I think my computer has been infected with the amazonaws spyware and I need help to removing it. Please check the screenshot.
![]()
I also scaned with DDS and GMER.
DDS Report-
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.67.2
Run by Dip at 20:28:25 on 2014-08-21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1935.1377 [GMT 6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Kaspersky Anti-Virus *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Everything\Everything.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Everything\Everything.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Grameenphone Internet\AutoDect.exe
C:\Users\Dip\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\FastStone Capture\FSCapture.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Grameenphone Internet\UIMain.exe
C:\Program Files\Grameenphone Internet\CMUpdater.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uProxyServer = 115.127.39.26:8080
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky anti-virus 14.0.0\ieext\contentblocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky anti-virus 14.0.0\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky anti-virus 14.0.0\ieext\onlinebanking\online_banking_bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky anti-virus 14.0.0\ieext\urladvisor\klwtbbho.dll
uRun: [googletalk] c:\users\dip\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Everything] "c:\program files\everything\Everything.exe" -startup
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [autodetect] c:\program files\grameenphone internet\AutoDect.exe
StartupFolder: c:\users\dip\appdata\roaming\micros~1\windows\startm~1\programs\startup\fastst~1.lnk - c:\program files\faststone capture\FSCapture.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: AlwaysShowClassicMenu = dword:1
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky anti-virus 14.0.0\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 14.0.0\ieext\urladvisor\klwtbbho.dll
TCP: Interfaces\{38627B09-2823-435F-A7CE-222CB4EA7D82} : NameServer = 116.58.206.100 203.223.92.100
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.143\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dip\appdata\roaming\mozilla\firefox\profiles\4ti61xof.default\
FF - prefs.js: network.proxy.ftp - 203.223.94.224
FF - prefs.js: network.proxy.ftp_port - 53837
FF - prefs.js: network.proxy.http - 203.223.94.224
FF - prefs.js: network.proxy.http_port - 53837
FF - prefs.js: network.proxy.socks - 203.223.94.224
FF - prefs.js: network.proxy.socks_port - 53837
FF - prefs.js: network.proxy.ssl - 203.223.94.224
FF - prefs.js: network.proxy.ssl_port - 53837
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\intel\intel(r) management engine components\ipt\npIntelWebAPIIPT.dll
FF - plugin: c:\program files\intel\intel(r) management engine components\ipt\npIntelWebAPIUpdater.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2014-5-26 25696]
R1 klpd;klpd;c:\windows\system32\drivers\klpd.sys [2013-4-12 14432]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2013-5-14 45024]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2014-5-26 144992]
R2 Everything;Everything;c:\program files\everything\Everything.exe [2014-8-19 1048576]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2014-8-11 113680]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\intel\icls client\HeciServer.exe [2012-4-20 462048]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files\intel\intel(r) management engine components\dal\Jhi_service.exe [2014-8-19 166720]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2014-8-19 365376]
R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\drivers\HSPADataCardusbmdm.sys [2014-8-20 106880]
R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\drivers\HSPADataCardusbnmea.sys [2014-8-20 106880]
R3 HSPADataCardusbser;HSPADataCard Diagnostic Port;c:\windows\system32\drivers\HSPADataCardusbser.sys [2014-8-20 106880]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2014-5-26 25184]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2014-5-26 25696]
R3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2014-8-19 55104]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2014-8-18 490088]
S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 14.0.0\avp.exe [2014-5-26 214512]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2014-8-20 9216]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2014-3-11 104264]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
S4 klflt;klflt;c:\windows\system32\drivers\klflt.sys [2014-8-21 94304]
.
=============== Created Last 30 ================
.
