Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot get rid of 127.0.0.1 :18080 proxy setting.


  • This topic is locked This topic is locked
3 replies to this topic

#1 Yimmy

Yimmy

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 28 July 2015 - 07:46 PM

Hello, it has been a while since I had this problem but I never gave any attention to it (actually I did but I just thought it was something from my ISP...) but now it is becoming really annoying and after making some research, this problem might be more dangerous than what it seems to be.
 
So I believe I have tried everything in my power to stop this, nothing. I tried deleting the proxy setting from the registry in safe mode, did not work. Secondly, I have downloaded Malwarebytes, scanned, deleted the dangerous files. In the same time, downloaded CCleaner, cleaned everything and rebooted, also didn't work. Third, I have downloaded AdwCleaner, used it. Found some things, deleted them also. Rebooted, proxy setting still there. Fourth, downloaded Junkware Removal, found something in Windows files, deleted it. Reboot, still there.
 
 
And now I am at my end with it, have no idea what to do and am actually a little scared, I have a lot of files and do not want to do a full restoration. Unfortunately, a simple restoration is not possible because for some reason my OS deletes all the old ones.
 
 
For more clarification, I am talking about this: 
 
gaPLgdo.jpg
 
IeEM392.jpg
 
 
It keeps checking back by itself, no matter what. It sometimes blocks websites, sometimes is slow as hell. And recently, more than a few times... It is completely broken. Firefox tells me that the proxy server is not working and I have to go to its settings and deactivate it from there so I can browse... And God knows what it is also doing to my computer. 
 
 
Please help!
 
 

Edit: I just download FRST and ran a scan as admin (64bits) and here is the log: http://pastebin.com/nrB5iRme

 

 

Sorry, I cant seem to make an attachment file, it crashes when uploading, so I just pasted it. :(

