-03-11 21:05 - 00003089 _____ C:\runcheck.txt
2017-03-11 20:52 - 2017-03-11 21:03 - 00000000 ____D C:\zoek_backup
2017-03-11 20:32 - 2017-03-11 20:40 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Behnam\Downloads\mbar-1.09.3.1001.exe
2017-03-10 23:57 - 2017-03-11 00:59 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2017-03-10 23:47 - 2017-03-10 23:47 - 00001132 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-03-10 23:41 - 2017-03-12 00:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-03-10 23:41 - 2017-03-10 23:41 - 00000000 ____D C:\Users\Behnam\AppData\Roaming\Avira
2017-03-10 23:40 - 2017-03-10 23:47 - 00000000 ____D C:\ProgramData\Avira
2017-03-10 23:40 - 2017-02-15 16:55 - 00176968 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-03-10 23:40 - 2017-02-15 16:55 - 00148104 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-03-10 23:40 - 2017-02-15 16:55 - 00078600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2017-03-10 23:40 - 2017-02-15 16:55 - 00051248 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2017-03-10 23:40 - 2017-02-15 16:55 - 00035328 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2017-03-10 23:20 - 2017-03-10 23:42 - 00452996 _____ C:\Windows\ntbtlog.txt
2017-03-10 23:02 - 2017-03-10 23:31 - 00000000 ____D C:\Program Files (x86)\Argente Utilities
2017-03-10 23:02 - 2017-03-10 23:02 - 00001033 _____ C:\Users\Public\Desktop\Argente Utilities.lnk
2017-03-10 23:02 - 2017-03-10 23:02 - 00000000 ____D C:\Users\Behnam\AppData\Roaming\Runscanner.net
2017-03-10 23:02 - 2017-03-10 23:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Argente Utilities
2017-03-10 23:00 - 2017-03-06 19:40 - 08351144 _____ (AVAST Software) C:\Users\Behnam\Desktop\avastclear.exe
2017-03-10 22:55 - 2017-03-10 22:55 - 00000000 ____D C:\ProgramData\BDLogging
2017-03-10 22:51 - 2017-03-10 22:51 - 00215024 _____ C:\Users\Public\Documents\cc_20170310_225146.reg
2017-03-10 22:50 - 2017-03-10 22:50 - 00002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-03-10 22:50 - 2017-03-10 22:50 - 00000782 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-03-10 22:50 - 2017-03-10 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-03-10 22:50 - 2017-03-10 22:50 - 00000000 ____D C:\Program Files\CCleaner
2017-03-10 22:37 - 2017-03-10 22:37 - 02975136 _____ (Avira Operations GmbH & Co. KG) C:\Users\Behnam\Desktop\avira_registry_cleaner_en.exe
2017-03-10 22:07 - 2017-03-10 22:25 - 00029488 _____ (OPSWAT, Inc.) C:\Windows\system32\Drivers\libwasys.sys
2017-03-10 22:07 - 2017-03-10 22:25 - 00022320 _____ (OPSWAT, Inc.) C:\Windows\system32\Drivers\libwamf.sys
2017-03-10 22:06 - 2017-01-12 02:37 - 00000000 ____D C:\Users\Behnam\Desktop\OESIS.Endpoint.Assessment.Tool.4.2.527.0
2017-03-10 19:54 - 2017-03-10 21:37 - 00001945 _____ C:\Windows\epplauncher.mif
2017-03-10 19:36 - 2017-03-10 19:43 - 313257984 _____ C:\Users\Behnam\Downloads\kav_rescue_10.iso
2017-03-09 23:25 - 2017-03-09 23:26 - 00000000 ____D C:\Users\Behnam\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2017-03-09 23:25 - 2017-03-09 23:25 - 00000000 ____D C:\Users\Behnam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2017-03-09 21:45 - 2017-03-10 23:47 - 00000000 ____D C:\Program Files (x86)\Avira
2017-03-09 21:37 - 2017-03-09 21:37 - 00000000 ____D C:\Users\Behnam\New folder
2017-03-09 08:54 - 2017-03-12 05:23 - 1299862408 _____ C:\Users\Behnam\Downloads\The_Lookout_2007_1080p_BrRip_Ganool_30NAMA.mkv
2017-03-09 02:21 - 2017-03-09 02:21 - 00000000 ___SD C:\ComboFix
2017-03-09 02:20 - 2017-03-10 22:19 - 00001958 _____ C:\Users\Behnam\Desktop\Rkill.txt
2017-03-09 01:50 - 2017-03-09 01:50 - 00000000 ____D C:\Windows\erdnt
2017-03-09 01:50 - 2017-03-09 01:50 - 00000000 ____D C:\Qoobox
2017-03-09 01:50 - 2011-06-26 10:15 - 00256000 _____ C:\Windows\PEV.exe
2017-03-09 01:50 - 2010-11-07 20:50 - 00208896 _____ C:\Windows\MBR.exe
2017-03-09 01:50 - 2009-04-20 08:26 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-03-09 01:50 - 2000-08-31 03:30 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-03-09 01:50 - 2000-08-31 03:30 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-03-09 01:50 - 2000-08-31 03:30 - 00098816 _____ C:\Windows\sed.exe
2017-03-09 01:50 - 2000-08-31 03:30 - 00080412 _____ C:\Windows\grep.exe
2017-03-09 01:50 - 2000-08-31 03:30 - 00068096 _____ C:\Windows\zip.exe
2017-03-09 01:49 - 2017-03-09 01:50 - 05660168 ____R (Swearware) C:\Users\Behnam\Desktop\ComboFix.exe
2017-03-09 01:32 - 2017-03-14 23:29 - 00000000 ____D C:\FRST
2017-03-09 01:18 - 2017-03-09 01:20 - 00000000 ____D C:\AdwCleaner
2017-03-09 01:17 - 2017-03-09 01:18 - 04031440 _____ C:\Users\Behnam\Downloads\adwcleaner_6.044.exe
2017-03-09 01:02 - 2017-03-09 01:02 - 00001158 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2017-03-09 01:02 - 2017-03-09 01:02 - 00001147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2017-03-09 01:02 - 2017-03-09 01:02 - 00001135 _____ C:\Users\Public\Desktop\Security Task Manager.lnk
2017-03-09 01:02 - 2017-03-09 01:02 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2017-03-09 01:00 - 2017-03-09 01:02 - 02967592 _____ C:\Users\Behnam\Downloads\SecurityTaskManager_Setup.exe
