Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Some Malware & Spyware Programs Detection [Closed]


  • This topic is locked This topic is locked

#1
Namvar

Namvar

    New Member

  • Member
  • Pip
  • 1 posts
I Tried to install some programs (i think malwared & spyware). so i deleted so of thats. but i think somne o thats stay in my pc.
some of thats is : gdx32.dll ,

OTL logfile created on: 01/11/2014 12:12:09 ق.ظ - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mahdi\Downloads\Programs
 Ultimate Edition Service Pack 1 (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000429 | Country: ایران | Language: FAR | Date Format: MM/dd/yyyy
 
3.00 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 50.97% Memory free
6.00 Gb Paging File | 4.15 Gb Available in Paging File | 69.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.66 Gb Total Space | 33.24 Gb Free Space | 34.04% Space Free | Partition Type: NTFS
Computer Name: MAHDI-PC | User Name: Mahdi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2014/01/11 00:08:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mahdi\Downloads\Programs\OTL.exe
PRC - [2013/12/13 06:54:09 | 009,890,608 | ---- | M] () -- C:\Program Files\Garena Plus\GarenaMessenger.exe
PRC - [2013/12/04 06:18:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/11/07 01:08:52 | 003,821,136 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2013/07/10 15:24:32 | 000,049,456 | ---- | M] () -- C:\Program Files\Garena Plus\ggdllhost.exe
PRC - [2013/04/01 11:12:55 | 001,535,488 | ---- | M] (Psoft) -- C:\Program Files\Psoft\SunCalendar\SunCalendar.exe
PRC - [2013/02/16 23:25:23 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013/02/16 22:55:18 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2012/12/12 17:14:48 | 000,268,248 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2012/05/25 04:25:02 | 000,079,192 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger3.5\Ymsgr_tray.exe
PRC - [2010/11/21 00:59:07 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009/03/13 13:13:13 | 001,832,448 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files\DU Meter\DUMeter.exe
PRC - [2009/03/13 13:13:13 | 001,062,912 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files\DU Meter\DUMeterSvc.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2014/01/07 11:00:07 | 000,027,952 | ---- | M] () -- C:\Program Files\Garena Plus\VersionModule.dll
MOD - [2013/12/13 06:54:37 | 000,896,304 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\ggplugin.dll
MOD - [2013/12/13 06:54:09 | 009,890,608 | ---- | M] () -- C:\Program Files\Garena Plus\GarenaMessenger.exe
MOD - [2013/12/04 06:18:04 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/04 06:18:03 | 013,586,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013/12/04 06:18:02 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/04 06:17:11 | 000,702,416 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/04 06:17:11 | 000,099,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/04 06:17:08 | 001,619,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/11/01 22:53:03 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\7950655216951a291ff375b54d5e33fd\System.Xml.Linq.ni.dll
MOD - [2013/11/01 22:52:33 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\fedb1433422296012c8ce48902458bf1\UIAutomationTypes.ni.dll
MOD - [2013/11/01 22:52:32 | 001,627,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\7f49f0a938550267d449ed474ee4cf39\PresentationUI.ni.dll
MOD - [2013/11/01 11:18:46 | 018,524,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\97e6b67983d07a066b68b3ae8be2f53d\PresentationFramework.ni.dll
MOD - [2013/11/01 11:18:30 | 010,914,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b52bc540630c3aa5de542c382af35c20\PresentationCore.ni.dll
MOD - [2013/11/01 11:18:24 | 000,462,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\e7d92730b571b31e62c2cf257f04a974\PresentationFramework.Aero.ni.dll
MOD - [2013/11/01 11:18:20 | 003,905,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\cd235caf797fb017f140016be88f33b7\WindowsBase.ni.dll
MOD - [2013/11/01 11:18:05 | 001,870,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cc4d9093563dadee370788bbc3ecf4fb\System.Xaml.ni.dll
MOD - [2013/11/01 11:18:04 | 012,692,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\22ae167d586450ad3a9b9a9ee43ebc86\System.Windows.Forms.ni.dll
MOD - [2013/11/01 11:17:55 | 001,630,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\72269ea7cc6281139e4d155e7c57dc67\System.Drawing.ni.dll
MOD - [2013/11/01 11:17:51 | 007,559,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9ba07396ae369d010c5c3927a82ef426\System.Xml.ni.dll
MOD - [2013/11/01 11:17:51 | 001,920,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\536f3c2e6e4137a628f2f64e0dfd407e\Microsoft.VisualBasic.ni.dll
MOD - [2013/11/01 11:17:50 | 006,995,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b9f7adbc90a2bcbe8eb9e6e8d2bb975b\System.Core.ni.dll
