Jump to content

Majid

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-07-2015 Ran by am (administrator) on YY (29-07-2015 12:17:25) Running from C:\Users\am\Documents\127\FRTS Loaded Profiles: am (Available Profiles: am) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Français (France) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe (Scarlet.Crush Productions) C:\am\software &\hardware\drivers\scp\ScpServer\bin\ScpService.exe (Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avpui.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (ALPS) C:\Program Files\Apoint\Apvfb.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe (Microsoft Corporation) C:\Windows\System32\vds.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [790688 2011-04-29] (Atheros Communications) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657568 2011-04-29] (Atheros Commnucations) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [226672 2011-10-17] (Alps Electric Co., Ltd.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation) HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation) HKLM-x32\...\Run: [iSBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation) HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-26] (Sony Corporation) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKU\S-1-5-21-894142761-3408750948-2455151004-1000\...\Run: [iDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3903056 2015-05-20] (Tonec Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [iDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-894142761-3408750948-2455151004-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-894142761-3408750948-2455151004-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://sony.msn.com HKU\S-1-5-21-894142761-3408750948-2455151004-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://sony.msn.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-894142761-3408750948-2455151004-1000 -> {519515C0-B944-4B9F-9D2C-2D4607D23DC3} URL = http://rover.ebay.com/rover/1/709-42536-16445-33/4?mpre=http://shop.ebay.fr/?oemInLn=ieSrch-Q311&_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-894142761-3408750948-2455151004-1000 -> {E705AD88-9764-4B5A-A1DE-05E8E83FAD74} URL = http://services.zinio.com/search?s={searchTerms}&rf=sonyslices BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-05-20] (Internet Download Manager, Tonec Inc.) BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2015-04-12] (Sun Microsystems, Inc.) BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-05-20] (Internet Download Manager, Tonec Inc.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated) BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-04-13] (Oracle Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-04-29] (Atheros Commnucations) BHO-x32: Programme d'aide de l'Assistant de connexion Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-04-13] (Oracle Corporation) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{69F6E808-2DE3-4D9C-BC95-F2076988C1CE}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{768D5623-CC58-4269-A31A-1BC9F526A719}: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\am\AppData\Roaming\Mozilla\Firefox\Profiles\ediin0jw.default-1432552302515 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2015-04-12] (Sun Microsystems, Inc.) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] () FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-04-13] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-04-13] (Oracle Corporation) FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com [2015-07-28] () FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-07-28] () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems) FF Extension: Dictionnaires français - C:\Users\am\AppData\Roaming\Mozilla\Firefox\Profiles\ediin0jw.default-1432552302515\Extensions\fr-dicollecte@dictionaries.addons.mozilla.org [2015-05-28] FF Extension: Adblock Plus - C:\Users\am\AppData\Roaming\Mozilla\Firefox\Profiles\ediin0jw.default-1432552302515\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-25] FF Extension: Greasemonkey - C:\Users\am\AppData\Roaming\Mozilla\Firefox\Profiles\ediin0jw.default-1432552302515\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-05-25] FF Extension: Adblock Edge - C:\Users\am\AppData\Roaming\Mozilla\Firefox\Profiles\ediin0jw.default-1432552302515\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-05-25] FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com [2015-07-28] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-07-28] FF HKU\S-1-5-21-894142761-3408750948-2455151004-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\am\AppData\Roaming\IDM\idmmzcc5 FF Extension: IDM CC - C:\Users\am\AppData\Roaming\IDM\idmmzcc5 [2015-07-29] FF HKU\S-1-5-21-894142761-3408750948-2455151004-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\am\AppData\Roaming\IDM\idmmzcc5 Chrome: ======= CHR Profile: C:\Users\am\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\am\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-12] CHR