2014-08-21 03:10:47 -------- d-----w- c:\windows\ELAMBKUP
2014-08-21 03:10:45 -------- d-----w- c:\programdata\Kaspersky Lab
2014-08-21 03:10:45 -------- d-----w- c:\program files\Kaspersky Lab
2014-08-21 03:10:38 94304 ----a-w- c:\windows\system32\drivers\klflt.sys
2014-08-20 23:22:49 8581864 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c8098665-0ac1-413b-aa79-2ebbb9f6cd5e}\mpengine.dll
2014-08-20 23:18:06 -------- d-sh--w- C:\$RECYCLE.BIN
2014-08-20 22:16:17 893248 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{26a72ed5-a1af-4b6c-9db5-181182f976c9}\gapaengine.dll
2014-08-20 22:16:17 765968 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2014-08-20 15:39:33 -------- d-----w- c:\users\dip\appdata\roaming\XnConvert
2014-08-19 22:52:42 9216 ----a-w- c:\windows\system32\drivers\massfilter.sys
2014-08-19 22:52:42 106880 ----a-w- c:\windows\system32\drivers\HSPADataCardusbser.sys
2014-08-19 22:52:42 106880 ----a-w- c:\windows\system32\drivers\HSPADataCardusbnmea.sys
2014-08-19 22:52:42 106880 ----a-w- c:\windows\system32\drivers\HSPADataCardusbmdm.sys
2014-08-19 22:52:35 -------- d-----w- c:\program files\Grameenphone Internet
2014-08-19 22:40:56 -------- d-----w- c:\users\dip\appdata\local\Diagnostics
2014-08-19 22:29:49 -------- d-----w- c:\windows\system32\appmgmt
2014-08-19 11:29:39 -------- d-----w- c:\users\dip\appdata\local\ElevatedDiagnostics
2014-08-19 07:40:20 -------- d-----w- c:\windows\Panther
2014-08-19 07:40:07 -------- d-----w- C:\Boot
2014-08-18 20:19:57 -------- d-----w- c:\users\dip\appdata\local\Macromedia
2014-08-18 20:03:55 -------- d-----w- c:\programdata\Oracle
2014-08-18 20:03:45 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-08-18 19:25:44 -------- d-----w- c:\program files\Topaz Labs
2014-08-18 19:25:44 -------- d-----w- c:\program files\common files\Topaz Labs
2014-08-18 19:16:00 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2014-08-18 19:13:53 -------- d-----w- c:\programdata\Package Cache
2014-08-18 19:03:39 -------- d-----w- c:\users\dip\appdata\local\Adobe
2014-08-18 19:00:22 -------- d-----w- c:\program files\CCleaner
2014-08-18 18:58:09 -------- d-----w- c:\programdata\FastStone
2014-08-18 18:57:49 -------- d-----w- c:\users\dip\appdata\roaming\FastStone
2014-08-18 18:57:49 -------- d-----w- c:\users\dip\appdata\local\FastStone
2014-08-18 18:57:32 -------- d-----w- c:\program files\FastStone Capture
2014-08-18 18:55:20 -------- d-----w- c:\users\dip\appdata\roaming\IDM
2014-08-18 18:55:20 -------- d-----w- c:\users\dip\appdata\roaming\DMCache
2014-08-18 18:55:20 -------- d-----w- c:\programdata\IDM
2014-08-18 18:55:13 -------- d-----w- c:\program files\Internet Download Manager
2014-08-18 18:47:58 2422272 ----a-w- c:\windows\system32\wucltux.dll
2014-08-18 18:47:46 88576 ----a-w- c:\windows\system32\wudriver.dll
2014-08-18 18:47:39 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-08-18 18:47:39 171904 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-18 18:47:32 -------- d-----w- c:\users\dip\appdata\local\Mozilla
2014-08-18 18:45:59 8217224 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-08-18 18:45:31 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-18 18:45:31 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-18 18:41:33 -------- d-----w- c:\users\dip\appdata\local\Google
2014-08-18 18:39:33 -------- d-----w- c:\users\dip\appdata\roaming\IconChanger
2014-08-18 18:38:54 -------- d-----w- c:\program files\IconChanger
2014-08-18 18:37:48 -------- d-----w- c:\program files\The KMPlayer
2014-08-18 18:35:28 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-08-18 18:33:40 -------- d-----w- c:\program files\Microsoft Security Client
2014-08-18 18:33:33 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2014-08-18 18:33:33 1285000 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-08-18 18:30:53 -------- d-----w- c:\program files\InstallAffixationInfo
2014-08-18 18:27:26 -------- d-----w- c:\users\dip\appdata\roaming\NetSpeedMonitor
2014-08-18 18:27:22 -------- d-----w- c:\program files\NetSpeedMonitor
2014-08-18 18:20:46 -------- d-----w- c:\users\dip\appdata\local\Frameworkx.com
2014-08-18 18:20:24 -------- d-----w- c:\program files\Frameworkx
2014-08-18 18:19:52 -------- d-----w- c:\program files\VideoLAN
2014-08-18 18:16:23 -------- d-----w- c:\program files\MSECache
2014-08-18 18:15:57 -------- d-----w- c:\program files\Microsoft ActiveSync
2014-08-18 18:15:50 -------- d-----w- c:\windows\PCHEALTH
2014-08-18 18:14:53 286720 ----a-w- c:\windows\iun506.exe
2014-08-18 18:14:14 -------- d-----w- c:\program files\Silicon Dictionary
2014-08-18 18:13:17 -------- d-----w- c:\users\dip\appdata\roaming\Everything
2014-08-18 18:13:16 -------- d-----w- c:\program files\Everything
2014-08-18 18:00:30 15168 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2014-08-18 18:00:03 -------- d-----w- c:\program files\common files\postureAgent
2014-08-18 18:00:00 55104 ----a-w- c:\windows\system32\drivers\HECI.sys
2014-08-18 17:59:23 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2014-08-18 17:59:23 490088 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2014-08-18 17:59:23 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2014-08-18 17:59:04 -------- d-----w- c:\windows\system32\RTCOM
2014-08-18 17:57:47 53248 ----a-w- c:\windows\system32\CSVer.dll
2014-08-18 17:57:43 -------- d-----w- C:\Intel
2014-08-18 17:56:39 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2014-08-18 17:56:39 49472 ----a-w- c:\windows\system32\netfxperf.dll