2017-03-09 00:41 - 2016-04-07 00:27 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Behnam\Desktop\rkill.exe
2017-03-09 00:05 - 2017-03-08 23:59 - 00661184 _____ (Sysinternals - www.sysinternals.com) C:\Users\Behnam\Desktop\autoruns.exe
2017-03-08 01:42 - 2017-03-08 01:42 - 00000000 ____D C:\Windows\rescache
2017-03-08 00:12 - 2017-03-08 00:12 - 00029196 _____ C:\ProgramData\agent.1488919327.bdinstall.bin
2017-03-08 00:10 - 2017-03-08 00:10 - 00001443 _____ C:\Users\Behnam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-08 00:10 - 2017-03-08 00:10 - 00001369 _____ C:\Users\Behnam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2017-03-07 19:15 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2017-03-07 08:34 - 2017-03-07 08:34 - 00000000 ____D C:\Program Files\Bitdefender Antivirus Free
2017-03-07 07:31 - 2017-03-07 07:31 - 00028792 _____ C:\ProgramData\agent.1488859294.bdinstall.bin
2017-03-06 20:32 - 2017-03-06 20:32 - 00046976 _____ C:\ProgramData\agent.1488819758.bdinstall.bin
2017-03-06 20:03 - 2017-03-06 20:03 - 00993608 ____C (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-03-06 20:03 - 2017-03-06 20:03 - 00547904 ____C (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-03-06 20:03 - 2017-03-06 20:03 - 00337592 ____C (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-03-06 20:03 - 2017-03-06 20:03 - 00162528 ____C (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-03-06 20:03 - 2017-03-06 20:03 - 00100640 ____C (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-03-06 20:03 - 2017-03-06 20:03 - 00075704 ____C (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-03-06 20:03 - 2017-03-06 20:03 - 00038296 ____C (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-03-06 19:27 - 2017-03-06 20:04 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-03-06 19:26 - 2017-03-06 19:26 - 00032088 ____C (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-02-15 19:26 - 2017-02-15 19:26 - 00001772 _____ C:\Users\Behnam\Desktop\Lantern.lnk
2017-02-15 19:26 - 2017-02-15 19:26 - 00000000 ____D C:\Users\Behnam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lantern
2017-02-15 19:26 - 2017-02-15 19:26 - 00000000 ____D C:\Users\Behnam\AppData\Roaming\Lantern
2017-02-15 19:26 - 2017-02-15 19:26 - 00000000 ____D C:\Users\Behnam\AppData\Roaming\byteexec
2017-02-15 19:07 - 2017-02-15 19:05 - 04964968 _____ C:\Users\Behnam\Desktop\psiphon-windows.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-14 23:09 - 2009-07-14 08:15 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-14 23:09 - 2009-07-14 08:15 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-14 23:05 - 2009-07-14 08:43 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-14 23:05 - 2009-07-14 06:50 - 00000000 ____D C:\Windows\inf
2017-03-14 23:01 - 2009-07-14 08:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-14 18:54 - 2013-11-04 14:03 - 00000000 ____D C:\Users\Behnam\AppData\Roaming\DMCache
2017-03-13 09:43 - 2013-11-04 14:03 - 00000000 ____D C:\Users\Behnam\Downloads\Video
2017-03-12 19:30 - 2015-06-21 15:54 - 00000000 ____D C:\Users\Behnam\AppData\Roaming\Telegram Desktop
2017-03-11 21:27 - 2013-11-04 14:03 - 00000000 ____D C:\Users\Behnam\Downloads\Compressed
2017-03-11 21:03 - 2013-11-04 12:42 - 00000000 ____D C:\Users\Behnam
2017-03-11 21:03 - 2009-07-14 06:50 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-03-11 20:43 - 2013-11-04 14:03 - 00000000 ____D C:\Users\Behnam\AppData\Roaming\IDM
2017-03-10 23:31 - 2013-11-05 00:02 - 00000000 ____D C:\Windows\Panther
2017-03-10 23:31 - 2013-11-04 14:46 - 00000000 ____D C:\Windows\pss
2017-03-10 22:57 - 2016-09-20 14:19 - 00000000 ____D C:\Users\Behnam\AppData\Roaming\SyncDroid
2017-03-10 22:57 - 2014-06-13 19:28 - 00003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-03-10 22:57 - 2014-06-13 19:28 - 00003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-10 22:51 - 2014-06-12 18:04 - 00000000 ____D C:\Windows\Minidump
2017-03-10 22:51 - 2013-11-04 13:13 - 00000000 ____D C:\Users\Behnam\AppData\Roaming\DAEMON Tools Lite
2017-03-10 21:47 - 2016-12-04 23:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartupAdvanced Uninstaller
2017-03-10 20:15 - 2010-11-21 06:53 - 00849920 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2017-03-09 23:50 - 2013-11-04 14:44 - 00001908 _____ C:\Windows\diagwrn.xml
2017-03-09 23:50 - 2013-11-04 14:44 - 00001908 _____ C:\Windows\diagerr.xml
2017-03-09 23:40 - 2014-06-12 23:24 - 00000252 _____ C:\Windows\system32\AF15IRTBL.bin
2017-03-08 23:59 - 2015-06-21 20:44 - 00000000 ____D C:\Users\Behnam\Downloads\Telegram Desktop
2017-03-07 22:28 - 2009-07-14 06:50 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-03-06 19:02 - 2015-01-19 18:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CloneDVD 7 Ultimate
2017-03-06 19:02 - 2009-07-14 09:02 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-03-06 18:58 - 2016-12-17 13:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Studios
2017-03-05 23:07 - 2015-10-24 03:14 - 00000000 ____D C:\Users\Behnam\AppData\Roaming\Psiphon3
2017-02-20 00:07 - 2009-07-14 08:38 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
 