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015
Ran by am (administrator) on YY (29-07-2015 02:15:15)
Running from C:\Users\am\Documents\127\FRTS
Loaded Profiles: am (Available Profiles: am)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Français (France)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe
(Scarlet.Crush Productions) C:\am\software &\hardware\drivers\scp\ScpServer\bin\ScpService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avpui.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Windows\SysWOW64\WebFilter.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
() C:\Program Files (x86)\HSPA USB Modem\HSPALauncher.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VUAgent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [790688 2011-04-29] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657568 2011-04-29] (Atheros Commnucations)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [226672 2011-10-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-26] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [WebFilter] => C:\Windows\SysWOW64\WebFilter.exe [31744 2015-04-30] ()
HKLM-x32\...\Run: [HSPALauncher] => C:\Program Files (x86)\HSPA USB Modem\HSPALauncher.exe [233472 2012-01-09] ()
HKLM-x32\...\RunOnce: [{8D691D1F-85A4-4CDF-BDBE-74DD1297C73A}] => cmd.exe /C start /D "C:\Users\am\AppData\Local\Temp" /B {8D691D1F-85A4-4CDF-BDBE-74DD1297C73A}.exe -accepteula -accepteulaksn -postboot
HKU\S-1-5-21-894142761-3408750948-2455151004-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3903056 2015-05-20] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-894142761-3408750948-2455151004-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-894142761-3408750948-2455151004-1000] => 127.0.0.1:18080
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-894142761-3408750948-2455151004-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-894142761-3408750948-2455151004-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://sony.msn.com
HKU\S-1-5-21-894142761-3408750948-2455151004-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://sony.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-894142761-3408750948-2455151004-1000 -> {519515C0-B944-4B9F-9D2C-2D4607D23DC3} URL = http://rover.ebay.com/rover/1/709-42536-16445-33/4?mpre=http://shop.ebay.fr/?oemInLn=ieSrch-Q311&_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-894142761-3408750948-2455151004-1000 -> {E705AD88-9764-4B5A-A1DE-05E8E83FAD74} URL = http://services.zinio.com/search?s={searchTerms}&rf=sonyslices
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2015-04-12] (Sun Microsystems, Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-04-13] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-04-29] (Atheros Commnucations)
BHO-x32: Programme d'aide de l'Assistant de connexion Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-04-13] (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{69F6E808-2DE3-4D9C-BC95-F2076988C1CE}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{768D5623-CC58-4269-A31A-1BC9F526A719}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\am\AppData\Roaming\Mozilla\Firefox\Profiles\ediin0jw.default-1432552302515
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2015-04-12] (Sun Microsystems, Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-04-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-04-13] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com [2015-07-28] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-07-28] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Extension: Dictionnaires français - C:\Users\am\AppData\Roaming\Mozilla\Firefox\Profiles\ediin0jw.default-1432552302515\Extensions\fr-dicollecte@dictionaries.addons.mozilla.org [2015-05-28]
FF Extension: Adblock Plus - C:\Users\am\AppData\Roaming\Mozilla\Firefox\Profiles\ediin0jw.default-1432552302515\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-25]
FF Extension: Greasemonkey - C:\Users\am\AppData\Roaming\Mozilla\Firefox\Profiles\ediin0jw.default-1432552302515\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-05-25]
FF Extension: Adblock Edge - C:\Users\am\AppData\Roaming\Mozilla\Firefox\Profiles\ediin0jw.default-1432552302515\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-05-25]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com [2015-07-28]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-07-28]
FF HKU\S-1-5-21-894142761-3408750948-2455151004-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\am\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\am\AppData\Roaming\IDM\idmmzcc5 [2015-07-29]
FF HKU\S-1-5-21-894142761-3408750948-2455151004-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\am\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR Profile: C:\Users\am\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\am\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-12]
CHR Extension: (Google Drive) - C:\Users\am\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-12]
CHR Extension: (YouTube) - C:\Users\am\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-12]
CHR Extension: (Google Search) - C:\Users\am\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-12]
CHR Extension: (Avast SafePrice) - C:\Users\am\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-04-17]
CHR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\am\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-07-10]
CHR Extension: (Avast Online Security) - C:\Users\am\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\am\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-13]
CHR Extension: (IDM Integration Module) - C:\Users\am\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-04-13]
CHR Extension: (facetalk: send Facebook voice message on PC) - C:\Users\am\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkfgkeobegndodpppmklnahieknfhaja [2015-05-21]
CHR Extension: (Google Wallet) - C:\Users\am\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-13]
CHR Extension: (Gmail) - C:\Users\am\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-12]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-18]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-04-29] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [91296 2011-04-29] (Atheros Commnucations) [File not signed]
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe [194000 2015-06-27] (Kaspersky Lab ZAO)
R2 Ds3Service; C:\am\software &\hardware\drivers\scp\ScpServer\bin\ScpService.exe [381952 2014-04-03] (Scarlet.Crush Productions) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
S4 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [1021112 2011-03-30] (Sony Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U0 72806174; C:\Windows\System32\drivers\92237254.sys [278216 2015-07-29] (Kaspersky Lab, Yury Parshin)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2015-04-12] (The OpenVPN Project)