2014-08-18 17:56:39 297808 ----a-w- c:\windows\system32\mscoree.dll
2014-08-18 17:56:39 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2014-08-18 17:56:39 1130824 ----a-w- c:\windows\system32\dfshim.dll
2014-08-18 17:55:10 207400 ----a-w- c:\windows\GSetup.exe
2014-08-18 17:49:36 -------- d-----w- c:\windows\system32\wbem\Performance
2014-08-18 17:49:31 -------- d-sh--w- c:\windows\Installer
2014-08-18 17:48:06 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-11 07:46:14 113680 ----a-w- c:\windows\system32\drivers\idmwfp.sys
.
==================== Find3M ====================
.
2014-05-26 10:01:46 25696 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2014-05-26 10:01:46 144992 ----a-w- c:\windows\system32\drivers\kneps.sys
2014-05-26 10:01:44 25696 ----a-w- c:\windows\system32\drivers\klim6.sys
2014-05-26 10:01:44 25184 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2014-05-26 10:01:44 135776 ----a-w- c:\windows\system32\drivers\kl1.sys
.
============= FINISH: 20:28:49.71 ===============
I also scaned with DDS and GMER.
DDS Report-
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.67.2
Run by Dip at 20:28:25 on 2014-08-21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1935.1377 [GMT 6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Kaspersky Anti-Virus *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Everything\Everything.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Everything\Everything.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Grameenphone Internet\AutoDect.exe
C:\Users\Dip\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\FastStone Capture\FSCapture.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Grameenphone Internet\UIMain.exe
C:\Program Files\Grameenphone Internet\CMUpdater.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uProxyServer = 115.127.39.26:8080
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky anti-virus 14.0.0\ieext\contentblocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky anti-virus 14.0.0\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky anti-virus 14.0.0\ieext\onlinebanking\online_banking_bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky anti-virus 14.0.0\ieext\urladvisor\klwtbbho.dll
uRun: [googletalk] c:\users\dip\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Everything] "c:\program files\everything\Everything.exe" -startup
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [autodetect] c:\program files\grameenphone internet\AutoDect.exe
StartupFolder: c:\users\dip\appdata\roaming\micros~1\windows\startm~1\programs\startup\fastst~1.lnk - c:\program files\faststone capture\FSCapture.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: AlwaysShowClassicMenu = dword:1
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky anti-virus 14.0.0\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 14.0.0\ieext\urladvisor\klwtbbho.dll
TCP: Interfaces\{38627B09-2823-435F-A7CE-222CB4EA7D82} : NameServer = 116.58.206.100 203.223.92.100
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.143\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dip\appdata\roaming\mozilla\firefox\profiles\4ti61xof.default\
FF - prefs.js: network.proxy.ftp - 203.223.94.224
FF - prefs.js: network.proxy.ftp_port - 53837
FF - prefs.js: network.proxy.http - 203.223.94.224
FF - prefs.js: network.proxy.http_port - 53837
FF - prefs.js: network.proxy.socks - 203.223.94.224
FF - prefs.js: network.proxy.socks_port - 53837
FF - prefs.js: network.proxy.ssl - 203.223.94.224
FF - prefs.js: network.proxy.ssl_port - 53837
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\intel\intel(r) management engine components\ipt\npIntelWebAPIIPT.dll
FF - plugin: c:\program files\intel\intel(r) management engine components\ipt\npIntelWebAPIUpdater.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2014-5-26 25696]
R1 klpd;klpd;c:\windows\system32\drivers\klpd.sys [2013-4-12 14432]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2013-5-14 45024]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2014-5-26 144992]
R2 Everything;Everything;c:\program files\everything\Everything.exe [2014-8-19 1048576]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2014-8-11 113680]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\intel\icls client\HeciServer.exe [2012-4-20 462048]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files\intel\intel(r) management engine components\dal\Jhi_service.exe [2014-8-19 166720]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2014-8-19 365376]
R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\drivers\HSPADataCardusbmdm.sys [2014-8-20 106880]
R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\drivers\HSPADataCardusbnmea.sys [2014-8-20 106880]
R3 HSPADataCardusbser;HSPADataCard Diagnostic Port;c:\windows\system32\drivers\HSPADataCardusbser.sys [2014-8-20 106880]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2014-5-26 25184]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2014-5-26 25696]
R3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2014-8-19 55104]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2014-8-18 490088]
S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 14.0.0\avp.exe [2014-5-26 214512]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2014-8-20 9216]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2014-3-11 104264]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
S4 klflt;klflt;c:\windows\system32\drivers\klflt.sys [2014-8-21 94304]
.