==================== Files in the root of some directories =======
 
2015-01-19 18:21 - 2015-01-19 21:49 - 0007859 _____ () C:\Users\Behnam\AppData\Roaming\pcouffin.cat
2015-01-19 18:21 - 2015-01-19 21:49 - 0001167 _____ () C:\Users\Behnam\AppData\Roaming\pcouffin.inf
2016-08-17 17:43 - 2016-08-17 17:43 - 0341504 _____ () C:\Users\Behnam\AppData\Roaming\wsrv_6873af3c.dat
2014-02-27 13:17 - 2016-07-11 23:40 - 0007602 _____ () C:\Users\Behnam\AppData\Local\Resmon.ResmonCfg
2015-01-19 18:45 - 2015-01-19 18:45 - 0000040 ___SH () C:\ProgramData\.zreglib
2017-03-06 20:32 - 2017-03-06 20:32 - 0046976 _____ () C:\ProgramData\agent.1488819758.bdinstall.bin
2017-03-07 07:31 - 2017-03-07 07:31 - 0028792 _____ () C:\ProgramData\agent.1488859294.bdinstall.bin
2017-03-08 00:12 - 2017-03-08 00:12 - 0029196 _____ () C:\ProgramData\agent.1488919327.bdinstall.bin
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION
 
