Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

8.1 Internet connection drops or is extremely slow -possible infection?


  • This topic is locked This topic is locked
25 replies to this topic

#1 littlefizz

littlefizz

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 01 October 2015 - 10:19 AM

Hi,
 
Thanks in advance for your time.  
 
Windows 8.1 having trouble maintaining a connection or the connection is really slow.
 
flushed dns, released and reset ipconfig.  
 
ran malwarebytes....nothing found.
 
Found some suspicious programs allowed into application rules /firewall of Kaspersky....so reinstalled Kaspersky.   
 
New Kaspersky  did speed up the display some, and the connection has less tendency to drop.
 
However, I wonder if there my be an infection somewhere that is not being found by either kaspersky or MBAM.
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-09-2015
Ran by Jean (administrator) on HARDWOODMAIN (01-10-2015 09:52:07)
Running from C:\Users\Jean\Desktop
Loaded Profiles: Jean (Available Profiles: Jean & Rolly & Admin & Guest)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINME.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINME.EXE
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Kaspersky Lab ZAO) C:\ProgramData\Kaspersky Lab\AVP15.0.2\Temp\temporaryFolder\updates\bin\kav15\15.0.2.361_kis_b\avp.exe.8977_2553_4126.removeOnNextReboot
(Kaspersky Lab ZAO) C:\ProgramData\Kaspersky Lab\AVP15.0.2\Temp\temporaryFolder\updates\bin\kav15\15.0.2.361_kis_b\avpui.exe.8977_2553_4126.removeOnNextReboot
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\plugin-nm-server.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3164536 2013-06-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster Recon3D PCIe Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe [886272 2012-05-17] (Creative Technology Ltd)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5524336 2013-06-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-07-31] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2015-07-31] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650784 2015-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863776 2015-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065968 2015-07-23] (SEIKO EPSON CORPORATION)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2634294434-2670011047-1523814120-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2015-06-01] (NETGEAR Inc.)
HKU\S-1-5-21-2634294434-2670011047-1523814120-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINME.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2634294434-2670011047-1523814120-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINME.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2634294434-2670011047-1523814120-1001\...\MountPoints2: {0af55bd3-5e95-11e4-8078-b8763f3ca5fa} - "I:\VerizonWirelessUpgradeAssistantSetup.exe" -a
HKU\S-1-5-21-2634294434-2670011047-1523814120-1001\...\MountPoints2: {a0d324af-4bc6-11e3-be65-806e6f6e6963} - "D:\autorun.exe"
HKU\S-1-5-21-2634294434-2670011047-1523814120-1001\...\MountPoints2: {e4e0e7c9-b74a-11e3-bf2b-b8763f3ca5fa} - "I:\MotoCastSetup.exe" -a
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartCapture.lnk [2013-11-14]
ShortcutTarget: SmartCapture.lnk -> C:\Program Files (x86)\Seiko Instruments Inc\Smart Label Printer 7.1.0\slpcap.exe (Seiko Instruments USA Inc.)
Startup: C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-08-25]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk *
GroupPolicyScripts: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1889D82F-5BCF-4391-978A-3D3573EDFFE3}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{1889D82F-5BCF-4391-978A-3D3573EDFFE3}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5E16A226-2D7E-4790-9ED8-23A33EE57750}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2634294434-2670011047-1523814120-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-2634294434-2670011047-1523814120-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2634294434-2670011047-1523814120-1001 -> DefaultScope {8D441F6F-E087-4F5C-AC02-2CA10E08196D} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2634294434-2670011047-1523814120-1001 -> {8D441F6F-E087-4F5C-AC02-2CA10E08196D} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2634294434-2670011047-1523814120-1001 -> {D9DA57FC-0DBC-456C-A9C1-A146508BA99B} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-30] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Ghostery Plugin -> {6BF739DD-3323-4C6A-975B-C7E00A50B154} -> C:\Program Files (x86)\Ghostery\bin\ghostery64.dll [2015-05-28] (Ghostery, Inc.)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-30] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
DPF: HKLM-x32 {A662DA7E-CCB7-4743-B71A-D817F6D575DF} hxxp://download.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-09-30] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\vi8eib1t.default
FF Homepage: hxxps://www.google.com/
FF NetworkProxy: "type", 0
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-10-01] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-10-01] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-10-01] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-09-30] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2014-02-18] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: F.B. Purity - Cleans Up Facebook - C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\vi8eib1t.default\Extensions\fbp@fbpurity.com.xpi [2014-04-03]
FF Extension: Ghostery - C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\vi8eib1t.default\Extensions\firefox@ghostery.com.xpi [2014-04-03]
FF Extension: Adblock Plus - C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\vi8eib1t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-03]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-04-10]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-10-01]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-10-01]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-10-01]
Chrome:
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kaspersky Protection) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2015-03-16]
CHR Extension: (Adblock Plus) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-17]
CHR Extension: (Kaspersky Protection) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-10-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Ghostery) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-03-17]
CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2015-03-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-14]
CHR Profile: C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Profile 1
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2013-06-25] (Atheros Commnucations) [File not signed]
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-10-01] (Kaspersky Lab ZAO)
R3 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
S4 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-12-03] (Creative Labs) [File not signed]
S4 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-12-03] (Creative Labs) [File not signed]
S4 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [114176 2014-11-26] (Creative Technology Ltd)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1027792 2012-07-26] (iolo technologies, LLC)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation)
S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2015-06-01] (NETGEAR)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-06-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307064 2015-07-31] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [129536 2013-07-05] (Advanced Micro Devices)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-10-01] (Kaspersky Lab UK Ltd)
R3 cthda; C:\Windows\system32\drivers\cthda.sys [1065728 2014-11-26] (Creative Technology Ltd)
R3 cthdb; C:\Windows\system32\DRIVERS\cthdb.sys [28440 2013-09-13] (Creative Technology Ltd)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows ® Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\ElRawDsk.sys [30752 2012-07-26] (EldoS Corporation)
S1 FileDisk; no ImagePath
R1 glancedrv; C:\Windows\system32\DRIVERS\glancedrv.sys [36384 2009-05-13] (Glance Networks, Inc)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-10-01] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [64368 2015-10-01] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [159960 2015-10-01] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [226480 2015-10-01] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [831664 2015-10-01] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39792 2015-10-01] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [40304 2015-10-01] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [39792 2015-10-01] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [24944 2015-10-01] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [77680 2015-10-01] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [85360 2015-10-01] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [190648 2015-10-01] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-09] (Intel Corporation)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2015-08-12] (CACE Technologies, Inc.)
R1 RawDisk3; C:\WINDOWS\system32\drivers\rawdsk3.sys [32912 2014-07-16] (EldoS Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-08-06] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 BTCFilterService; \SystemRoot\system32\DRIVERS\motfilt.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
R4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
S3 motccgp; \SystemRoot\System32\drivers\motccgp.sys [X]
S3 motccgpfl; \SystemRoot\System32\drivers\motccgpfl.sys [X]
S3 MotoSwitchService; \SystemRoot\System32\drivers\motswch.sys [X]
S3 Motousbnet; \SystemRoot\system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; \SystemRoot\System32\drivers\motusbdevice.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-01 09:52 - 2015-10-01 09:52 - 00026301 _____ C:\Users\Jean\Desktop\FRST.txt
2015-10-01 09:52 - 2015-10-01 09:52 - 00000000 ___DC C:\FRST
2015-10-01 09:46 - 2015-10-01 09:46 - 02192384 _____ (Farbar) C:\Users\Jean\Desktop\FRST64.exe
2015-10-01 08:38 - 2015-10-01 08:38 - 02172800 _____ (Kaspersky Lab) C:\Users\Jean\Downloads\kss15.0.0.740en_es_fr_pt_8648 (2).exe
2015-10-01 07:49 - 2015-10-01 07:49 - 00002350 _____ C:\Users\Jean\Desktop\Safe Money.lnk
2015-10-01 07:48 - 2015-10-01 07:54 - 00831664 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2015-10-01 07:48 - 2015-10-01 07:54 - 00159960 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klflt.sys
2015-10-01 07:48 - 2015-10-01 07:48 - 00002148 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-10-01 07:48 - 2015-10-01 07:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-10-01 07:48 - 2015-10-01 07:48 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-10-01 07:48 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2015-09-30 21:27 - 2015-09-30 21:31 - 00327680 _____ C:\Users\Jean\Desktop\KVRT.exe
2015-09-30 21:05 - 2015-09-30 21:08 - 02172800 _____ (Kaspersky Lab) C:\Users\Jean\Downloads\kss15.0.0.740en_es_fr_pt_8648 (1).exe
2015-09-30 20:54 - 2015-09-30 20:58 - 02172800 _____ (Kaspersky Lab) C:\Users\Jean\Downloads\kss15.0.0.740en_es_fr_pt_8648.exe
2015-09-30 15:18 - 2015-09-30 15:18 - 01670656 _____ C:\Users\Jean\Downloads\adwcleaner_5.009 (1).exe
2015-09-30 13:17 - 2015-09-30 13:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-09-30 13:01 - 2015-09-30 13:01 - 01670656 _____ C:\Users\Jean\Downloads\adwcleaner_5.009.exe
2015-09-30 12:56 - 2015-09-30 12:58 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Jean\Downloads\tdsskiller (2).exe
2015-09-30 12:11 - 2015-09-30 13:24 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-30 11:43 - 2015-09-30 17:02 - 00001652 _____ C:\WINDOWS\PFRO.log
2015-09-30 06:49 - 2015-10-01 07:46 - 00000693 _____ C:\WINDOWS\setupact.log
2015-09-30 06:49 - 2015-09-30 06:49 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-09-27 14:47 - 2015-10-01 09:18 - 01233037 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-26 19:16 - 2015-09-26 19:16 - 00344064 _____ C:\Users\Jean\Documents\Database3.accdb
2015-09-26 19:14 - 2015-09-27 11:28 - 00026923 _____ C:\Users\Jean\AppData\Roaming\Comma Separated Values.ADR
2015-09-25 07:30 - 2015-09-25 07:35 - 06677440 _____ (Piriform Ltd) C:\Users\Jean\Downloads\ccsetup510.exe
2015-09-24 12:37 - 2015-10-01 09:37 - 00000945 _____ C:\WINDOWS\Tasks\EPSON XP-820 Series Update {DB1C1639-0414-4C47-9BCD-1AD4F3E3486A}.job
2015-09-24 12:37 - 2015-10-01 09:37 - 00000945 _____ C:\WINDOWS\Tasks\EPSON XP-820 Series Update {24D3ED27-8640-4870-B2EF-987241C28BC6}.job
2015-09-24 12:37 - 2015-09-24 12:37 - 00003976 _____ C:\WINDOWS\System32\Tasks\EPSON XP-820 Series Update {DB1C1639-0414-4C47-9BCD-1AD4F3E3486A}
2015-09-24 12:37 - 2015-09-24 12:37 - 00003976 _____ C:\WINDOWS\System32\Tasks\EPSON XP-820 Series Update {24D3ED27-8640-4870-B2EF-987241C28BC6}
2015-09-23 17:13 - 2015-10-01 09:51 - 00000000 ____D C:\Users\Jean\Downloads\JulieHayden-1_files
2015-09-23 17:13 - 2015-09-23 17:13 - 01168372 _____ C:\Users\Jean\Downloads\JulieHayden-1.html
2015-09-14 18:06 - 2015-09-14 18:06 - 01058816 _____ C:\Users\Jean\Downloads\MicrosoftFixit50565 (2).msi
2015-09-13 17:11 - 2015-09-13 17:39 - 41504688 _____ (Dell Inc.) C:\Users\Jean\Downloads\Chipset_Driver_9V8W8_WN_9.5.13.1706_A00.EXE
2015-09-13 17:05 - 2015-09-13 17:03 - 00417064 _____ () C:\Users\Jean\Downloads\DellSystemDetect.exe
2015-09-09 17:40 - 2015-09-09 17:42 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Jean\Downloads\tdsskiller (1).exe
2015-09-09 17:29 - 2015-09-09 17:31 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Jean\Downloads\iExplore.exe
2015-09-09 13:52 - 2015-08-22 13:19 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 13:52 - 2015-08-22 12:35 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 13:52 - 2015-08-22 12:34 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 13:52 - 2015-08-22 12:22 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 13:52 - 2015-08-22 12:21 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 13:52 - 2015-08-22 12:20 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-09 13:52 - 2015-08-22 11:55 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 13:52 - 2015-08-22 11:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 13:52 - 2015-08-22 11:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-09-09 13:52 - 2015-08-22 11:45 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 13:52 - 2015-08-22 11:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-09-09 13:52 - 2015-08-22 11:41 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 13:52 - 2015-08-22 11:41 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-09-09 13:52 - 2015-08-22 11:41 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-09-09 13:52 - 2015-08-22 11:41 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-09-09 13:52 - 2015-08-22 11:39 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-09-09 13:52 - 2015-08-22 11:28 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-09-09 13:52 - 2015-08-22 11:26 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-09 13:52 - 2015-08-22 11:23 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-09-09 13:52 - 2015-08-22 11:22 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 13:52 - 2015-08-22 11:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-09-09 13:52 - 2015-08-22 11:18 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-09-09 13:52 - 2015-08-22 11:18 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-09-09 13:52 - 2015-08-22 11:18 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-09-09 13:52 - 2015-08-22 11:14 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-09 13:52 - 2015-08-22 11:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-09-09 13:52 - 2015-08-22 11:00 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-09 13:52 - 2015-08-22 10:56 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-09 13:52 - 2015-08-22 10:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-09-09 13:52 - 2015-07-16 15:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-09-09 13:52 - 2015-07-16 15:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-09-09 13:52 - 2015-07-16 14:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-09-09 13:52 - 2015-07-16 14:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-09-09 13:52 - 2015-07-16 14:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-09-09 13:52 - 2015-07-16 14:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-09-09 13:52 - 2015-07-16 13:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-09-09 13:23 - 2015-09-09 13:29 - 06667640 _____ (Piriform Ltd) C:\Users\Jean\Downloads\ccsetup509.exe
2015-09-07 10:40 - 2015-09-07 10:40 - 00001155 _____ C:\Users\Jean\Desktop\Living Cookbook 2013.lnk
2015-09-07 10:40 - 2015-09-07 10:40 - 00000000 __HDC C:\Users\Jean\AppData\Local\{A0358553-E7F9-44D0-9E90-3B9DAF7F207C}
2015-09-07 10:38 - 2015-09-07 10:40 - 00000000 ____D C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Living Cookbook
2015-09-07 10:38 - 2015-09-07 10:38 - 00000000 ____D C:\Program Files (x86)\Radium Technologies
2015-09-01 16:01 - 2015-09-01 16:01 - 00003182 _____ C:\WINDOWS\System32\Tasks\{7696ABBB-625D-4D2A-8C1B-8D1453ECA946}
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-01 09:51 - 2014-11-08 21:10 - 00000000 ____D C:\Users\Jean\Downloads\Help Guide   Sony a5000_files
2015-10-01 09:51 - 2014-07-03 09:09 - 00000000 ____D C:\Users\Jean\Downloads\Order Confirmation-bjs_files
2015-10-01 09:51 - 2014-07-03 08:51 - 00000000 ____D C:\Users\Jean\Downloads\Sure Fit Stretch Pinstripe T-Cushion Loveseat Slipcover - French Blue - BJ's Wholesale Club_files
2015-10-01 09:51 - 2014-04-13 09:24 - 00000000 ____D C:\Users\Jean\Downloads\Early Sumner County Marriage Records Through 1850, Grooms - Ro_files
2015-10-01 09:51 - 2013-11-16 20:07 - 00000000 ____D C:\Users\Jean\Downloads\SpyHunter - Purchase_files
2015-10-01 09:51 - 2013-11-12 16:09 - 00822272 ___SH C:\Users\Jean\Downloads\Thumbs.db
2015-10-01 09:49 - 2013-11-12 16:01 - 00000000 ____D C:\Users\Jean\Documents\Outlook Files
2015-10-01 09:20 - 2014-11-11 15:11 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-10-01 09:02 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-01 08:56 - 2013-11-13 10:39 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2634294434-2670011047-1523814120-1001
2015-10-01 08:35 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-01 08:33 - 2014-11-22 14:12 - 00085360 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klwtp.sys
2015-10-01 08:33 - 2014-11-20 13:39 - 00077680 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klwfp.sys
2015-10-01 08:33 - 2014-11-10 17:48 - 00190648 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kneps.sys
2015-10-01 08:33 - 2014-10-10 17:02 - 00039792 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klim6.sys
2015-10-01 08:33 - 2014-08-19 12:31 - 00064368 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kldisk.sys
2015-10-01 08:33 - 2014-03-31 10:47 - 00478392 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kl1.sys
2015-10-01 08:33 - 2013-04-12 14:34 - 00024944 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klpd.sys
2015-10-01 08:14 - 2014-06-09 09:10 - 00007622 _____ C:\Users\Jean\AppData\Local\resmon.resmoncfg
2015-10-01 07:54 - 2014-10-30 04:22 - 00040304 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klkbdflt.sys
2015-10-01 07:54 - 2014-10-22 21:13 - 00226480 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klhk.sys
2015-10-01 07:54 - 2013-08-08 16:11 - 00039792 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klmouflt.sys
2015-10-01 07:54 - 2013-01-14 20:10 - 00247016 _____ (Kaspersky Lab UK Ltd) C:\WINDOWS\system32\Drivers\cm_km_w.sys
2015-10-01 07:50 - 2013-11-14 02:29 - 00885800 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-01 07:48 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-10-01 07:48 - 2012-07-26 03:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-10-01 07:47 - 2015-08-27 07:12 - 00095939 _____ C:\Users\Jean\Sti_Trace.log
2015-10-01 07:46 - 2015-08-24 08:37 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2015-10-01 07:46 - 2014-02-21 13:06 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-01 07:46 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-30 21:11 - 2014-06-30 10:09 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-30 20:59 - 2015-04-11 08:09 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-09-30 20:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-30 20:26 - 2014-11-18 08:44 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D79D93AE-2837-4E86-971F-78943BF032F6}
2015-09-30 13:27 - 2015-08-24 07:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-09-30 13:02 - 2015-08-05 23:31 - 00000000 ___DC C:\AdwCleaner
2015-09-30 12:07 - 2013-08-22 08:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-09-30 11:42 - 2013-11-14 14:59 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2634294434-2670011047-1523814120-1004
2015-09-30 11:28 - 2013-11-14 15:43 - 00000000 ____D C:\Users\Rolly\Documents\Outlook Files
2015-09-30 11:27 - 2015-08-26 19:46 - 00071222 _____ C:\Users\Rolly\Sti_Trace.log
2015-09-29 18:48 - 2013-11-14 16:30 - 00003942 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B80DA2D2-0021-49A6-A938-7FAF40393B54}
2015-09-27 14:47 - 2014-02-16 12:39 - 00000000 ____D C:\Users\Jean
2015-09-27 14:45 - 2014-07-04 14:09 - 00000000 ____D C:\WINDOWS\system32\config\SM Registry Backup
2015-09-27 14:44 - 2015-08-07 17:15 - 00000000 ____D C:\Users\Jean\AppData\Local\CrashDumps
2015-09-27 07:08 - 2013-11-14 16:07 - 00000000 ____D C:\Users\Rolly\Documents\Excel
2015-09-27 06:30 - 2014-10-20 08:11 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-27 06:27 - 2013-11-14 11:12 - 00000000 ____D C:\Program Files\office.tmp
2015-09-26 19:01 - 2013-11-14 16:07 - 00000000 ____D C:\Users\Rolly\Documents\Access
2015-09-26 16:30 - 2013-11-12 15:59 - 00000000 ____D C:\Users\Jean\Documents\Living Cookbook Backups
2015-09-25 07:38 - 2013-11-16 15:30 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-09-25 07:38 - 2013-11-16 15:30 - 00000000 ____D C:\Program Files\CCleaner
2015-09-24 21:17 - 2013-11-14 18:56 - 00000000 ____D C:\ProgramData\Smart Label Printer
2015-09-24 21:16 - 2013-11-12 16:08 - 00000000 ____D C:\Users\Jean\Documents\Word
2015-09-24 20:36 - 2013-11-12 13:25 - 00000000 ____D C:\Users\Jean\AppData\Local\Packages
2015-09-24 12:44 - 2015-08-26 19:00 - 00000874 _____ C:\Users\Public\Desktop\Print CD.lnk
2015-09-24 12:44 - 2015-08-26 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2015-09-24 12:44 - 2015-08-26 18:57 - 00000000 ____D C:\Program Files (x86)\EPSON Software
2015-09-24 12:44 - 2013-11-20 19:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-24 12:44 - 2013-11-14 02:17 - 00000000 ____D C:\WINDOWS\ShellNew
2015-09-24 12:38 - 2015-08-26 18:57 - 00000000 ____D C:\Program Files (x86)\epson
2015-09-22 11:56 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-19 20:40 - 2014-02-16 12:39 - 00000000 ____D C:\Users\Rolly
2015-09-19 10:50 - 2013-11-12 15:48 - 00000000 ____D C:\Users\Jean\Documents\Family Tree Maker
2015-09-18 14:16 - 2014-02-16 14:37 - 00000000 ___DC C:\WINDOWS\Panther
2015-09-16 06:27 - 2014-02-21 13:06 - 00003904 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-16 06:27 - 2014-02-21 13:06 - 00003668 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-16 06:27 - 2014-02-21 13:06 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-15 19:22 - 2013-11-14 16:06 - 00000000 ____D C:\Users\Rolly\AppData\Local\Google
2015-09-13 17:06 - 2014-08-13 09:33 - 00000000 ____D C:\Users\Jean\AppData\Local\Deployment
2015-09-13 17:05 - 2014-08-13 09:34 - 00000000 ____D C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2015-09-13 10:26 - 2015-07-02 06:53 - 00000000 ___RD C:\Users\Jean\OneDrive
2015-09-13 10:26 - 2014-05-18 19:22 - 00003102 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2634294434-2670011047-1523814120-1001
2015-09-13 10:07 - 2013-11-14 19:06 - 00033043 _____ C:\ProgramData\hpzinstall.log
2015-09-12 16:56 - 2015-08-26 19:00 - 00000000 ____D C:\Users\Jean\AppData\Roaming\Epson
2015-09-12 16:55 - 2015-08-26 19:46 - 00000000 ____D C:\Users\Rolly\AppData\Roaming\Epson
2015-09-09 20:38 - 2013-11-14 10:52 - 00000000 ____D C:\Users\Jean\AppData\Local\Google
2015-09-09 20:11 - 2014-03-19 16:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-09 20:08 - 2014-11-11 10:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-09 17:45 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2015-09-09 17:05 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-06 17:12 - 2015-08-24 17:49 - 00000000 ____D C:\Program Files (x86)\Windows Password Key Standard
2015-09-06 17:12 - 2013-11-14 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-09-03 18:45 - 2013-11-14 16:06 - 00000000 ____D C:\Users\Rolly\AppData\Local\CrashDumps
==================== Files in the root of some directories =======
2015-09-26 19:14 - 2015-09-27 11:28 - 0026923 _____ () C:\Users\Jean\AppData\Roaming\Comma Separated Values.ADR
2014-04-20 12:41 - 2014-04-20 12:41 - 0000055 _____ () C:\Users\Jean\AppData\Roaming\mbam.context.scan
2014-06-09 09:10 - 2015-10-01 08:14 - 0007622 _____ () C:\Users\Jean\AppData\Local\resmon.resmoncfg
2014-12-16 10:50 - 2014-12-16 10:50 - 2440206 _____ () C:\Users\Jean\AppData\Local\[j0011]-[p01].bmp
2013-11-14 19:06 - 2015-09-13 10:07 - 0033043 _____ () C:\ProgramData\hpzinstall.log
Files to move or delete:
====================
C:\Users\Jean\Test.bat
Some files in TEMP:
====================
C:\Users\Jean\AppData\Local\Temp\autorun.dll
C:\Users\Jean\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Jean\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-10-01 07:59
==================== End of FRST.txt ============================
 
 
Why is the file attachment option missing? 
 
I can't attach the addition.txt.

Edit: Moved topic from Am I infected? What do I do? to the more appropriate forum. You can now attach addition.txt with a reply if you wish. The Am I Infected forum does not allow attachments for security reasons. ~ Animal

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:17 PM

Posted 02 October 2015 - 07:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Why is the file attachment option missing?

Next time you post a reply before you press the Post button, select the More Reply Options
Follow the instructions to attach the Addition.txt file.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicyScripts: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S1 FileDisk; no ImagePath
S3 BTCFilterService; \SystemRoot\system32\DRIVERS\motfilt.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
R4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
S3 motccgp; \SystemRoot\System32\drivers\motccgp.sys [X]
S3 motccgpfl; \SystemRoot\System32\drivers\motccgpfl.sys [X]
S3 MotoSwitchService; \SystemRoot\System32\drivers\motswch.sys [X]
S3 Motousbnet; \SystemRoot\system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; \SystemRoot\System32\drivers\motusbdevice.sys [X]
cmd: ipconfig /flushdns
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#3 littlefizz

littlefizz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 02 October 2015 - 08:30 AM

Thanks for steering me toward the attachment location.  I looked everywhere but there.....too obvious, I guess.

 

Yes, after running the fixlist, computer is faster.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:30-09-2015
Ran by Jean (2015-10-02 08:22:12) Run:1
Running from C:\Users\Jean\Desktop
Loaded Profiles: Jean & Rolly (Available Profiles: Jean & Rolly & Admin & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicyScripts: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S1 FileDisk; no ImagePath
S3 BTCFilterService; \SystemRoot\system32\DRIVERS\motfilt.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
R4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
S3 motccgp; \SystemRoot\System32\drivers\motccgp.sys [X]
S3 motccgpfl; \SystemRoot\System32\drivers\motccgpfl.sys [X]
S3 MotoSwitchService; \SystemRoot\System32\drivers\motswch.sys [X]
S3 Motousbnet; \SystemRoot\system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; \SystemRoot\System32\drivers\motusbdevice.sys [X]
cmd: ipconfig /flushdns
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
FileDisk => service removed successfully
BTCFilterService => service removed successfully
esgiguard => service removed successfully
klkbdflt2 => service could not remove
motccgp => service removed successfully
motccgpfl => service removed successfully
MotoSwitchService => service removed successfully
Motousbnet => service removed successfully
motusbdevice => service removed successfully

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========  netsh int ipv4 reset =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

=========  netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

EmptyTemp: => 378.4 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 08:22:27 ====

 

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:17 PM

Posted 02 October 2015 - 12:28 PM

The logs are clean.

Any remaining issues?

#5 littlefizz

littlefizz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 02 October 2015 - 01:48 PM

Thank you so much.

 

Seems to be running fine now.



#6 littlefizz

littlefizz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 02 October 2015 - 08:16 PM

Well...it is back to running slow and dropping the connection after a few hours of normalcy.

 

 

I reran FRST:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-09-2015
Ran by Jean (administrator) on HARDWOODMAIN (02-10-2015 20:07:37)
Running from C:\Users\Jean\Desktop
Loaded Profiles: Jean (Available Profiles: Jean & Rolly & Admin & Guest)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINME.EXE
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\plugin-nm-server.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3164536 2013-06-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster Recon3D PCIe Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe [886272 2012-05-17] (Creative Technology Ltd)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5524336 2013-06-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-07-31] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2015-07-31] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650784 2015-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863776 2015-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065968 2015-07-23] (SEIKO EPSON CORPORATION)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2634294434-2670011047-1523814120-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2015-06-01] (NETGEAR Inc.)
HKU\S-1-5-21-2634294434-2670011047-1523814120-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINME.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2634294434-2670011047-1523814120-1001\...\MountPoints2: {0af55bd3-5e95-11e4-8078-b8763f3ca5fa} - "I:\VerizonWirelessUpgradeAssistantSetup.exe" -a
HKU\S-1-5-21-2634294434-2670011047-1523814120-1001\...\MountPoints2: {a0d324af-4bc6-11e3-be65-806e6f6e6963} - "D:\autorun.exe"
HKU\S-1-5-21-2634294434-2670011047-1523814120-1001\...\MountPoints2: {e4e0e7c9-b74a-11e3-bf2b-b8763f3ca5fa} - "I:\MotoCastSetup.exe" -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartCapture.lnk [2013-11-14]
ShortcutTarget: SmartCapture.lnk -> C:\Program Files (x86)\Seiko Instruments Inc\Smart Label Printer 7.1.0\slpcap.exe (Seiko Instruments USA Inc.)
Startup: C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-08-25]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1889D82F-5BCF-4391-978A-3D3573EDFFE3}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{1889D82F-5BCF-4391-978A-3D3573EDFFE3}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5E16A226-2D7E-4790-9ED8-23A33EE57750}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2634294434-2670011047-1523814120-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-2634294434-2670011047-1523814120-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2634294434-2670011047-1523814120-1001 -> DefaultScope {8D441F6F-E087-4F5C-AC02-2CA10E08196D} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2634294434-2670011047-1523814120-1001 -> {8D441F6F-E087-4F5C-AC02-2CA10E08196D} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2634294434-2670011047-1523814120-1001 -> {D9DA57FC-0DBC-456C-A9C1-A146508BA99B} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-01] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Ghostery Plugin -> {6BF739DD-3323-4C6A-975B-C7E00A50B154} -> C:\Program Files (x86)\Ghostery\bin\ghostery64.dll [2015-05-28] (Ghostery, Inc.)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-01] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
DPF: HKLM-x32 {A662DA7E-CCB7-4743-B71A-D817F6D575DF} hxxp://download.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-10-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\vi8eib1t.default
FF Homepage: hxxps://www.google.com/
FF NetworkProxy: "type", 0
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-10-01] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-10-01] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-10-01] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2014-02-18] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: F.B. Purity - Cleans Up Facebook - C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\vi8eib1t.default\Extensions\fbp@fbpurity.com.xpi [2014-04-03]
FF Extension: Ghostery - C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\vi8eib1t.default\Extensions\firefox@ghostery.com.xpi [2014-04-03]
FF Extension: Adblock Plus - C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\vi8eib1t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-03]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-04-10]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-10-01]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-10-01]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-10-01]

Chrome:
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kaspersky Protection) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2015-03-16]
CHR Extension: (Adblock Plus) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-17]
CHR Extension: (Kaspersky Protection) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-10-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Ghostery) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-03-17]
CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2015-03-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-14]
CHR Profile: C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Profile 1
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2013-06-25] (Atheros Commnucations) [File not signed]
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-10-01] (Kaspersky Lab ZAO)
S3 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
S4 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-12-03] (Creative Labs) [File not signed]
S4 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-12-03] (Creative Labs) [File not signed]
S4 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [114176 2014-11-26] (Creative Technology Ltd)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1027792 2012-07-26] (iolo technologies, LLC)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation)
S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2015-06-01] (NETGEAR)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-06-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307064 2015-07-31] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [129536 2013-07-05] (Advanced Micro Devices)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-10-01] (Kaspersky Lab UK Ltd)
R3 cthda; C:\Windows\system32\drivers\cthda.sys [1065728 2014-11-26] (Creative Technology Ltd)
R3 cthdb; C:\Windows\system32\DRIVERS\cthdb.sys [28440 2013-09-13] (Creative Technology Ltd)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows ® Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\ElRawDsk.sys [30752 2012-07-26] (EldoS Corporation)
R1 glancedrv; C:\Windows\system32\DRIVERS\glancedrv.sys [36384 2009-05-13] (Glance Networks, Inc)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-10-01] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [64368 2015-10-01] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [159960 2015-10-01] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [226480 2015-10-01] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [831664 2015-10-01] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39792 2015-10-01] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [40304 2015-10-01] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [39792 2015-10-01] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [24944 2015-10-01] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [77680 2015-10-01] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [85360 2015-10-01] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [190648 2015-10-01] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-09] (Intel Corporation)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2015-08-12] (CACE Technologies, Inc.)
R1 RawDisk3; C:\WINDOWS\system32\drivers\rawdsk3.sys [32912 2014-07-16] (EldoS Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-08-06] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-02 08:23 - 2015-10-02 08:23 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-10-01 19:27 - 2015-10-01 19:27 - 00002350 _____ C:\Users\Rolly\Desktop\Safe Money.lnk
2015-10-01 09:52 - 2015-10-02 20:07 - 00024292 _____ C:\Users\Jean\Desktop\FRST.txt
2015-10-01 09:52 - 2015-10-02 20:07 - 00000000 ___DC C:\FRST
2015-10-01 09:52 - 2015-10-02 08:21 - 00048752 _____ C:\Users\Jean\Desktop\FRST1.txt
2015-10-01 09:52 - 2015-10-01 09:52 - 00032832 _____ C:\Users\Jean\Desktop\Addition1.txt
2015-10-01 09:46 - 2015-10-01 09:46 - 02192384 _____ (Farbar) C:\Users\Jean\Desktop\FRST64.exe
2015-10-01 08:38 - 2015-10-01 08:38 - 02172800 _____ (Kaspersky Lab) C:\Users\Jean\Downloads\kss15.0.0.740en_es_fr_pt_8648 (2).exe
2015-10-01 07:49 - 2015-10-01 07:49 - 00002350 _____ C:\Users\Jean\Desktop\Safe Money.lnk
2015-10-01 07:48 - 2015-10-01 07:54 - 00831664 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2015-10-01 07:48 - 2015-10-01 07:54 - 00159960 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klflt.sys
2015-10-01 07:48 - 2015-10-01 07:48 - 00002148 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-10-01 07:48 - 2015-10-01 07:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-10-01 07:48 - 2015-10-01 07:48 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-10-01 07:48 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2015-09-30 21:27 - 2015-09-30 21:31 - 00327680 _____ C:\Users\Jean\Desktop\KVRT.exe
2015-09-30 21:05 - 2015-09-30 21:08 - 02172800 _____ (Kaspersky Lab) C:\Users\Jean\Downloads\kss15.0.0.740en_es_fr_pt_8648 (1).exe
2015-09-30 20:54 - 2015-09-30 20:58 - 02172800 _____ (Kaspersky Lab) C:\Users\Jean\Downloads\kss15.0.0.740en_es_fr_pt_8648.exe
2015-09-30 15:18 - 2015-09-30 15:18 - 01670656 _____ C:\Users\Jean\Downloads\adwcleaner_5.009 (1).exe
2015-09-30 13:17 - 2015-09-30 13:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-09-30 13:01 - 2015-09-30 13:01 - 01670656 _____ C:\Users\Jean\Downloads\adwcleaner_5.009.exe
2015-09-30 12:56 - 2015-09-30 12:58 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Jean\Downloads\tdsskiller (2).exe
2015-09-30 12:11 - 2015-10-02 07:08 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-30 11:43 - 2015-10-02 16:09 - 00005156 _____ C:\WINDOWS\PFRO.log
2015-09-30 06:49 - 2015-10-02 20:04 - 00001309 _____ C:\WINDOWS\setupact.log
2015-09-30 06:49 - 2015-09-30 06:49 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-09-27 14:47 - 2015-10-02 20:05 - 02060218 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-26 19:16 - 2015-09-26 19:16 - 00344064 _____ C:\Users\Jean\Documents\Database3.accdb
2015-09-26 19:14 - 2015-09-27 11:28 - 00026923 _____ C:\Users\Jean\AppData\Roaming\Comma Separated Values.ADR
2015-09-25 07:30 - 2015-09-25 07:35 - 06677440 _____ (Piriform Ltd) C:\Users\Jean\Downloads\ccsetup510.exe
2015-09-24 12:37 - 2015-10-02 19:37 - 00000945 _____ C:\WINDOWS\Tasks\EPSON XP-820 Series Update {DB1C1639-0414-4C47-9BCD-1AD4F3E3486A}.job
2015-09-24 12:37 - 2015-10-02 19:37 - 00000945 _____ C:\WINDOWS\Tasks\EPSON XP-820 Series Update {24D3ED27-8640-4870-B2EF-987241C28BC6}.job
2015-09-24 12:37 - 2015-09-24 12:37 - 00003976 _____ C:\WINDOWS\System32\Tasks\EPSON XP-820 Series Update {DB1C1639-0414-4C47-9BCD-1AD4F3E3486A}
2015-09-24 12:37 - 2015-09-24 12:37 - 00003976 _____ C:\WINDOWS\System32\Tasks\EPSON XP-820 Series Update {24D3ED27-8640-4870-B2EF-987241C28BC6}
2015-09-23 17:13 - 2015-10-01 09:51 - 00000000 ____D C:\Users\Jean\Downloads\JulieHayden-1_files
2015-09-23 17:13 - 2015-09-23 17:13 - 01168372 _____ C:\Users\Jean\Downloads\JulieHayden-1.html
2015-09-14 18:06 - 2015-09-14 18:06 - 01058816 _____ C:\Users\Jean\Downloads\MicrosoftFixit50565 (2).msi
2015-09-13 17:11 - 2015-09-13 17:39 - 41504688 _____ (Dell Inc.) C:\Users\Jean\Downloads\Chipset_Driver_9V8W8_WN_9.5.13.1706_A00.EXE
2015-09-13 17:05 - 2015-09-13 17:03 - 00417064 _____ () C:\Users\Jean\Downloads\DellSystemDetect.exe
2015-09-09 17:40 - 2015-09-09 17:42 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Jean\Downloads\tdsskiller (1).exe
2015-09-09 17:29 - 2015-09-09 17:31 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Jean\Downloads\iExplore.exe
2015-09-09 13:52 - 2015-08-22 13:19 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 13:52 - 2015-08-22 12:35 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 13:52 - 2015-08-22 12:34 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 13:52 - 2015-08-22 12:22 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 13:52 - 2015-08-22 12:21 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 13:52 - 2015-08-22 12:20 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-09 13:52 - 2015-08-22 11:55 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 13:52 - 2015-08-22 11:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 13:52 - 2015-08-22 11:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-09-09 13:52 - 2015-08-22 11:45 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 13:52 - 2015-08-22 11:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-09-09 13:52 - 2015-08-22 11:41 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 13:52 - 2015-08-22 11:41 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-09-09 13:52 - 2015-08-22 11:41 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-09-09 13:52 - 2015-08-22 11:41 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-09-09 13:52 - 2015-08-22 11:39 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-09-09 13:52 - 2015-08-22 11:28 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-09-09 13:52 - 2015-08-22 11:26 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-09 13:52 - 2015-08-22 11:23 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-09-09 13:52 - 2015-08-22 11:22 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 13:52 - 2015-08-22 11:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-09-09 13:52 - 2015-08-22 11:18 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-09-09 13:52 - 2015-08-22 11:18 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-09-09 13:52 - 2015-08-22 11:18 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-09-09 13:52 - 2015-08-22 11:14 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-09 13:52 - 2015-08-22 11:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-09-09 13:52 - 2015-08-22 11:00 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-09 13:52 - 2015-08-22 10:56 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-09 13:52 - 2015-08-22 10:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-09-09 13:52 - 2015-07-16 15:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-09-09 13:52 - 2015-07-16 15:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-09-09 13:52 - 2015-07-16 14:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-09-09 13:52 - 2015-07-16 14:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-09-09 13:52 - 2015-07-16 14:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-09-09 13:52 - 2015-07-16 14:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-09-09 13:52 - 2015-07-16 13:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-09-09 13:23 - 2015-09-09 13:29 - 06667640 _____ (Piriform Ltd) C:\Users\Jean\Downloads\ccsetup509.exe
2015-09-07 10:40 - 2015-09-07 10:40 - 00001155 _____ C:\Users\Jean\Desktop\Living Cookbook 2013.lnk
2015-09-07 10:40 - 2015-09-07 10:40 - 00000000 __HDC C:\Users\Jean\AppData\Local\{A0358553-E7F9-44D0-9E90-3B9DAF7F207C}
2015-09-07 10:38 - 2015-09-07 10:40 - 00000000 ____D C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Living Cookbook
2015-09-07 10:38 - 2015-09-07 10:38 - 00000000 ____D C:\Program Files (x86)\Radium Technologies

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-02 20:04 - 2015-08-27 07:12 - 00103943 _____ C:\Users\Jean\Sti_Trace.log
2015-10-02 20:04 - 2015-08-24 08:37 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2015-10-02 20:04 - 2014-11-11 15:11 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-10-02 20:04 - 2014-02-21 13:06 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-02 20:04 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-02 20:03 - 2013-08-22 08:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-10-02 20:00 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-02 19:58 - 2013-11-14 14:59 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2634294434-2670011047-1523814120-1004
2015-10-02 19:47 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-02 19:41 - 2013-11-14 02:29 - 00885800 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-02 19:37 - 2015-08-26 19:46 - 00075595 _____ C:\Users\Rolly\Sti_Trace.log
2015-10-02 18:56 - 2013-11-14 15:43 - 00000000 ____D C:\Users\Rolly\Documents\Outlook Files
2015-10-02 18:56 - 2013-11-12 16:01 - 00000000 ____D C:\Users\Jean\Documents\Outlook Files
2015-10-02 16:09 - 2014-03-19 16:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-02 15:59 - 2014-11-11 10:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-02 14:39 - 2013-11-12 15:48 - 00000000 ____D C:\Users\Jean\Documents\Family Tree Maker
2015-10-02 08:22 - 2015-08-07 17:15 - 00000000 ____D C:\Users\Jean\AppData\Local\CrashDumps
2015-10-02 08:22 - 2012-07-26 03:12 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-10-01 22:09 - 2014-11-18 08:44 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D79D93AE-2837-4E86-971F-78943BF032F6}
2015-10-01 20:52 - 2013-11-14 16:30 - 00003942 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B80DA2D2-0021-49A6-A938-7FAF40393B54}
2015-10-01 18:14 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-10-01 16:13 - 2013-11-13 10:39 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2634294434-2670011047-1523814120-1001
2015-10-01 09:51 - 2014-11-08 21:10 - 00000000 ____D C:\Users\Jean\Downloads\Help Guide   Sony a5000_files
2015-10-01 09:51 - 2014-07-03 09:09 - 00000000 ____D C:\Users\Jean\Downloads\Order Confirmation-bjs_files
2015-10-01 09:51 - 2014-07-03 08:51 - 00000000 ____D C:\Users\Jean\Downloads\Sure Fit Stretch Pinstripe T-Cushion Loveseat Slipcover - French Blue - BJ's Wholesale Club_files
2015-10-01 09:51 - 2014-04-13 09:24 - 00000000 ____D C:\Users\Jean\Downloads\Early Sumner County Marriage Records Through 1850, Grooms - Ro_files
2015-10-01 09:51 - 2013-11-16 20:07 - 00000000 ____D C:\Users\Jean\Downloads\SpyHunter - Purchase_files
2015-10-01 09:51 - 2013-11-12 16:09 - 00822272 ___SH C:\Users\Jean\Downloads\Thumbs.db
2015-10-01 08:33 - 2014-11-22 14:12 - 00085360 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klwtp.sys
2015-10-01 08:33 - 2014-11-20 13:39 - 00077680 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klwfp.sys
2015-10-01 08:33 - 2014-11-10 17:48 - 00190648 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kneps.sys
2015-10-01 08:33 - 2014-10-10 17:02 - 00039792 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klim6.sys
2015-10-01 08:33 - 2014-08-19 12:31 - 00064368 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kldisk.sys
2015-10-01 08:33 - 2014-03-31 10:47 - 00478392 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kl1.sys
2015-10-01 08:33 - 2013-04-12 14:34 - 00024944 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klpd.sys
2015-10-01 08:14 - 2014-06-09 09:10 - 00007622 _____ C:\Users\Jean\AppData\Local\resmon.resmoncfg
2015-10-01 07:54 - 2014-10-30 04:22 - 00040304 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klkbdflt.sys
2015-10-01 07:54 - 2014-10-22 21:13 - 00226480 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klhk.sys
2015-10-01 07:54 - 2013-08-08 16:11 - 00039792 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klmouflt.sys
2015-10-01 07:54 - 2013-01-14 20:10 - 00247016 _____ (Kaspersky Lab UK Ltd) C:\WINDOWS\system32\Drivers\cm_km_w.sys
2015-10-01 07:48 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-10-01 07:48 - 2012-07-26 03:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-09-30 21:11 - 2014-06-30 10:09 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-30 20:59 - 2015-04-11 08:09 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-09-30 13:27 - 2015-08-24 07:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-09-30 13:02 - 2015-08-05 23:31 - 00000000 ___DC C:\AdwCleaner
2015-09-27 14:47 - 2014-02-16 12:39 - 00000000 ____D C:\Users\Jean
2015-09-27 14:45 - 2014-07-04 14:09 - 00000000 ____D C:\WINDOWS\system32\config\SM Registry Backup
2015-09-27 07:08 - 2013-11-14 16:07 - 00000000 ____D C:\Users\Rolly\Documents\Excel
2015-09-27 06:30 - 2014-10-20 08:11 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-27 06:27 - 2013-11-14 11:12 - 00000000 ____D C:\Program Files\office.tmp
2015-09-26 19:01 - 2013-11-14 16:07 - 00000000 ____D C:\Users\Rolly\Documents\Access
2015-09-26 16:30 - 2013-11-12 15:59 - 00000000 ____D C:\Users\Jean\Documents\Living Cookbook Backups
2015-09-25 07:38 - 2013-11-16 15:30 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-09-25 07:38 - 2013-11-16 15:30 - 00000000 ____D C:\Program Files\CCleaner
2015-09-24 21:17 - 2013-11-14 18:56 - 00000000 ____D C:\ProgramData\Smart Label Printer
2015-09-24 21:16 - 2013-11-12 16:08 - 00000000 ____D C:\Users\Jean\Documents\Word
2015-09-24 20:36 - 2013-11-12 13:25 - 00000000 ____D C:\Users\Jean\AppData\Local\Packages
2015-09-24 12:44 - 2015-08-26 19:00 - 00000874 _____ C:\Users\Public\Desktop\Print CD.lnk
2015-09-24 12:44 - 2015-08-26 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2015-09-24 12:44 - 2015-08-26 18:57 - 00000000 ____D C:\Program Files (x86)\EPSON Software
2015-09-24 12:44 - 2013-11-20 19:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-24 12:44 - 2013-11-14 02:17 - 00000000 ____D C:\WINDOWS\ShellNew
2015-09-24 12:38 - 2015-08-26 18:57 - 00000000 ____D C:\Program Files (x86)\epson
2015-09-22 11:56 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-19 20:40 - 2014-02-16 12:39 - 00000000 ____D C:\Users\Rolly
2015-09-18 14:16 - 2014-02-16 14:37 - 00000000 ___DC C:\WINDOWS\Panther
2015-09-16 06:27 - 2014-02-21 13:06 - 00003904 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-16 06:27 - 2014-02-21 13:06 - 00003668 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-16 06:27 - 2014-02-21 13:06 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-15 19:22 - 2013-11-14 16:06 - 00000000 ____D C:\Users\Rolly\AppData\Local\Google
2015-09-13 17:06 - 2014-08-13 09:33 - 00000000 ____D C:\Users\Jean\AppData\Local\Deployment
2015-09-13 17:05 - 2014-08-13 09:34 - 00000000 ____D C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2015-09-13 10:26 - 2015-07-02 06:53 - 00000000 ___RD C:\Users\Jean\OneDrive
2015-09-13 10:26 - 2014-05-18 19:22 - 00003102 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2634294434-2670011047-1523814120-1001
2015-09-13 10:07 - 2013-11-14 19:06 - 00033043 _____ C:\ProgramData\hpzinstall.log
2015-09-12 16:56 - 2015-08-26 19:00 - 00000000 ____D C:\Users\Jean\AppData\Roaming\Epson
2015-09-12 16:55 - 2015-08-26 19:46 - 00000000 ____D C:\Users\Rolly\AppData\Roaming\Epson
2015-09-09 20:38 - 2013-11-14 10:52 - 00000000 ____D C:\Users\Jean\AppData\Local\Google
2015-09-09 17:45 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2015-09-09 17:05 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-06 17:12 - 2015-08-24 17:49 - 00000000 ____D C:\Program Files (x86)\Windows Password Key Standard
2015-09-06 17:12 - 2013-11-14 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-09-03 18:45 - 2013-11-14 16:06 - 00000000 ____D C:\Users\Rolly\AppData\Local\CrashDumps

==================== Files in the root of some directories =======

2015-09-26 19:14 - 2015-09-27 11:28 - 0026923 _____ () C:\Users\Jean\AppData\Roaming\Comma Separated Values.ADR
2014-04-20 12:41 - 2014-04-20 12:41 - 0000055 _____ () C:\Users\Jean\AppData\Roaming\mbam.context.scan
2014-06-09 09:10 - 2015-10-01 08:14 - 0007622 _____ () C:\Users\Jean\AppData\Local\resmon.resmoncfg
2014-12-16 10:50 - 2014-12-16 10:50 - 2440206 _____ () C:\Users\Jean\AppData\Local\[j0011]-[p01].bmp
2013-11-14 19:06 - 2015-09-13 10:07 - 0033043 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\Jean\Test.bat

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-02 19:47

==================== End of FRST.txt ============================

 

 

Thanks again.

 

 

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:17 PM

Posted 03 October 2015 - 07:21 AM


Your FRST log is clean.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
emptyCHRcache;
chromelook;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

#8 littlefizz

littlefizz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 03 October 2015 - 11:12 AM

Well....I am not having success at getting the  zoek to run

 

It has hung for quite some time.   

 

A "Location: shutdown (C:\Windows\System32) notice keeps appearing on the desktop.  (Like it's trying to reboot.)

 

Can't close the ZOek window as it says it is still running.

 

Maybe it needs assistance in rebooting?

 

I emailed myself copy of the zoek window,

 

Here is what us in the log so far:

 

Zoek.exe v5.0.0.1 Updated 30-09-2015

Tool run by Jean on Sat 10/03/2015 at 10:18:59.16.

Microsoft Windows 8.1 Pro 6.3.9600  x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Jean\Desktop\zoek.exe [Scan all users] [Script inserted]

 

===== Runcheck 10:20:19.57 =====

 

--- Create Environment Variables 10:20:20.42

--- Create System Restore Point 10:20:25.95

--- Checking Input 10:20:32.06

--- AU AppData Check 10:20:36.57

--- Remove From Windows Installer 10:20:38.39

--- Registry HKLM Software Check 10:21:23.76

--- Quick Launch Shortcut Check 10:21:31.95

--- IE Startpage Check 10:21:34.09

--- Program Files DB Check 10:21:51.59

--- C:\Users\Admin\AppData\Roaming DB Check 10:22:22.38

--- C:\Users\Default\AppData\Roaming DB Check 10:22:22.38

--- C:\Users\Default User\AppData\Roaming DB Check 10:22:22.38

--- C:\Users\Guest\AppData\Roaming DB Check 10:22:22.38

--- C:\Users\Jean\AppData\Roaming DB Check 10:22:22.38

--- C:\Users\Rolly\AppData\Roaming DB Check 10:22:22.38

--- C:\WINDOWS\SysNative\config\systemprofile\AppData\Roaming DB Check 10:22:22.38

--- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming DB Check 10:22:22.38

--- C:\WINDOWS\serviceprofiles\networkservice\AppData\Roaming DB Check 10:22:22.38

--- C:\WINDOWS\serviceprofiles\Localservice\AppData\Roaming DB Check 10:22:22.38

--- C:\Users\Jean DB Check 10:24:30.76

--- C:\PROGRA~3 DB Check 10:24:43.85

--- C:\Users\Admin\AppData\Local DB Check 10:24:49.07

--- C:\Users\Default\AppData\Local DB Check 10:24:49.07

--- C:\Users\Default User\AppData\Local DB Check 10:24:49.07

--- C:\Users\Guest\AppData\Local DB Check 10:24:49.07

--- C:\Users\Jean\AppData\Local DB Check 10:24:49.07

--- C:\Users\Rolly\AppData\Local DB Check 10:24:49.07

--- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local DB Check 10:24:49.07

--- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local DB Check 10:24:49.07

--- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local DB Check 10:24:49.07

--- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local DB Check 10:24:49.07

--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 10:26:16.50

--- C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 10:26:23.11

--- Tasks DB Check 10:26:27.32

--- Downloads DB Check 10:26:29.90

--- C:\Users\Admin\AppData\LocalLow DB Check 10:26:32.92

--- C:\Users\Guest\AppData\LocalLow DB Check 10:26:32.92

--- C:\Users\Jean\AppData\LocalLow DB Check 10:26:32.92

--- C:\Users\Rolly\AppData\LocalLow DB Check 10:26:32.92

--- C:\WINDOWS\SysNative\config\systemprofile\AppData\LocalLow DB Check 10:26:32.92

--- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 10:26:32.92

--- C:\WINDOWS\serviceprofiles\networkservice\AppData\LocalLow DB Check 10:26:32.92

--- C:\WINDOWS\serviceprofiles\Localservice\AppData\LocalLow DB Check 10:26:32.92

--- Tasks2 DB Check 10:27:24.73

--- Documents DB Check 10:27:44.78

--- C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\vi8eib1t.default DB Check 10:27:52.06

--- C:\Users\Rolly\AppData\Roaming\Mozilla\Firefox\Profiles\5t30yw15.default DB Check 10:27:52.06

--- C:\Users\Rolly\AppData\Roaming\Thunderbird\Profiles\1w2zwth7.default DB Check 10:27:52.06

--- C:\Users\Public\Desktop DB Check 10:27:56.53

--- C:\Users\Jean\Desktop DB Check 10:28:00.14

--- Services DB Check 10:28:05.41

--- FF prefs.js DB Check 10:28:21.03

--- Del by CLSID 10:29:34.21

--- Delete Services 10:29:56.91

--- Batch Commands 10:29:58.40



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:17 PM

Posted 03 October 2015 - 01:27 PM

Try with only these commands.

autoclean;
emptyalltemp;
emptyCHRcache;
chromelook;
ipconfig /flushdns;b

#10 littlefizz

littlefizz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 03 October 2015 - 02:35 PM

Seems to have stopped again.

 

It opened a notebpad file call folderchk and both are open now. 

 

Here is what is in the zoek file  followed by what is in the folderchk file.

 

Zoek.exe v5.0.0.1 Updated 30-09-2015

Tool run by Jean on Sat 10/03/2015 at 13:59:07.43.

Microsoft Windows 8.1 Pro 6.3.9600 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Jean\Desktop\zoek.exe [Scan all users] [Script inserted]

 

===== Runcheck 14:00:26.72 =====

 

--- Create Environment Variables 14:00:27.55

--- Checking Input 14:00:33.96

--- AU AppData Check 14:00:37.94

--- Remove From Windows Installer 14:00:39.74

--- Registry HKLM Software Check 14:01:24.38

--- Quick Launch Shortcut Check 14:01:32.43

--- IE Startpage Check 14:01:34.46

--- Program Files DB Check 14:01:51.77

--- C:\Users\Admin\AppData\Roaming DB Check 14:02:22.26

--- C:\Users\Default\AppData\Roaming DB Check 14:02:22.26

--- C:\Users\Default User\AppData\Roaming DB Check 14:02:22.26

--- C:\Users\Guest\AppData\Roaming DB Check 14:02:22.26

--- C:\Users\Jean\AppData\Roaming DB Check 14:02:22.26

--- C:\Users\Rolly\AppData\Roaming DB Check 14:02:22.26

--- C:\WINDOWS\SysNative\config\systemprofile\AppData\Roaming DB Check 14:02:22.26

--- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming DB Check 14:02:22.26

--- C:\WINDOWS\serviceprofiles\networkservice\AppData\Roaming DB Check 14:02:22.26

--- C:\WINDOWS\serviceprofiles\Localservice\AppData\Roaming DB Check 14:02:22.26

--- C:\Users\Jean DB Check 14:04:30.08

--- C:\PROGRA~3 DB Check 14:04:42.33

--- C:\Users\Admin\AppData\Local DB Check 14:04:47.47

--- C:\Users\Default\AppData\Local DB Check 14:04:47.47

--- C:\Users\Default User\AppData\Local DB Check 14:04:47.47

--- C:\Users\Guest\AppData\Local DB Check 14:04:47.47

--- C:\Users\Jean\AppData\Local DB Check 14:04:47.47

--- C:\Users\Rolly\AppData\Local DB Check 14:04:47.47

--- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local DB Check 14:04:47.47

--- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local DB Check 14:04:47.47

--- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local DB Check 14:04:47.47

--- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local DB Check 14:04:47.47

--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 14:06:14.47

--- C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 14:06:21.05

--- Tasks DB Check 14:06:25.21

--- Downloads DB Check 14:06:27.76

--- C:\Users\Admin\AppData\LocalLow DB Check 14:06:30.73

--- C:\Users\Guest\AppData\LocalLow DB Check 14:06:30.73

--- C:\Users\Jean\AppData\LocalLow DB Check 14:06:30.73

--- C:\Users\Rolly\AppData\LocalLow DB Check 14:06:30.73

--- C:\WINDOWS\SysNative\config\systemprofile\AppData\LocalLow DB Check 14:06:30.73

--- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 14:06:30.73

--- C:\WINDOWS\serviceprofiles\networkservice\AppData\LocalLow DB Check 14:06:30.73

--- C:\WINDOWS\serviceprofiles\Localservice\AppData\LocalLow DB Check 14:06:30.73

--- Tasks2 DB Check 14:07:22.43

--- Documents DB Check 14:07:42.39

--- C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\vi8eib1t.default DB Check 14:07:49.59

--- C:\Users\Rolly\AppData\Roaming\Mozilla\Firefox\Profiles\5t30yw15.default DB Check 14:07:49.59

--- C:\Users\Rolly\AppData\Roaming\Thunderbird\Profiles\1w2zwth7.default DB Check 14:07:49.59

--- C:\Users\Public\Desktop DB Check 14:07:54.03

--- C:\Users\Jean\Desktop DB Check 14:07:57.60

--- Services DB Check 14:08:02.82

--- FF prefs.js DB Check 14:08:18.39

--- Del by CLSID 14:09:31.52

--- Delete Services 14:09:53.61

--- Batch Commands 14:09:55.09

--- Firefox Extensions 14:09:55.53

--- Firefox Plugins 14:09:55.67

--- Chrome Look 14:10:44.77

--- IEdefaults 14:11:14.41

--- Del from Uninstall List 14:11:25.54

--- msconfig check 14:12:01.30

--- Empty IE Cache 14:12:02.63

--- Empty FF Cache 14:12:05.16

--- Empty CHR Cache 14:12:06.85

--- Empty Flash Cache 14:12:07.07

--- Empty Java Cache 14:12:08.99

--- C:\zoek_backups Content 14:12:09.18

 

 

This is the folderchk file:

 

Option Explicit

Dim fs, objFSO, objLogFile, oFolder

Set fs = CreateObject("scripting.filesystemobject")

oFolder = Wscript.Arguments.Item(0)

Const ForAppending = 2

Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objLogFile = objFSO.OpenTextFile("test.txt", ForAppending, True)

objLogFile.Write(oFolder & " (F=")

objLogFile.Write CountFiles(oFolder)

objLogFile.Write(" D=")

objLogFile.Write CountFolders(oFolder)

objLogFile.Write(" ")

objLogFile.Write FolderSize(oFolder)

objLogFile.Write(" bytes)" & vbCrLf )

objLogFile.Close

Function CountFolders (ByVal StrFolder)

Dim ParentFld

Dim SubFld

Dim IntCount

Set ParentFld = fs.GetFolder (StrFolder)

IntCount = ParentFld.SubFolders.Count

For Each SubFld In ParentFld.SubFolders

IntCount = IntCount + CountFolders(SubFld.Path)

Next

CountFolders = IntCount

End Function

Function FolderSize (ByVal StrFolder)

Dim ParentFld

Dim IntCount

Set ParentFld = fs.GetFolder (StrFolder)

IntCount = ParentFld.size

FolderSize = IntCount

End Function

Function CountFiles (ByVal StrFolder)

Dim ParentFld

Dim SubFld

Dim IntCount

Set ParentFld = fs.GetFolder (StrFolder)

IntCount = ParentFld.Files.Count

For Each SubFld In ParentFld.SubFolders

IntCount = IntCount + CountFiles(SubFld.Path)

Next

CountFiles = IntCount

End Function



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:17 PM

Posted 04 October 2015 - 07:05 AM

I have no clue about this folder folderchk

Search your computer for this file zoek-results.log it should be in the C:\ root folder.
Post if you find it..

Please run the Farbar tool one more time and post a fresh FRST log for my review.

#12 littlefizz

littlefizz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 04 October 2015 - 09:23 AM

There were three different zoek-results in  the c: folder,  so here are all three in order done.

Zoek.exe v5.0.0.1 Updated 30-09-2015
Tool run by Jean on Sat 10/03/2015 at 13:59:07.43.
Microsoft Windows 8.1 Pro 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jean\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2015-10-03-140929.log 34009 bytes
C:\zoek-results2015-10-03-152958.log 721 bytes
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Batch Command(s) Run By Tool======================
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\vi8eib1t.default
user_pref("browser.startup.homepage", "https://www.google.com/");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com" [10/01/2015 07:48 AM]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\vi8eib1t.default
- Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
- Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
- Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
- Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
- F.B. Purity - Cleans Up Facebook - %ProfilePath%\extensions\fbp@fbpurity.com.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
ProfilePath: C:\Users\Rolly\AppData\Roaming\Thunderbird\Profiles\1w2zwth7.default
- Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\vi8eib1t.default
FDF7B2D69F2B7AF5B77124FCCB1DE2FC - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll - RocketLife Secure Plug-In Layer
18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013
==== Chromium Look ======================
Google Chrome Version: 45.0.2454.101
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dbhjdbfgekjfcfkkfjjmlmojhbllhbho - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho[]
Google Docs - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Kaspersky URL Advisor - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj
Safe Money - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh
Dangerous Websites Blocker - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail
Virtual Keyboard - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh
Google Wallet - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Anti-Banner - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman
Kaspersky Protection - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho
Google Wallet - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Kaspersky Protection - Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa
selector is not a valid CSS selector - Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Kaspersky Protection - Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho
Chrome Hotword Shared Module - Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Ghostery - Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij
F.B. Purity - Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl
Chrome Web Store Payments - Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Google Docs - Rolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Rolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Rolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
selector is not a valid CSS selector - Rolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - Rolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Kaspersky Protection - Rolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho
Google Docs Offline - Rolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Windows Media Player Extension for HTML5 - Rolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak
Chrome Hotword Shared Module - Rolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Ghostery - Rolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij
Chrome Web Store Payments - Rolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Rolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{8D441F6F-E087-4F5C-AC02-2CA10E08196D}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{8D441F6F-E087-4F5C-AC02-2CA10E08196D} Google  Url="https://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jean\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Jean\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\Rolly\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jean\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Jean\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\Rolly\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Jean\AppData\Local\Mozilla\Firefox\Profiles\vi8eib1t.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Rolly\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
==== Empty Temp Folders ======================
C:\Users\Admin\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Users\Jean\AppData\Local\Temp will be emptied at reboot
C:\Users\Rolly\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\Jean\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on Sat 10/03/2015 at 20:50:33.91 ======================
 
 
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Jean on Sat 10/03/2015 at  8:54:53.59.
Microsoft Windows 8.1 Pro 6.3.9600  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Jean\Desktop\zoek.exe [Scan all users]   [Quick Scan] [Auto Clean]
==== System Restore Info ======================
10/3/2015 8:55:22 AM Zoek.exe System Restore Point Created Successfully.
==== Empty Folders Check ======================
C:\PROGRA~2\Realtek deleted successfully
C:\Program Files\office.tmp deleted successfully
C:\PROGRA~3\BSD deleted successfully
C:\Users\Jean\AppData\Roaming\FamilyTreeMaker deleted successfully
C:\Users\Jean\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Rolly\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\Admin\AppData\Local\VirtualStore deleted successfully
C:\Users\Jean\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Jean\AppData\Local\EmieSiteList deleted successfully
C:\Users\Jean\AppData\Local\EmieUserList deleted successfully
C:\Users\Jean\AppData\Local\Smart Label Printer deleted successfully
C:\Users\Rolly\AppData\Local\calibre-cache deleted successfully
C:\Users\Rolly\AppData\Local\CrashDumps deleted successfully
C:\Users\Rolly\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Rolly\AppData\Local\EmieSiteList deleted successfully
C:\Users\Rolly\AppData\Local\EmieUserList deleted successfully
C:\Users\Rolly\AppData\Local\__DummyFolderES deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\CrashDumps deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2634294434-2670011047-1523814120-1001\Software\Microsoft\Internet Explorer\SearchScopes\{D9DA57FC-0DBC-456C-A9C1-A146508BA99B} deleted successfully
HKEY_USERS\S-1-5-21-2634294434-2670011047-1523814120-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6BF739DD-3323-4C6A-975B-C7E00A50B154} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{6BF739DD-3323-4C6A-975B-C7E00A50B154} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6BF739DD-3323-4C6A-975B-C7E00A50B154} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Realtek not found
C:\Users\Jean\AppData\Roaming\calibre deleted
C:\PROGRA~2\GUM4FA1.tmp deleted
C:\Users\Jean\Test.bat deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Jean\AppData\Local\{A0358553-E7F9-44D0-9E90-3B9DAF7F207C} deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Jean\Downloads\uloricsavingscard.jpg deleted
C:\WINDOWS\wininit.ini deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\vi8eib1t.default\extensions\firefox@ghostery.com.xpi deleted
C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\vi8eib1t.default\jetpack deleted
"C:\WINDOWS\Installer\32a80c0.msi" deleted
==== Files Recently Created / Modified ======================
====== C:\WINDOWS ====
====== C:\Users\Jean\AppData\Local\Temp ====
2015-10-03 11:27:15 E3A25C80E2375B2D42C3D4729769BDF3 10240 ----a-w- C:\Users\Jean\AppData\Local\Temp\SDIAG_5e476733-ead2-4cb9-9a56-51c88a6eed9c\NetworkDiagnosticSnapIn.dll
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2015-10-01 12:48:35 48BA9C6110A5EBA910E7FB2E7D23CFC1 110176 ----a-w- C:\WINDOWS\Sysnative\klfphc.dll
====== C:\WINDOWS\Sysnative\drivers =====
2015-10-01 12:48:09 AD093C0B2C9CAD65CA0C16379E666CC7 831664 ----a-w- C:\WINDOWS\Sysnative\drivers\klif.sys
2015-10-01 12:48:09 6C76992FC40A857A24C5D96602E9C3B1 159960 ----a-w- C:\WINDOWS\Sysnative\drivers\klflt.sys
====== C:\WINDOWS\Tasks ======
2015-09-24 17:37:38 41D3C2C63DCA45D59EDA159F103AB867 945 ----a-w- C:\WINDOWS\Tasks\EPSON XP-820 Series Update {DB1C1639-0414-4C47-9BCD-1AD4F3E3486A}.job
2015-09-24 17:37:38 040F3ADE4B5DD9A7FA5785AEF3C9D611 3976 ----a-w- C:\WINDOWS\Sysnative\Tasks\EPSON XP-820 Series Update {DB1C1639-0414-4C47-9BCD-1AD4F3E3486A}
2015-09-24 17:37:35 CDA882BAB05111D576F7296CFE339CBF 3976 ----a-w- C:\WINDOWS\Sysnative\Tasks\EPSON XP-820 Series Update {24D3ED27-8640-4870-B2EF-987241C28BC6}
2015-09-24 17:37:35 C51464EB89049BAA7C8041DDD11B42C7 945 ----a-w- C:\WINDOWS\Tasks\EPSON XP-820 Series Update {24D3ED27-8640-4870-B2EF-987241C28BC6}.job
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2015-09-30 17:11:14 -------- d-----w- C:\Program Files\Microsoft Office 15
======= C:\PROGRA~2 =====
2015-10-02 12:08:54 -------- d-----w- C:\PROGRA~2\COMMON~1\DESIGNER
2015-10-01 12:48:17 -------- d-----w- C:\PROGRA~2\Kaspersky Lab
2015-09-30 18:17:26 -------- d-----w- C:\PROGRA~2\Microsoft Office
2015-09-07 15:38:11 -------- d-----w- C:\PROGRA~2\Radium Technologies
======= C: =====
====== C:\Users\Jean\AppData\Roaming ======
2015-10-01 13:29:45 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\PnrpSqm
2015-10-01 13:27:40 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Roaming\PeerNetworking
2015-09-27 00:14:53 14DAEC93D0561861687161D728E98374 26923 ----a-w- C:\Users\Jean\AppData\Roaming\Comma Separated Values.ADR
2015-09-07 15:38:11 -------- d-----w- C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Living Cookbook
====== C:\Users\Jean ======
2015-10-02 13:23:22 8E1B08222F20E45A3E8DB04C569F9CB7 8 --sha-r- C:\ProgramData\ntuser.pol
2015-10-01 14:46:23 2DDAF1B28DD5B82A75C973CC263B1012 2192384 ----a-w- C:\Users\Jean\Desktop\FRST64.exe
2015-10-01 13:38:09 6D0044D27925325BFF1B9DF55D1FB659 2172800 ----a-w- C:\Users\Jean\Downloads\kss15.0.0.740en_es_fr_pt_8648 (2).exe
2015-10-01 02:27:34 A6B8B05D853CFB807CE987F58E7B2038 327680 ----a-w- C:\Users\Jean\Desktop\KVRT.exe
2015-10-01 02:05:28 6D0044D27925325BFF1B9DF55D1FB659 2172800 ----a-w- C:\Users\Jean\Downloads\kss15.0.0.740en_es_fr_pt_8648 (1).exe
2015-10-01 01:54:43 6D0044D27925325BFF1B9DF55D1FB659 2172800 ----a-w- C:\Users\Jean\Downloads\kss15.0.0.740en_es_fr_pt_8648.exe
2015-09-30 20:18:13 9C0C6BCA7E23EE799E3481C9280F11F1 1670656 ----a-w- C:\Users\Jean\Downloads\adwcleaner_5.009 (1).exe
2015-09-30 18:01:17 9C0C6BCA7E23EE799E3481C9280F11F1 1670656 ----a-w- C:\Users\Jean\Downloads\adwcleaner_5.009.exe
2015-09-30 17:56:34 0170A4503F85F2D7ABCBEF0419B1C35A 4404952 ----a-w- C:\Users\Jean\Downloads\tdsskiller (2).exe
2015-09-25 12:30:51 BD4122D5B2830C8DB3992CB9D2920F0E 6677440 ----a-w- C:\Users\Jean\Downloads\ccsetup510.exe
====== C: exe-files ==
2015-10-02 00:34:34 07D733DAB53FD7E2E7C8442216073379 873800 ----a-w- C:\Users\Rolly\AppData\Local\Google\Chrome\User Data\SwReporter\4.30.2\software_reporter_tool.exe
2015-10-01 22:48:31 38312A8A3A8424B146BAA536BE67B838 219208 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\MSOXMLED.EXE
2015-10-01 22:48:07 3DEB1C00132C33BCD97DC60C5F9143FF 550584 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\MSOSQM.EXE
2015-10-01 22:47:34 7BA52235E256DC309D5E808B6C358FDE 3685544 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\XLICONS.EXE
2015-10-01 22:47:33 4D3989DF699BB6F2355456C7860AE1C8 842448 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DW20.EXE
2015-10-01 22:47:26 A8DC5CC29AD3B5608C4028A2FC64B8FD 3015336 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\WORDICON.EXE
2015-10-01 22:45:55 66EDCE45573F8673DF9379F119CFE343 90720 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\MSOHTMED.EXE
2015-10-01 22:45:17 99A1CEF3ED1DD8DB034E5990B6E56795 16064 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Smart Tag\SmartTagInstall.exe
2015-10-01 22:45:03 A26A02BE800686B88F69B76BE5EC7326 3509416 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\PPTICO.EXE
2015-10-01 22:41:17 E1BC8274994069C19B5A5FCD3D0C3AE3 84208 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
2015-10-01 22:40:59 BBD0C2F2D6917D5CEDCEA609BDE6565A 7898328 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\CMigrate.exe
2015-10-01 22:40:39 BAEA09EE9DEFB8A3935DB5EE0CF4A0F0 3748008 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\ACCICONS.EXE
2015-10-01 22:40:29 A789DDA5192980D81DBB01D55811DEA9 49848 ----a-w- C:\Program Files\Microsoft Office 15\root\flattener\Flattener.exe
2015-10-01 22:40:27 CF9EA27E80ED0D2DA5BF720F4351E354 39592 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\AppSharingHookController64.exe
2015-10-01 22:38:01 DE5FCC42D1C058428281C2533D12CA54 207528 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\MSOXMLED.EXE
2015-10-01 22:38:01 7BA92E0A45E5BE324E0B27AA00DC79D8 5775064 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CMigrate.exe
2015-10-01 22:37:08 E1B97CE23930787BAFCAA4410DA83658 9602736 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\PDFREFLOW.EXE
2015-10-01 22:36:03 DC4389776F362977A6EA8BC66DF9E459 873648 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\protocolhandler.exe
2015-10-01 22:35:53 CD9EBD56EB7C7E11896E123C85910E5B 474344 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DWTRIG20.EXE
2015-10-01 22:34:23 E94CD6FC12C22C975DAED6AA7ABD1663 7217832 ----a-w- C:\Program Files\Microsoft Office 15\root\Integration\OneDriveSetup.exe
2015-10-01 22:34:10 1A46825F604C22732FC882D06A70D473 150704 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\FLTLDR.EXE
2015-10-01 22:34:03 30B5F9FB0C35AE6B4A0851D24CE2EE8B 150600 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Source Engine\OSE.EXE
2015-10-01 22:33:43 D40360ABC2BB38EE202F145CAF204E99 614568 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\MSOICONS.EXE
2015-10-01 22:28:37 84EA259804F27668124D39CBC88C137D 50392 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\SETLANG.EXE
2015-10-01 22:28:37 1BDAD38A5D66878A98CB37C377F1D9A1 1135320 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
2015-10-01 22:28:37 030628A14F18143BC584EF0FECFC95DC 230488 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\CLVIEW.EXE
2015-10-01 22:24:26 D62DD48AC3C2D1C56BCBE8D9AA87179D 87240 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\NAMECONTROLSERVER.EXE
2015-10-01 22:24:26 C2E2DD4901EFE33DE2892FD47D656540 700064 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\MSQRY32.EXE
2015-10-01 22:24:26 AAB8B46EAF6FF0B60D2A312950FFDD67 498880 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\MSOUC.EXE
2015-10-01 22:24:26 98DCC97D77BD8238C20784C8E1BDFE26 450656 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
2015-10-01 22:24:26 7EB78DC7EEAAFE9ECD788D1CCBC8EFAB 22592 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\Wordconv.exe
2015-10-01 22:24:26 1E448D89AD14D728ECF0D1D83722C659 482416 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\SELFCERT.EXE
2015-10-01 22:24:26 182315495531E8395EDA537739C87460 72384 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\MSOHTMED.EXE
2015-10-01 22:24:02 8F6D12C7FCD51375B731B3D8A0D8FB66 22411424 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\excelcnv.exe
2015-10-01 22:23:47 148ECE8D753AC3A8F40E10C833078F0D 4522176 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\GRAPH.EXE
2015-10-01 22:23:40 35BF3A67619E5DB88AE0115BDBA3A4C2 518792 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\IEContentService.exe
2015-10-01 22:23:24 E80F15DCA53E1ECD433CFE042400DF97 40672 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\SCANPST.EXE
2015-10-01 22:23:24 3A2C7CE18457029CC91BDE20281FA9CD 1026728 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\misc.exe
2015-10-01 22:23:24 1F4FA0C2F12D81CD4E006157F62F2AA9 569592 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\ORGCHART.EXE
2015-10-01 22:23:16 DB7A32ADE19BB39E4FB868818178109C 153768 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\CNFNOT32.EXE
2015-10-01 22:23:08 BE4F62A6E234483656CD438B53D5BFDA 528584 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\VPREVIEW.EXE
2015-10-01 21:53:11 D3963333457F7218AD8198E133204D8F 632432 ----a-w- C:\Program Files\Microsoft Office 15\root\Integration\Integrator.exe
2015-10-01 21:51:14 8D03F2858035926F6B1E6EC34A0C0595 145056 ----a-w- C:\Program Files\Microsoft Office 15\root\client\AppVDllSurrogate64.exe
2015-10-01 21:51:14 27DB723A68AE52CF0BCBA8708A44E0CA 311544 ----a-w- C:\Program Files\Microsoft Office 15\root\client\AppVLP.exe
2015-10-01 21:51:14 098CA18BC23278B53C76C9F0D6BD7238 124064 ----a-w- C:\Program Files\Microsoft Office 15\root\client\AppVDllSurrogate32.exe
2015-10-01 15:59:23 2DDAF1B28DD5B82A75C973CC263B1012 2192384 ----a-r- C:\Users\Jean\AppData\Local\Microsoft\Windows\FileHistory\Data\604\C\Users\Jean\Desktop\FRST64.exe
2015-10-01 14:46:23 2DDAF1B28DD5B82A75C973CC263B1012 2192384 ----a-w- C:\Users\Jean\Desktop\FRST64.exe
2015-10-01 13:59:12 6D0044D27925325BFF1B9DF55D1FB659 2172800 ----a-r- C:\Users\Jean\AppData\Local\Microsoft\Windows\FileHistory\Data\602\C\Users\Jean\Downloads\kss15.0.0.740en_es_fr_pt_8648 (2).exe
2015-10-01 13:38:09 6D0044D27925325BFF1B9DF55D1FB659 2172800 ----a-w- C:\Users\Jean\Downloads\kss15.0.0.740en_es_fr_pt_8648 (2).exe
2015-10-01 02:27:34 A6B8B05D853CFB807CE987F58E7B2038 327680 ----a-w- C:\Users\Jean\Desktop\KVRT.exe
2015-10-01 02:14:49 07D733DAB53FD7E2E7C8442216073379 873800 ----a-w- C:\Users\Jean\AppData\Local\Google\Chrome\User Data\SwReporter\4.30.2\software_reporter_tool.exe
2015-10-01 02:05:28 6D0044D27925325BFF1B9DF55D1FB659 2172800 ----a-w- C:\Users\Jean\Downloads\kss15.0.0.740en_es_fr_pt_8648 (1).exe
2015-10-01 01:54:43 6D0044D27925325BFF1B9DF55D1FB659 2172800 ----a-w- C:\Users\Jean\Downloads\kss15.0.0.740en_es_fr_pt_8648.exe
2015-09-30 23:19:02 ED64ADDBDB1C76E7C2B40168905E2852 18998344 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
2015-09-30 23:17:09 83322E7A4D0F1DA9A990760689A27947 195248 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
2015-09-30 23:16:45 955BB607F15ECC0821A479FBBFFE5129 1757768 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\ONENOTE.EXE
2015-09-30 23:14:03 113183585510E638922F0BD7938D822A 15521344 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\MSACCESS.EXE
2015-09-30 23:02:49 7F3A187D9CD8A79FE582D1A296CAF684 1923232 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
2015-09-30 23:01:21 4F3B7BEF36C1D880621A0FD66D0E5455 1846960 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\POWERPNT.EXE
2015-09-30 22:59:04 BA089663CCD4105B71F224F791444CB5 10761288 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\MSPUB.EXE
2015-09-30 22:58:08 22935DF3579BF8D404880A27A0363D04 26200224 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE
2015-09-30 22:28:56 4882ECDAF0B769A8A8EA4FAD7C60DCFE 991808 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\FIRSTRUN.EXE
2015-09-30 22:24:21 2A82519355D5E648747A6FF32ACC89CD 90280 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\perfboost.exe
2015-09-30 22:23:37 D567C3DF56AC248EE82039DC0AF6D9E1 205472 ----a-w- C:\Program Files\Microsoft Office 15\ClientX64\AppVShNotify.exe
2015-09-30 22:23:37 288BD9FFEA8FB0D2176F22751E0D9F92 248992 ----a-w- C:\Program Files\Microsoft Office 15\ClientX64\mavinject32.exe
2015-09-30 20:18:13 9C0C6BCA7E23EE799E3481C9280F11F1 1670656 ----a-w- C:\Users\Jean\Downloads\adwcleaner_5.009 (1).exe
2015-09-30 18:27:48 FE9C0029E1AF26350D9985D00520E5C8 5132888 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
2015-09-30 18:27:48 2661516FC0165AFDA792B6148FA4DB79 95184 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\110\SQLDumper.exe
2015-09-30 18:27:08 3C283C1BFA1D88C2D4D52148CE62A7C7 543360 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EQUATION\EQNEDT32.EXE
2015-09-30 18:01:17 9C0C6BCA7E23EE799E3481C9280F11F1 1670656 ----a-w- C:\Users\Jean\Downloads\adwcleaner_5.009.exe
2015-09-30 17:56:34 0170A4503F85F2D7ABCBEF0419B1C35A 4404952 ----a-w- C:\Users\Jean\Downloads\tdsskiller (2).exe
2015-09-30 17:12:59 7666B79E574F4F4B223433CF721A98E2 161480 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\MSOSREC.EXE
2015-09-30 17:11:14 FD73CE6356B85AD817E1F3F45DFA2F09 1461408 ----a-w- C:\Program Files\Microsoft Office 15\ClientX64\appvcleaner.exe
2015-09-30 17:11:14 712D45643E95E4DC4234EAF599722459 914632 ----a-w- C:\Program Files\Microsoft Office 15\ClientX64\officec2rclient.exe
2015-09-30 17:11:14 55C892763A614BA39BA956A0323C65F3 2774104 ----a-w- C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
2015-09-30 17:11:14 516EE01858B8B1BCE4F4EAC735F474CA 867560 ----a-w- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
2015-09-27 11:30:26 4719799B56E0B4BEE6C62552FC7FC7E0 936016 ----a-w- C:\Program Files (x86)\Google\Update\Install\{C0AD6369-BFD0-4AE7-A2AA-C36E94D152B5}\45.0.2454.101_45.0.2454.99_chrome_updater.exe
2015-09-27 11:30:26 4719799B56E0B4BEE6C62552FC7FC7E0 936016 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\45.0.2454.101\45.0.2454.101_45.0.2454.99_chrome_updater.exe
=== C: other files ==
2015-10-01 12:48:09 AD093C0B2C9CAD65CA0C16379E666CC7 831664 ----a-w- C:\Windows\System32\drivers\klif.sys
2015-10-01 12:48:09 6C76992FC40A857A24C5D96602E9C3B1 159960 ----a-w- C:\Windows\System32\drivers\klflt.sys
2015-09-27 19:45:03 F59E1295C42361B9A89995F596DCBDB4 144 ----a-w- C:\Windows\System32\config\SM Registry Backup\09-27-2015 14.45.03\restore.bat
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-2634294434-2670011047-1523814120-1001\Software\iolo\System Mechanic\startup manager\configuration\Disabled\registry\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
[HKEY_USERS\S-1-5-21-2634294434-2670011047-1523814120-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"NETGEARGenie"="C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe -mini -redirect"
"EPLTarget\P0000000000000000"="C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINME.EXE /EPT EPLTarget\P0000000000000000 /M XP-820 Series"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE"
"Sound Blaster Recon3D PCIe Control Panel"="C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe /r"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun"
"WD Quick View"="C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe"
"WD Drive Unlocker"="C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe"
"DriveUtilitiesHelper"="C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe"
"EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
"FUFAXRCV"=""C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe""
"FUFAXSTM"=""C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NETGEARGenie"="C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe -mini -redirect"
"EPLTarget\P0000000000000000"="C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINME.EXE /EPT EPLTarget\P0000000000000000 /M XP-820 Series"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming"
"IAStorIcon"="C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe 60"
"Onboard"="C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe /Onboard C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe"
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ioloSystemService]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Motorola Device Manager]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MozillaMaintenance]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MpsSvc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SDScannerService]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SDUpdateService]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SDWSCService]
==== Startup Folders ======================
 
 
Zoek.exe v5.0.0.1 Updated 30-09-2015
Tool run by Jean on Sat 10/03/2015 at 10:18:59.16.
Microsoft Windows 8.1 Pro 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jean\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2015-10-03-140929.log 34009 bytes
==== System Restore Info ======================
10/3/2015 10:20:31 AM Zoek.exe System Restore Point Created Successfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Batch Command(s) Run By Tool======================
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-10-2015
Ran by Jean (administrator) on HARDWOODMAIN (04-10-2015 09:19:08)
Running from C:\Users\Jean\Desktop
Loaded Profiles: Jean & Rolly (Available Profiles: Jean & Rolly & Admin & Guest)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINME.EXE
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINME.EXE
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\plugin-nm-server.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3164536 2013-06-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster Recon3D PCIe Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe [886272 2012-05-17] (Creative Technology Ltd)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5524336 2013-06-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-07-31] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2015-07-31] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650784 2015-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863776 2015-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065968 2015-07-23] (SEIKO EPSON CORPORATION)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2634294434-2670011047-1523814120-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2015-06-01] (NETGEAR Inc.)
HKU\S-1-5-21-2634294434-2670011047-1523814120-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINME.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2634294434-2670011047-1523814120-1001\...\MountPoints2: {0af55bd3-5e95-11e4-8078-b8763f3ca5fa} - "I:\VerizonWirelessUpgradeAssistantSetup.exe" -a
HKU\S-1-5-21-2634294434-2670011047-1523814120-1001\...\MountPoints2: {e4e0e7c9-b74a-11e3-bf2b-b8763f3ca5fa} - "I:\MotoCastSetup.exe" -a
HKU\S-1-5-21-2634294434-2670011047-1523814120-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-2634294434-2670011047-1523814120-1004\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINME.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2634294434-2670011047-1523814120-1004\...\MountPoints2: {0af55bd3-5e95-11e4-8078-b8763f3ca5fa} - "I:\VerizonWirelessUpgradeAssistantSetup.exe" -a
HKU\S-1-5-21-2634294434-2670011047-1523814120-1004\...\MountPoints2: {e4e0e7c9-b74a-11e3-bf2b-b8763f3ca5fa} - "I:\MotoCastSetup.exe" -a
HKU\S-1-5-21-2634294434-2670011047-1523814120-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [133632 2014-10-28] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartCapture.lnk [2013-11-14]
ShortcutTarget: SmartCapture.lnk -> C:\Program Files (x86)\Seiko Instruments Inc\Smart Label Printer 7.1.0\slpcap.exe (Seiko Instruments USA Inc.)
Startup: C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-08-25]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk *
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1889D82F-5BCF-4391-978A-3D3573EDFFE3}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{1889D82F-5BCF-4391-978A-3D3573EDFFE3}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5E16A226-2D7E-4790-9ED8-23A33EE57750}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2634294434-2670011047-1523814120-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-2634294434-2670011047-1523814120-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2634294434-2670011047-1523814120-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2634294434-2670011047-1523814120-1001 -> DefaultScope {8D441F6F-E087-4F5C-AC02-2CA10E08196D} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2634294434-2670011047-1523814120-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2634294434-2670011047-1523814120-1001 -> {8D441F6F-E087-4F5C-AC02-2CA10E08196D} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2634294434-2670011047-1523814120-1004 -> {313A2002-B2CC-46FA-83E8-4309ABA12C9E} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-01] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-01] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
DPF: HKLM-x32 {A662DA7E-CCB7-4743-B71A-D817F6D575DF} hxxp://download.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-10-01] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\vi8eib1t.default
FF Homepage: hxxps://www.google.com/
FF NetworkProxy: "type", 0
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-10-01] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-10-01] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-10-01] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2014-02-18] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: F.B. Purity - Cleans Up Facebook - C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\vi8eib1t.default\Extensions\fbp@fbpurity.com.xpi [2014-04-03]
FF Extension: Adblock Plus - C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\vi8eib1t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-03]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-04-10]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-10-01]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-10-01]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-10-01]
Chrome:
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kaspersky Protection) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2015-03-16]
CHR Extension: (Adblock Plus) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-17]
CHR Extension: (Kaspersky Protection) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-10-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Ghostery) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-03-17]
CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2015-03-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-14]
CHR Profile: C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Profile 1
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2013-06-25] (Atheros Commnucations) [File not signed]
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-10-01] (Kaspersky Lab ZAO)
R3 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
S4 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-12-03] (Creative Labs) [File not signed]
S4 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-12-03] (Creative Labs) [File not signed]
S4 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [114176 2014-11-26] (Creative Technology Ltd)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1027792 2012-07-26] (iolo technologies, LLC)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation)
S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2015-06-01] (NETGEAR)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-06-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307064 2015-07-31] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [129536 2013-07-05] (Advanced Micro Devices)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-10-01] (Kaspersky Lab UK Ltd)
R3 cthda; C:\Windows\system32\drivers\cthda.sys [1065728 2014-11-26] (Creative Technology Ltd)
R3 cthdb; C:\Windows\system32\DRIVERS\cthdb.sys [28440 2013-09-13] (Creative Technology Ltd)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows ® Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\ElRawDsk.sys [30752 2012-07-26] (EldoS Corporation)
R1 glancedrv; C:\Windows\system32\DRIVERS\glancedrv.sys [36384 2009-05-13] (Glance Networks, Inc)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-10-01] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [64368 2015-10-01] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [159960 2015-10-01] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [226480 2015-10-01] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [831664 2015-10-01] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39792 2015-10-01] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [40304 2015-10-01] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [39792 2015-10-01] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [24944 2015-10-01] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [77680 2015-10-01] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [85360 2015-10-01] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [190648 2015-10-01] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-09] (Intel Corporation)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2015-08-12] (CACE Technologies, Inc.)
R1 RawDisk3; C:\WINDOWS\system32\drivers\rawdsk3.sys [32912 2014-07-16] (EldoS Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-08-06] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-04 09:19 - 2015-10-04 09:19 - 00000000 ____D C:\Users\Jean\Desktop\FRST-OlderVersion
2015-10-03 20:51 - 2015-10-03 20:51 - 00010342 _____ C:\Users\Jean\Desktop\zoek.-results.txt
2015-10-03 20:49 - 2015-10-03 13:58 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2015-10-03 14:00 - 2015-10-03 10:29 - 00000721 ____C C:\zoek-results2015-10-03-152958.log
2015-10-03 10:20 - 2015-10-03 09:09 - 00034009 ____C C:\zoek-results2015-10-03-140929.log
2015-10-03 08:55 - 2015-10-03 20:50 - 00010342 ____C C:\zoek-results.log
2015-10-03 08:18 - 2015-10-03 09:05 - 00000000 ___DC C:\zoek_backup
2015-10-02 20:07 - 2015-10-02 20:08 - 00033649 _____ C:\Users\Jean\Desktop\Addition.txt
2015-10-02 08:23 - 2015-10-02 08:23 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-10-01 19:27 - 2015-10-01 19:27 - 00002350 _____ C:\Users\Rolly\Desktop\Safe Money.lnk
2015-10-01 09:52 - 2015-10-04 09:19 - 00026535 _____ C:\Users\Jean\Desktop\FRST.txt
2015-10-01 09:52 - 2015-10-04 09:19 - 00000000 ___DC C:\FRST
2015-10-01 09:52 - 2015-10-02 08:21 - 00048752 _____ C:\Users\Jean\Desktop\FRST1.txt
2015-10-01 09:52 - 2015-10-01 09:52 - 00032832 _____ C:\Users\Jean\Desktop\Addition1.txt
2015-10-01 09:46 - 2015-10-04 09:19 - 02193408 ____C (Farbar) C:\Users\Jean\Desktop\FRST64.exe
2015-10-01 08:38 - 2015-10-01 08:38 - 02172800 _____ (Kaspersky Lab) C:\Users\Jean\Downloads\kss15.0.0.740en_es_fr_pt_8648 (2).exe
2015-10-01 07:49 - 2015-10-01 07:49 - 00002350 _____ C:\Users\Jean\Desktop\Safe Money.lnk
2015-10-01 07:48 - 2015-10-01 07:54 - 00831664 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2015-10-01 07:48 - 2015-10-01 07:54 - 00159960 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klflt.sys
2015-10-01 07:48 - 2015-10-01 07:48 - 00002148 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-10-01 07:48 - 2015-10-01 07:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-10-01 07:48 - 2015-10-01 07:48 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-10-01 07:48 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2015-09-30 21:27 - 2015-09-30 21:31 - 00327680 _____ C:\Users\Jean\Desktop\KVRT.exe
2015-09-30 21:05 - 2015-09-30 21:08 - 02172800 _____ (Kaspersky Lab) C:\Users\Jean\Downloads\kss15.0.0.740en_es_fr_pt_8648 (1).exe
2015-09-30 20:54 - 2015-09-30 20:58 - 02172800 _____ (Kaspersky Lab) C:\Users\Jean\Downloads\kss15.0.0.740en_es_fr_pt_8648.exe
2015-09-30 15:18 - 2015-09-30 15:18 - 01670656 _____ C:\Users\Jean\Downloads\adwcleaner_5.009 (1).exe
2015-09-30 13:17 - 2015-09-30 13:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-09-30 13:01 - 2015-09-30 13:01 - 01670656 _____ C:\Users\Jean\Downloads\adwcleaner_5.009.exe
2015-09-30 12:56 - 2015-09-30 12:58 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Jean\Downloads\tdsskiller (2).exe
2015-09-30 12:11 - 2015-10-02 07:08 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-30 11:43 - 2015-10-03 20:50 - 00006370 _____ C:\WINDOWS\PFRO.log
2015-09-30 06:49 - 2015-10-04 06:52 - 00001848 _____ C:\WINDOWS\setupact.log
2015-09-30 06:49 - 2015-09-30 06:49 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-09-27 14:47 - 2015-10-04 09:11 - 01735801 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-26 19:16 - 2015-09-26 19:16 - 00344064 _____ C:\Users\Jean\Documents\Database3.accdb
2015-09-26 19:14 - 2015-09-27 11:28 - 00026923 _____ C:\Users\Jean\AppData\Roaming\Comma Separated Values.ADR
2015-09-25 07:30 - 2015-09-25 07:35 - 06677440 _____ (Piriform Ltd) C:\Users\Jean\Downloads\ccsetup510.exe
2015-09-24 12:37 - 2015-10-04 07:37 - 00000945 _____ C:\WINDOWS\Tasks\EPSON XP-820 Series Update {DB1C1639-0414-4C47-9BCD-1AD4F3E3486A}.job
2015-09-24 12:37 - 2015-10-04 07:37 - 00000945 _____ C:\WINDOWS\Tasks\EPSON XP-820 Series Update {24D3ED27-8640-4870-B2EF-987241C28BC6}.job
2015-09-24 12:37 - 2015-09-24 12:37 - 00003976 _____ C:\WINDOWS\System32\Tasks\EPSON XP-820 Series Update {DB1C1639-0414-4C47-9BCD-1AD4F3E3486A}
2015-09-24 12:37 - 2015-09-24 12:37 - 00003976 _____ C:\WINDOWS\System32\Tasks\EPSON XP-820 Series Update {24D3ED27-8640-4870-B2EF-987241C28BC6}
2015-09-23 17:13 - 2015-10-01 09:51 - 00000000 ____D C:\Users\Jean\Downloads\JulieHayden-1_files
2015-09-23 17:13 - 2015-09-23 17:13 - 01168372 _____ C:\Users\Jean\Downloads\JulieHayden-1.html
2015-09-14 18:06 - 2015-09-14 18:06 - 01058816 _____ C:\Users\Jean\Downloads\MicrosoftFixit50565 (2).msi
2015-09-13 17:11 - 2015-09-13 17:39 - 41504688 _____ (Dell Inc.) C:\Users\Jean\Downloads\Chipset_Driver_9V8W8_WN_9.5.13.1706_A00.EXE
2015-09-13 17:05 - 2015-09-13 17:03 - 00417064 _____ () C:\Users\Jean\Downloads\DellSystemDetect.exe
2015-09-09 17:40 - 2015-09-09 17:42 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Jean\Downloads\tdsskiller (1).exe
2015-09-09 17:29 - 2015-09-09 17:31 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Jean\Downloads\iExplore.exe
2015-09-09 13:52 - 2015-08-22 13:19 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 13:52 - 2015-08-22 12:35 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 13:52 - 2015-08-22 12:34 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 13:52 - 2015-08-22 12:22 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 13:52 - 2015-08-22 12:21 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 13:52 - 2015-08-22 12:20 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-09 13:52 - 2015-08-22 11:55 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 13:52 - 2015-08-22 11:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 13:52 - 2015-08-22 11:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-09-09 13:52 - 2015-08-22 11:45 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 13:52 - 2015-08-22 11:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-09-09 13:52 - 2015-08-22 11:41 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 13:52 - 2015-08-22 11:41 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-09-09 13:52 - 2015-08-22 11:41 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-09-09 13:52 - 2015-08-22 11:41 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-09-09 13:52 - 2015-08-22 11:39 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-09-09 13:52 - 2015-08-22 11:28 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-09-09 13:52 - 2015-08-22 11:26 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-09 13:52 - 2015-08-22 11:23 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-09-09 13:52 - 2015-08-22 11:22 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 13:52 - 2015-08-22 11:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-09-09 13:52 - 2015-08-22 11:18 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-09-09 13:52 - 2015-08-22 11:18 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-09-09 13:52 - 2015-08-22 11:18 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-09-09 13:52 - 2015-08-22 11:14 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-09 13:52 - 2015-08-22 11:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-09-09 13:52 - 2015-08-22 11:00 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-09 13:52 - 2015-08-22 10:56 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-09 13:52 - 2015-08-22 10:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-09-09 13:52 - 2015-07-16 15:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-09-09 13:52 - 2015-07-16 15:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-09-09 13:52 - 2015-07-16 14:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-09-09 13:52 - 2015-07-16 14:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-09-09 13:52 - 2015-07-16 14:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-09-09 13:52 - 2015-07-16 14:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-09-09 13:52 - 2015-07-16 13:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-09-09 13:23 - 2015-09-09 13:29 - 06667640 _____ (Piriform Ltd) C:\Users\Jean\Downloads\ccsetup509.exe
2015-09-07 10:40 - 2015-09-07 10:40 - 00001155 _____ C:\Users\Jean\Desktop\Living Cookbook 2013.lnk
2015-09-07 10:38 - 2015-09-07 10:40 - 00000000 ____D C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Living Cookbook
2015-09-07 10:38 - 2015-09-07 10:38 - 00000000 ____D C:\Program Files (x86)\Radium Technologies
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-04 09:14 - 2013-11-14 14:59 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2634294434-2670011047-1523814120-1004
2015-10-04 09:10 - 2015-08-27 07:12 - 00109038 _____ C:\Users\Jean\Sti_Trace.log
2015-10-04 09:10 - 2014-11-11 15:11 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-10-04 09:10 - 2014-02-21 13:06 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-04 09:09 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-04 07:25 - 2013-11-12 16:01 - 00000000 ____D C:\Users\Jean\Documents\Outlook Files
2015-10-04 07:10 - 2013-11-14 15:43 - 00000000 ____D C:\Users\Rolly\Documents\Outlook Files
2015-10-04 07:09 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-04 06:57 - 2013-11-14 02:29 - 00885800 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-04 06:55 - 2015-08-26 19:46 - 00076321 _____ C:\Users\Rolly\Sti_Trace.log
2015-10-04 06:52 - 2015-08-24 08:37 - 00008192 ____C C:\WINDOWS\SysWOW64\WDPABKP.dat
2015-10-04 06:52 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-03 09:05 - 2014-02-16 12:39 - 00000000 ____D C:\Users\Jean
2015-10-03 09:05 - 2012-07-26 03:12 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-10-03 06:29 - 2014-11-18 08:44 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D79D93AE-2837-4E86-971F-78943BF032F6}
2015-10-03 06:27 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-10-02 20:18 - 2013-08-22 08:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-10-02 16:09 - 2014-03-19 16:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-02 15:59 - 2014-11-11 10:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-02 14:39 - 2013-11-12 15:48 - 00000000 ____D C:\Users\Jean\Documents\Family Tree Maker
2015-10-02 08:22 - 2015-08-07 17:15 - 00000000 ____D C:\Users\Jean\AppData\Local\CrashDumps
2015-10-02 08:22 - 2013-11-21 15:19 - 00000000 ____D C:\Users\Jean\AppData\LocalLow\Temp
2015-10-01 20:52 - 2013-11-14 16:30 - 00003942 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B80DA2D2-0021-49A6-A938-7FAF40393B54}
2015-10-01 16:13 - 2013-11-13 10:39 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2634294434-2670011047-1523814120-1001
2015-10-01 09:51 - 2014-11-08 21:10 - 00000000 ____D C:\Users\Jean\Downloads\Help Guide   Sony a5000_files
2015-10-01 09:51 - 2014-07-03 09:09 - 00000000 ____D C:\Users\Jean\Downloads\Order Confirmation-bjs_files
2015-10-01 09:51 - 2014-07-03 08:51 - 00000000 ____D C:\Users\Jean\Downloads\Sure Fit Stretch Pinstripe T-Cushion Loveseat Slipcover - French Blue - BJ's Wholesale Club_files
2015-10-01 09:51 - 2014-04-13 09:24 - 00000000 ____D C:\Users\Jean\Downloads\Early Sumner County Marriage Records Through 1850, Grooms - Ro_files
2015-10-01 09:51 - 2013-11-16 20:07 - 00000000 ____D C:\Users\Jean\Downloads\SpyHunter - Purchase_files
2015-10-01 09:51 - 2013-11-12 16:09 - 00822272 ___SH C:\Users\Jean\Downloads\Thumbs.db
2015-10-01 08:33 - 2014-11-22 14:12 - 00085360 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klwtp.sys
2015-10-01 08:33 - 2014-11-20 13:39 - 00077680 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klwfp.sys
2015-10-01 08:33 - 2014-11-10 17:48 - 00190648 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kneps.sys
2015-10-01 08:33 - 2014-10-10 17:02 - 00039792 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klim6.sys
2015-10-01 08:33 - 2014-08-19 12:31 - 00064368 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kldisk.sys
2015-10-01 08:33 - 2014-03-31 10:47 - 00478392 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kl1.sys
2015-10-01 08:33 - 2013-04-12 14:34 - 00024944 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klpd.sys
2015-10-01 08:14 - 2014-06-09 09:10 - 00007622 _____ C:\Users\Jean\AppData\Local\resmon.resmoncfg
2015-10-01 07:54 - 2014-10-30 04:22 - 00040304 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klkbdflt.sys
2015-10-01 07:54 - 2014-10-22 21:13 - 00226480 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klhk.sys
2015-10-01 07:54 - 2013-08-08 16:11 - 00039792 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klmouflt.sys
2015-10-01 07:54 - 2013-01-14 20:10 - 00247016 _____ (Kaspersky Lab UK Ltd) C:\WINDOWS\system32\Drivers\cm_km_w.sys
2015-10-01 07:48 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-10-01 07:48 - 2012-07-26 03:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-09-30 21:11 - 2014-06-30 10:09 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-30 20:59 - 2015-04-11 08:09 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-09-30 13:27 - 2015-08-24 07:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-09-30 13:02 - 2015-08-05 23:31 - 00000000 ___DC C:\AdwCleaner
2015-09-27 14:45 - 2014-07-04 14:09 - 00000000 ____D C:\WINDOWS\system32\config\SM Registry Backup
2015-09-27 07:08 - 2013-11-14 16:07 - 00000000 ____D C:\Users\Rolly\Documents\Excel
2015-09-27 06:30 - 2014-10-20 08:11 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-26 19:01 - 2013-11-14 16:07 - 00000000 ____D C:\Users\Rolly\Documents\Access
2015-09-26 16:30 - 2013-11-12 15:59 - 00000000 ____D C:\Users\Jean\Documents\Living Cookbook Backups
2015-09-25 07:38 - 2013-11-16 15:30 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-09-25 07:38 - 2013-11-16 15:30 - 00000000 ____D C:\Program Files\CCleaner
2015-09-24 21:17 - 2013-11-14 18:56 - 00000000 ____D C:\ProgramData\Smart Label Printer
2015-09-24 21:16 - 2013-11-12 16:08 - 00000000 ____D C:\Users\Jean\Documents\Word
2015-09-24 20:36 - 2013-11-12 13:25 - 00000000 ____D C:\Users\Jean\AppData\Local\Packages
2015-09-24 12:44 - 2015-08-26 19:00 - 00000874 _____ C:\Users\Public\Desktop\Print CD.lnk
2015-09-24 12:44 - 2015-08-26 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2015-09-24 12:44 - 2015-08-26 18:57 - 00000000 ____D C:\Program Files (x86)\EPSON Software
2015-09-24 12:44 - 2013-11-20 19:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-24 12:44 - 2013-11-14 02:17 - 00000000 ____D C:\WINDOWS\ShellNew
2015-09-24 12:38 - 2015-08-26 18:57 - 00000000 ____D C:\Program Files (x86)\epson
2015-09-22 11:56 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-19 20:40 - 2014-02-16 12:39 - 00000000 ____D C:\Users\Rolly
2015-09-18 14:16 - 2014-02-16 14:37 - 00000000 ___DC C:\WINDOWS\Panther
2015-09-16 06:27 - 2014-02-21 13:06 - 00003904 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-16 06:27 - 2014-02-21 13:06 - 00003668 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-16 06:27 - 2014-02-21 13:06 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-15 19:22 - 2013-11-14 16:06 - 00000000 ____D C:\Users\Rolly\AppData\Local\Google
2015-09-13 17:06 - 2014-08-13 09:33 - 00000000 ____D C:\Users\Jean\AppData\Local\Deployment
2015-09-13 17:05 - 2014-08-13 09:34 - 00000000 ____D C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2015-09-13 10:26 - 2015-07-02 06:53 - 00000000 ___RD C:\Users\Jean\OneDrive
2015-09-13 10:26 - 2014-05-18 19:22 - 00003102 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2634294434-2670011047-1523814120-1001
2015-09-13 10:07 - 2013-11-14 19:06 - 00033043 _____ C:\ProgramData\hpzinstall.log
2015-09-12 16:56 - 2015-08-26 19:00 - 00000000 ____D C:\Users\Jean\AppData\Roaming\Epson
2015-09-12 16:55 - 2015-08-26 19:46 - 00000000 ____D C:\Users\Rolly\AppData\Roaming\Epson
2015-09-09 20:38 - 2013-11-14 10:52 - 00000000 ____D C:\Users\Jean\AppData\Local\Google
2015-09-09 17:45 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2015-09-09 17:05 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-06 17:12 - 2015-08-24 17:49 - 00000000 ____D C:\Program Files (x86)\Windows Password Key Standard
2015-09-06 17:12 - 2013-11-14 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
==================== Files in the root of some directories =======
2015-09-26 19:14 - 2015-09-27 11:28 - 0026923 _____ () C:\Users\Jean\AppData\Roaming\Comma Separated Values.ADR
2014-04-20 12:41 - 2014-04-20 12:41 - 0000055 _____ () C:\Users\Jean\AppData\Roaming\mbam.context.scan
2014-06-09 09:10 - 2015-10-01 08:14 - 0007622 _____ () C:\Users\Jean\AppData\Local\resmon.resmoncfg
2014-12-16 10:50 - 2014-12-16 10:50 - 2440206 _____ () C:\Users\Jean\AppData\Local\[j0011]-[p01].bmp
2013-11-14 19:06 - 2015-09-13 10:07 - 0033043 _____ () C:\ProgramData\hpzinstall.log
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-10-04 07:18
==================== End of FRST.txt ============================

Edited by nasdaq, 05 October 2015 - 12:41 PM.
Underlied text removed


#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:17 PM

Posted 05 October 2015 - 12:45 PM

How is the computer running now?

#14 littlefizz

littlefizz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 05 October 2015 - 04:31 PM

Actually, it has sped up again.  Hopefully, it  will continue. 

 

Thanks so much for your help.



#15 littlefizz

littlefizz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 06 October 2015 - 06:20 AM

Spoke too soon.....now running slow again.  

 

Something must be getting changed.    

 

Troubleshooting the network, occasionally yields an error that the modem needs to be reset.   However, it doesn't seem to work. 

 

The only time the system speeds up is after I run the Zoek, FRST64 combination.

 

Any ideas?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users