=============== Created Last 30 ================
.
2014-08-21 03:10:47 -------- d-----w- c:\windows\ELAMBKUP
2014-08-21 03:10:45 -------- d-----w- c:\programdata\Kaspersky Lab
2014-08-21 03:10:45 -------- d-----w- c:\program files\Kaspersky Lab
2014-08-21 03:10:38 94304 ----a-w- c:\windows\system32\drivers\klflt.sys
2014-08-20 23:22:49 8581864 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c8098665-0ac1-413b-aa79-2ebbb9f6cd5e}\mpengine.dll
2014-08-20 23:18:06 -------- d-sh--w- C:\$RECYCLE.BIN
2014-08-20 22:16:17 893248 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{26a72ed5-a1af-4b6c-9db5-181182f976c9}\gapaengine.dll
2014-08-20 22:16:17 765968 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2014-08-20 15:39:33 -------- d-----w- c:\users\dip\appdata\roaming\XnConvert
2014-08-19 22:52:42 9216 ----a-w- c:\windows\system32\drivers\massfilter.sys
2014-08-19 22:52:42 106880 ----a-w- c:\windows\system32\drivers\HSPADataCardusbser.sys
2014-08-19 22:52:42 106880 ----a-w- c:\windows\system32\drivers\HSPADataCardusbnmea.sys
2014-08-19 22:52:42 106880 ----a-w- c:\windows\system32\drivers\HSPADataCardusbmdm.sys
2014-08-19 22:52:35 -------- d-----w- c:\program files\Grameenphone Internet
2014-08-19 22:40:56 -------- d-----w- c:\users\dip\appdata\local\Diagnostics
2014-08-19 22:29:49 -------- d-----w- c:\windows\system32\appmgmt
2014-08-19 11:29:39 -------- d-----w- c:\users\dip\appdata\local\ElevatedDiagnostics
2014-08-19 07:40:20 -------- d-----w- c:\windows\Panther
2014-08-19 07:40:07 -------- d-----w- C:\Boot
2014-08-18 20:19:57 -------- d-----w- c:\users\dip\appdata\local\Macromedia
2014-08-18 20:03:55 -------- d-----w- c:\programdata\Oracle
2014-08-18 20:03:45 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-08-18 19:25:44 -------- d-----w- c:\program files\Topaz Labs
2014-08-18 19:25:44 -------- d-----w- c:\program files\common files\Topaz Labs
2014-08-18 19:16:00 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2014-08-18 19:13:53 -------- d-----w- c:\programdata\Package Cache
2014-08-18 19:03:39 -------- d-----w- c:\users\dip\appdata\local\Adobe
2014-08-18 19:00:22 -------- d-----w- c:\program files\CCleaner
2014-08-18 18:58:09 -------- d-----w- c:\programdata\FastStone
2014-08-18 18:57:49 -------- d-----w- c:\users\dip\appdata\roaming\FastStone
2014-08-18 18:57:49 -------- d-----w- c:\users\dip\appdata\local\FastStone
2014-08-18 18:57:32 -------- d-----w- c:\program files\FastStone Capture
2014-08-18 18:55:20 -------- d-----w- c:\users\dip\appdata\roaming\IDM
2014-08-18 18:55:20 -------- d-----w- c:\users\dip\appdata\roaming\DMCache
2014-08-18 18:55:20 -------- d-----w- c:\programdata\IDM
2014-08-18 18:55:13 -------- d-----w- c:\program files\Internet Download Manager
2014-08-18 18:47:58 2422272 ----a-w- c:\windows\system32\wucltux.dll
2014-08-18 18:47:46 88576 ----a-w- c:\windows\system32\wudriver.dll
2014-08-18 18:47:39 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-08-18 18:47:39 171904 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-18 18:47:32 -------- d-----w- c:\users\dip\appdata\local\Mozilla
2014-08-18 18:45:59 8217224 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-08-18 18:45:31 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-18 18:45:31 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-18 18:41:33 -------- d-----w- c:\users\dip\appdata\local\Google