LastRegBack: 2017-03-14 02:17
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-03-2017
Ran by Behnam (14-03-2017 23:30:12)
Running from C:\Users\Behnam\Downloads\Programs
Windows 7 Ultimate Service Pack 1 (X64) (2013-11-04 09:12:33)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1254058753-1630089084-417405892-500 - Administrator - Disabled)
Behnam (S-1-5-21-1254058753-1630089084-417405892-1000 - Administrator - Enabled) => C:\Users\Behnam
Guest (S-1-5-21-1254058753-1630089084-417405892-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat X Pro - English, Russian (HKLM-x32\...\{AC76BA86-1048-8780-7760-000000000005}) (Version: 10.1.0 - Adobe Systems)
Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Advanced Uninstaller PRO - Version 10 (HKLM-x32\...\AU10_is1) (Version: 10 - Innovative Solutions)
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Argente Utilities 1.0.4.0 (HKLM-x32\...\Argente Utilities_is1) (Version: 1.0.4.0 - Argente Software)
ATI Catalyst Install Manager (HKLM\...\{0C23986C-11FF-C8B3-1CBC-591EBA542882}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
AutoCAD 2012 - English (HKLM\...\AutoCAD 2012 - English) (Version: 18.2.51.0 - Autodesk)
AutoCAD 2012 - English (Version: 18.2.51.0 - Autodesk) Hidden
AutoCAD 2012 Language Pack - English (Version: 18.2.51.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}) (Version: 2.0.90 - Autodesk)
Autodesk Material Library 2012 (HKLM-x32\...\{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2012 (HKLM-x32\...\{65420DC9-306E-4371-905F-F4DC3B418E52}) (Version: 2.5.0.8 - Autodesk)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.25.154 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{1f8bb480-f5d7-4414-a6ea-28e005509ae4}) (Version: 1.2.81.6390 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.81.6390 - Avira Operations GmbH & Co. KG) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
ccc-core-static (x32 Version: 2011.0316.116.298 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.2.0287 - DT Soft Ltd)
EndNote X7 (HKLM-x32\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.1.0.7705 - Thomson Reuters)
Foxit Reader 5.1 (HKLM-x32\...\Foxit Reader_is1) (Version: 5.1.4.104 - Foxit Corporation)
GeoStructural Analysis - Abutment (x32 Version: 16.6.1 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Beam (x32 Version: 16.6.2 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Cantilever Wall (x32 Version: 16.6.1 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Earth Pressures (x32 Version: 16.6.1 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Gabion Wall (x32 Version: 16.6.1 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Gravity Wall (x32 Version: 16.6.1 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Ground Loss (x32 Version: 16.6.1 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Masonry Wall (x32 Version: 16.6.1 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Micropile (x32 Version: 16.6.1 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - MSE Wall (x32 Version: 16.7.1 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Nailed Slopes (x32 Version: 16.6.1 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Pile CPT (x32 Version: 16.8.1 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Pile Group (x32 Version: 16.7.1 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Piles (x32 Version: 16.6.1 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Plate (x32 Version: 16.6.2 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Prefab Wall (x32 Version: 16.6.1 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Rock Stability (x32 Version: 16.6.1 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Settlement (x32 Version: 16.6.2 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Sheeting Check (x32 Version: 16.6.1 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Sheeting Design (x32 Version: 16.6.1 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Slope Stability (x32 Version: 16.7.2 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Spread Footing (x32 Version: 16.5.2 - Fine spol. s r.o.) Hidden
GeoStructural Analysis - Task Manager (Terrain) (x32 Version: 16.6.2 - Fine spol. s r.o.) Hidden
GeoStructural Analysis (HKLM-x32\...\GEO5Bentley v1) (Version:  - Fine spol. s r.o.)
GeoStudio 2007 (HKLM-x32\...\{91F5D4FD-EF0E-404F-B98C-C7A94430DBEA}) (Version: 7.1.0 - GEO-SLOPE International Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP HotKey Support (HKLM\...\{EF5E8060-95BA-43CC-B1C1-878B0ACA569E}) (Version: 4.0.3.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6300.0 - IDT)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
ITE9135 Driver Install 64bit (HKLM-x32\...\InstallShield_{D82F05C3-BE68-4A5B-9011-924F025BC481}) (Version: 1.00.0000 - Geniatech)
ITE9135 Driver Install 64bit (x32 Version: 1.00.0000 - Geniatech) Hidden
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Jumpstart Installation Program (HKLM-x32\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version:  - Atheros)
K-Lite Codec Pack 7.1.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.1.0 - )
K-Lite Codec Pack 9.2.0 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.2.0 - )
Lantern (HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\Lantern) (Version: 3.6.3 - Brave New Software Project, Inc.)
LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.25.20150529 - LG Electronics)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.12.3.0 - LG Electronics)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2005) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
mp3schneiden (HKLM-x32\...\mp3schneiden_is1) (Version: 4.0 - Abelssoft)
PDF Password Remover v3.1 (HKLM-x32\...\PDF Password Remover v3.1_is1) (Version:  - VeryPDF.com Inc)
Plaxis 8.2 Update Pack 4 (HKLM-x32\...\{AB29BE83-1112-4219-8B29-559FB73E2BF8}) (Version:  - )
Plaxis 8.x (HKLM-x32\...\{7B070BE0-4A7E-4914-8DF4-D5F1B3F9ED0E}) (Version:  - )
Potplayer (HKLM-x32\...\PotPlayer) (Version:  - Kakao Corp.)
Security Task Manager 2.1i (HKLM-x32\...\Security Task Manager) (Version: 2.1i - Neuber Software)
Telegram Desktop version 1.0.14 (HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.0.14 - Telegram Messenger LLP)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinRAR 5.30 beta 1 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.30.1 - win.rar GmbH)
XMedia Recode version 3.2.0.1 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.0.1 - XMedia Recode)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1254058753-1630089084-417405892-1000_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1254058753-1630089084-417405892-1000_Classes\CLSID\{B77E471C-FBF3-4CB5-880F-D7528AD4B349}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1254058753-1630089084-417405892-1000_Classes\CLSID\{C92FB640-AD4D-498A-9979-A51A2540C977}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1254058753-1630089084-417405892-1000_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1254058753-1630089084-417405892-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acadficn.dll (Autodesk, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {324C4813-B1DB-4EE7-ACDE-A73460153A1B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {651126AB-FBFE-48CD-972D-043AD5452CD3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {6580810C-C20A-46A4-8D3C-5578AC9BEE33} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {78BBD103-2DA7-4B4F-B0F9-7533ECDD119B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
Task: {9E2EB924-9F60-4AA0-BD5E-6464B7BA166F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe 
Task: {E2FA9276-36BD-47C2-A978-2B100E855E95} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-01-13 13:56 - 2017-01-13 13:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-03-14 14:20 - 2011-03-14 14:20 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-03-16 01:14 - 2011-03-16 01:14 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2017-02-06 23:02 - 2017-02-01 12:31 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-06 23:02 - 2017-02-01 12:31 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-1254058753-1630089084-417405892-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1254058753-1630089084-417405892-1000\...\1-se.com -> 1-se.com
 