MOD - [2013/11/01 11:17:45 | 000,958,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\28586400bcaf94c13a9fd0dff4a1e090\System.Configuration.ni.dll
MOD - [2013/11/01 11:17:43 | 009,925,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e40da7a49f8c3f0108e7c835b342f382\System.ni.dll
MOD - [2013/11/01 11:17:36 | 016,501,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\51e2934144ba15628ba5a31be2dae7dc\mscorlib.ni.dll
MOD - [2013/09/20 14:42:15 | 000,956,208 | ---- | M] () -- C:\Program Files\Garena Plus\lib\delay_load\GaFileTransfer.dll
MOD - [2013/08/23 12:40:18 | 000,553,776 | ---- | M] () -- C:\Program Files\Garena Plus\ggspawn.dll
MOD - [2013/07/26 09:48:31 | 000,957,232 | ---- | M] () -- C:\Program Files\Garena Plus\lib\XLL.dll
MOD - [2013/07/15 17:59:36 | 001,545,520 | ---- | M] () -- C:\Program Files\Garena Plus\lib\delay_load\FileSender.dll
MOD - [2013/07/10 15:24:32 | 000,049,456 | ---- | M] () -- C:\Program Files\Garena Plus\ggdllhost.exe
MOD - [2013/05/09 08:08:46 | 000,516,912 | ---- | M] () -- C:\Program Files\Garena Plus\lib\delay_load\RSALib.dll
MOD - [2013/05/09 08:08:46 | 000,245,040 | ---- | M] () -- C:\Program Files\Garena Plus\lib\delay_load\MediaEngine.dll
MOD - [2013/05/09 08:08:46 | 000,170,800 | ---- | M] () -- C:\Program Files\Garena Plus\lib\fs\YYFileSystem.dll
MOD - [2013/05/09 08:08:46 | 000,068,400 | ---- | M] () -- C:\Program Files\Garena Plus\lib\delay_load\UdtLib.dll
MOD - [2013/05/09 08:08:42 | 000,065,840 | ---- | M] () -- C:\Program Files\Garena Plus\lib\delay_load\AudioMixerLib.dll
MOD - [2013/05/09 08:08:42 | 000,055,088 | ---- | M] () -- C:\Program Files\Garena Plus\lib\XmlUIModule.dll
MOD - [2013/05/09 08:08:42 | 000,016,688 | ---- | M] () -- C:\Program Files\Garena Plus\lib\delay_load\ClientTcp.dll
MOD - [2013/05/09 08:08:40 | 000,106,288 | ---- | M] () -- C:\Program Files\Garena Plus\lib\UILayout.dll
MOD - [2013/05/09 08:08:38 | 000,374,064 | ---- | M] () -- C:\Program Files\Garena Plus\lib\Http.dll
MOD - [2013/05/09 08:08:38 | 000,224,560 | ---- | M] () -- C:\Program Files\Garena Plus\Plugins\StatsPlugin.dll
MOD - [2013/05/09 08:08:38 | 000,219,952 | ---- | M] () -- C:\Program Files\Garena Plus\lib\TaskManagerLib.dll
MOD - [2013/05/09 08:08:38 | 000,184,624 | ---- | M] () -- C:\Program Files\Garena Plus\lib\MP3Module.dll
MOD - [2013/05/09 08:08:32 | 000,026,416 | ---- | M] () -- C:\Program Files\Garena Plus\ServerMemAlloc.dll
MOD - [2013/05/09 08:08:30 | 000,155,440 | ---- | M] () -- C:\Program Files\Garena Plus\libmpg123.dll
MOD - [2013/05/09 08:08:30 | 000,087,344 | ---- | M] () -- C:\Program Files\Garena Plus\PluginKernel.dll
MOD - [2013/05/09 08:08:30 | 000,025,392 | ---- | M] () -- C:\Program Files\Garena Plus\PluginModule.dll
MOD - [2013/05/09 08:08:28 | 000,192,816 | ---- | M] () -- C:\Program Files\Garena Plus\ImageModule.dll
MOD - [2013/05/09 08:08:24 | 002,941,232 | ---- | M] () -- C:\Program Files\Garena Plus\ggdownloader.dll
MOD - [2013/05/09 08:08:22 | 000,051,504 | ---- | M] () -- C:\Program Files\Garena Plus\FileLoader.dll
MOD - [2013/05/09 08:08:20 | 000,487,216 | ---- | M] () -- C:\Program Files\Garena Plus\CxImage.dll
MOD - [2013/05/09 08:08:20 | 000,104,752 | ---- | M] () -- C:\Program Files\Garena Plus\CommonLib.dll
MOD - [2013/05/09 08:08:20 | 000,033,584 | ---- | M] () -- C:\Program Files\Garena Plus\DibModule.dll
MOD - [2013/03/01 11:38:06 | 000,166,808 | ---- | M] () -- C:\Program Files\DU Meter\ssleay32.dll
MOD - [2013/03/01 11:38:04 | 000,846,744 | ---- | M] () -- C:\Program Files\DU Meter\libeay32.dll
MOD - [2013/02/01 09:12:28 | 000,153,088 | ---- | M] () -- C:\Program Files\Garena Plus\libzmq.dll
MOD - [2012/06/18 18:54:30 | 000,260,096 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_05.dll
MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger3.5\yui.dll
MOD - [2012/02/22 12:22:18 | 000,162,304 | ---- | M] () -- C:\Program Files\Garena Plus\lame_enc.dll
MOD - [2012/02/22 12:22:16 | 000,573,100 | ---- | M] () -- C:\Program Files\Garena Plus\sqlite3.dll
MOD - [2010/08/05 10:35:48 | 000,049,152 | ---- | M] () -- C:\Windows\System32\GDX32.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - File not found [Auto | Stopped] -- c:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2014/01/07 18:59:31 | 000,425,792 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Iminent\WinkHandler.exe -- (WinkHandler)
SRV - [2014/01/07 18:56:29 | 002,916,672 | R--- | M] (Iminent) [Disabled | Stopped] -- C:\Program Files\Common Files\Umbrella\Umbrella.exe -- (SProtection)
SRV - [2013/12/09 12:08:00 | 000,096,184 | ---- | M] (Overwolf) [Disabled | Stopped] -- C:\Program Files\Overwolf\OverwolfUpdater.exe -- (OverwolfUpdaterService)
SRV - [2013/11/24 01:30:12 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/23 10:14:38 | 000,103,112 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2013/10/07 11:19:26 | 000,565,248 | -HS- | M] () [Disabled | Stopped] -- C:\Program Files\KMSpico\Service_KMS.exe -- (Service KMSELDI)