Extension: (Google Drive) - C:\Users\am\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-12] CHR Extension: (YouTube) - C:\Users\am\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-12] CHR Extension: (Google Search) - C:\Users\am\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-12] CHR Extension: (Avast SafePrice) - C:\Users\am\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-04-17] CHR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\am\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-07-10] CHR Extension: (Avast Online Security) - C:\Users\am\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-13] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\am\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-13] CHR Extension: (IDM Integration Module) - C:\Users\am\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-04-13] CHR Extension: (facetalk: send Facebook voice message on PC) - C:\Users\am\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkfgkeobegndodpppmklnahieknfhaja [2015-05-21] CHR Extension: (Google Wallet) - C:\Users\am\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-13] CHR Extension: (Gmail) - C:\Users\am\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-12] CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-18] CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-18] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-04-29] (Atheros) [File not signed] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [91296 2011-04-29] (Atheros Commnucations) [File not signed] R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe [194000 2015-06-27] (Kaspersky Lab ZAO) R2 Ds3Service; C:\am\software &\hardware\drivers\scp\ScpServer\bin\ScpService.exe [381952 2014-04-03] (Scarlet.Crush Productions) [File not signed] S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation) S4 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.) S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation) R3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [1021112 2011-03-30] (Sony Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.) S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2015-04-12] (The OpenVPN Project) R3 BthMtpEnum; C:\Windows\System32\DRIVERS\BthMtpEnum.sys [64512 2009-07-14] (Microsoft Corporation) S3 cmusbser; C:\Windows\System32\DRIVERS\cmusbser.sys [118144 2008-08-29] (Mobile Connector) R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-06-27] (Kaspersky Lab UK Ltd) S3 DrvAgent64; C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [13824 2015-04-14] (Phoenix Technologies) [File not signed] S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-07-19] (Disc Soft Ltd) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-27] (Kaspersky Lab ZAO) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [64368 2015-06-27] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [159960 2015-06-27] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [225976 2015-06-27] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [850608 2015-06-27] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39280 2015-06-27] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [40304 2015-06-27] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [39280 2015-06-27] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-06-27] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-27] (Kaspersky Lab ZAO) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [85360 2015-06-27] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [190648 2015-06-27] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-04-09] (NVIDIA Corporation) U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [788696 2014-12-23] (Realsil Semiconductor Corporation) U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [376024 2014-12-26] (Realsil Semiconductor Corporation) R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions) U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X] ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys D5B031C308A409A0A576BFF4CF083D30 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\System32\DRIVERS\Apfiltr.sys 12BFA9EC4B03CC16BB7D19BAA308AEF2 C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\drivers\arc.sys ==> MD5 is legit C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys C130BC4A51B1382B2BE8E44579EC4C0A C:\Windows\System32\DRIVERS\aswTap.sys E4ABC023E251D2BB6B98C9FCAF5CF16D C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\btath_flt.sys 50F257E19554421B6891E3F998EDCA90 C:\Windows\System32\DRIVERS\athrx.sys 56503F66C23DABCB61D3B9771E547642 C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\System32\drivers\btath_a2dp.sys B3BCD755FA9A359D10208CC9F09847CC C:\Windows\System32\drivers\btath_avdt.sys 9BBBA9D6DBDEFC8A6542BC7A6EBAF710 C:\Windows\System32\DRIVERS\btath_bus.sys D838DD1BCB328EFCFAD7A52DE9E3CAFD C:\Windows\System32\DRIVERS\btath_hcrp.sys A441B800E04CF8443FAF519207563ABB C:\Windows\System32\DRIVERS\btath_lwflt.sys B16F8429A35BBA2A8EF9DB2E08675B97 