R3 BthMtpEnum; C:\Windows\System32\DRIVERS\BthMtpEnum.sys [64512 2009-07-14] (Microsoft Corporation)
S3 cmusbser; C:\Windows\System32\DRIVERS\cmusbser.sys [118144 2008-08-29] (Mobile Connector)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-06-27] (Kaspersky Lab UK Ltd)
S3 DrvAgent64; C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [13824 2015-04-14] (Phoenix Technologies) [File not signed]
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-07-19] (Disc Soft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [64368 2015-06-27] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [159960 2015-06-27] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [225976 2015-06-27] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [850608 2015-06-27] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39280 2015-06-27] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [40304 2015-06-27] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [39280 2015-06-27] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-06-27] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-27] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [85360 2015-06-27] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [190648 2015-06-27] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-04-09] (NVIDIA Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [788696 2014-12-23] (Realsil Semiconductor Corporation)
U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [376024 2014-12-26] (Realsil Semiconductor Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\92237254.sys 4F2C32C8BBF976D23302F1A9C4FA3C51
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys D5B031C308A409A0A576BFF4CF083D30
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\Apfiltr.sys 12BFA9EC4B03CC16BB7D19BAA308AEF2
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys C130BC4A51B1382B2BE8E44579EC4C0A
C:\Windows\System32\DRIVERS\aswTap.sys E4ABC023E251D2BB6B98C9FCAF5CF16D
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\btath_flt.sys 50F257E19554421B6891E3F998EDCA90
C:\Windows\System32\DRIVERS\athrx.sys 56503F66C23DABCB61D3B9771E547642
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\drivers\btath_a2dp.sys B3BCD755FA9A359D10208CC9F09847CC
C:\Windows\System32\drivers\btath_avdt.sys 9BBBA9D6DBDEFC8A6542BC7A6EBAF710
C:\Windows\System32\DRIVERS\btath_bus.sys D838DD1BCB328EFCFAD7A52DE9E3CAFD
C:\Windows\System32\DRIVERS\btath_hcrp.sys A441B800E04CF8443FAF519207563ABB
C:\Windows\System32\DRIVERS\btath_lwflt.sys B16F8429A35BBA2A8EF9DB2E08675B97
C:\Windows\System32\DRIVERS\btath_rcp.sys C24231C6BDFE21735930084A22089AAB
C:\Windows\System32\DRIVERS\btfilter.sys 3632FA4C6B3CE9EC827690DEAC266D8C
C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\System32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BthMtpEnum.sys BDAD7CA91F370E588ECC8C67B694300C
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 64C198198501F7560EE41D8D1EFA7952
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cmusbser.sys 779F499D7791F65F6A5BA97C5D2627C8
C:\Windows\System32\DRIVERS\cm_km_w.sys 429B31D047CFAD3CA5DD38120A2CE455
C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit
C:\Windows\System32\drivers\CHDRT64.sys 61F989B3E4C097DE52330BA00FCBCB67
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS FE71C99A5830F94D77A8792741D6E6C7
C:\Windows\System32\DRIVERS\dtlitescsibus.sys 496C3C6BC3D930D0960C9E75AA30F4A7
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\e1y60x64.sys 50AD8FC1DC800FF36087994C8F7FDFF2
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStor.sys F7CE9BE72EDAC499B713ECA6DAE5D26F
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\idmwfp.sys BA9DA7F5186967802C36CB44DCF5C5FA
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kl1.sys 5781DA0CFB8833F5D8AEB433233C7294
C:\Windows\System32\DRIVERS\kldisk.sys EE7A44540B65B6FF617DCB8929C9FDAE
C:\Windows\System32\DRIVERS\klflt.sys 119FC2FA9972458FF15BC17F2C36AB99
C:\Windows\System32\DRIVERS\klhk.sys B96959CDDDEAE40F5B57C52AC6F94EC0
C:\Windows\System32\DRIVERS\klif.sys BEC7B9DE0AAFB871DE40F24C42744B00
C:\Windows\System32\DRIVERS\klim6.sys 3B360AA2710679C71E450745B96A801C
C:\Windows\System32\DRIVERS\klkbdflt.sys 7DBA65D9D2974298B927287904EFF3D4
C:\Windows\System32\DRIVERS\klmouflt.sys 99EA6658E783A8D683BC3B72FD9FD235
C:\Windows\System32\DRIVERS\klpd.sys B33399BCA2034648520E34987CE2C0C9
C:\Windows\System32\DRIVERS\kltdi.sys B36DEE2A91F9388C4D3ED744592DE81D
C:\Windows\System32\DRIVERS\klwtp.sys 88D5EF6EE17C280167D42B53282AB4BD
C:\Windows\System32\DRIVERS\kneps.sys 1AAA539F0F16716466596C37599C7AF2
C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys A8D28D5B3E2A528D1EF0E338E44F2820
C:\Windows\system32\drivers\mwac.sys AE757332EA130E94E646621CC695B52A
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\ccdcmbx64.sys 1381E95D4E0F94F22DD484B5F8C1D61D
C:\Windows\System32\drivers\ccdcmbox64.sys 205510CDB7B6084BF31760B5D06F9242
C:\Windows\System32\drivers\nmwcdnsucx64.sys 5B6203B2F4B3727A0AEB8DA44545E64E
C:\Windows\System32\drivers\nmwcdnsux64.sys 93CC935F10D17A7AAAA8FC9E5AC7AF6A
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys A2F74975097F52A00745F9637451FDD8
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvhda64v.sys 7E4355930B28C2798D9F09AB9F81151F
C:\Windows\System32\DRIVERS\nvlddmkm.sys 7C28BA74B766F3470128107DA764F711
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\System32\drivers\nvvad64v.sys DBFE7B2DF103F74AE51840B3C5F25FE9
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pccsmcfdx64.sys 3FDE033DFB0D07F8B7D5C9A3044AA121
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\RtsPStor.sys E42C28EA74EF0F5CCBB4785CC056440F
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys DCF7221D6588EDA8CD77CB27AE9B1844
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ScpVBus.sys 0447065A6E10774EFCECFDD0EB970A79
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SFEP.sys 286D3889E6AB5589646FF8A63CB928AE
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Sftfslh.sys D5183ED285D2795491DC15BDDCBEE5AD
C:\Windows\System32\DRIVERS\Sftplaylh.sys 00F118B68C50D2206DD51634F9142B83
C:\Windows\System32\DRIVERS\Sftredirlh.sys 76A827DF5640BFE16A0CDBB4108ADECA
C:\Windows\System32\DRIVERS\Sftvollh.sys 1B4C9701645086BAB8CAFFFCE30ED284
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys FC62769E7BFF2896035AEED399108162
C:\Windows\System32\DRIVERS\tcpip.sys FC62769E7BFF2896035AEED399108162
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys 311C90F0767A63000AC35DD0A7078A30
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbser.sys 4ACEE387FA8FD39F83564FCD2FC234F2
C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys C03DA998E412D69D18DD11D835229AF0
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\xusb21.sys 2C6BC21B2D5B58D8B1D638C1704CB494