There are 11222 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 06:04 - 2017-03-05 23:44 - 00002442 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 www.nero.com
127.0.0.1 csmg.lgmobile.com
127.0.0.1 lge.com
127.0.0.1 lgmobile.com
127.0.0.1 gdms.lge.com
127.0.0.1 csmgdl.lgmobile.com0.0.0.0 anchorfree.net
0.0.0.0 rss2search.com
0.0.0.0 techbrowsing.com
0.0.0.0 box.anchorfree.net
0.0.0.0 www.mefeedia.com
0.0.0.0 www.anchorfree.net
0.0.0.0 www.mefeedia.com
0.0.0.0 anchorfree.us
0.0.0.0 a433.com
0.0.0.0 anchorfree.net
0.0.0.0 rpt.anchorfree.net
0.0.0.0 delivery.anchorfree.us/land.php
0.0.0.0 hsselite.com
0.0.0.0 www.hsselite.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1254058753-1630089084-417405892-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Behnam\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 188.159.159.159 - 188.158.158.158
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AESTFilters => 2
MSCONFIG\Services: Autodesk Content Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: jswpbapi => 2
MSCONFIG\Services: jswpsapi => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: wscsvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk => C:\Windows\pss\TMMonitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Behnam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: jswtrayutil => "C:\Program Files (x86)\Jumpstart\jswtrayutil.exe"
MSCONFIG\startupreg: Lantern => "C:\Users\Behnam\AppData\Roaming\Lantern\lantern.exe" -clear-proxy-settings
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: ooVoo.exe => C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{3D744922-0E59-4796-9D28-AE6D2AECBEB0}] => (Allow) LPort=443
FirewallRules: [{DA1FD26A-5A61-4BE6-AC3A-11C98ACFBE1C}] => (Allow) LPort=443
FirewallRules: [{3F41FA6F-F1CF-4159-81B0-CF3519300A71}] => (Allow) LPort=37674
FirewallRules: [{A215A239-6BE4-420A-8800-2AD488D02457}] => (Allow) LPort=37674
FirewallRules: [{F94E8874-4EF9-46AB-86AE-16D119B891C0}] => (Allow) LPort=37675
FirewallRules: [{36F04F5C-FE97-4DB6-8E2E-DE422B1F01B3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{E078A1BD-DFFF-4D94-8892-1213AAF35CFB}C:\users\behnam\appdata\local\temp\bduninstall\x32\pcsftool.exe] => (Block) C:\users\behnam\appdata\local\temp\bduninstall\x32\pcsftool.exe
FirewallRules: [UDP Query User{E923A90F-2520-4929-8A6E-5390695D12D0}C:\users\behnam\appdata\local\temp\bduninstall\x32\pcsftool.exe] => (Block) C:\users\behnam\appdata\local\temp\bduninstall\x32\pcsftool.exe
FirewallRules: [TCP Query User{42545134-C5F6-4DAE-A8D4-970B5F90FDB3}C:\users\behnam\appdata\local\temp\bduninstall\x64\pcsftool.exe] => (Block) C:\users\behnam\appdata\local\temp\bduninstall\x64\pcsftool.exe
FirewallRules: [UDP Query User{476996FE-5D53-4928-B1D9-DD13F0CC472A}C:\users\behnam\appdata\local\temp\bduninstall\x64\pcsftool.exe] => (Block) C:\users\behnam\appdata\local\temp\bduninstall\x64\pcsftool.exe
FirewallRules: [{3F8872C9-E311-423A-98B3-AE4C667512F0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8D858B73-3379-496E-8019-C7ED10DDD6D0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1C7AB670-D8D8-42FA-8942-0080064F67BC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4E8E064B-1BD0-4803-B139-2EB506053390}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{94DA11D6-E5EC-4A19-95F8-33CFFF05B03F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
 
==================== Restore Points =========================
 
14-03-2017 18:16:38 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Anchorfree HSS VPN Adapter
Description: Anchorfree HSS VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Anchorfree HSS VPN Adapter
Service: taphss6
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/14/2017 11:01:29 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (03/14/2017 06:12:01 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (03/14/2017 02:21:05 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\lg electronics\lg pc suite\LGPCSuite.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (03/14/2017 02:19:36 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Autodesk\AutoCAD 2012 - English\FaroImporter.exe".
Dependent Assembly FARO.LS,processorArchitecture="x86",publicKeyToken="1d23f5635ba800ab",type="win32",version="1.1.406.58" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/13/2017 10:29:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 11.3.2017.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 244
 
