Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015 Ran by didier (administrator) on DIDIER-PC (29-07-2015 11:01:24) Running from C:\Users\didier\Desktop Loaded Profiles: didier (Available Profiles: didier) Platform: Windows Seven Black Edition (X64) Language: Anglais (États-Unis) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe (DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe (CybelSoft) C:\Program Files\ma-config.com\MaConfigAgent.exe (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe (Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Winstep Software Technologies) C:\Program Files (x86)\Winstep\WsxService.exe (ZONER software) C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (Winstep Software Technologies) C:\Program Files (x86)\Winstep\Nexus.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Microsoft Corporation) C:\Program Files (x86)\Spider\SPIDER.EXE (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation) HKU\S-1-5-21-1213663097-2095945224-2768148156-1000\...\Run: [Nexus] => C:\Program Files (x86)\Winstep\Nexus.exe [17016960 2015-07-27] (Winstep Software Technologies) HKU\S-1-5-21-1213663097-2095945224-2768148156-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [833240 2014-12-23] (ZONER software) ShellIconOverlayIdentifiers: [0GenieTimeLine-BackedUp] -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => No File ShellIconOverlayIdentifiers: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => No File ShellIconOverlayIdentifiers: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => No File ShellIconOverlayIdentifiers: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => No File ShellIconOverlayIdentifiers: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => No File ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll [2014-07-10] (Kaspersky Lab ZAO) ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-BackedUp] -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => No File ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => No File ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => No File ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => No File ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => No File ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll [2014-07-10] (Kaspersky Lab ZAO) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://google.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1213663097-2095945224-2768148156-1000 -> ${searchCLSID} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-07-10] (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-07-10] (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-15] (Oracle Corporation) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-12-05] (Qualcomm Atheros Commnucations) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-07-10] (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-15] (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-07-10] (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-07-10] (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-07-10] (Kaspersky Lab ZAO) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-12-05] (Qualcomm Atheros Commnucations) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-07-10] (Kaspersky Lab ZAO) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-07-10] (Kaspersky Lab ZAO) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-03-02] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\syswow64\urlmon.dll [2013-03-02] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-03-02] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\syswow64\urlmon.dll [2013-03-02] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 89.2.0.1 89.2.0.2 Tcpip\..\Interfaces\{77F05688-90C8-49F9-82C4-7C0CC7BE9E81}: [DhcpNameServer] 89.2.0.1 89.2.0.2 FireFox: ======== FF ProfilePath: C:\Users\didier\AppData\Roaming\Mozilla\Firefox\Profiles\t9rua9qw.default-1345636537553 FF SelectedSearchEngine: Startpage (SSL) FF Homepage: https://start.mozilla.org/en-US/ FF NetworkProxy: "no_proxies_on", "localhost,10.*,127.*,192.168.*,proxylists.me,*.proxylists.me" FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] () FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-15] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-15] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-03-30] (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.) FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-11-26] (Nullsoft, Inc.) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-05-20] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-05-20] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-10] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF SearchPlugin: C:\Users\didier\AppData\Roaming\Mozilla\Firefox\Profiles\t9rua9qw.default-1345636537553\searchplugins\duckduckgo.xml [2013-06-27] FF SearchPlugin: C:\Users\didier\AppData\Roaming\Mozilla\Firefox\Profiles\t9rua9qw.default-1345636537553\searchplugins\firefox-modules.xml [2015-01-27] FF Extension: No Name - C:\Users\didier\AppData\Roaming\Mozilla\Firefox\Profiles\xnaptehg.default\Extensions\firefox@ghostery.com [2012-08-20] FF Extension: No Name - C:\Users\didier\AppData\Roaming\Mozilla\Firefox\Profiles\xnaptehg.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012-08-20] FF Extension: Xmarks - C:\Users\didier\AppData\Roaming\Mozilla\Firefox\Profiles\t9rua9qw.default-1345636537553\Extensions\foxmarks@kei.com [2015-05-31] FF Extension: HTTPS-Everywhere - C:\Users\didier\AppData\Roaming\Mozilla\Firefox\Profiles\t9rua9qw.default-1345636537553\Extensions\https-everywhere@eff.org [2015-07-19] FF Extension: Clippings - C:\Users\didier\AppData\Roaming\Mozilla\Firefox\Profiles\t9rua9qw.default-1345636537553\Extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271} [2015-05-31] FF Extension: WOT - C:\Users\didier\AppData\Roaming\Mozilla\Firefox\Profiles\t9rua9qw.default-1345636537553\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-10] FF Extension: Anonymouse.org - C:\Users\didier\AppData\Roaming\Mozilla\Firefox\Profiles\t9rua9qw.default-1345636537553\Extensions\arpit3@techraga.in.xpi [2013-06-27] FF Extension: anonymoX - C:\Users\didier\AppData\Roaming\Mozilla\Firefox\Profiles\t9rua9qw.default-1345636537553\Extensions\client@anonymox.net.xpi [2012-08-22] FF Extension: Ghostery - C:\Users\didier\AppData\Roaming\Mozilla\Firefox\Profiles\t9rua9qw.default-1345636537553\Extensions\firefox@ghostery.com.xpi [2015-05-03] FF Extension: MEGA - C:\Users\didier\AppData\Roaming\Mozilla\Firefox\Profiles\t9rua9qw.default-1345636537553\Extensions\firefox@mega.co.nz.xpi [2015-05-10] FF Extension: ZenMate Security & Privacy VPN - C:\Users\didier\AppData\Roaming\Mozilla\Firefox\Profiles\t9rua9qw.default-1345636537553\Extensions\firefox@zenmate.com.xpi [2015-04-16] FF Extension: IPFlood - C:\Users\didier\AppData\Roaming\Mozilla\Firefox\Profiles\t9rua9qw.default-1345636537553\Extensions\ipfuck@p4ul.info.xpi [2013-03-28] FF Extension: Lightbeam - C:\Users\didier\AppData\Roaming\Mozilla\Firefox\Profiles\t9rua9qw.default-1345636537553\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2015-01-21] FF Extension: Français Language Pack - C:\Users\didier\AppData\Roaming\Mozilla\Firefox\Profiles\t9rua9qw.default-1345636537553\Extensions\langpack-fr@firefox.mozilla.org.xpi [2012-12-28] FF Extension: Personas Plus - C:\Users\didier\AppData\Roaming\Mozilla\Firefox\Profiles\t9rua9qw.default-1345636537553\Extensions\personas@christopher.beard.xpi [2012-08-22] FF Extension: Proxy List - C:\Users\didier\AppData\Roaming\Mozilla\Firefox\Profiles\t9rua9qw.default-1345636537553\Extensions\proxylist@proxylists.me.xpi [2015-03-10] FF Extension: S3.Google Translator - C:\Users\didier\AppData\Roaming\Mozilla\Firefox\Profiles\t9rua9qw.default-1345636537553\Extensions\s3google@translator.xpi [2015-07-26] FF Extension: Tempomail - C:\Users\didier\AppData\Roaming\Mozilla\Firefox\Profiles\t9rua9qw.default-1345636537553\Extensions\tempomail@ingetic..maxime.robache.xpi [2013-02-09] FF Extension: Google Translator for Firefox - C:\Users\didier\AppData\Roaming\Mozilla\Firefox\Profiles\t9rua9qw.default-1345636537553\Extensions\translator@zoli.bod.xpi [2013-01-06] FF Extension: Yet Another Smooth Scrolling - C:\Users\didier\AppData\Roaming\Mozilla\Firefox\Profiles\t9rua9qw.default-1345636537553\Extensions\yetanothersmoothscrolling@kataho.xpi [2012-12-02] FF Extension: Flagfox - C:\Users\didier\AppData\Roaming\Mozilla\Firefox\Profiles\t9rua9qw.default-1345636537553\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-04-30] FF Extension: YouTube High Definition - C:\Users\didier\AppData\Roaming\Mozilla\Firefox\Profiles\t9rua9qw.default-1345636537553\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-11-25] FF Extension: Video DownloadHelper - C:\Users\didier\AppData\Roaming\Mozilla\Firefox\Profiles\t9rua9qw.default-1345636537553\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14] FF Extension: Adblock Plus - C:\Users\didier\AppData\Roaming\Mozilla\Firefox\Profiles\t9rua9qw.default-1345636537553\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-20] FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-07-10] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-07-10] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-07-10] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-07-10] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-07-10] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11] CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11] CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231552 2012-12-05] (Qualcomm Atheros Commnucations) [File not signed] R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO) R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch) R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2014-11-25] () [File not signed] R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 2011-05-31] (DTS) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] R2 MaConfigAgent; C:\Program Files\ma-config.com\MaConfigAgent.exe [2820424 2014-06-24] (CybelSoft) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3446224 2015-02-23] (Paramount Software UK Ltd) S4 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [182848 2013-06-19] (Soluto) S4 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1671680 2013-06-19] (GlavSoft LLC.) [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH) R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-18] (Microsoft Corporation) [File not signed] S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X] R2 Winstep Xtreme Service; C:\Program Files (x86)\Winstep\WsxService [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] () R3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [38160 2007-05-11] (IVT Corporation.) R3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [38160 2007-05-11] (IVT Corporation.) R3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [37648 2007-03-05] (IVT Corporation.) R3 BlueletSCOAudio; C:\Windows\SysWOW64\DRIVERS\BlueletSCOAudio.sys [37648 2007-03-05] (IVT Corporation.) R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [25360 2007-03-05] (IVT Corporation.) R3 BT; C:\Windows\SysWOW64\DRIVERS\btnetdrv.sys [25360 2007-03-05] (IVT Corporation.) S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2012-12-05] (Qualcomm Atheros) S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [44688 2007-05-09] (IVT Corporation.) S3 Btcsrusb; C:\Windows\SysWOW64\Drivers\btcusb.sys [44688 2007-05-09] (IVT Corporation.) R0 BTHidEnum; C:\Windows\System32\Drivers\vbtenum.sys [24976 2007-03-05] (IVT Corporation.) R0 BTHidEnum; C:\Windows\SysWOW64\Drivers\vbtenum.sys [24976 2007-03-05] (IVT Corporation.) R0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [49680 2007-03-05] (IVT Corporation.) R0 BTHidMgr; C:\Windows\SysWOW64\Drivers\BTHidMgr.sys [49680 2007-03-05] (IVT Corporation.) R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch) R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch) S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2015-04-02] (Digiarty Software, Inc.) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed] S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed] S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed] S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed] S3 FreshIO; C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys [2410 2004-10-26] () [File not signed] S3 gpslc64; C:\Windows\System32\Drivers\gpslc64.sys [102624 2010-03-10] (Mobile Action Technology Inc.) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-21] (Intel Corporation) S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-07-10] (Kaspersky Lab ZAO) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-07-10] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628288 2014-07-10] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-07-10] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177864 2015-02-18] (Kaspersky Lab ZAO) S3 ma-config_amd64; C:\Program Files\ma-config.com\Drivers\ma-config_amd64.sys [17568 2014-02-24] (CybelSoft) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) S3 RTL8187B; C:\Windows\System32\DRIVERS\rtl8187B.sys [450048 2010-03-31] (Realtek Semiconductor Corporation ) R0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [1455648 2014-05-07] (Acronis) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () S3 utm4mju4; C:\Windows\SysWOW64\Drivers\utm4mju4.sys [7168 2015-06-20] () [File not signed] S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [113936 2013-12-18] (Oracle Corporation) R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [47120 2007-03-05] (IVT Corporation.) R3 VComm; C:\Windows\SysWOW64\DRIVERS\VComm.sys [47120 2007-03-05] (IVT Corporation.) R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [63248 2007-03-05] (IVT Corporation.) R3 VcommMgr; C:\Windows\SysWOW64\Drivers\VcommMgr.sys [63248 2007-03-05] (IVT Corporation.) R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.) R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.) S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X] S3 LgBttPort; system32\DRIVERS\lgbtpt64.sys [X] S3 lgbusenum; system32\DRIVERS\lgbtbs64.sys [X] S3 LGVMODEM; system32\DRIVERS\lgvmdm64.sys [X] S3 MSICDSetup; \??\F:\CDriver64.sys [X] S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X] U2 SBKUPNT; No ImagePath U2 TwoToXDfrgSrvc; No ImagePath S3 usbbus; system32\DRIVERS\lgx64bus.sys [X] S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X] S3 USBModem; system32\DRIVERS\lgx64modem.sys [X] ========================== Drivers MD5 ======================= C:\Windows\System32\DRIVERS\1394ohci.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\afcdp.sys 3426A6EAA09077F3AB946FB9CEB85D8E C:\Windows\system32\drivers\afd.sys DB9D6C6B2CD95A9CA414D045B627422E C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdsata.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\amdxata.sys ==> MD5 is legit C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit C:\Windows\SysWow64\drivers\AsIO.sys A82C01606DC27D05D9D3BFB6BB807E32 C:\Windows\SysWow64\drivers\AsUpIO.sys 26D66E32E78D3059715B3A17BC679CD9 C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\btath_flt.sys AFF895D6FFA43B058ABFF27964083BBC C:\Windows\System32\Drivers\AthDfu.sys 4ECC791539F23982411864037D1AC8FC C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blueletaudio.sys 44582F5543FD48AFBE20E9D9287DB0C0 C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys 44582F5543FD48AFBE20E9D9287DB0C0 C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys 7E40DFB0CB6DD07EB63CF6F8C67C0962 C:\Windows\SysWOW64\DRIVERS\BlueletSCOAudio.sys 7E40DFB0CB6DD07EB63CF6F8C67C0962 C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\btnetdrv.sys 0F890E854FCBE98F4574ACC6423FCCEF C:\Windows\SysWOW64\DRIVERS\btnetdrv.sys 0F890E854FCBE98F4574ACC6423FCCEF C:\Windows\System32\drivers\btath_a2dp.sys 71EAE55AB4E8195E254C34DC2E13A15F C:\Windows\System32\drivers\btath_avdt.sys 86F9298BD580818EDFE84306F2681F3F C:\Windows\System32\DRIVERS\btath_bus.sys D5418AF1B9AC86D89C045026EFBD5FB7 C:\Windows\System32\DRIVERS\btath_hcrp.sys DDA454A4D6F88C91ED931E7C7C524015 C:\Windows\System32\DRIVERS\btath_lwflt.sys 785C38070043BEEE9E9D591DE4067244 C:\Windows\System32\DRIVERS\btath_rcp.sys 9B58A32D0C39910361225995FA546776 C:\Windows\System32\Drivers\btcusb.sys E0C1E6B70E0C626B37E643B799E434F3 C:\Windows\SysWOW64\Drivers\btcusb.sys E0C1E6B70E0C626B37E643B799E434F3 C:\Windows\System32\DRIVERS\btfilter.sys 0ECEDE7B33CFD9A52A61220ABBD09A50 C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315 C:\Windows\System32\Drivers\vbtenum.sys E49A371185D5E79C103765DA93856EE1 C:\Windows\SysWOW64\Drivers\vbtenum.sys E49A371185D5E79C103765DA93856EE1 C:\Windows\System32\Drivers\BTHidMgr.sys 8FA060B557C7DE309D2D5C16C3DA2EF6 C:\Windows\SysWOW64\Drivers\BTHidMgr.sys 8FA060B557C7DE309D2D5C16C3DA2EF6 C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF C:\Windows\System32\Drivers\BTHport.sys 21084CEB85280468C9ACA3C805C0F8CF C:\Windows\System32\Drivers\BTHUSB.sys 8504842634DD144C075B6B0C982CCEC4 C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys CA7720B73446FDDEC5C69519C1174C98 C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit C:\Windows\System32\drivers\csc.sys 4A6173C2279B498CD8F57CAE504564CB C:\Windows\System32\DRIVERS\CSCrySec.sys 04199CA5C4A6F6E935906A74EAFCA8E7 C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys 7D7F90460F1309B5205BF8CDFAD63E42 C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ssudbus.sys 73BDD44A6088916964945886F9025409 C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys 79B9D7643C9E3AD10B89DF8EF0A9D2FE C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\E1G6032E.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit C:\Windows\system32\epmntdrv.sys 9EAFB3B3B60B8AD958985152A9309ACA C:\Windows\SysWOW64\epmntdrv.sys 539CA34FBC74EC366A0D751028C32A08 C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit C:\Windows\system32\EuGdiDrv.sys FB949ED2C93C878A189039F3D7730942 C:\Windows\SysWOW64\EuGdiDrv.sys 1F2F4AB15CE03ECC257FEB2F6DC5A013 C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys CAAC750E6D27866C28494E0DE9FA802A C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys D3E3F93D67821A2DB2B3D9FAC2DC2064 C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit C:\Windows\System32\Drivers\gpslc64.sys 4DC6018BA975A1E4AC2121F0BD1EA894 C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\iaStor.sys D7921D5A870B11CC1ADAB198A519D50A C:\Windows\System32\DRIVERS\iaStorA.sys 25555186E4FBDF0E30A5DBFC9B9A73F9 C:\Windows\System32\DRIVERS\iaStorF.sys 10E79E366FA255318F5D1D0ED07F947D C:\Windows\system32\DRIVERS\iaStorV.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys CAA8BC6737DFA3BF1A50175CFB226788 C:\Windows\System32\drivers\RTKVHD64.sys 11A077B747F198441190D0F6E276EEC4 C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ivusb.sys BD5BF20EC242E003A2F570B8754A56D1 C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kl1.sys 795EC29BA21F1D948FD6FD740C00B599 C:\Windows\System32\DRIVERS\klif.sys 70D959CB6DC1F2AC6AFF3AC20891939D C:\Windows\System32\DRIVERS\klim6.sys 31B69BFF28348503E4BD10C2A4F66D05 C:\Windows\System32\DRIVERS\klkbdflt.sys AEB50941C6D67128B14F88DB9917C4E0 C:\Windows\System32\DRIVERS\klmouflt.sys 72CF64FBF38CD681FA7F37176047E967 C:\Windows\System32\DRIVERS\kltdi.sys 45ECF097BC6330C2054D7D43B7AD822B C:\Windows\System32\DRIVERS\KMWDFILTER.sys 07071C1E3CD8F0F9114AAC8B072CA1E5 C:\Windows\System32\DRIVERS\kneps.sys 0E71FAED99892750DFE1C5237A6F8FE6 C:\Windows\System32\Drivers\ksecdd.sys 4F4B5FDE429416877DE7143044582EB5 C:\Windows\System32\Drivers\ksecpkg.sys 6F40465A44ECDC1731BEFAFEC5BDD03C C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Program Files\ma-config.com\Drivers\ma-config_amd64.sys 6A7970E5DEE9DE6E8C4C08856B31C099 C:\Windows\system32\drivers\mbam.sys A8D28D5B3E2A528D1EF0E338E44F2820 C:\Windows\system32\drivers\mwac.sys AE757332EA130E94E646621CC695B52A C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567 C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mrxsmb.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mrxsmb10.sys F0067552F8F9B33D7C59403AB808A3CB C:\Windows\System32\DRIVERS\mrxsmb20.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\msahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mv91xx.sys 38B4C95E821528FB91DF16A78E04450F C:\Windows\System32\DRIVERS\mvs91xx.sys E99B9E4DEFCEE9BCED670BAA302C09A0 C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit C:\Windows\System32\drivers\npf.sys DE7FCC77F4A503AF4CA6A47D49B3713D C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys 9A6089B056EA1B83B36424FC9D0A300E C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nusb3hub.sys B01C1E6D7477961D6D1CBDCD44AF3E67 C:\Windows\System32\DRIVERS\nusb3xhc.sys 796BAE22DD827DB8AD7AE7C3F775E92F C:\Windows\System32\drivers\nvhda64v.sys E366A5681C50785D4ED04FCFD65C3415 C:\Windows\System32\DRIVERS\nvlddmkm.sys 0AC797F70F2F3E5B69A34FF2F63496F3 C:\Windows\system32\DRIVERS\nvraid.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\nvstor.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys 90061B1ACFE8CCAA5345750FFE08D8B8 C:\Windows\System32\DRIVERS\pci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\pciide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpdr.sys 9706B84DBABFC4B4CA46C5A82B14DFA3 C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\Drivers\RDPWD.sys 447DE7E3DEA39D422C1504F245B668B1 C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932 C:\Windows\System32\DRIVERS\RMCAST.sys 77B3B747EB2413072B8E4306018D0C9B C:\Windows\System32\Drivers\RootMdm.sys 388D3DD1A6457280F3BADBA9F3ACD6B1 C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Rt64win7.sys 46596144363B912105F70016F0E2F908 C:\Windows\System32\DRIVERS\rtl8187B.sys 945AB249D12CBE044782430C6013AA1A C:\Windows\system32\DRIVERS\vms3cap.sys 88AF6E02AB19DF7FD07ECDF9C91E9AF6 C:\Windows\system32\DRIVERS\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\snapman.sys 446EB38CE4A6D040F548B2F547CA96FF C:\Windows\System32\DRIVERS\Soluto.sys F9369327409492097B0BB7CE86BD29DE C:\Windows\SysWOW64\speedfan.sys 0FFE35F0B0CD5A324BBE22F02569AE3B C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv2.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srvnet.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ssudmdm.sys 5252D7BC56E5E0ED715AEA8FE173A455 C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vmstorfl.sys FFD7A6F15B14234B5B0E5D49E7961895 C:\Windows\system32\DRIVERS\storvsc.sys 8FCCBEFC5C440B3C23454656E551B09A C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC C:\Windows\System32\DRIVERS\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tdrpm251.sys DF9179B7BDF0C5B71F9C3D93C016BAE5 C:\Windows\System32\drivers\tdtcp.sys 7518F7BCFD4B308ABC9192BACAF6C970 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit C:\Windows\SysWOW64\Drivers\TFsExDisk.sys CE4B6956E4E12492715A53076E58761F C:\Windows\System32\DRIVERS\timntr.sys F7546EAD58CC3000AC02CF9529B9934E C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit C:\Windows\System32\drivers\usbaudio.sys 77B01BC848298223A95D4EC23E1785A1 C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\usbehci.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\usbohci.sys ==> MD5 is legit C:\Windows\System32\drivers\CM10864.sys 097AB53226AA3C52CBD675CFE2A2B58D C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit C:\Windows\system32\DRIVERS\usbuhci.sys ==> MD5 is legit C:\Windows\System32\Drivers\usbvideo.sys ==> MD5 is legit C:\Windows\SysWOW64\Drivers\utm4mju4.sys 524D8D450622DB4A7875B111C299A76B C:\Windows\System32\DRIVERS\VBoxDrv.sys CA522C5A92FC6E09E46DF753AD50A151 C:\Windows\System32\DRIVERS\VBoxNetAdp.sys 95501429DD47B69BC11E5333EAD89837 C:\Windows\System32\DRIVERS\VBoxNetFlt.sys 6DB91085769F91E4A8ED632B45543A0C C:\Windows\System32\Drivers\VBoxUSB.sys E40ED858DB77EC5D92871B4BF26DE3CA C:\Windows\System32\DRIVERS\VBoxUSBMon.sys A6B84551099C9424F3EC2D7F995E699A C:\Windows\System32\DRIVERS\VComm.sys B9B0A0B9232A51BBDE9F28CA41716D61 C:\Windows\SysWOW64\DRIVERS\VComm.sys B9B0A0B9232A51BBDE9F28CA41716D61 C:\Windows\System32\Drivers\VcommMgr.sys F1B2D9AC422F8B72BF417C8D77C85A3B C:\Windows\SysWOW64\Drivers\VcommMgr.sys F1B2D9AC422F8B72BF417C8D77C85A3B C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\vhdmp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\vmbus.sys 1501699D7EDA984ABC4155A7DA5738D1 C:\Windows\system32\DRIVERS\VMBusHID.sys AE10C35761889E65A6F7176937C5592C C:\Windows\System32\DRIVERS\vmci.sys BE8E5E5D53ACF71D4E8E686B68C99B04 C:\Windows\System32\DRIVERS\vmnetadapter.sys 18AA5F4A3B1204AD00045EE5AD39BCDB C:\Windows\system32\drivers\vmnetuserif.sys 668C12E04D5AB4981864B12494AF907F C:\Windows\system32\drivers\vmx86.sys EBAC38A198308359FD89C10704265E5E C:\Windows\System32\DRIVERS\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys 9E425AC5C9A5A973273D169F43B4F5E1 C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit C:\Windows\System32\drivers\vsock.sys CB4D2E3C5E8BFA3CF6AFFF6DDC6CC70D C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys E7CE8988B98202A5CF429CA358D26CC5 C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\VX1000.sys CE6C085771812D5EE863CC7EF93CAEF2 C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Three Months Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-29 11:01 - 2015-07-29 11:01 - 00047237 _____ C:\Users\didier\Desktop\FRST.txt 2015-07-29 11:00 - 2015-07-29 11:01 - 00000000 ____D C:\FRST 2015-07-29 10:57 - 2015-07-29 10:57 - 02146816 _____ (Farbar) C:\Users\didier\Desktop\FRST64.exe 2015-07-29 10:49 - 2015-07-29 10:49 - 00497619 _____ C:\Users\didier\clipdat2.rdf 2015-07-29 06:53 - 2015-07-29 06:53 - 00000022 _____ C:\Windows\S.dirmngr 2015-07-25 08:11 - 2015-07-25 08:09 - 00995769 _____ C:\Users\didier\Documents\Odin3_v3.09.zip 2015-07-22 12:26 - 2015-07-22 12:26 - 00000000 ____D C:\Users\didier\Desktop\CD2 - The Wall and Other Classics 2015-07-22 12:26 - 2015-07-22 12:26 - 00000000 ____D C:\Users\didier\Desktop\CD1 - The Dark Side of the Moon Revisited 2015-07-22 08:44 - 2015-07-22 08:44 - 00000000 ____D C:\Users\didier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ 2015-07-22 08:44 - 2015-07-22 08:44 - 00000000 ____D C:\Program Files (x86)\VirtualDJ 2015-07-15 12:45 - 2015-07-15 12:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2015-07-14 12:55 - 2015-07-14 12:55 - 00606208 _____ C:\Users\didier\Desktop\SXCU.exe 2015-07-11 04:33 - 2015-07-11 04:33 - 04587520 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr 2015-07-06 12:02 - 2015-07-06 12:02 - 00000362 _____ C:\Windows\PFRO.log 2015-07-05 06:38 - 2015-07-06 12:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-07-05 06:26 - 2015-07-29 06:53 - 00004979 _____ C:\Windows\setupact.log 2015-07-05 06:26 - 2015-07-05 06:26 - 00000000 _____ C:\Windows\setuperr.log 2015-07-02 13:03 - 2015-07-02 13:03 - 00001062 _____ C:\Users\didier\Documents\Contacts Azdin.txt 2015-07-01 09:46 - 2015-07-01 09:46 - 00000000 ____D C:\Users\didier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Macrium 2015-06-26 13:21 - 2015-06-26 10:55 - 00000030 _____ C:\Users\didier\Documents\Clé Win 10.txt 2015-06-26 12:16 - 2015-06-26 12:16 - 00000397 _____ C:\Users\didier\2015-06-26-10-16-53.065-VirtualBox.exe-4376.log 2015-06-21 11:12 - 2015-06-21 11:12 - 00001545 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk 2015-06-21 11:08 - 2015-06-21 11:08 - 00001937 _____ C:\Users\didier\Desktop\Update Checker.lnk 2015-06-20 10:01 - 2015-06-20 10:01 - 00007168 _____ C:\Windows\SysWOW64\Drivers\utm4mju4.sys 2015-06-20 09:57 - 2015-06-20 09:58 - 20097224 _____ C:\Users\didier\Desktop\GetSystemInfo6.0.exe 2015-06-17 01:01 - 2015-06-17 01:01 - 01202856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL 2015-06-15 16:19 - 2015-06-15 16:19 - 06162288 _____ ( ) C:\Users\didier\Downloads\adblockplusie-1.4.exe 2015-06-13 12:14 - 2015-07-17 13:51 - 00000000 ____D C:\Users\didier\AppData\Roaming\91 Harbor 2015-06-04 10:37 - 2015-06-04 10:37 - 00001013 _____ C:\Users\didier\Desktop\Free Window Registry Repair.lnk 2015-06-04 10:37 - 2015-06-04 10:37 - 00000000 ____D C:\Users\didier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair 2015-06-04 10:37 - 2015-06-04 10:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair 2015-06-04 10:37 - 2015-06-04 10:37 - 00000000 ____D C:\Program Files (x86)\Free Window Registry Repair 2015-05-29 10:50 - 2015-05-29 10:50 - 00000000 ____D C:\Users\didier\Documents\Network_Meter 2015-05-15 14:37 - 2015-05-17 07:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Data Recovery Suite 2015-05-15 14:37 - 2015-05-17 07:52 - 00000000 ____D C:\Program Files (x86)\7-Data Recovery Suite 2015-05-15 07:02 - 2015-05-14 08:40 - 37947612 _____ C:\Users\didier\Documents\Microsoft.Toolkit.2.5.Beta.4.BY.www.CensuradosDownloads.com.rar 2015-05-14 09:27 - 2015-05-14 09:27 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf 2015-05-13 13:01 - 2015-05-17 07:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox 2015-05-13 13:01 - 2015-05-17 07:52 - 00000000 ____D C:\Program Files\Oracle 2015-05-13 13:01 - 2015-01-16 18:42 - 00930968 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys 2015-05-13 13:01 - 2015-01-16 18:42 - 00131688 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys 2015-05-13 12:43 - 2015-05-13 12:43 - 00003134 _____ C:\Windows\System32\Tasks\{A17ACAF1-64D8-4B29-A9EE-AD9E8C2E7F6B} 2015-05-10 13:09 - 2015-05-10 13:09 - 00000000 ____D C:\Windows\system32\EventProviders 2015-05-09 12:00 - 2015-05-17 07:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com 2015-05-09 12:00 - 2015-05-09 12:34 - 00000000 ____D C:\Program Files (x86)\Tweaking.com 2015-05-09 12:00 - 2015-05-09 12:00 - 00002147 _____ C:\Users\didier\Desktop\Tweaking.com - Windows Repair.lnk 2015-05-09 11:16 - 2015-05-09 11:16 - 00003256 _____ C:\Windows\System32\Tasks\{7D6092F3-C4B8-48FB-AB75-4412EFFB3658} 2015-05-09 10:39 - 2015-05-09 10:39 - 00003340 _____ C:\Windows\System32\Tasks\{D59F63F6-9F4A-422E-BB44-6926198AF7D7} 2015-05-07 14:29 - 2015-05-07 14:40 - 00000000 ____D C:\ProgramData\VMware 2015-05-07 14:29 - 2015-05-07 14:29 - 00000000 ____D C:\Users\didier\AppData\Local\VMware 2015-05-07 14:00 - 2015-05-07 14:00 - 00003184 _____ C:\Windows\System32\Tasks\{BE5322DD-77D8-4468-B219-278E66404495} 2015-05-07 13:43 - 2015-05-09 12:42 - 00000000 ____D C:\Windows\ERDNT 2015-05-07 13:42 - 2015-05-17 07:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2015-05-07 13:42 - 2015-05-09 12:44 - 00000000 ____D C:\Program Files (x86)\ERUNT 2015-05-07 12:54 - 2015-05-17 07:52 - 00000000 ____D C:\Users\didier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jv16 PowerTools X 2015-05-07 12:54 - 2015-05-09 12:44 - 00000000 ____D C:\Program Files (x86)\jv16 PowerTools X 2015-05-07 12:54 - 2015-05-07 12:54 - 00001840 _____ C:\Users\didier\Desktop\jv16 PowerTools X.lnk 2015-05-07 12:54 - 2015-05-07 12:54 - 00000020 ___SH C:\Users\didier\AppData\Roaming\System413_DataDB.ind 2015-05-07 12:54 - 2015-05-07 12:54 - 00000020 ___SH C:\Users\didier\AppData\Roaming\Sys11965 DataCollection.dat 2015-05-06 11:11 - 2015-05-06 11:11 - 00003184 _____ C:\Windows\System32\Tasks\{1064C807-E0CE-42FD-B79D-D2D76AB355CC} 2015-05-06 09:19 - 2015-07-28 08:55 - 00000000 ____D C:\Users\didier\.VirtualBox ==================== Three Months Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-29 10:55 - 2009-07-14 06:45 - 00013120 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-29 10:55 - 2009-07-14 06:45 - 00013120 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-29 10:50 - 2012-09-14 08:13 - 00000000 ____D C:\Users\didier\.clipbak 2015-07-29 10:49 - 2011-01-12 11:24 - 00000000 ____D C:\Users\didier 2015-07-29 10:28 - 2011-11-19 19:45 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-29 10:10 - 2015-03-23 13:09 - 00011054 _____ C:\Users\didier\IP_Log_Data.js 2015-07-29 09:54 - 2015-01-11 13:15 - 01428329 _____ C:\Windows\WindowsUpdate.log 2015-07-29 09:54 - 2011-11-19 15:57 - 00763528 _____ C:\Windows\system32\perfh00C.dat 2015-07-29 09:54 - 2011-11-19 15:57 - 00155930 _____ C:\Windows\system32\perfc00C.dat 2015-07-29 09:54 - 2009-07-14 07:13 - 01710662 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-29 09:31 - 2012-02-05 17:00 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2015-07-29 06:53 - 2011-11-19 19:45 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-29 06:53 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-28 14:36 - 2014-01-31 13:07 - 00000000 ____D C:\Users\didier\AppData\Roaming\vlc 2015-07-28 10:43 - 2013-06-03 09:09 - 00000000 ____D C:\Users\didier\AppData\Roaming\uTorrent 2015-07-28 08:08 - 2011-11-19 17:33 - 00000000 ____D C:\Program Files (x86)\Winstep 2015-07-26 12:59 - 2013-01-25 11:38 - 00000000 ____D C:\Users\didier\AppData\Roaming\Skype 2015-07-26 11:05 - 2014-06-06 11:05 - 00001069 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk 2015-07-26 11:05 - 2011-11-23 13:02 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP 2015-07-26 11:04 - 2011-11-19 16:51 - 00000000 ____D C:\Program Files\CCleaner 2015-07-25 07:34 - 2012-09-16 11:08 - 00000000 ____D C:\Users\didier\VirtualBox VMs 2015-07-22 09:58 - 2015-03-21 10:50 - 00001009 _____ C:\Users\Public\Desktop\SSD Tweaker.lnk 2015-07-22 09:58 - 2015-03-21 10:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SSD Tweaker 2015-07-22 09:58 - 2015-03-21 10:50 - 00000000 ____D C:\Program Files (x86)\SSD Tweaker 2015-07-22 08:44 - 2014-06-11 10:27 - 00000916 _____ C:\Users\didier\Desktop\VirtualDJ 8.lnk 2015-07-22 08:44 - 2014-06-11 10:27 - 00000000 ____D C:\Users\didier\Documents\VirtualDJ 2015-07-18 10:21 - 2013-11-07 12:30 - 00000000 ____D C:\Users\didier\Documents\Moborobo 2015-07-17 13:10 - 2011-11-19 17:33 - 00000000 ____D C:\Users\Public\Documents\Winstep 2015-07-16 08:39 - 2012-08-20 14:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-07-15 12:47 - 2014-07-17 11:29 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-07-15 12:47 - 2014-07-17 11:29 - 00000000 ____D C:\Program Files\Java 2015-07-15 11:53 - 2014-05-02 14:54 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-07-15 10:04 - 2012-04-07 10:31 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-07-15 10:03 - 2013-07-16 14:10 - 00000000 ____D C:\Windows\system32\MRT 2015-07-15 09:34 - 2014-10-16 09:25 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-07-15 09:34 - 2014-10-16 09:25 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-15 09:34 - 2014-09-10 11:10 - 00000000 ____D C:\Users\didier\AppData\Local\Adobe 2015-07-12 14:39 - 2015-03-23 14:58 - 00000022 _____ C:\Users\didier\AppData\Roaming\Network Meter_Usage.ini 2015-07-12 10:25 - 2014-01-01 18:37 - 00000000 ___RD C:\Users\didier\Documents\Breton 2015-07-10 06:23 - 2011-11-19 19:45 - 00004064 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-07-10 06:23 - 2011-11-19 19:45 - 00003812 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-07-08 11:34 - 2013-08-05 13:28 - 00000000 ____D C:\Users\didier\Documents\Reflect 2015-07-08 11:25 - 2014-12-07 10:28 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-07-08 11:25 - 2013-01-25 11:37 - 00000000 ____D C:\ProgramData\Skype 2015-07-07 15:20 - 2013-08-26 13:48 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner 2015-07-05 11:21 - 2012-08-27 09:22 - 00000000 ____D C:\Users\didier\AppData\Roaming\TeamViewer 2015-07-03 08:43 - 2009-10-14 14:51 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-07-02 15:30 - 2013-06-02 09:00 - 00000000 ____D C:\Program Files (x86)\SpeedFan 2015-07-02 11:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2015-07-02 10:00 - 2015-03-23 13:11 - 00001525 _____ C:\Users\didier\AppData\Roaming\Network Meter_Settings.ini 2015-07-02 08:37 - 2014-05-02 14:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-07-01 09:55 - 2014-07-06 15:53 - 00001129 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-07-01 09:50 - 2014-12-03 09:45 - 00001009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-07-01 09:50 - 2012-05-07 11:58 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2015-07-01 09:47 - 2014-05-02 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware ==================== Files in the root of some directories ======= 2015-03-23 13:11 - 2015-07-02 10:00 - 0001525 _____ () C:\Users\didier\AppData\Roaming\Network Meter_Settings.ini 2015-03-23 14:58 - 2015-07-12 14:39 - 0000022 _____ () C:\Users\didier\AppData\Roaming\Network Meter_Usage.ini 2015-05-07 12:54 - 2015-05-07 12:54 - 0000020 ___SH () C:\Users\didier\AppData\Roaming\Sys11965 DataCollection.dat 2015-05-07 12:54 - 2015-05-07 12:54 - 0000020 ___SH () C:\Users\didier\AppData\Roaming\System413_DataDB.ind 2013-04-26 18:26 - 2013-07-17 11:38 - 0003584 _____ () C:\Users\didier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-07-21 12:41 - 2013-07-21 12:41 - 0000218 _____ () C:\Users\didier\AppData\Local\recently-used.xbel 2011-12-17 10:25 - 2015-03-21 13:41 - 0007645 _____ () C:\Users\didier\AppData\Local\resmon.resmoncfg 2013-02-03 08:53 - 2013-02-03 08:53 - 0017408 _____ () C:\Users\didier\AppData\Local\WebpageIcons.db 2012-12-27 13:08 - 2012-12-27 13:08 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt 2012-08-26 11:19 - 2012-08-26 11:24 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc Files to move or delete: ==================== C:\Users\didier\IP_Log_Data.js C:\Users\didier\Network_Meter_Data.js Some files in TEMP: ==================== C:\Users\didier\AppData\Local\Temp\reflectPatch.exe C:\Users\didier\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ Gestionnaire de d‚marrage Windows --------------------------------- identificateur {bootmgr} device partition=\Device\HarddiskVolume1 description Windows Boot Manager locale fr-FR inherit {globalsettings} default {current} resumeobject {e6648921-1dfe-11e0-acb3-bfe105218dbb} displayorder {current} toolsdisplayorder {memdiag} timeout 15 Chargeur de d‚marrage Windows ----------------------------- identificateur {e664891d-1dfe-11e0-acb3-bfe105218dbb} Chargeur de d‚marrage Windows ----------------------------- identificateur {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale fr-FR inherit {bootloadersettings} recoverysequence {e6648923-1dfe-11e0-acb3-bfe105218dbb} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {e6648921-1dfe-11e0-acb3-bfe105218dbb} nx OptIn Chargeur de d‚marrage Windows ----------------------------- identificateur {e6648923-1dfe-11e0-acb3-bfe105218dbb} Reprendre … partir de la mise en veille prolong‚e ------------------------------------------------- identificateur {e6648921-1dfe-11e0-acb3-bfe105218dbb} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale fr-FR inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Testeur de m‚moire Windows -------------------------- identificateur {memdiag} device partition=\Device\HarddiskVolume1 path \boot\memtest.exe description Windows Memory Diagnostic locale fr-FR inherit {globalsettings} badmemoryaccess Yes ParamŠtres EMS -------------- identificateur {emssettings} bootems Yes ParamŠtres du d‚bogueur ----------------------- identificateur {dbgsettings} debugtype Serial debugport 1 baudrate 115200 Erreurs de m‚moire RAM ---------------------- identificateur {badmemory} ParamŠtres globaux ------------------ identificateur {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} ParamŠtres du chargeur de d‚marrage ----------------------------------- identificateur {bootloadersettings} inherit {globalsettings} {hypervisorsettings} ParamŠtres de l'hyperviseur ------------------- identificateur {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 ParamŠtres du chargeur de reprise --------------------------------- identificateur {resumeloadersettings} inherit {globalsettings} Options de p‚riph‚rique ----------------------- identificateur {e664891e-1dfe-11e0-acb3-bfe105218dbb} description Ramdisk Options ramdisksdidevice unknown ramdisksdipath \Recovery\e664891d-1dfe-11e0-acb3-bfe105218dbb\boot.sdi Options de p‚riph‚rique ----------------------- identificateur {e6648924-1dfe-11e0-acb3-bfe105218dbb} description Ramdisk Options ramdisksdidevice unknown ramdisksdipath \Recovery\e6648923-1dfe-11e0-acb3-bfe105218dbb\boot.sdi LastRegBack: 2015-07-24 09:59 ==================== End of log ============================