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-29 02:11 - 2015-07-29 02:12 - 00000000 ____D C:\Users\am\Documents\127
2015-07-29 02:03 - 2015-07-29 02:03 - 00278216 _____ (Kaspersky Lab, Yury Parshin) C:\Windows\system32\Drivers\92237254.sys
2015-07-29 02:03 - 2015-07-29 02:03 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-07-29 01:52 - 2015-07-29 01:52 - 00000000 ___RD C:\Users\am\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-07-29 01:35 - 2015-07-29 02:15 - 00000000 ____D C:\FRST
2015-07-29 01:01 - 2015-07-29 01:01 - 00001107 _____ C:\Users\am\Desktop\JRT.txt
2015-07-29 00:48 - 2015-07-29 00:49 - 00000000 ____D C:\AdwCleaner
2015-07-28 23:36 - 2015-07-28 23:36 - 00001547 _____ C:\Users\am\Desktop\Windows Media Player.lnk
2015-07-28 23:21 - 2015-07-28 23:21 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-07-28 23:19 - 2015-07-28 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2015-07-28 23:19 - 2015-07-28 23:18 - 00002083 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2015-07-28 23:18 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-07-28 23:17 - 2015-07-29 02:06 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-07-28 23:17 - 2015-07-28 23:17 - 00000000 ____D C:\Windows\ELAMBKUP
2015-07-28 23:17 - 2015-07-28 23:17 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-07-28 23:17 - 2015-06-27 22:14 - 00850608 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-07-28 23:17 - 2015-06-27 22:14 - 00225976 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-07-28 23:17 - 2015-06-27 22:14 - 00159960 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-07-28 22:23 - 2015-07-28 22:23 - 00000000 ____D C:\Users\am\AppData\Local\NokiaAccount
2015-07-28 22:04 - 2015-07-29 01:51 - 00000336 _____ C:\Windows\setupact.log
2015-07-28 22:04 - 2015-07-28 23:02 - 00350614 _____ C:\Windows\PFRO.log
2015-07-28 22:04 - 2015-07-28 22:04 - 00000000 _____ C:\Windows\setuperr.log
2015-07-28 21:27 - 2015-07-28 21:27 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-07-28 21:27 - 2015-07-28 21:27 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-28 21:27 - 2015-07-28 21:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-07-28 21:27 - 2015-07-28 21:27 - 00000000 ____D C:\Program Files\CCleaner
2015-07-28 20:55 - 2015-07-28 21:34 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-28 20:55 - 2015-07-28 20:55 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-28 20:55 - 2015-07-28 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-28 20:55 - 2015-07-28 20:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-28 20:55 - 2015-07-28 20:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-28 20:55 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-28 20:55 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-28 20:55 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-28 19:31 - 2015-07-28 20:07 - 00000000 ____D C:\Users\am\Documents\Review
2015-07-28 17:34 - 2015-07-29 02:12 - 00000000 ____D C:\Users\am\Downloads\YY
2015-07-28 00:33 - 2015-07-28 00:33 - 05790115 _____ C:\Users\am\Downloads\Right Hand.m4a
2015-07-27 18:38 - 2015-07-27 18:38 - 02598035 _____ C:\Users\am\Downloads\Sakey, Marcus - [Brilliance 2] - A Better World (2014, Thomas & Mercer, 9781477823941,1477823948).epub
2015-07-24 02:30 - 2015-07-24 02:30 - 00016523 _____ C:\Users\am\AppData\Local\recently-used.xbel
2015-07-23 03:46 - 2015-07-23 03:46 - 00007605 _____ C:\Users\am\AppData\Local\Resmon.ResmonCfg
2015-07-22 23:13 - 2015-07-24 02:30 - 00000000 ____D C:\Users\am\AppData\Roaming\deluge
2015-07-22 23:12 - 2015-07-22 23:12 - 00000979 _____ C:\Users\Public\Desktop\Deluge.lnk
2015-07-22 23:12 - 2015-07-22 23:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2015-07-22 23:11 - 2015-07-22 23:12 - 00000000 ____D C:\Program Files (x86)\Deluge
2015-07-22 13:17 - 2015-07-22 13:17 - 00000000 ____D C:\Users\am\AppData\Local\transmission
2015-07-22 12:56 - 2015-07-22 19:43 - 00000000 ____D C:\Users\am\AppData\Roaming\transmission