SRV - [2013/09/05 17:34:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/06/23 15:44:14 | 010,923,520 | ---- | M] () [Disabled | Stopped] -- c:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe -- (wampmysqld)
SRV - [2013/06/23 15:43:12 | 000,022,016 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- c:\wamp\bin\apache\Apache2.4.4\bin\httpd.exe -- (wampapache)
SRV - [2013/03/25 10:33:44 | 000,098,304 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\ProKAward\rsasws.exe -- (SKLProService)
SRV - [2013/02/16 22:49:57 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/11/01 02:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012/11/01 02:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2012/11/01 01:57:50 | 013,234,176 | ---- | M] () [Disabled | Stopped] -- E:\Temp\vMware\Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2012/11/01 00:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- E:\Temp\vMware\Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2012/10/11 17:15:28 | 000,721,048 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2012/07/25 19:04:02 | 000,094,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2012/07/25 18:20:50 | 000,133,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2009/07/14 04:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 04:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 04:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/13 13:13:13 | 001,062,912 | ---- | M] (Hagel Technologies Ltd.) [Auto | Running] -- C:\Program Files\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - [2013/10/27 00:05:22 | 000,108,000 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2013/03/01 11:38:02 | 000,019,944 | ---- | M] (Hagel Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DU Meter\DUMetr32.sys -- (DUMeterDrv)
DRV - [2013/02/16 23:01:47 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2013/02/16 23:01:47 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2013/02/16 23:01:47 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2013/02/16 23:01:47 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/11/01 02:35:14 | 000,025,752 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2012/11/01 02:34:52 | 000,061,848 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2012/11/01 02:34:08 | 000,037,016 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2012/11/01 02:34:08 | 000,016,664 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2012/10/24 14:16:58 | 000,061,464 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsock.sys -- (vsock)
DRV - [2012/10/24 14:16:50 | 000,071,152 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2012/10/11 17:15:36 | 000,041,496 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2012/10/11 17:15:06 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2012/07/13 16:13:16 | 000,055,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\Temp\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\VSPerfDrv110.sys -- (VSPerfDrv110)
DRV - [2011/07/12 09:36:28 | 000,022,768 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vstor2-mntapi10-shared.sys -- (vstor2-mntapi10-shared)
DRV - [2010/11/21 00:59:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/21 00:59:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/21 00:59:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/21 00:59:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/21 00:59:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/21 00:59:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/21 00:59:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/21 00:59:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/21 00:59:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 03:15:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/14 01:39:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/07/24 01:59:16 | 000,047,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vserial.sys -- (vserial)
DRV - [2008/07/24 01:59:16 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vsb.sys -- (vsbus)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fa-IR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 AC 4D 2B 7F 0D CF 01  [binary data]
IE - HKCU\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: mozilla_cc%40internetdownloadmanager.com:7.3.63
FF - prefs.js..extensions.enabledAddons: %7Bdfd5512a-7995-4d84-8c50-9505292f1a22%7D:1.150
FF - prefs.js..extensions.enabledAddons: addon%40defaulttab.com:2.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/12/24 11:50:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/11/24 01:29:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Mahdi\AppData\Roaming\IDM\idmmzcc5 [2013/11/04 00:01:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Mahdi\AppData\Roaming\IDM\idmmzcc5 [2013/11/04 00:01:04 | 000,000,000 | ---D | M]
 