C:\Windows\System32\DRIVERS\btath_rcp.sys C24231C6BDFE21735930084A22089AAB C:\Windows\System32\DRIVERS\btfilter.sys 3632FA4C6B3CE9EC827690DEAC266D8C C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315 C:\Windows\System32\DRIVERS\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\BthMtpEnum.sys BDAD7CA91F370E588ECC8C67B694300C C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF C:\Windows\System32\Drivers\BTHport.sys 64C198198501F7560EE41D8D1EFA7952 C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37 C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cmusbser.sys 779F499D7791F65F6A5BA97C5D2627C8 C:\Windows\System32\DRIVERS\cm_km_w.sys 429B31D047CFAD3CA5DD38120A2CE455 C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit C:\Windows\System32\drivers\CHDRT64.sys 61F989B3E4C097DE52330BA00FCBCB67 C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\drivers\disk.sys ==> MD5 is legit C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS FE71C99A5830F94D77A8792741D6E6C7 C:\Windows\System32\DRIVERS\dtlitescsibus.sys 496C3C6BC3D930D0960C9E75AA30F4A7 C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\e1y60x64.sys 50AD8FC1DC800FF36087994C8F7FDFF2 C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit C:\Windows\System32\drivers\iaStor.sys F7CE9BE72EDAC499B713ECA6DAE5D26F C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\Windows\System32\DRIVERS\idmwfp.sys BA9DA7F5186967802C36CB44DCF5C5FA C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kl1.sys 5781DA0CFB8833F5D8AEB433233C7294 C:\Windows\System32\DRIVERS\kldisk.sys EE7A44540B65B6FF617DCB8929C9FDAE C:\Windows\System32\DRIVERS\klflt.sys 119FC2FA9972458FF15BC17F2C36AB99 C:\Windows\System32\DRIVERS\klhk.sys B96959CDDDEAE40F5B57C52AC6F94EC0 C:\Windows\System32\DRIVERS\klif.sys BEC7B9DE0AAFB871DE40F24C42744B00 C:\Windows\System32\DRIVERS\klim6.sys 3B360AA2710679C71E450745B96A801C C:\Windows\System32\DRIVERS\klkbdflt.sys 7DBA65D9D2974298B927287904EFF3D4 C:\Windows\System32\DRIVERS\klmouflt.sys 99EA6658E783A8D683BC3B72FD9FD235 C:\Windows\System32\DRIVERS\klpd.sys B33399BCA2034648520E34987CE2C0C9 C:\Windows\System32\DRIVERS\kltdi.sys B36DEE2A91F9388C4D3ED744592DE81D C:\Windows\System32\DRIVERS\klwtp.sys 88D5EF6EE17C280167D42B53282AB4BD C:\Windows\System32\DRIVERS\kneps.sys 1AAA539F0F16716466596C37599C7AF2 C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\drivers\mbam.sys A8D28D5B3E2A528D1EF0E338E44F2820 C:\Windows\system32\drivers\mwac.sys AE757332EA130E94E646621CC695B52A C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567 C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163 C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\System32\drivers\ccdcmbx64.sys 1381E95D4E0F94F22DD484B5F8C1D61D C:\Windows\System32\drivers\ccdcmbox64.sys 205510CDB7B6084BF31760B5D06F9242 C:\Windows\System32\drivers\nmwcdnsucx64.sys 5B6203B2F4B3727A0AEB8DA44545E64E C:\Windows\System32\drivers\nmwcdnsux64.sys 93CC935F10D17A7AAAA8FC9E5AC7AF6A C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys A2F74975097F52A00745F9637451FDD8 C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\System32\drivers\nvhda64v.sys 7E4355930B28C2798D9F09AB9F81151F C:\Windows\System32\DRIVERS\nvlddmkm.sys 7C28BA74B766F3470128107DA764F711 C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\System32\drivers\nvvad64v.sys DBFE7B2DF103F74AE51840B3C5F25FE9 C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\drivers\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pccsmcfdx64.sys 3FDE033DFB0D07F8B7D5C9A3044AA121 C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\drivers\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932 C:\Windows\System32\DRIVERS\RtsPStor.sys E42C28EA74EF0F5CCBB4785CC056440F C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Rt64win7.sys DCF7221D6588EDA8CD77CB27AE9B1844 C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ScpVBus.sys 0447065A6E10774EFCECFDD0EB970A79 C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0 C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit C:\Windows\system32\drivers\serial.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\SFEP.sys 286D3889E6AB5589646FF8A63CB928AE C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Sftfslh.sys D5183ED285D2795491DC15BDDCBEE5AD C:\Windows\System32\DRIVERS\Sftplaylh.sys 00F118B68C50D2206DD51634F9142B83 C:\Windows\System32\DRIVERS\Sftredirlh.sys 76A827DF5640BFE16A0CDBB4108ADECA C:\Windows\System32\DRIVERS\Sftvollh.sys 1B4C9701645086BAB8CAFFFCE30ED284 C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28 C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3 C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\tcpip.sys FC62769E7BFF2896035AEED399108162 C:\Windows\System32\DRIVERS\tcpip.sys FC62769E7BFF2896035AEED399108162 C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8 C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys 311C90F0767A63000AC35DD0A7078A30 C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24 C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31 C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbser.sys 