2014-08-18 18:39:33 -------- d-----w- c:\users\dip\appdata\roaming\IconChanger
2014-08-18 18:38:54 -------- d-----w- c:\program files\IconChanger
2014-08-18 18:37:48 -------- d-----w- c:\program files\The KMPlayer
2014-08-18 18:35:28 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-08-18 18:33:40 -------- d-----w- c:\program files\Microsoft Security Client
2014-08-18 18:33:33 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2014-08-18 18:33:33 1285000 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-08-18 18:30:53 -------- d-----w- c:\program files\InstallAffixationInfo
2014-08-18 18:27:26 -------- d-----w- c:\users\dip\appdata\roaming\NetSpeedMonitor
2014-08-18 18:27:22 -------- d-----w- c:\program files\NetSpeedMonitor
2014-08-18 18:20:46 -------- d-----w- c:\users\dip\appdata\local\Frameworkx.com
2014-08-18 18:20:24 -------- d-----w- c:\program files\Frameworkx
2014-08-18 18:19:52 -------- d-----w- c:\program files\VideoLAN
2014-08-18 18:16:23 -------- d-----w- c:\program files\MSECache
2014-08-18 18:15:57 -------- d-----w- c:\program files\Microsoft ActiveSync
2014-08-18 18:15:50 -------- d-----w- c:\windows\PCHEALTH
2014-08-18 18:14:53 286720 ----a-w- c:\windows\iun506.exe
2014-08-18 18:14:14 -------- d-----w- c:\program files\Silicon Dictionary
2014-08-18 18:13:17 -------- d-----w- c:\users\dip\appdata\roaming\Everything
2014-08-18 18:13:16 -------- d-----w- c:\program files\Everything
2014-08-18 18:00:30 15168 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2014-08-18 18:00:03 -------- d-----w- c:\program files\common files\postureAgent
2014-08-18 18:00:00 55104 ----a-w- c:\windows\system32\drivers\HECI.sys
2014-08-18 17:59:23 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2014-08-18 17:59:23 490088 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2014-08-18 17:59:23 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2014-08-18 17:59:04 -------- d-----w- c:\windows\system32\RTCOM
2014-08-18 17:57:47 53248 ----a-w- c:\windows\system32\CSVer.dll
2014-08-18 17:57:43 -------- d-----w- C:\Intel
2014-08-18 17:56:39 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2014-08-18 17:56:39 49472 ----a-w- c:\windows\system32\netfxperf.dll
2014-08-18 17:56:39 297808 ----a-w- c:\windows\system32\mscoree.dll
2014-08-18 17:56:39 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2014-08-18 17:56:39 1130824 ----a-w- c:\windows\system32\dfshim.dll
2014-08-18 17:55:10 207400 ----a-w- c:\windows\GSetup.exe
2014-08-18 17:49:36 -------- d-----w- c:\windows\system32\wbem\Performance
2014-08-18 17:49:31 -------- d-sh--w- c:\windows\Installer
2014-08-18 17:48:06 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-11 07:46:14 113680 ----a-w- c:\windows\system32\drivers\idmwfp.sys
.
==================== Find3M ====================
.
2014-05-26 10:01:46 25696 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2014-05-26 10:01:46 144992 ----a-w- c:\windows\system32\drivers\kneps.sys
2014-05-26 10:01:44 25696 ----a-w- c:\windows\system32\drivers\klim6.sys
2014-05-26 10:01:44 25184 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2014-05-26 10:01:44 135776 ----a-w- c:\windows\system32\drivers\kl1.sys
.
============= FINISH: 20:28:49.71 ===============