[2013/11/07 01:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mahdi\AppData\Roaming\Mozilla\Extensions
[2014/01/10 23:32:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mahdi\AppData\Roaming\Mozilla\Firefox\Profiles\o420sxk3.default\extensions
[2014/01/06 11:56:14 | 000,186,808 | ---- | M] () (No name found) -- C:\Users\Mahdi\AppData\Roaming\Mozilla\Firefox\Profiles\o420sxk3.default\extensions\[email protected]
[2013/11/24 01:29:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/24 01:30:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAM FILES\RE-MARKIT\150.XPI
[2013/11/04 00:01:04 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\MAHDI\APPDATA\ROAMING\IDM\IDMMZCC5
File not found (No name found) -- C:\USERS\MAHDI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O420SXK3.DEFAULT\EXTENSIONS\[email protected]C10F4A0FF.COM
File not found (No name found) -- C:\USERS\MAHDI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O420SXK3.DEFAULT\EXTENSIONS\[email protected]
[2013/07/10 19:31:32 | 000,034,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - Extension: Google Translate = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.5_0\
CHR - Extension: Sudoku = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdhembpgcpfegeigidembjopfhghnpj\1.0.1.0_0\
CHR - Extension: Unfriend Notify for Facebook = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahigpjeolkfgjdaeodlmaceggigbpeoh\1.2_0\
CHR - Extension: Google Docs = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: IM+ = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfdplllgoohfmnpnbplklnkegbffnheo\1.0_0\
CHR - Extension: YouTube = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Search by Image (by Google) = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.5.1_0\
CHR - Extension: Daum Equation Editor = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dinfmiceliiomokeofbocegmacmagjhe\2.0.1_0\
CHR - Extension: Google Calendar = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: ZenMate for Google Chrome\u00E2\u201E\u00A2 = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme\3.2_0\
CHR - Extension: SiteAdvisor = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.4.1081_0\
CHR - Extension: Video Downloader Guide = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmfdfenboboahmgcmgjoamnbiimkilg\2.3.9_0\
CHR - Extension: Datalife Engine Farsi = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpjjeohchlhmhdlkohkjopdhdebkhgf\1.0.3_0\
CHR - Extension: PhotoLive - Download Facebook Photos! = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpjnpabklnaaifclgealaepelncljadk\3.0.1_0\
CHR - Extension: Stopwatch = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggnidjbcahhbnleinchgobfnabopeioh\3.8_0\
CHR - Extension: MagicScroll eBook Reader = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble\3.0_0\
CHR - Extension: IP Address = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjndloejlcbpkholmagjbddfkjmmploh\1.10_0\
CHR - Extension: Hola Better Internet = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.2.290_0\
CHR - Extension: Hola Better Internet = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.2.361_0\
CHR - Extension: Pathuku = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkiilmogcdkeefnbemdagpmcediekadb\1.24.0.0_0\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: Stealthy = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje\3.0.1_0\
CHR - Extension: Profile Visitors for Facebook = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihjbpjahiibmjdlcgodcnmpelpmilamk\1.3_0\
CHR - Extension: IM+ Bar = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihncanolnhggkhpbklpmhidohpgaepae\2.2_0\
CHR - Extension: Flip-O-Matic - Flip any text upside down = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcoioagebalnbpmmkkmeoijhfepfkied\1.1_0\
CHR - Extension: IDM Integration Module = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn\6.18.3_0\
CHR - Extension: IP Address = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnjjlbngpejmmhgcaagljaomgnginml\7.1_0\
CHR - Extension: FVD Downloader = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.5_0\
CHR - Extension: FVD Downloader = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.5_0\modules\clickberry\_
CHR - Extension: Quick Note = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.6.3_0\
CHR - Extension: Google I/O: input/output = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmphclbekipaojhpbkbofoioffecilh\1.3.3.7_0\
CHR - Extension: Google Wallet = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: nakshArt = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nokjljgckfgpljgkcfpafigncddfhooj\0.5_0\
CHR - Extension: Hover Zoom = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.29_0\
CHR - Extension: Photo download for Facebook = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaeofonahpollpigknepbpnabhgbpcjc\1.0.9_0\
CHR - Extension: imo messenger = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocaebkdojpikfmhmnekiflipcicedobi\1.4.1_0\
CHR - Extension: Yahoo Registeration For Dear Iranians = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocoeekfdhlelbkjehfoledjhanggehke\1.0.0_0\
CHR - Extension: Gmail = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Writer = C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnengefjfhgcceajaepbjhanoojifmog\1.0.0.0_0\
 