4ACEE387FA8FD39F83564FCD2FC234F2 C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys C03DA998E412D69D18DD11D835229AF0 C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6 C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\drivers\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\xusb21.sys 2C6BC21B2D5B58D8B1D638C1704CB494 ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Three Months Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-29 12:16 - 2015-07-29 12:17 - 00000000 ____D C:\FRST 2015-07-29 12:06 - 2015-07-29 12:06 - 00000000 ___RD C:\Users\am\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2015-07-29 02:11 - 2015-07-29 02:12 - 00000000 ____D C:\Users\am\Documents\127 2015-07-29 01:01 - 2015-07-29 01:01 - 00001107 _____ C:\Users\am\Desktop\JRT.txt 2015-07-28 23:36 - 2015-07-28 23:36 - 00001547 _____ C:\Users\am\Desktop\Windows Media Player.lnk 2015-07-28 23:21 - 2015-07-28 23:21 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2015-07-28 23:19 - 2015-07-28 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2015-07-28 23:19 - 2015-07-28 23:18 - 00002083 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk 2015-07-28 23:18 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll 2015-07-28 23:17 - 2015-07-29 12:06 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2015-07-28 23:17 - 2015-07-28 23:17 - 00000000 ____D C:\Windows\ELAMBKUP 2015-07-28 23:17 - 2015-07-28 23:17 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2015-07-28 23:17 - 2015-06-27 22:14 - 00850608 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2015-07-28 23:17 - 2015-06-27 22:14 - 00225976 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys 2015-07-28 23:17 - 2015-06-27 22:14 - 00159960 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2015-07-28 22:23 - 2015-07-28 22:23 - 00000000 ____D C:\Users\am\AppData\Local\NokiaAccount 2015-07-28 22:04 - 2015-07-29 12:06 - 00351316 _____ C:\Windows\PFRO.log 2015-07-28 22:04 - 2015-07-29 12:06 - 00000448 _____ C:\Windows\setupact.log 2015-07-28 22:04 - 2015-07-28 22:04 - 00000000 _____ C:\Windows\setuperr.log 2015-07-28 21:27 - 2015-07-28 21:27 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2015-07-28 21:27 - 2015-07-28 21:27 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk 2015-07-28 21:27 - 2015-07-28 21:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-07-28 21:27 - 2015-07-28 21:27 - 00000000 ____D C:\Program Files\CCleaner 2015-07-28 20:55 - 2015-07-29 12:12 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-07-28 20:55 - 2015-07-28 20:55 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-07-28 20:55 - 2015-07-28 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-07-28 20:55 - 2015-07-28 20:55 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-07-28 20:55 - 2015-07-28 20:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-07-28 20:55 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-07-28 20:55 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-07-28 20:55 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-07-28 19:31 - 2015-07-28 20:07 - 00000000 ____D C:\Users\am\Documents\Review 2015-07-28 17:34 - 2015-07-29 02:12 - 00000000 ____D C:\Users\am\Downloads\YY 2015-07-28 00:33 - 2015-07-28 00:33 - 05790115 _____ C:\Users\am\Downloads\Right Hand.m4a 2015-07-27 18:38 - 2015-07-27 18:38 - 02598035 _____ C:\Users\am\Downloads\Sakey, Marcus - [brilliance 2] - A Better World (2014, Thomas & Mercer, 9781477823941,1477823948).epub 2015-07-24 02:30 - 2015-07-24 02:30 - 00016523 _____ C:\Users\am\AppData\Local\recently-used.xbel 2015-07-23 03:46 - 2015-07-23 03:46 - 00007605 _____ C:\Users\am\AppData\Local\Resmon.ResmonCfg 2015-07-22 23:13 - 2015-07-24 02:30 - 00000000 ____D C:\Users\am\AppData\Roaming\deluge 2015-07-22 23:12 - 2015-07-22 23:12 - 00000979 _____ C:\Users\Public\Desktop\Deluge.lnk 2015-07-22 23:12 - 2015-07-22 23:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge 2015-07-22 23:11 - 2015-07-22 23:12 - 00000000 ____D C:\Program Files (x86)\Deluge 2015-07-22 13:17 - 2015-07-22 13:17 - 00000000 ____D C:\Users\am\AppData\Local\transmission 2015-07-22 12:56 - 2015-07-22 19:43 - 00000000 ____D C:\Users\am\AppData\Roaming\transmission 2015-07-22 11:59 - 2015-07-22 15:50 - 00000000 ____D C:\Users\am\AppData\Roaming\gtk-2.0 2015-07-21 23:56 - 2015-07-22 11:59 - 00000000 ____D C:\Users\am\AppData\Roaming\Python-Eggs 2015-07-19 18:43 - 2015-07-19 18:43 - 00001075 _____ C:\Users\Public\Desktop\FastStone Capture.lnk 2015-07-19 18:43 - 2015-07-19 18:43 - 00000000 ____D C:\Users\am\AppData\Roaming\FastStone 2015-07-19 18:43 - 2015-07-19 18:43 - 00000000 ____D C:\Users\am\AppData\Local\FastStone 2015-07-19 18:43 - 2015-07-19 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Capture 2015-07-19 18:43 - 2015-07-19 18:43 - 00000000 ____D C:\Program Files (x86)\FastStone Capture 2015-07-19 15:11 - 2015-07-19 15:11 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf 2015-07-19 15:11 - 2015-07-19 15:11 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf 2015-07-19 15:09 - 2013-05-19 08:02 - 00039168 _____ (Scarlet.Crush Productions) C:\Windows\system32\Drivers\ScpVBus.sys 2015-07-19 15:09 - 2013-01-07 15:56 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll 2015-07-19 15:07 - 2015-07-19 15:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories 2015-07-19 15:07 - 2015-07-19 15:07 - 00000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories 2015-07-19 15:06 - 2006-09-28 16:04 - 00091928 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2015-07-19 15:05 - 2006-09-28 16:04 - 00068888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll 2015-07-19 14:53 - 2015-07-19 14:53 - 00000000 ____D C:\Users\am\AppData\Local\Disc_Soft_Ltd 2015-07-19 14:37 - 2015-07-27 17:08 - 00000000 ____D C:\Program Files (x86)\Metal Gear Solid V Ground Zeroes 2015-07-19 14:35 - 2015-07-19 14:35 - 00000000 ____D C:\Program Files (x86)\Disc Soft 2015-07-19 14:34 - 2015-07-28 21:29 - 00000000 ____D C:\Users\am\AppData\Roaming\DAEMON Tools Lite 2015-07-19 14:34 - 2015-07-19 14:34 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys 2015-07-19 14:34 - 2015-07-19 14:34 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite 2015-07-05 02:16 - 2015-07-05 02:16 - 00000038 _____ C:\Users\am\.gtk-bookmarks 2015-07-04 18:14 - 2015-07-28 22:24 - 00000000 ____D C:\Program Files (x86)\Simple Static IP 2015-07-04 18:08 - 2015-07-04 18:11 - 00000000 ____D C:\Users\am\AppData\Roaming\PortForward.com 2015-07-04 18:08 - 2015-07-04 18:11 - 00000000 ____D C:\Users\am\AppData\Roaming\PFStaticIP 2015-07-04 18:07 - 2015-07-04 18:07 - 00000000 ____D C:\Users\am\AppData\Local\Downloaded Installations 2015-07-03 21:48 - 2015-07-26 15:36 - 00000000 ____D C:\Users\am\Documents\Seeding 2015-06-30 17:14 - 2015-07-19 18:00 - 00000000 ____D C:\Users\am\AppData\Roaming\mIRC 2015-06-30 17:14 - 2015-06-30 17:14 - 00000951 _____ C:\Users\Public\Desktop\mIRC.lnk 2015-06-30 17:14 - 2015-06-30 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC 2015-06-30 17:14 - 2015-06-30 17:14 - 00000000 ____D C:\Program Files (x86)\mIRC 2015-06-27 22:14 - 2015-06-27 22:14 - 00478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys 2015-06-27 22:14 - 2015-06-27 22:14 - 00247016 _____ (Kaspersky Lab UK Ltd) C:\Windows\system32\Drivers\cm_km_w.sys 2015-06-27 22:14 - 2015-06-27 22:14 - 00190648 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys 2015-06-27 22:14 - 2015-06-27 22:14 - 00085360 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwtp.sys 2015-06-27 22:14 - 2015-06-27 22:14 - 00065208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kltdi.sys 2015-06-27 22:14 - 2015-06-27 22:14 - 00064368 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kldisk.sys 2015-06-27 22:14 - 2015-06-27 22:14 - 00040304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys 2015-06-27 22:14 - 2015-06-27 22:14 - 00039280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klmouflt.sys 2015-06-27 22:14 - 2015-06-27 22:14 - 00039280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys 2015-06-27 22:14 - 2015-06-27 22:14 - 00024944 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klpd.sys 2015-06-21 14:36 - 2015-03-05 11:00 - 04137472 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys 2015-06-18 13:35 - 2015-07-26 14:57 - 00000000 ____D C:\Users\am\Documents\Livres 2015-06-14 15:13 - 2015-07-29 11:27 - 00000000 ____D C:\Program Files (x86)\HSPA USB Modem 2015-06-14 15:13 - 2015-06-14 15:13 - 00002759 _____ C:\Users\Public\Desktop\Nedjma Easynet.lnk 2015-06-14 15:13 - 2015-06-14 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HSPA USB Modem 2015-06-10 21:57 - 2015-06-21 01:08 - 00000000 ____D C:\Users\am\Documents\My Digital Editions 2015-06-10 21:57 - 2015-06-11 23:37 - 00002178 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 4.0.lnk 2015-06-10 21:57 - 2015-06-11 23:37 - 00002166 _____ C:\Users\Public\Desktop\Adobe Digital Editions 4.0.lnk 2015-06-10 21:57 - 2015-06-10 21:57 - 00000000 ____D C:\Users\am\AppData\Local\Adobe_Systems_Incorporate 2015-06-10 21:57 - 2015-06-10 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe 2015-06-08 18:12 - 2015-06-08 18:12 - 00000000 ____D C:\Users\am\AppData\Roaming\driveridentifier 2015-06-08 15:16 - 2015-06-08 15:16 - 00000907 _____ C:\Users\am\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk 2015-06-08 15:16 - 2015-06-08 15:16 - 00000000 ____D C:\Users\am\AppData\Roaming\MediaInfo 2015-06-08 15:16 - 2015-06-08 15:16 - 00000000 ____D C:\Program Files\MediaInfo 2015-05-23 19:02 - 2015-05-23 19:02 - 00000000 ____D C:\Users\am\Tracing 2015-05-23 19:01 - 2015-05-23 19:01 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-05-23 19:01 - 2015-05-23 19:01 - 00000000 ____D C:\Users\am\AppData\Local\Skype 2015-05-23 19:01 - 2015-05-23 19:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-05-23 15:02 - 2015-07-28 21:28 - 00000000 ____D C:\Windows\Minidump 2015-05-22 14:10 - 2015-05-22 14:13 - 00000000 ____D C:\Program Files (x86)\Google Books Downloader 2015-05-20 13:55 - 2015-05-20 13:55 - 00197616 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys 2015-05-13 20:00 - 2015-05-13 20:00 - 00000000 ____D C:\Users\am\AppData\Local\Microsoft Help 2015-05-13 20:00 - 2015-05-13 20:00 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-05-11 18:42 - 2015-05-23 19:48 - 00000000 ____D C:\Users\am\AppData\Roaming\Skype 2015-05-08 14:28 - 2015-05-08 15:06 - 00000000 ____D C:\Users\am\AppData\Local\http___www.julien-manici 2015-05-05 15:42 - 2015-05-05 15:42 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf 2015-05-05 15:28 - 2015-07-14 02:43 - 00000000 ____D C:\Users\am\Documents\Nokia Suite 2015-05-05 15:28 - 2015-05-05 15:28 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ccdcmbx64_01009.Wdf 2015-05-05 15:27 - 2015-05-05 19:48 - 00000000 ____D C:\ProgramData\PC Suite 2015-05-05 15:27 - 2015-05-05 15:28 - 00000000 ____D C:\Users\am\AppData\Roaming\PC Suite 2015-05-05 15:27 - 2015-05-05 15:27 - 00000000 ____D C:\Users\am\AppData\Local\Nokia 2015-05-05 15:26 - 2015-07-28 22:23 - 00000000 ____D C:\ProgramData\Nokia 2015-05-05 15:25 - 2015-05-05 15:25 - 00000000 ____D C:\Program Files\DIFX 2015-05-05 15:25 - 2015-05-05 15:25 - 00000000 ____D C:\Program Files (x86)\PC Connectivity Solution 2015-05-05 15:25 - 2013-01-23 10:31 - 00057856 _____ (Nokia) C:\Windows\system32\nmwcdclsX64.dll 2015-05-05 15:25 - 2012-10-17 14:53 - 00026112 _____ (Nokia) C:\Windows\system32\Drivers\pccsmcfdx64.sys 2015-05-05 15:24 - 2015-07-28 22:23 - 00000000 ____D C:\Program Files (x86)\Nokia 2015-05-05 15:24 - 2015-05-05 15:24 - 00000000 ____D C:\ProgramData\NokiaInstallerCache 2015-05-05 14:40 - 2015-05-05 14:41 - 00000000 ____D C:\Users\am\AppData\Roaming\npm 2015-05-05 14:40 - 2015-05-05 14:40 - 00000000 ____D C:\Users\am\AppData\Roaming\npm-cache 2015-05-01 18:46 - 2015-05-01 18:46 - 00000000 ____D C:\Users\am\AppData\Roaming\ArcSoft 2015-05-01 18:46 - 2015-05-01 18:46 - 00000000 ____D C:\Users\am\AppData\Local\ArcSoft 2015-04-30 23:18 - 2015-04-30 23:18 - 00007168 _____ C:\Windows\SysWOW64\WebFilterInstallerHelper.exe 2015-04-30 23:18 - 2015-04-30 23:18 - 00007168 _____ C:\Windows\SysWOW64\RemoveProxySettings.exe ==================== Three Months Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-29 12:14 - 2015-04-12 21:52 - 00000844 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-29 12:13 - 2015-04-12 21:05 - 00736896 _____ C:\Windows\system32\perfh00C.dat 2015-07-29 12:13 - 2015-04-12 21:05 - 00149094 _____ C:\Windows\system32\perfc00C.dat 2015-07-29 12:13 - 2009-07-14 06:13 - 01666802 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-29 12:13 - 2009-07-14 05:45 - 00020992 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-29 12:13 - 2009-07-14 05:45 - 00020992 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-29 12:09 - 2015-04-12 20:11 - 01481001 _____ C:\Windows\WindowsUpdate.log 2015-07-29 12:06 - 2015-04-12 21:52 - 00000840 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-29 12:06 - 2015-04-12 20:28 - 00000000 ____D C:\ProgramData\NVIDIA 2015-07-29 12:06 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-29 12:05 - 2015-04-12 22:14 - 00000000 ____D C:\Users\am\AppData\Roaming\DMCache 2015-07-29 12:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Globalization 2015-07-29 01:43 - 2015-04-12 21:24 - 00000000 ____D C:\Users\am\Documents\Bluetooth Folder 2015-07-29 00:39 - 2015-04-13 18:01 - 00000000 ____D C:\Users\am\AppData\Roaming\vlc 2015-07-28 23:33 - 2015-04-12 22:14 - 00000000 ____D C:\Users\am\Downloads\Compressed 2015-07-28 23:02 - 2015-04-12 21:42 - 00000000 ____D C:\ProgramData\AVAST Software 2015-07-28 22:52 - 2015-04-12 21:22 - 00000000 ____D C:\Users\am 2015-07-28 22:35 - 2015-04-12 22:14 - 00000000 ____D C:\Users\am\AppData\Roaming\IDM 2015-07-28 22:27 - 2015-04-22 18:54 - 00000000 ____D C:\Program Files\Common Files\Apple 2015-07-28 21:28 - 2015-04-12 21:31 - 00000000 ____D C:\Users\am\AppData\Local\CrashDumps 2015-07-28 21:28 - 2011-02-10 23:48 - 00000000 ____D C:\Windows\Panther 2015-07-28 21:24 - 2015-04-12 21:55 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-07-28 21:24 - 2015-04-12 21:36 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-07-28 14:42 - 2015-04-13 09:57 - 00000000 ____D C:\Users\am\Documents\Sea 2015-07-26 14:55 - 2015-04-12 22:14 - 00000000 ____D C:\Users\am\Downloads\Video 2015-07-25 16:31 - 2015-04-22 19:47 - 00000000 ____D C:\Users\am\AppData\Roaming\Apple Computer 2015-07-25 16:29 - 2015-04-22 19:45 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-07-22 12:39 - 2015-04-13 09:12 - 00000000 ____D C:\ProgramData\Package Cache 2015-07-22 02:06 - 2015-04-12 21:31 - 00000000 ____D C:\Users\am\AppData\Roaming\SoftGrid Client 2015-07-19 19:12 - 2015-04-12 22:01 - 00000000 ____D C:\Users\am\AppData\Local\Adobe 2015-07-17 21:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2015-07-15 21:08 - 2015-04-12 21:52 - 00003840 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-07-15 21:08 - 2015-04-12 21:52 - 00003588 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-07-15 01:52 - 2015-04-12 22:03 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-07-15 