Start Time: 01d29c2bf95f8812
 
Termination Time: 0
 
Application Path: C:\Users\Behnam\Downloads\Programs\FRST64.exe
 
Report Id: 3fc88742-081f-11e7-9a66-cc52af158147
 
Error: (03/13/2017 10:29:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 11.3.2017.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: b78
 
Start Time: 01d29c2bda7789d0
 
Termination Time: 6
 
Application Path: C:\Users\Behnam\Downloads\Programs\FRST64.exe
 
Report Id: 2e8bca86-081f-11e7-9a66-cc52af158147
 
Error: (03/13/2017 10:25:26 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (03/13/2017 08:12:19 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (03/13/2017 01:00:10 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\lg electronics\lg pc suite\LGPCSuite.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (03/13/2017 12:59:36 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Autodesk\AutoCAD 2012 - English\FaroImporter.exe".
Dependent Assembly FARO.LS,processorArchitecture="x86",publicKeyToken="1d23f5635ba800ab",type="win32",version="1.1.406.58" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (03/14/2017 11:01:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The libwasys service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Error: (03/14/2017 11:01:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Sentinel service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (03/14/2017 11:01:32 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\SENTINEL.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (03/14/2017 11:01:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The libwamf service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Error: (03/14/2017 06:16:39 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (03/14/2017 06:16:38 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (03/14/2017 06:14:04 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {82D845BA-38FF-4548-B00E-E88B12C11BFA} did not register with DCOM within the required timeout.
 
Error: (03/14/2017 06:12:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The libwasys service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Error: (03/14/2017 06:12:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Sentinel service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (03/14/2017 06:12:03 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\SENTINEL.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
 
CodeIntegrity:
===================================
  Date: 2017-03-14 23:01:36.992
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\libwasys.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-14 23:01:36.883
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\libwasys.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-14 23:01:26.226
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\libwamf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-14 23:01:26.116
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\libwamf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-14 18:12:06.048
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\libwasys.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-14 18:12:05.918
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\libwasys.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-14 18:12:00.979
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\libwamf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-14 18:12:00.854
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\libwamf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-13 22:25:34.295
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\libwasys.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-13 22:25:34.186
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\libwasys.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 480 @ 2.67GHz
Percentage of memory in use: 40%
Total physical RAM: 3951.43 MB
Available physical RAM: 2334.72 MB
Total Virtual: 7901.05 MB
Available Virtual: 5793.43 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:97.66 GB) (Free:50.05 GB) NTFS
Drive d: () (Fixed) (Total:117.18 GB) (Free:46.69 GB) NTFS
Drive e: (Proffesional) (Fixed) (Total:117.18 GB) (Free:43.99 GB) NTFS
Drive f: () (Fixed) (Total:129.35 GB) (Free:23.73 GB) NTFS
Drive j: (09144147282-2) (Fixed) (Total:1862.98 GB) (Free:1605.6 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D2C16FE5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 16F2A91F)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,720 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:42 PM

Posted 14 March 2017 - 03:18 PM

Thank you.

Let's continue to clean your computer but in light of the Necurs infection I must advise you of the following.

===================================================

BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Please let me know if you have already noticed evidences of financial institution irregularities. Those accounts should be monitored from this point forward.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 

Here are some thoughts I have put together for people who ask what they should do in light of the infection. Ultimately each user must decide for themselves what to do and the below are things you might want to consider.

It is necessary for us to at least make you aware of the worse case scenario. This is because of the potential Backdoor Trojans bring with them, but it is not a determination on our part that your situation currently falls within this worse case scenario.

Ultimately it is a personal decision whether to reformat or not. What decision should you make to let you sleep well at night? It is different for different people. I will say whether rightly or wrongly most people decide to clean and not reformat, at least initially.

The only insight I can offer is how I evaluate the issue personally even though I have never had a Backdoor Trojan on my computer. One of the primary purposes for malicious software is to somehow separate you from your money. It seems reasonable to assume that a thief trying to take your money via a Backdoor Trojan will hit you hard, and quickly. Once your computer starts to act up and you become suspicious you have the opportunity to eliminate access to your computer and change the information taken, namely account and password information. The key to this, in my opinion, is whether or not you have noticed any irregularities in your banking or other financial institutions, or things like email and social network accounts (i.e. Facebook). If you have not seen any evidence of that then you may question whether your information has truly been stolen. If it seems it hasn't, and your critical information has been changed, it is reasonable to be more confident you are safe but you must stop short of claiming an absolute guarantee.

If, after careful consideration you decide not to reformat your computer it would be wise to continue monitoring your sensitive data and don't wait to address future symptoms on your computer which seem to be malware related.

The bottom line, the only way to be absolutely sure to be rid of a Backdoor Trojan is to reformat. The decision is yours.

Oh My!


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CHR Extension: (PadGet Add-on  افزونه پادگت) - C:\Users\Behnam\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajeggoodcichjamjakpcpcpojbolmjp [2015-04-19] [UpdateUrl: hxxp://pad.um.ac.ir/padget/updatechrome.php] <==== ATTENTION
S1 gvzkauso; \??\C:\Windows\system32\drivers\gvzkauso.sys [X]
testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 ges1382

ges1382
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 15 March 2017 - 12:07 PM

Hey Gary, thanks for all the information. I am shocked. fortunately I haven't used this laptop for my financial works so I am not that worried. But I will reinstall windows in a month or two. But right now I want to keep my OS for a while.

 

Here is the result of fixlist :

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Behnam (15-03-2017 20:30:16) Run:1
Running from C:\Users\Behnam\Downloads\Programs
Loaded Profiles: Behnam (Available Profiles: Behnam)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CHR Extension: (PadGet Add-on  افزونه پادگت) - C:\Users\Behnam\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajeggoodcichjamjakpcpcpojbolmjp [2015-04-19] [UpdateUrl: hxxp://pad.um.ac.ir/padget/updatechrome.php] <==== ATTENTION
S1 gvzkauso; \??\C:\Windows\system32\drivers\gvzkauso.sys [X]
testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION
emptytemp:
*****************
 
Restore point was successfully created.
C:\Users\Behnam\AppData\Local\Google\Chrome\User Data\Default\Extensions\fajeggoodcichjamjakpcpcpojbolmjp <==== ATTENTION => not found
HKLM\System\CurrentControlSet\Services\gvzkauso => key removed successfully
gvzkauso => service removed successfully
 
=========================  bcdedit ========================
 
 
The operation completed successfully.
 
========= End of bcdedit =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9371029 B
Java, Flash, Steam htmlcache => 523 B
Windows/system/drivers => 1613206 B
Edge => 0 B
Chrome => 233987421 B
Firefox => 95344365 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 169474 B
systemprofile32 => 1202660 B
LocalService => 66228 B
NetworkService => 68722 B
Behnam => 262575811 B
 
RecycleBin => 20600985 B
EmptyTemp: => 596 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 20:30:55 ====


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,720 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:42 PM

Posted 15 March 2017 - 12:23 PM

It is always good to have a fresh Operating System but it does not appear you are in immediate danger right now.

Please do these things for me.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 ges1382

ges1382
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 16 March 2017 - 05:11 PM

Hi Gary, thanks for your help, Here are the results :

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=74aa46fabc42c54290530b13f54f328d
# end=init
# utc_time=2017-03-15 08:13:42
# local_time=2017-03-15 11:43:42 (+0330, Iran Standard Time)
# country="Iran"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=41221
Update Finalize
Updated modules version: 0
Old modules - leave modules
Update Init
Update Download
Update Finalize
Updated modules version: 32727
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 32727
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=74aa46fabc42c54290530b13f54f328d
# end=updated
# utc_time=2017-03-15 09:12:25
# local_time=2017-03-16 12:42:25 (+0330, Iran Standard Time)
# country="Iran"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=74aa46fabc42c54290530b13f54f328d
# engine=32727
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2017-03-16 01:22:56
# local_time=2017-03-16 04:52:56 (+0330, Iran Standard Time)
# country="Iran"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Antivirus'
# compatibility_mode=1815 16777213 100 96 31193 2464026 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 198483935 241258416 0 0
# scanned=278327
# found=21
# cleaned=17
# scan_time=15030
sh=BA9F939877D9B4362D239489A5372D612BA81BC7 ft=0 fh=0000000000000000 vn="Win32/ThinkTankLabs.A potentially unwanted application" ac=I fn="C:\Documents and Settings\Behnam\Application Data\Mozilla\Firefox\Profiles\n9w49z1i.default\extensions\{285ACFBB-8E53-4feb-90E6-F02A128927F3}.xpi"
sh=F74297AF394A9E5B204DFD4832292A3FFDA66221 ft=1 fh=d3d4829ea70732ae vn="a variant of Win32/HackTool.Patcher.CQ potentially unsafe application" ac=I fn="C:\Users\Behnam\AnyDVD & AnyDVD HD 7.5.7.0 Final\Crack\Patch.exe"
sh=BA9F939877D9B4362D239489A5372D612BA81BC7 ft=0 fh=0000000000000000 vn="Win32/ThinkTankLabs.A potentially unwanted application" ac=I fn="C:\Users\Behnam\AppData\Roaming\Mozilla\Firefox\Profiles\n9w49z1i.default\extensions\{285ACFBB-8E53-4feb-90E6-F02A128927F3}.xpi"
sh=BA9F939877D9B4362D239489A5372D612BA81BC7 ft=0 fh=0000000000000000 vn="Win32/ThinkTankLabs.A potentially unwanted application" ac=I fn="C:\Users\Behnam\Application Data\Mozilla\Firefox\Profiles\n9w49z1i.default\extensions\{285ACFBB-8E53-4feb-90E6-F02A128927F3}.xpi"
sh=F73DC778A3D2B5D6C2A7284F295BFD73AB5ECDA8 ft=0 fh=0000000000000000 vn="BAT/HostsChanger.A potentially unsafe application" ac=I fn="C:\Users\Behnam\Downloads\Compressed\Hotspot Shield 6.20.18 Elite Edition.rar"
sh=E29139BFC3ACA0D22BBEEF0AB86034CD9487D50B ft=1 fh=8433fb67efcd840a vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Behnam\Downloads\Programs\ccsetup527.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Hidcon.B potentially unsafe application" ac=I fn="F:\Software\Microsoft Office 2010 SP1 Integrated x86 x64 Disk 1\office_2010_SP1_vol1_vl_en_Softgozar.com.iso"
sh=F38AD18A979DE43BEED089A957122B0CDD8B6EA7 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.BH potentially unsafe application" ac=I fn="F:\Software\PDF\Adobe.Acrobat.Pro.v10.1.0.iso"
sh=30B843D04116D79B8CA789AA5774B025805348CF ft=1 fh=f8c0307fdde4b037 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="F:\Software\PDF\Foxit Reader 5.1.4 Build 0104\FoxitReader514.0104_Softgozar.com.exe"
sh=D4A494C4BBA6F468C3B7D19AD53191C3C74B656F ft=1 fh=a9ea960b5c96648a vn="Win32/OpenCandy potentially unsafe application" ac=I fn="F:\Software\utility\Advanced Uninstaller PRO 10.5.7\Advanced_Uninstaller10_Softgozar.com.exe"
sh=8552AA5FEBC1634506E6B48C7672A694BAF3C9E2 ft=1 fh=0ae5c726b17a5584 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="F:\Software\utility\Smart Defrag 2.5\Setup.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/HackKMS.M potentially unsafe application" ac=I fn="F:\Software\Win7\Win7_Ult_x64_Feb2012_Softgozar.com\Windows 7 Ultimate SP1 Integrated February 2012 x64\Win7x64.iso"
sh=A01AF1FA8A77D44368FFFC5BA5C46B44BEE462FF ft=0 fh=0000000000000000 vn="Win32/Freegate.A potentially unsafe application" ac=I fn="J:\$RECYCLE.BIN\S-1-5-21-596027758-1839254787-1378646774-1000\$RFI7BRB.zip"
sh=F74297AF394A9E5B204DFD4832292A3FFDA66221 ft=1 fh=d3d4829ea70732ae vn="a variant of Win32/HackTool.Patcher.CQ potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Documents and Settings\Behnam\AnyDVD & AnyDVD HD 7.5.7.0 Final\Crack\Patch.exe"
sh=BA9F939877D9B4362D239489A5372D612BA81BC7 ft=0 fh=0000000000000000 vn="Win32/ThinkTankLabs.A potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Documents and Settings\Behnam\AppData\Roaming\Mozilla\Firefox\Profiles\n9w49z1i.default\extensions\{285ACFBB-8E53-4feb-90E6-F02A128927F3}.xpi"
sh=F73DC778A3D2B5D6C2A7284F295BFD73AB5ECDA8 ft=0 fh=0000000000000000 vn="BAT/HostsChanger.A potentially unsafe application (deleted)" ac=C fn="C:\Documents and Settings\Behnam\Downloads\Compressed\Hotspot Shield 6.20.18 Elite Edition.rar"
sh=E29139BFC3ACA0D22BBEEF0AB86034CD9487D50B ft=1 fh=8433fb67efcd840a vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Documents and Settings\Behnam\Downloads\Programs\ccsetup527.exe"
sh=FDE8655BC594AE961838F4AD518EDDDD5113480E ft=1 fh=b62807dba0e4bcee vn="a variant of Win32/HackTool.Patcher.A potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\GEO-SLOPE\GeoStudio2007\Bin\geo.2007.v7.10-medicina_Vista.exe"
sh=48B456956DF78D0D5FF72835BF70F31BB6E8999A ft=1 fh=576ebac0cf3eb026 vn="Win32/PSWTool.PdfCracker.C potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\PDF Password Remover v3.1\winDecrypt.exe"
sh=BB501A8D99D73473D513913837FB5BAC2DD07526 ft=1 fh=9d48a92bb5abb13c vn="a variant of Win32/HackTool.Crack.EC potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\SlySoft\AnyDVD\BRD.dll"
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=74aa46fabc42c54290530b13f54f328d
# end=init
# utc_time=2017-03-16 01:27:20
# local_time=2017-03-16 04:57:20 (+0330, Iran Standard Time)
# country="Iran"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=74aa46fabc42c54290530b13f54f328d
# end=init
# utc_time=2017-03-16 01:30:44
# local_time=2017-03-16 05:00:44 (+0330, Iran Standard Time)
# country="Iran"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
 
 
-----------------------------------------------

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Avira Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome (56.0.2924.87) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Avira Antivirus sched.exe  
 Avira Antivirus avshadow.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
--------------------------------------------------------------------------------------
 
I don't see any considerable problem or lag on my laptop right now, it works smoothly. :)


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,720 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:42 PM

Posted 16 March 2017 - 07:29 PM

Very good, I think we are all set.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,720 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:42 PM

Posted 17 March 2017 - 01:01 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users