O1 HOSTS File: ([2013/12/05 20:29:31 | 000,001,509 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       adobeereg.com
O1 - Hosts: 127.0.0.1       www.adobeereg.com
O1 - Hosts: 127.0.0.1       activate.adobe.com
O1 - Hosts: 127.0.0.1       activate-sea.adobe.com
O1 - Hosts: 127.0.0.1       activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1       wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 tonec.com
O1 - Hosts: 127.0.0.1 www.tonec.com
O1 - Hosts: 127.0.0.1 registeridm.com
O1 - Hosts: 127.0.0.1 www.registeridm.com
O1 - Hosts: 127.0.0.1 secure.registeridm.com
O1 - Hosts: 127.0.0.1 internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 www.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 secure.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 mirror.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 mirror2.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 mirror3.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - E:\Temp\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKCU..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe (Hagel Technologies Ltd.)
O4 - HKCU..\Run: [GarenaPlus] C:\Program Files\Garena Plus\GarenaMessenger.exe ()
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger3.5\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with &LoadScout... - C:\Program Files\SoftLogica\LoadScout 3.0\LoadScout.exe ()
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1.5\YPager.exe File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1.5\YPager.exe File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73B8669E-2DC4-4633-834B-B3C6EB2E9507}: NameServer = 192.168.1.1,8.8.8.8
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 01:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2014/01/11 00:08:00 | 000,000,000 | ---D | C] -- C:\Users\Mahdi\AppData\Roaming\DMCache
[2014/01/10 23:26:25 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014/01/10 23:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\RAR Password Unlocker
[2014/01/10 22:50:33 | 000,000,000 | ---D | C] -- C:\Users\Mahdi\Desktop\New folder
[2014/01/10 22:27:08 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/01/10 22:25:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Umbrella
[2014/01/10 22:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\Iminent
[2014/01/10 22:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\SecretSauce
[2014/01/10 22:20:50 | 000,000,000 | ---D | C] -- C:\Users\Mahdi\AppData\Local\Cool_Mirage
[2014/01/10 22:19:35 | 000,000,000 | ---D | C] -- C:\Users\Mahdi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
[2014/01/10 21:32:46 | 000,000,000 | ---D | C] -- C:\Users\Mahdi\Desktop\sites hack
[2014/01/10 21:20:52 | 000,000,000 | ---D | C] -- C:\Users\Mahdi\.android
[2014/01/10 21:20:48 | 000,000,000 | ---D | C] -- C:\Users\Mahdi\Documents\Mobogenie
[2014/01/10 21:20:48 | 000,000,000 | ---D | C] -- C:\Users\Mahdi\AppData\Local\Mobogenie
[2014/01/10 21:20:42 | 000,000,000 | ---D | C] -- C:\Users\Mahdi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
[2014/01/10 20:51:31 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent Sync
[2014/01/10 20:51:23 | 000,000,000 | ---D | C] -- C:\Users\Mahdi\AppData\Roaming\BitTorrent Sync
[2014/01/10 20:49:43 | 000,000,000 | ---D | C] -- C:\Users\Mahdi\AppData\Roaming\uTorrent
[2014/01/08 11:03:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/01/08 11:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PNUEB Digital Library
[2014/01/08 11:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\PNUEB Digital Library
[2014/01/07 22:02:48 | 000,000,000 | ---D | C] -- C:\Users\Mahdi\Desktop\1
[2014/01/07 14:47:01 | 000,000,000 | ---D | C] -- C:\Users\Mahdi\AppData\Local\Overwolf
[2014/01/05 13:02:50 | 000,000,000 | ---D | C] -- C:\Users\Mahdi\Documents\FinePrint files
[2014/01/05 13:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PaperScan Professional Edition
[2014/01/05 13:01:04 | 000,000,000 | ---D | C] -- C:\Program Files\ORPALIS
[2014/01/05 13:00:46 | 000,000,000 | ---D | C] -- C:\Users\Mahdi\AppData\Local\Downloaded Installations
[2014/01/05 12:51:22 | 000,000,000 | ---D | C] -- C:\Users\Mahdi\AppData\Roaming\Softland
[2014/01/05 12:51:20 | 000,023,376 | ---- | C] (Softland) -- C:\Windows\System32\dopdfmn7.dll
[2014/01/05 12:51:20 | 000,020,816 | ---- | C] (Softland) -- C:\Windows\System32\dopdfmi7.dll
[2014/01/05 12:51:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doPDF 7
[2014/01/05 12:51:18 | 000,000,000 | ---D | C] -- C:\Program Files\Softland
[2014/01/04 16:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/01/04 16:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\Overwolf
[2014/01/04 16:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Overwolf
[2014/01/04 15:20:37 | 000,000,000 | ---D | C] -- C:\Users\Mahdi\AppData\Roaming\ESET
[2014/01/04 15:10:06 | 000,000,000 | ---D | C] -- C:\Users\Mahdi\AppData\Local\SoftGozar
[2014/01/03 21:35:03 | 000,000,000 | ---D | C] -- C:\Users\Mahdi\Desktop\New folder (2)
[2013/12/31 00:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
[2013/12/31 00:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EZB Systems
[2013/12/31 00:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\UltraISO
[2013/12/31 00:38:55 | 000,000,000 | ---D | C] -- C:\Users\Mahdi\Documents\My ISO Files
[2013/12/28 09:57:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalkules
[2013/12/28 09:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\Kalkules