2015-07-22 11:59 - 2015-07-22 15:50 - 00000000 ____D C:\Users\am\AppData\Roaming\gtk-2.0
2015-07-21 23:56 - 2015-07-22 11:59 - 00000000 ____D C:\Users\am\AppData\Roaming\Python-Eggs
2015-07-19 18:43 - 2015-07-19 18:43 - 00001075 _____ C:\Users\Public\Desktop\FastStone Capture.lnk
2015-07-19 18:43 - 2015-07-19 18:43 - 00000000 ____D C:\Users\am\AppData\Roaming\FastStone
2015-07-19 18:43 - 2015-07-19 18:43 - 00000000 ____D C:\Users\am\AppData\Local\FastStone
2015-07-19 18:43 - 2015-07-19 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Capture
2015-07-19 18:43 - 2015-07-19 18:43 - 00000000 ____D C:\Program Files (x86)\FastStone Capture
2015-07-19 15:11 - 2015-07-19 15:11 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2015-07-19 15:11 - 2015-07-19 15:11 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-07-19 15:09 - 2013-05-19 08:02 - 00039168 _____ (Scarlet.Crush Productions) C:\Windows\system32\Drivers\ScpVBus.sys
2015-07-19 15:09 - 2013-01-07 15:56 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2015-07-19 15:07 - 2015-07-19 15:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
2015-07-19 15:07 - 2015-07-19 15:07 - 00000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories
2015-07-19 15:06 - 2006-09-28 16:04 - 00091928 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-07-19 15:05 - 2006-09-28 16:04 - 00068888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-07-19 14:53 - 2015-07-19 14:53 - 00000000 ____D C:\Users\am\AppData\Local\Disc_Soft_Ltd
2015-07-19 14:37 - 2015-07-27 17:08 - 00000000 ____D C:\Program Files (x86)\Metal Gear Solid V Ground Zeroes
2015-07-19 14:35 - 2015-07-19 14:35 - 00000000 ____D C:\Program Files (x86)\Disc Soft
2015-07-19 14:34 - 2015-07-28 21:29 - 00000000 ____D C:\Users\am\AppData\Roaming\DAEMON Tools Lite
2015-07-19 14:34 - 2015-07-19 14:34 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-07-19 14:34 - 2015-07-19 14:34 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2015-07-05 02:16 - 2015-07-05 02:16 - 00000038 _____ C:\Users\am\.gtk-bookmarks
2015-07-04 18:14 - 2015-07-28 22:24 - 00000000 ____D C:\Program Files (x86)\Simple Static IP
2015-07-04 18:08 - 2015-07-04 18:11 - 00000000 ____D C:\Users\am\AppData\Roaming\PortForward.com
2015-07-04 18:08 - 2015-07-04 18:11 - 00000000 ____D C:\Users\am\AppData\Roaming\PFStaticIP
2015-07-04 18:07 - 2015-07-04 18:07 - 00000000 ____D C:\Users\am\AppData\Local\Downloaded Installations
2015-07-03 21:48 - 2015-07-26 15:36 - 00000000 ____D C:\Users\am\Documents\Seeding
2015-06-30 17:14 - 2015-07-19 18:00 - 00000000 ____D C:\Users\am\AppData\Roaming\mIRC
2015-06-30 17:14 - 2015-06-30 17:14 - 00000951 _____ C:\Users\Public\Desktop\mIRC.lnk
2015-06-30 17:14 - 2015-06-30 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
2015-06-30 17:14 - 2015-06-30 17:14 - 00000000 ____D C:\Program Files (x86)\mIRC
2015-06-27 22:14 - 2015-06-27 22:14 - 00478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2015-06-27 22:14 - 2015-06-27 22:14 - 00247016 _____ (Kaspersky Lab UK Ltd) C:\Windows\system32\Drivers\cm_km_w.sys
2015-06-27 22:14 - 2015-06-27 22:14 - 00190648 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2015-06-27 22:14 - 2015-06-27 22:14 - 00085360 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwtp.sys
2015-06-27 22:14 - 2015-06-27 22:14 - 00065208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kltdi.sys
2015-06-27 22:14 - 2015-06-27 22:14 - 00064368 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kldisk.sys
2015-06-27 22:14 - 2015-06-27 22:14 - 00040304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2015-06-27 22:14 - 2015-06-27 22:14 - 00039280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klmouflt.sys
2015-06-27 22:14 - 2015-06-27 22:14 - 00039280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys
2015-06-27 22:14 - 2015-06-27 22:14 - 00024944 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klpd.sys
2015-06-21 14:36 - 2015-03-05 11:00 - 04137472 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys
2015-06-18 13:35 - 2015-07-26 14:57 - 00000000 ____D C:\Users\am\Documents\Livres
2015-06-14 15:13 - 2015-06-14 15:13 - 00002759 _____ C:\Users\Public\Desktop\Nedjma Easynet.lnk
2015-06-14 15:13 - 2015-06-14 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HSPA USB Modem
2015-06-14 15:13 - 2015-06-14 15:13 - 00000000 ____D C:\Program Files (x86)\HSPA USB Modem
2015-06-10 21:57 - 2015-06-21 01:08 - 00000000 ____D C:\Users\am\Documents\My Digital Editions
2015-06-10 21:57 - 2015-06-11 23:37 - 00002178 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 4.0.lnk
2015-06-10 21:57 - 2015-06-11 23:37 - 00002166 _____ C:\Users\Public\Desktop\Adobe Digital Editions 4.0.lnk
2015-06-10 21:57 - 2015-06-10 21:57 - 00000000 ____D C:\Users\am\AppData\Local\Adobe_Systems_Incorporate
2015-06-10 21:57 - 2015-06-10 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2015-06-08 18:12 - 2015-06-08 18:12 - 00000000 ____D C:\Users\am\AppData\Roaming\driveridentifier
2015-06-08 15:16 - 2015-06-08 15:16 - 00000907 _____ C:\Users\am\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
2015-06-08 15:16 - 2015-06-08 15:16 - 00000000 ____D C:\Users\am\AppData\Roaming\MediaInfo
2015-06-08 15:16 - 2015-06-08 15:16 - 00000000 ____D C:\Program Files\MediaInfo
2015-05-23 19:02 - 2015-05-23 19:02 - 00000000 ____D C:\Users\am\Tracing
2015-05-23 19:01 - 2015-05-23 19:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-23 19:01 - 2015-05-23 19:01 - 00000000 ____D C:\Users\am\AppData\Local\Skype
2015-05-23 19:01 - 2015-05-23 19:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-23 15:02 - 2015-07-28 21:28 - 00000000 ____D C:\Windows\Minidump
2015-05-22 14:10 - 2015-05-22 14:13 - 00000000 ____D C:\Program Files (x86)\Google Books Downloader
2015-05-20 13:55 - 2015-05-20 13:55 - 00197616 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2015-05-13 20:00 - 2015-05-13 20:00 - 00000000 ____D C:\Users\am\AppData\Local\Microsoft Help
2015-05-13 20:00 - 2015-05-13 20:00 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-11 18:42 - 2015-05-23 19:48 - 00000000 ____D C:\Users\am\AppData\Roaming\Skype
2015-05-08 14:28 - 2015-05-08 15:06 - 00000000 ____D C:\Users\am\AppData\Local\http___www.julien-manici
2015-05-05 15:42 - 2015-05-05 15:42 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2015-05-05 15:28 - 2015-07-14 02:43 - 00000000 ____D C:\Users\am\Documents\Nokia Suite
2015-05-05 15:28 - 2015-05-05 15:28 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
2015-05-05 15:27 - 2015-05-05 19:48 - 00000000 ____D C:\ProgramData\PC Suite
2015-05-05 15:27 - 2015-05-05 15:28 - 00000000 ____D C:\Users\am\AppData\Roaming\PC Suite
2015-05-05 15:27 - 2015-05-05 15:27 - 00000000 ____D C:\Users\am\AppData\Local\Nokia
2015-05-05 15:26 - 2015-07-28 22:23 - 00000000 ____D C:\ProgramData\Nokia
2015-05-05 15:25 - 2015-05-05 15:25 - 00000000 ____D C:\Program Files\DIFX
2015-05-05 15:25 - 2015-05-05 15:25 - 00000000 ____D C:\Program Files (x86)\PC Connectivity Solution
2015-05-05 15:25 - 2013-01-23 10:31 - 00057856 _____ (Nokia) C:\Windows\system32\nmwcdclsX64.dll
2015-05-05 15:25 - 2012-10-17 14:53 - 00026112 _____ (Nokia) C:\Windows\system32\Drivers\pccsmcfdx64.sys
2015-05-05 15:24 - 2015-07-28 22:23 - 00000000 ____D C:\Program Files (x86)\Nokia
2015-05-05 15:24 - 2015-05-05 15:24 - 00000000 ____D C:\ProgramData\NokiaInstallerCache
2015-05-05 14:40 - 2015-05-05 14:41 - 00000000 ____D C:\Users\am\AppData\Roaming\npm
2015-05-05 14:40 - 2015-05-05 14:40 - 00000000 ____D C:\Users\am\AppData\Roaming\npm-cache
2015-05-01 18:46 - 2015-05-01 18:46 - 00000000 ____D C:\Users\am\AppData\Roaming\ArcSoft
2015-05-01 18:46 - 2015-05-01 18:46 - 00000000 ____D C:\Users\am\AppData\Local\ArcSoft
2015-04-30 23:18 - 2015-04-30 23:18 - 00007168 _____ C:\Windows\SysWOW64\WebFilterInstallerHelper.exe
2015-04-30 23:18 - 2015-04-30 23:18 - 00007168 _____ C:\Windows\SysWOW64\RemoveProxySettings.exe
2015-04-30 21:31 - 2015-04-30 21:31 - 00031744 _____ C:\Windows\SysWOW64\WebFilter.exe