01:52 - 2015-04-12 22:03 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-07 14:15 - 2015-04-12 21:24 - 00000000 ____D C:\Users\am\AppData\Roaming\Atheros 2015-07-07 14:08 - 2015-04-12 22:14 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager 2015-07-06 13:11 - 2015-04-12 22:14 - 00001009 _____ C:\Users\am\Desktop\Internet Download Manager.lnk 2015-07-05 12:43 - 2015-04-12 21:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-07-03 22:21 - 2015-04-26 21:35 - 00000000 ____D C:\Users\am\Downloads\Subs 2015-07-01 17:30 - 2015-04-12 20:32 - 00000000 ____D C:\ProgramData\McAfee 2015-06-30 19:54 - 2015-04-14 19:08 - 00003920 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DE9A0B2F-A4F7-4097-8E98-6C540F4E683F} ==================== Files in the root of some directories ======= 2015-07-24 02:30 - 2015-07-24 02:30 - 0016523 _____ () C:\Users\am\AppData\Local\recently-used.xbel 2015-07-23 03:46 - 2015-07-23 03:46 - 0007605 _____ () C:\Users\am\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== C:\Users\am\AppData\Local\Temp\NOSEventMessages.dll C:\Users\am\AppData\Local\Temp\Quarantine.exe C:\Users\am\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ Gestionnaire de d‚marrage Windows --------------------------------- identificateur {bootmgr} device partition=\Device\HarddiskVolume2 description Windows Boot Manager locale fr-FR inherit {globalsettings} default {current} resumeobject {5523187c-e14f-11e4-bb38-e2a55eb15b3e} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Chargeur de d‚marrage Windows ----------------------------- identificateur {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale fr-FR inherit {bootloadersettings} recoverysequence {5523187e-e14f-11e4-bb38-e2a55eb15b3e} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {5523187c-e14f-11e4-bb38-e2a55eb15b3e} nx OptIn Chargeur de d‚marrage Windows ----------------------------- identificateur {5523187e-e14f-11e4-bb38-e2a55eb15b3e} device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{5523187f-e14f-11e4-bb38-e2a55eb15b3e} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{5523187f-e14f-11e4-bb38-e2a55eb15b3e} systemroot \windows nx OptIn winpe Yes Reprendre … partir de la mise en veille prolong‚e ------------------------------------------------- identificateur {5523187c-e14f-11e4-bb38-e2a55eb15b3e} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale fr-FR inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Testeur de m‚moire Windows -------------------------- identificateur {memdiag} device partition=\Device\HarddiskVolume2 path \boot\memtest.exe description Diagnostics m‚moire Windows locale fr-FR inherit {globalsettings} badmemoryaccess Yes Paramٹtres EMS -------------- identificateur {emssettings} bootems Yes Paramٹtres du d‚bogueur ----------------------- identificateur {dbgsettings} debugtype Serial debugport 1 baudrate 115200 Erreurs de m‚moire RAM ---------------------- identificateur {badmemory} Paramٹtres globaux ------------------ identificateur {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Paramٹtres du chargeur de d‚marrage ----------------------------------- identificateur {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Paramٹtres de l?hyperviseur ------------------- identificateur {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Paramٹtres du chargeur de reprise --------------------------------- identificateur {resumeloadersettings} inherit {globalsettings} Options de p‚riph‚rique ----------------------- identificateur {5523187f-e14f-11e4-bb38-e2a55eb15b3e} description Ramdisk Options ramdisksdidevice partition=\Device\HarddiskVolume1 ramdisksdipath \Recovery\WindowsRE\boot.sdi LastRegBack: 2015-07-23 03:38 ==================== End of log ============================
  2. Hello, Maniac... After I ran the scan of Malwarebytes, it found two threats which I deleted... Before I restarted my computer, I unchecked the proxy, after the reboot and surfing a few minutes... It remained unchecked! Here are the logs: (malwarebytes) <?xml version="1.0" encoding="UTF-8" ?> <logs> <record severity="debug" LoggingEventType="4" datetime="2015-07-29T00:51:30.190857+01:00" source="Protection" type="Error" username="SYSTEM" systemname="YY" code="13" last_modified_tag="4f895c9a-0d9b-470f-9ad1-55b0332f9d0e" message="IsLicensed"></record> <record severity="debug" LoggingEventType="2" datetime="2015-07-29T00:51:30.260857+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="YY" last_modified_tag="7cfcbe0c-b509-4fc9-aeec-60416ceacac5" result="Stopping" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2015-07-29T00:51:30.270857+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="YY" last_modified_tag="8992c5fc-e6d7-43fd-a856-fc7113acf40d" result="Stopped" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="4" datetime="2015-07-29T01:05:11.571470+01:00" source="Protection" type="Error" username="SYSTEM" systemname="YY" code="13" last_modified_tag="365012b0-858b-4deb-9103-4f5e2674ed4c" message="IsLicensed"></record> <record