[2013/12/26 16:11:16 | 000,000,000 | ---D | C] -- C:\Users\Mahdi\Desktop\roman
[2013/12/24 10:04:48 | 000,000,000 | ---D | C] -- C:\Users\Mahdi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Friendly Pinger
[2013/12/24 10:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\FPinger
[2013/12/23 11:13:07 | 000,000,000 | ---D | C] -- C:\Users\Mahdi\Documents\My Cheat Tables
[2013/12/23 11:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2013/12/23 11:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/12/23 11:12:03 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2013/12/23 11:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3
[2013/12/23 11:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine 6.3
[2013/12/20 21:16:58 | 000,000,000 | ---D | C] -- C:\Users\Mahdi\AppData\Roaming\StealthBot
[2013/12/20 21:14:40 | 000,000,000 | ---D | C] -- C:\Users\Mahdi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StealthBot 2.7
[2013/12/20 21:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\StealthBot 2.7
[2013/12/18 19:24:13 | 000,000,000 | ---D | C] -- C:\Users\Mahdi\Desktop\music
[2013/12/17 08:58:11 | 030,095,736 | ---- | C] (TeamSpeak Systems GmbH) -- C:\Users\Mahdi\Desktop\TeamSpeak3-Client-win32-3.0.13.1.exe
[2013/12/17 00:24:39 | 000,000,000 | ---D | C] -- C:\Users\Mahdi\Desktop\T Graphic
[2013/12/13 16:23:12 | 000,000,000 | ---D | C] -- C:\Users\Mahdi\Desktop\js
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2014/01/11 00:14:37 | 000,000,600 | ---- | M] () -- C:\Users\Mahdi\AppData\Local\PUTTY.RND
[2014/01/10 23:47:18 | 000,655,172 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/01/10 23:47:18 | 000,122,100 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/01/10 23:45:26 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/10 23:43:42 | 000,005,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/10 23:43:42 | 000,005,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/10 23:43:16 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/10 23:42:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/10 23:42:53 | 2415,566,848 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/10 23:29:55 | 000,000,172 | ---- | M] () -- C:\Windows\System32\FpLicense7.ini
[2014/01/10 23:26:23 | 223,616,301 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/01/10 22:19:35 | 000,000,828 | ---- | M] () -- C:\Users\Mahdi\Desktop\FTDownloader.lnk
[2014/01/10 21:20:58 | 000,000,884 | RHS- | M] () -- C:\Users\Mahdi\ntuser.pol
[2014/01/10 20:51:31 | 000,000,964 | ---- | M] () -- C:\Users\Mahdi\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent Sync.lnk
[2014/01/10 20:51:31 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent Sync.lnk
[2014/01/10 20:51:16 | 000,000,720 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2014/01/10 20:51:16 | 000,000,720 | ---- | M] () -- C:\Users\Mahdi\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/01/10 19:06:28 | 000,000,048 | ---- | M] () -- C:\Windows\System32\windows.ini
[2014/01/08 11:03:36 | 000,002,769 | ---- | M] () -- C:\Users\Public\Desktop\PNUEB.lnk
[2014/01/08 11:01:45 | 010,653,976 | ---- | M] () -- C:\Users\Mahdi\Desktop\1115079-1115167-1111276_260.tpnueb
[2014/01/08 10:14:04 | 000,015,865 | ---- | M] () -- C:\Users\Mahdi\Desktop\PicUp_Kart_Exam.aspx.jpg
[2014/01/07 14:46:21 | 000,001,372 | ---- | M] () -- C:\Users\Mahdi\Desktop\Overwolf.lnk
[2014/01/05 13:13:46 | 000,054,473 | ---- | M] () -- C:\Users\Mahdi\Documents\untitled1.png
[2014/01/05 13:07:23 | 000,118,691 | ---- | M] () -- C:\Users\Mahdi\Documents\reg.pnu.ac.ir_Forms_F0202_PROCESS_REP_FILTER_command.htm.pdf
[2014/01/05 11:40:51 | 000,001,891 | ---- | M] () -- C:\Users\Mahdi\Desktop\Share (SAJJAD-PC) - Shortcut.lnk
[2014/01/04 15:10:17 | 000,002,172 | ---- | M] () -- C:\Windows\unins000.dat
[2014/01/04 15:10:08 | 000,718,497 | ---- | M] () -- C:\Windows\unins000.exe
[2014/01/02 09:30:48 | 000,000,000 | -H-- | M] () -- C:\Users\Mahdi\Documents\Default.rdp
[2013/12/31 00:39:01 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\UltraISO.lnk
[2013/12/31 00:36:31 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2013/12/31 00:36:31 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2013/12/28 09:57:14 | 000,000,993 | ---- | M] () -- C:\Users\Mahdi\Application Data\Microsoft\Internet Explorer\Quick Launch\Kalkules.lnk
[2013/12/28 09:57:14 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\Kalkules.lnk
[2013/12/26 21:40:07 | 000,000,066 | ---- | M] () -- C:\Windows\cshadegrid.ocx
[2013/12/23 11:11:04 | 000,001,047 | ---- | M] () -- C:\Users\Mahdi\Desktop\Cheat Engine.lnk
[2013/12/20 21:14:40 | 000,002,875 | ---- | M] () -- C:\Users\Mahdi\Desktop\StealthBot Launcher.lnk
[2013/12/19 10:10:40 | 001,017,680 | ---- | M] () -- C:\Users\Mahdi\Desktop\psiphon3.exe
[2013/12/18 18:39:02 | 000,410,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/12/17 09:00:34 | 030,095,736 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Users\Mahdi\Desktop\TeamSpeak3-Client-win32-3.0.13.1.exe
[2013/12/17 08:49:48 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2014/01/11 00:14:37 | 000,000,600 | ---- | C] () -- C:\Users\Mahdi\AppData\Local\PUTTY.RND
[2014/01/10 23:26:23 | 223,616,301 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/01/10 23:16:38 | 000,380,928 | ---- | C] () -- C:\Windows\System32\actskin4.ocx
[2014/01/10 22:19:35 | 000,000,828 | ---- | C] () -- C:\Users\Mahdi\Desktop\FTDownloader.lnk
[2014/01/10 21:20:58 | 000,000,884 | RHS- | C] () -- C:\Users\Mahdi\ntuser.pol