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-29 02:13 - 2015-04-12 21:52 - 00000844 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-29 02:01 - 2009-07-14 05:45 - 00020992 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-29 02:01 - 2009-07-14 05:45 - 00020992 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-29 01:57 - 2015-04-12 21:05 - 00736896 _____ C:\Windows\system32\perfh00C.dat
2015-07-29 01:57 - 2015-04-12 21:05 - 00149094 _____ C:\Windows\system32\perfc00C.dat
2015-07-29 01:57 - 2015-04-12 20:11 - 01473742 _____ C:\Windows\WindowsUpdate.log
2015-07-29 01:57 - 2009-07-14 06:13 - 01666802 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-29 01:52 - 2015-04-12 21:52 - 00000840 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-29 01:51 - 2015-04-12 20:28 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-29 01:51 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-29 01:43 - 2015-04-12 21:24 - 00000000 ____D C:\Users\am\Documents\Bluetooth Folder
2015-07-29 00:39 - 2015-04-13 18:01 - 00000000 ____D C:\Users\am\AppData\Roaming\vlc
2015-07-28 23:33 - 2015-04-12 22:14 - 00000000 ____D C:\Users\am\Downloads\Compressed
2015-07-28 23:02 - 2015-04-12 21:42 - 00000000 ____D C:\ProgramData\AVAST Software
2015-07-28 23:01 - 2015-04-12 22:14 - 00000000 ____D C:\Users\am\AppData\Roaming\DMCache
2015-07-28 22:52 - 2015-04-12 21:22 - 00000000 ____D C:\Users\am
2015-07-28 22:35 - 2015-04-12 22:14 - 00000000 ____D C:\Users\am\AppData\Roaming\IDM
2015-07-28 22:27 - 2015-04-22 18:54 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-28 21:28 - 2015-04-12 21:31 - 00000000 ____D C:\Users\am\AppData\Local\CrashDumps
2015-07-28 21:28 - 2011-02-10 23:48 - 00000000 ____D C:\Windows\Panther
2015-07-28 21:24 - 2015-04-12 21:55 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-28 21:24 - 2015-04-12 21:36 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-28 14:42 - 2015-04-13 09:57 - 00000000 ____D C:\Users\am\Documents\Sea
2015-07-26 14:55 - 2015-04-12 22:14 - 00000000 ____D C:\Users\am\Downloads\Video
2015-07-25 16:31 - 2015-04-22 19:47 - 00000000 ____D C:\Users\am\AppData\Roaming\Apple Computer
2015-07-25 16:29 - 2015-04-22 19:45 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-22 12:39 - 2015-04-13 09:12 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-22 02:06 - 2015-04-12 21:31 - 00000000 ____D C:\Users\am\AppData\Roaming\SoftGrid Client
2015-07-19 19:12 - 2015-04-12 22:01 - 00000000 ____D C:\Users\am\AppData\Local\Adobe
2015-07-17 21:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-15 21:08 - 2015-04-12 21:52 - 00003840 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 21:08 - 2015-04-12 21:52 - 00003588 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 01:52 - 2015-04-12 22:03 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 01:52 - 2015-04-12 22:03 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-07 14:15 - 2015-04-12 21:24 - 00000000 ____D C:\Users\am\AppData\Roaming\Atheros
2015-07-07 14:08 - 2015-04-12 22:14 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2015-07-06 13:11 - 2015-04-12 22:14 - 00001009 _____ C:\Users\am\Desktop\Internet Download Manager.lnk
2015-07-05 12:43 - 2015-04-12 21:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-03 22:21 - 2015-04-26 21:35 - 00000000 ____D C:\Users\am\Downloads\Subs
2015-07-01 17:30 - 2015-04-12 20:32 - 00000000 ____D C:\ProgramData\McAfee
2015-06-30 19:54 - 2015-04-14 19:08 - 00003920 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DE9A0B2F-A4F7-4097-8E98-6C540F4E683F}