severity="debug" LoggingEventType="2" datetime="2015-07-29T01:05:11.649471+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="YY" last_modified_tag="72d5c002-0d1b-47aa-af34-1ea89bc8c32d" result="Stopping" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2015-07-29T01:05:11.649471+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="YY" last_modified_tag="40602514-5ddf-4968-90bb-0367bb7c669f" result="Stopped" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="4" datetime="2015-07-29T01:51:55.395850+01:00" source="Protection" type="Error" username="SYSTEM" systemname="YY" code="13" last_modified_tag="db3a5753-453e-4c3c-82cf-7f779a6b098a" message="IsLicensed"></record> <record severity="debug" LoggingEventType="2" datetime="2015-07-29T01:51:55.427050+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="YY" last_modified_tag="ba2d3a3c-b9d9-4ef1-87b3-e96b24c28eec" result="Stopping" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2015-07-29T01:51:55.427050+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="YY" last_modified_tag="f12c946f-6b7e-4d26-8ba0-a99e9ddd5d49" result="Stopped" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="4" datetime="2015-07-29T11:28:28.925689+01:00" source="Protection" type="Error" username="SYSTEM" systemname="YY" code="13" last_modified_tag="ac39150e-e805-4031-a6a2-3769a7ae0371" message="IsLicensed"></record> <record severity="debug" LoggingEventType="2" datetime="2015-07-29T11:28:28.956889+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="YY" last_modified_tag="92104080-86af-4b97-a396-2b7a008948d6" result="Stopping" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2015-07-29T11:28:28.956889+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="YY" last_modified_tag="cde3aff7-7991-4bfe-9e7e-5062a464121c" result="Stopped" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="1" datetime="2015-07-29T11:33:19.765434+01:00" source="Manual" type="Update" username="SYSTEM" systemname="YY" fromVersion="2015.7.22.1" last_modified_tag="c3a75071-b6c6-420f-adca-6b9637cf658e" name="Rootkit Database" toVersion="2015.7.29.1"></record> <record severity="debug" LoggingEventType="1" datetime="2015-07-29T11:33:26.595824+01:00" source="Manual" type="Update" username="SYSTEM" systemname="YY" fromVersion="2015.7.28.6" last_modified_tag="ae5f69ae-eb38-42fe-9c0b-3d868e17889f" name="Malware Database" toVersion="2015.7.29.2"></record> <record severity="debug" scantype="threat" LoggingEventType="6" starttime="2015-07-29T11:33:28+01:00" datetime="2015-07-29T12:04:15.803277+01:00" source="Manual" type="Scan" username="SYSTEM" systemname="YY" last_modified_tag="27634cac-1a50-4439-9b44-4583ec563edd" duration="1831" malwaredetections="0" nonmalwaredetections="2" scanresult="completed"></record> <record severity="debug" LoggingEventType="4" datetime="2015-07-29T12:06:32.572245+01:00" source="Protection" type="Error" username="SYSTEM" systemname="YY" code="13" last_modified_tag="e7a9d566-db0d-42e0-a911-294b65743eec" message="IsLicensed"></record> <record severity="debug" LoggingEventType="2" datetime="2015-07-29T12:06:32.603445+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="YY" last_modified_tag="baef75f3-f067-4015-9914-abc332e269c5" result="Stopping" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2015-07-29T12:06:32.603445+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="YY" last_modified_tag="728e9d74-e1dd-4aa5-a869-70162c45bfcf" result="Stopped" subtype="Malware Protection"></record> </logs>
  3. Hello, it has been a while since I had this problem but I never gave any attention to it (actually I did but I just thought it was something from my ISP...) but now it is becoming really annoying and after making some research, this problem might be more dangerous than what it seems to be. So I believe I have tried everything in my power to stop this, nothing. I tried deleting the proxy setting from the registry in safe mode, did not work. Secondly, I have downloaded Malwarebytes, scanned, deleted the dangerous files. In the same time, downloaded CCleaner, cleaned everything and rebooted, also didn't work. Third, I have downloaded AdwCleaner, used it. Found some things, deleted them also. Rebooted, proxy setting still there. Fourth, downloaded Junkware Removal, found something in Windows files, deleted it. Reboot, still there. And now I am at my end with it, have no idea what to do and am actually a little scared, I have a lot of files and do not want to do a full restoration. Unfortunately, a simple restoration is not possible because for some reason my OS deletes all the old ones. For more clarification, I am talking about this: It keeps checking back by itself, no matter what. It sometimes blocks websites, sometimes is slow as hell. And recently, more than a few times... It is completely broken. Firefox tells me that the proxy server is not working and I have to go to its settings and deactivate it from there so I can browse... And God knows what it is also doing to my computer. Please help!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.