[2014/01/10 20:51:31 | 000,000,964 | ---- | C] () -- C:\Users\Mahdi\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent Sync.lnk
[2014/01/10 20:51:31 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent Sync.lnk
[2014/01/10 20:51:16 | 000,000,720 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2014/01/10 20:51:16 | 000,000,720 | ---- | C] () -- C:\Users\Mahdi\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/01/08 11:03:36 | 000,002,769 | ---- | C] () -- C:\Users\Public\Desktop\PNUEB.lnk
[2014/01/08 10:59:33 | 010,653,976 | ---- | C] () -- C:\Users\Mahdi\Desktop\1115079-1115167-1111276_260.tpnueb
[2014/01/08 10:11:23 | 000,015,865 | ---- | C] () -- C:\Users\Mahdi\Desktop\PicUp_Kart_Exam.aspx.jpg
[2014/01/07 14:46:21 | 000,001,372 | ---- | C] () -- C:\Users\Mahdi\Desktop\Overwolf.lnk
[2014/01/05 13:13:46 | 000,054,473 | ---- | C] () -- C:\Users\Mahdi\Documents\untitled1.png
[2014/01/05 13:07:23 | 000,118,691 | ---- | C] () -- C:\Users\Mahdi\Documents\reg.pnu.ac.ir_Forms_F0202_PROCESS_REP_FILTER_command.htm.pdf
[2014/01/05 13:02:43 | 000,000,172 | ---- | C] () -- C:\Windows\System32\FpLicense7.ini
[2014/01/05 12:51:20 | 000,007,549 | ---- | C] () -- C:\Windows\System32\dopdf7.ctm
[2014/01/05 11:40:51 | 000,001,891 | ---- | C] () -- C:\Users\Mahdi\Desktop\Share (SAJJAD-PC) - Shortcut.lnk
[2014/01/04 15:10:09 | 000,718,497 | ---- | C] () -- C:\Windows\unins000.exe
[2014/01/04 15:10:09 | 000,002,172 | ---- | C] () -- C:\Windows\unins000.dat
[2014/01/02 09:30:48 | 000,000,000 | -H-- | C] () -- C:\Users\Mahdi\Documents\Default.rdp
[2013/12/31 00:39:01 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\UltraISO.lnk
[2013/12/31 00:36:27 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2013/12/31 00:36:27 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2013/12/28 09:57:14 | 000,000,993 | ---- | C] () -- C:\Users\Mahdi\Application Data\Microsoft\Internet Explorer\Quick Launch\Kalkules.lnk
[2013/12/28 09:57:14 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\Kalkules.lnk
[2013/12/26 21:40:07 | 000,000,066 | ---- | C] () -- C:\Windows\cshadegrid.ocx
[2013/12/23 11:11:04 | 000,001,047 | ---- | C] () -- C:\Users\Mahdi\Desktop\Cheat Engine.lnk
[2013/12/20 21:14:40 | 000,002,875 | ---- | C] () -- C:\Users\Mahdi\Desktop\StealthBot Launcher.lnk
[2013/12/17 08:49:48 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/11/20 10:08:52 | 000,139,448 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013/11/20 10:08:47 | 000,282,472 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2013/11/20 10:08:27 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2013/11/15 00:16:18 | 000,246,276 | ---- | C] () -- C:\Windows\System32\GDX32_.dll
[2013/11/15 00:16:18 | 000,049,152 | ---- | C] () -- C:\Windows\System32\GDX32.dll
[2013/11/13 01:33:01 | 000,000,042 | ---- | C] () -- C:\Windows\Narcis.INI
[2013/11/13 01:32:13 | 000,036,352 | ---- | C] () -- C:\Windows\System32\Sx32w.dll
[2013/11/13 01:32:12 | 000,000,040 | ---- | C] () -- C:\Windows\ND5.ini
[2013/11/05 11:19:07 | 003,180,264 | ---- | C] () -- C:\Windows\System32\drivers\rtvienna.dat
[2013/11/05 11:19:06 | 000,449,481 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2013/11/04 09:36:29 | 000,000,048 | ---- | C] () -- C:\Windows\System32\windows.ini
[2013/11/01 11:30:29 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2013/11/01 11:30:29 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2013/11/01 11:30:28 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2013/11/01 11:30:24 | 000,217,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013/11/01 11:30:20 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2013/11/01 11:01:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/11/01 11:01:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009/07/14 08:12:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/16 23:12:15 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 00:59:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 04:46:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2014/01/10 22:21:34 | 000,000,000 | ---D | M] -- C:\Users\Mahdi\AppData\Roaming\BitTorrent Sync
[2014/01/11 00:11:28 | 000,000,000 | ---D | M] -- C:\Users\Mahdi\AppData\Roaming\DMCache
[2014/01/04 15:20:37 | 000,000,000 | ---D | M] -- C:\Users\Mahdi\AppData\Roaming\ESET
[2013/11/02 16:37:47 | 000,000,000 | ---D | M] -- C:\Users\Mahdi\AppData\Roaming\Garena
[2014/01/10 23:47:52 | 000,000,000 | ---D | M] -- C:\Users\Mahdi\AppData\Roaming\GarenaPlus
[2014/01/10 23:14:58 | 000,000,000 | ---D | M] -- C:\Users\Mahdi\AppData\Roaming\IDM
[2013/11/28 11:10:53 | 000,000,000 | ---D | M] -- C:\Users\Mahdi\AppData\Roaming\LoadScout
[2013/12/01 09:29:01 | 000,000,000 | ---D | M] -- C:\Users\Mahdi\AppData\Roaming\LolClient
[2013/12/11 14:08:49 | 000,000,000 | ---D | M] -- C:\Users\Mahdi\AppData\Roaming\My Battle for Middle-earth(tm) II Files
[2013/11/13 17:34:06 | 000,000,000 | ---D | M] -- C:\Users\Mahdi\AppData\Roaming\Notepad++
[2013/11/01 11:26:22 | 000,000,000 | ---D | M] -- C:\Users\Mahdi\AppData\Roaming\Psoft
[2014/01/05 12:51:22 | 000,000,000 | ---D | M] -- C:\Users\Mahdi\AppData\Roaming\Softland
[2013/12/20 21:22:17 | 000,000,000 | ---D | M] -- C:\Users\Mahdi\AppData\Roaming\StealthBot
[2014/01/10 23:24:05 | 000,000,000 | ---D | M] -- C:\Users\Mahdi\AppData\Roaming\uTorrent
[2013/11/16 01:45:07 | 000,000,000 | ---D | M] -- C:\Users\Mahdi\AppData\Roaming\www.kiwix.org
[2013/12/06 09:27:25 | 000,000,000 | ---D | M] -- C:\Users\Mahdi\AppData\Roaming\XYplorer
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:F74FD899

