Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-06-2016 Ran by danya (administrator) on FIFI (11-06-2016 19:21:58) Running from C:\Users\danya\Downloads\Logi Loaded Profiles: danya (Available Profiles: danya & Administrator) Platform: Windows 8 (X64) Language: English (United Kingdom) Internet Explorer Version 10 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (BitTorrent Inc.) C:\Users\danya\AppData\Roaming\uTorrent\uTorrent.exe (ALLPlayer Group Ltd.) C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (ALLPlayer Group Ltd.) C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe (BitTorrent Inc.) C:\Users\danya\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe (BitTorrent Inc.) C:\Users\danya\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.) HKU\S-1-5-21-4194928315-878421145-2673908923-1002\...\Run: [uTorrent] => C:\Users\danya\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-05-13] (BitTorrent Inc.) HKU\S-1-5-21-4194928315-878421145-2673908923-1002\...\Run: [GoogleChromeAutoLaunch_B350FEE64FE4D9F9C068AFF09BCEB396] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941720 2016-06-04] (Google Inc.) HKU\S-1-5-21-4194928315-878421145-2673908923-1002\...\Run: [ALLUpdate] => C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [3670472 2015-07-28] (ALLPlayer Group Ltd.) HKU\S-1-5-21-4194928315-878421145-2673908923-1002\...\Run: [Napisy24Update] => "C:\Program Files (x86)\Napisy24\Napisy24Update.exe" "sleep" HKU\S-1-5-21-4194928315-878421145-2673908923-1002\...\Run: [ALLPlayer WiFi Remote] => C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe [5182896 2014-07-23] (ALLPlayer Group Ltd.) HKU\S-1-5-21-4194928315-878421145-2673908923-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [52142720 2016-04-29] (Skype Technologies S.A.) HKU\S-1-5-21-4194928315-878421145-2673908923-1002\...\MountPoints2: F - "F:\SETUP.EXE" ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 89.101.160.4 89.101.160.5 Tcpip\..\Interfaces\{42839EB5-6860-4B6E-8417-024802214E9C}: [DhcpNameServer] 89.101.160.4 89.101.160.5 Tcpip\..\Interfaces\{737AF273-3C07-4E06-A5FC-A0A8CF7125C3}: [DhcpNameServer] 40.23.1.201 40.23.1.202 Tcpip\..\Interfaces\{F651DCFC-9EC6-4373-A014-DEA4E0543B30}: [DhcpNameServer] 89.101.160.4 89.101.160.5 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPALL13/27 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPALL13/27 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPALL13/27 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPALL13/27 HKU\S-1-5-21-4194928315-878421145-2673908923-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gazeta.pl/0,0.html?p=187 HKU\S-1-5-21-4194928315-878421145-2673908923-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPALL13/27 SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM -> {74DCEED0-D99C-47B3-8041-369B4A7D77B5} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5282-154352-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM-x32 -> {74DCEED0-D99C-47B3-8041-369B4A7D77B5} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5282-154352-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\S-1-5-21-4194928315-878421145-2673908923-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKU\S-1-5-21-4194928315-878421145-2673908923-1002 -> {74DCEED0-D99C-47B3-8041-369B4A7D77B5} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-4194928315-878421145-2673908923-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKU\S-1-5-21-4194928315-878421145-2673908923-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5282-154352-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-03-21] (AO Kaspersky Lab) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-21] (Microsoft Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL => No File BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-03-21] (AO Kaspersky Lab) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard) Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-03-21] (AO Kaspersky Lab) Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-03-21] (AO Kaspersky Lab) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) FireFox: ======== FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-21] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-21] (Microsoft Corporation) FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2016-05-23] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.ie/ CHR StartupUrls: Default -> "hxxp://www.google.ie/" CHR Profile: C:\Users\danya\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\danya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-16] CHR Extension: (Google Docs) - C:\Users\danya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-16] CHR Extension: (Google Drive) - C:\Users\danya\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-16] CHR Extension: (YouTube) - C:\Users\danya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-16] CHR Extension: (Google Search) - C:\Users\danya\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-16] CHR Extension: (Kaspersky Protection) - C:\Users\danya\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-03-21] CHR Extension: (Google Sheets) - C:\Users\danya\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-16] CHR Extension: (Google Docs Offline) - C:\Users\danya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16] CHR Extension: (AdBlock) - C:\Users\danya\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-04] CHR Extension: (Skype) - C:\Users\danya\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-25] CHR Extension: (Chrome Web Store Payments) - C:\Users\danya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05] CHR Extension: (Gmail) - C:\Users\danya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-16] CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed] R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2016-03-21] (Kaspersky Lab ZAO) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-10] (Hewlett-Packard Company) [File not signed] R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed] R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-21] (IDT, Inc.) [File not signed] S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-18] (Advanced Micro Devices) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO) R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO) R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO) R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [77728 2016-03-21] (AO Kaspersky Lab) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab) R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2016-03-21] (AO Kaspersky Lab) R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [238000 2016-05-23] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [933808 2016-05-23] (AO Kaspersky Lab) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [49240 2016-05-23] (AO Kaspersky Lab) R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2016-03-21] (AO Kaspersky Lab) R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87984 2016-05-23] (AO Kaspersky Lab) R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.) U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-11 19:20 - 2016-06-11 19:21 - 00000000 ____D C:\Users\danya\Downloads\Logi 2016-06-11 19:16 - 2016-06-11 19:21 - 00000000 ____D C:\FRST 2016-06-11 16:45 - 2016-06-11 16:45 - 00000000 ____D C:\Users\danya\AppData\LocalLow\uTorrent 2016-06-07 21:01 - 2016-06-07 21:14 - 00000000 ____D C:\Users\danya\Downloads\Bloodline.S02.720p.WEBRip.x264-FLEET [NO RAR] 2016-06-07 21:01 - 2016-06-07 21:10 - 00000000 ____D C:\Users\danya\Downloads\Bloodline.S01.m720p.Bluray.DD5.1.x264-ITSat 2016-06-07 20:59 - 2016-06-07 21:16 - 00000000 ____D C:\Users\danya\Downloads\The.Flash.2014.S01-S02.720p.BluRay.WEB.DL.nHD.x264-NhaNc3 2016-06-07 20:59 - 2016-06-07 20:59 - 00211357 _____ C:\Users\danya\Downloads\The.Flash.2014.S01-S02.720p.BluRay.WEB.DL.nHD.x264-NhaNc3 [IPT].torrent 2016-06-07 20:57 - 2016-06-07 20:58 - 00000000 ____D C:\Users\danya\Downloads\Power 2014 S01-S02 720p BluRay WEB DL DD5 1 x264-ITSat 2016-06-07 20:56 - 2016-06-07 20:56 - 00037489 _____ C:\Users\danya\Downloads\Power 2014 S01-S02 720p BluRay WEB DL DD5 1 x264-ITSat [IPT].torrent 2016-06-07 20:50 - 2016-06-07 20:53 - 00000000 ____D C:\Users\danya\Downloads\The.Blacklist.S01-S03.480p.WEB.DL.nSD.x264-NhaNc3 2016-06-07 20:50 - 2016-06-07 20:50 - 00173627 _____ C:\Users\danya\Downloads\The.Blacklist.S01-S03.480p.WEB.DL.nSD.x264-NhaNc3 [IPT].torrent 2016-06-07 12:52 - 2016-06-07 13:25 - 00000000 ____D C:\Users\danya\Downloads\Zootopia.2016.1080p.BluRay.DTS-HD.MA.7.1.2Audio.x264-EPiC 2016-06-07 12:52 - 2016-06-07 12:52 - 00195510 _____ C:\Users\danya\Downloads\Zootopia.2016.1080p.BluRay.DTS-HD.MA.7.1.2Audio.x264-EPiC [IPT].torrent 2016-06-07 12:51 - 2016-06-07 13:13 - 00000000 ____D C:\Users\danya\Downloads\Gridlocked.2015.BluRay.1080p.DTS-HD.MA.5.1.AVC.REMUX-FraMeSToR 2016-06-05 18:58 - 2016-06-05 18:58 - 00369386 _____ C:\Users\danya\Downloads\Bill_1705917674.pdf 2016-06-05 13:54 - 2016-06-05 14:19 - 00000000 ____D C:\Users\danya\Downloads\Thomas.and.Friends.Start.Your.Engines.2016.DVDRip.XviD-UNDERCOVER 2016-06-05 13:54 - 2016-06-05 13:54 - 00057091 _____ C:\Users\danya\Downloads\Thomas.and.Friends.Start.Your.Engines.2016.DVDRip.XviD-UNDERCOVER [IPT].torrent 2016-06-04 21:14 - 2016-06-04 21:14 - 02965833 _____ C:\Users\danya\Downloads\OScamNew.apk 2016-06-04 17:39 - 2016-06-04 17:39 - 00035840 _____ C:\Users\danya\Downloads\The.Finest.Hours.2016.PL.SUB.720p.BDRip.XviD.AC3-inTGrity.torrent 2016-05-24 18:20 - 2016-06-06 13:27 - 00000000 ____D C:\Users\danya\Desktop\letters 2016-05-24 18:14 - 2016-06-11 19:17 - 00000000 ____D C:\Users\danya\AppData\Roaming\Skype 2016-05-24 18:14 - 2016-05-25 18:22 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-05-24 18:14 - 2016-05-24 18:14 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk 2016-05-24 18:14 - 2016-05-24 18:14 - 00000000 ____D C:\ProgramData\Skype 2016-05-24 18:14 - 2016-05-24 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2016-05-20 18:23 - 2016-05-20 18:51 - 00000000 ____D C:\Users\danya\Desktop\phone 2016-05-19 18:55 - 2016-06-06 13:24 - 00000000 ____D C:\Users\danya\Desktop\inv 2016-05-19 18:22 - 2016-05-19 18:22 - 00000000 ____D C:\Users\danya\Downloads\Moje.Corki.Krowy.2015.PL.DVDRip.XviD.AC3-inTGrity 2016-05-14 13:38 - 2016-05-14 13:39 - 00000000 ____D C:\Users\danya\Downloads\Kaspersky.Reset.Trial.v5.1.0.25-RuBoard ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-11 19:21 - 2015-11-16 15:11 - 00000000 ____D C:\Users\danya\AppData\Roaming\uTorrent 2016-06-11 19:01 - 2016-03-21 19:57 - 00000000 ____D C:\Users\danya\AppData\Local\CrashDumps 2016-06-11 19:00 - 2016-03-21 19:46 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2016-06-11 18:55 - 2012-07-26 08:28 - 00941114 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-06-11 18:55 - 2012-07-26 06:37 - 00000000 ____D C:\WINDOWS\Inf 2016-06-11 18:25 - 2015-11-16 15:02 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-06-11 17:17 - 2013-03-27 21:30 - 00000000 ____D C:\Images 2016-06-11 16:45 - 2015-11-16 15:02 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-06-11 16:42 - 2012-07-26 08:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-06-10 19:14 - 2016-02-05 21:00 - 00000000 ____D C:\Users\danya\Desktop\nails 2016-06-09 16:18 - 2013-01-20 19:53 - 06014464 ___SH C:\Users\danya\Desktop\Thumbs.db 2016-06-09 15:03 - 2015-11-16 14:53 - 00000000 ____D C:\Users\danya\AppData\Local\Packages 2016-06-08 23:33 - 2015-11-16 15:03 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-06-08 08:32 - 2015-10-22 13:00 - 00010100 _____ C:\Users\danya\Desktop\weight.xlsx 2016-06-04 23:08 - 2015-11-18 18:32 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-05-30 17:56 - 2012-07-26 06:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2016-05-30 14:48 - 2012-07-26 06:26 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM 2016-05-23 10:28 - 2016-03-21 19:43 - 00933808 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys 2016-05-23 10:28 - 2015-07-04 03:18 - 00238000 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys 2016-05-23 10:28 - 2015-06-27 00:58 - 00087984 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klwfp.sys 2016-05-23 10:28 - 2015-06-11 20:35 - 00049240 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klim6.sys 2016-05-21 03:22 - 2015-11-20 16:48 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-05-21 03:22 - 2015-11-18 18:04 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-05-21 03:22 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-05-21 03:03 - 2015-11-18 18:04 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-05-20 18:42 - 2012-07-26 09:12 - 00000000 ___HD C:\Program Files\WindowsApps 2016-05-20 18:40 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent 2016-05-20 17:57 - 2015-02-08 21:03 - 00000000 ____D C:\KIDS 2016-05-14 13:41 - 2016-03-21 19:56 - 00002367 _____ C:\Users\danya\Desktop\Safe Money.lnk 2016-05-13 04:49 - 2015-11-18 18:33 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task Some files in TEMP: ==================== C:\Users\danya\AppData\Local\Temp\ALLRemote.exe C:\Users\danya\AppData\Local\Temp\ose00000.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-06-11 03:00 ==================== End of FRST.txt ============================