==================== Files in the root of some directories =======

2015-07-24 02:30 - 2015-07-24 02:30 - 0016523 _____ () C:\Users\am\AppData\Local\recently-used.xbel
2015-07-23 03:46 - 2015-07-23 03:46 - 0007605 _____ () C:\Users\am\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\am\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\am\AppData\Local\Temp\Quarantine.exe
C:\Users\am\AppData\Local\Temp\sqlite3.dll
C:\Users\am\AppData\Local\Temp\{8D691D1F-85A4-4CDF-BDBE-74DD1297C73A}.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Gestionnaire de d‚marrage Windows
---------------------------------
identificateur          {bootmgr}
device                  partition=\Device\HarddiskVolume2
description             Windows Boot Manager
locale                  fr-FR
inherit                 {globalsettings}
default                 {current}
resumeobject            {5523187c-e14f-11e4-bb38-e2a55eb15b3e}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Chargeur de d‚marrage Windows
-----------------------------
identificateur          {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  fr-FR
inherit                 {bootloadersettings}
recoverysequence        {5523187e-e14f-11e4-bb38-e2a55eb15b3e}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {5523187c-e14f-11e4-bb38-e2a55eb15b3e}
nx                      OptIn

Chargeur de d‚marrage Windows
-----------------------------
identificateur          {5523187e-e14f-11e4-bb38-e2a55eb15b3e}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{5523187f-e14f-11e4-bb38-e2a55eb15b3e}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{5523187f-e14f-11e4-bb38-e2a55eb15b3e}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Reprendre … partir de la mise en veille prolong‚e
-------------------------------------------------
identificateur          {5523187c-e14f-11e4-bb38-e2a55eb15b3e}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  fr-FR
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Testeur de m‚moire Windows
--------------------------
identificateur          {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \boot\memtest.exe
description             Diagnostics m‚moire Windows
locale                  fr-FR
inherit                 {globalsettings}
badmemoryaccess         Yes

Paramٹtres EMS
--------------
identificateur          {emssettings}
bootems                 Yes

Paramٹtres du d‚bogueur
-----------------------
identificateur          {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

Erreurs de m‚moire RAM
----------------------
identificateur          {badmemory}

Paramٹtres globaux
------------------
identificateur          {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Paramٹtres du chargeur de d‚marrage
-----------------------------------
identificateur          {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Paramٹtres de l?hyperviseur
-------------------
identificateur          {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Paramٹtres du chargeur de reprise
---------------------------------
identificateur          {resumeloadersettings}
inherit                 {globalsettings}

Options de p‚riph‚rique
-----------------------
identificateur          {5523187f-e14f-11e4-bb38-e2a55eb15b3e}
description             Ramdisk Options
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi



LastRegBack: 2015-07-23 03:38

==================== End of log ============================
 


Edited by Yimmy, 28 July 2015 - 08:36 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:28 PM

Posted 31 July 2015 - 08:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\RunOnce: [{8D691D1F-85A4-4CDF-BDBE-74DD1297C73A}] => cmd.exe /C start /D "C:\Users\am\AppData\Local\Temp" /B {8D691D1F-85A4-4CDF-BDBE-74DD1297C73A}.exe -accepteula -accepteulaksn -postboot
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ProxyEnable: [S-1-5-21-894142761-3408750948-2455151004-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-894142761-3408750948-2455151004-1000] => 127.0.0.1:18080
RemoveProxy:
SearchScopes: HKU\S-1-5-21-894142761-3408750948-2455151004-1000 -> {E705AD88-9764-4B5A-A1DE-05E8E83FAD74} URL = http://services.zinio.com/search?s={searchTerms}&rf=sonyslices
CHR Extension: (Avast SafePrice) - C:\Users\am\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-04-17]
CHR Extension: (Avast Online Security) - C:\Users\am\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-13]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Any remaining issues with this computer?

#3 Yimmy

Yimmy
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 31 July 2015 - 05:07 PM

Hello, I am so sorry for the inconvenience, two hours after I posted this thread I ran another scan of Malwarebytes, and it fixed the problem after reboot, I have no idea how it did not catch it the first time!

 

 

 

Thanks again :)



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:28 PM

Posted 01 August 2015 - 08:19 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users