< End of report >


Edited by Namvar, 10 January 2014 - 03:10 PM.

  • 0

Advertisements


#2
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello Namvar :welcome:

My name is Nutloaf, and I will be helping you with Malware Removal.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts. :)

Please read all instructions and fixes thoroughly.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode and access to the GeeksToGo website will be unavailable.
  • Any fixes provided by myself are for this log file only and cannot be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened if you still require assitance.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.

Finally before we start:

Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders.



We shall now begin :)

You have posted the OTL scan in a code box, this makes it a bit difficult to research. I need you to Copy and Paste all logs as is, no code or quote boxes please. I also need the Extras log. Don't worry we will deal with that in this post. :thumbsup:

I need you to complete a couple of scans for me please.

Follow in the order given


1. CKScanner

  • Using this link Download CKScanner and Save it to your desktop.
  • Please run the program once only.
  • Right click the CKScanner icon and "Run as administrator" (XP users - Doubleclick the icon)
  • Click Search For Files.
  • When the circle cursor (hourglass) disappears, click Save List To File.
  • The file will be saved to your Desktop.
  • Copy and paste CKFiles.txt in your next reply.

2. MGADiag

  • Using this link Download MGADiag and save to your Desktop
  • Right Click the MGADiag icon and select Run as Administrator
  • Click Continue to begin diagnosis. The Blue Circle Cursor will disappear when complete.
  • Now click Copy now open Notepad Right click in Notepad and Paste the log there.
  • Copy and paste the log in your next reply.


3. Scan with WVCheck:

Please download WVCheck and save it to the desktop.

  • Double click on WVCheck.exe and follow the prompts.
  • The scan may take some time depending on the Hard-Drive size.
  • Please post the contents of the notepad file WVCheck_nnnn_dd-mm-yyyy that can be located on the desktop.

4. OTL Custom Scan

  • Right click the OTL icon and select Run as Administrator.
  • Select the following boxes:
  • Scan All Users
  • Include 64bit Scans - If present.
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • Purity Check
  • In the Extra Registry box select Use Safe List
  • Copy and paste the following into the Custom Scans\Fixes box without the word Quote.

    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir C:\ /S /A:L /C

  • Now Click Run Scan
  • OTL will now scan your computer and produce 2 log files. OTL.txt and Extras.txt.
  • Post both in your next reply

5. aswMBR

  • Using this link download aswMBR.exe to your desktop.
  • Right click aswMBR.exe and Run as Administrator select No for AVAST virus definitions.
  • Click the Scan button to start.
  • When the scan ends click Save Log and save it to your desktop
  • Post this log in your next reply


Things I want to see in your next post.

  • CKFiles.txt
  • MGADiag log
  • WVCheck
  • OTL.txt
  • Extras.txt
  • aswMBR log
  • Use a couple of Posts if the logs are long

  • 0

#3
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there, are you still in need of help?
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP