Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Kaspersky keeps giving errors


  • This topic is locked This topic is locked
16 replies to this topic

#1 KZNDiver

KZNDiver

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 15 May 2016 - 04:10 AM

Hi

 

I am new to this site.  I have a licenced version of Kaspersky on my computer and it keeps giving errors and says that some files are corrupted when I try to download an update.  I tried to follow various advice given on various files, starting with deleting all temporary files, but a few would not delete and further reading states that these could be malware

 

I am very "green" and am rather a technophobe, so need some step by step advice.

 

I downloaded (with reservations as got several warnings that this is not recognised software!) the Farbar Recovery Scan Tool and scanned my files - see below:

 

can result of Farbar Recovery Scan Tool (FRST) (x86) Version:14-05-2016
Ran by clifford (administrator) on NTB-CWAKELIN (15-05-2016 10:46:55)
Running from C:\Users\clifford.clifford-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VFGWET10
Loaded Profiles: clifford (Available Profiles: clifford)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
(Attix5 Ltd) C:\Program Files\Pastel IronTree\a5backup.exe
(QUALCOMM, Inc.) C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Uwe Sieber - www.uwe-sieber.de) C:\USBDLM x86\USBDLM.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
(Attix5) C:\Program Files\Pastel IronTree\A5Tray.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(Uwe Sieber - www.uwe-sieber.de) C:\USBDLM x86\USBDLM_usr.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Hewlett-Packard Co.) C:\Program Files\Hp\HP Deskjet 4620 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
() C:\PVSW\bin\w3dbsmgr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Co.) C:\Program Files\Hp\HP Deskjet 4620 series\Bin\HPNetworkCommunicatorCom.exe
(Hewlett-Packard Co.) C:\Program Files\Hp\HP Deskjet 4620 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_21_0_0_242_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-17] (IDT, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1612872 2016-04-21] (APN)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKU\S-1-5-21-3861810467-1385391395-3362689643-1002\...\Run: [HP Deskjet 4620 series (NET)] => C:\Program Files\Hp\HP Deskjet 4620 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3861810467-1385391395-3362689643-1002\...\Run: [Wondershare Helper Compact.exe] => "C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe"
HKU\S-1-5-21-3861810467-1385391395-3362689643-1002\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [28919936 2015-05-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3861810467-1385391395-3362689643-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Pervasive.SQL Workgroup Engine.lnk [2010-12-04]
ShortcutTarget: Pervasive.SQL Workgroup Engine.lnk -> C:\PVSW\bin\w3dbsmgr.exe ()
Startup: C:\Users\clifford.clifford-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 4620 series (Network).lnk [2016-05-11]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 4620 series (Network).lnk -> C:\Program Files\Hp\HP Deskjet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\clifford.clifford-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 4620 series (Network).lnk [2016-05-11]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 4620 series (Network).lnk -> C:\Program Files\Hp\HP Deskjet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{43832BD7-EA70-494D-8703-35801B5FB0CC}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C6DBB964-C08F-4B54-AD9E-949CCE4EA007}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3861810467-1385391395-3362689643-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3861810467-1385391395-3362689643-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3861810467-1385391395-3362689643-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.za/
SearchScopes: HKLM -> DefaultScope {8FF9B1E1-48D5-435C-AF5E-3B8D6F9806E2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {21411B10-E201-4821-ADB8-A7CDC1230E2E} URL = hxxp://downloads.phpnuke.org/en/index.php?rvs=google
SearchScopes: HKLM -> {34e26447-bf30-4c78-a5b9-61dfa8a55e67} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XMxdm130YYza&ptnrS=XMxdm130YYza&si=CI2r5fbj-rICFSTHtAodQTcAHQ&ptb=DF9AE1CB-5570-4D8F-8F71-04BEBD958B82&psa=&ind=2012101201&st=sb&n=77ee3a51&searchfor={searchTerms}
SearchScopes: HKLM -> {8FF9B1E1-48D5-435C-AF5E-3B8D6F9806E2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3861810467-1385391395-3362689643-1002 -> DefaultScope {FCB9AE43-B7FF-45E7-9C49-A5ACEA238D63} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11406&pf=V7&p2=^BBE^OSJ000^YY^ZA&gct=&itbv=12.16.2.53&apn_uid=69DA0F6A-6158-4CC8-A0B5-8ADD02AD74CF&apn_ptnrs=BBE&apn_dtid=^OSJ000^YY^ZA&apn_dbr=ie_11.0.9600.17280&doi=2014-09-30&trgb=IE&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-3861810467-1385391395-3362689643-1002 -> {FCB9AE43-B7FF-45E7-9C49-A5ACEA238D63} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11406&pf=V7&p2=^BBE^OSJ000^YY^ZA&gct=&itbv=12.16.2.53&apn_uid=69DA0F6A-6158-4CC8-A0B5-8ADD02AD74CF&apn_ptnrs=BBE&apn_dtid=^OSJ000^YY^ZA&apn_dbr=ie_11.0.9600.17280&doi=2014-09-30&trgb=IE&q={searchTerms}&psv=&pt=tb
BHO: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll [2016-04-21] (APN LLC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2016-04-24] (AO Kaspersky Lab)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
Toolbar: HKLM - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll [2016-04-21] (APN LLC.)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2016-04-24] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-3861810467-1385391395-3362689643-1002 -> &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3861810467-1385391395-3362689643-1002 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKU\S-1-5-21-3861810467-1385391395-3362689643-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3861810467-1385391395-3362689643-1002 -> Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2016-04-24] (AO Kaspersky Lab)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3861810467-1385391395-3362689643-1002: @tools.google.com/Google Update;version=3 -> C:\Users\clifford.clifford-HP\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2013-12-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-3861810467-1385391395-3362689643-1002: @tools.google.com/Google Update;version=9 -> C:\Users\clifford.clifford-HP\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2013-12-07] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt => not found
FF HKLM\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2016-04-24]

Chrome:
=======
CHR Profile: C:\Users\clifford.clifford-HP\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\clifford.clifford-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-26]
CHR Extension: (Google Search) - C:\Users\clifford.clifford-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-26]
CHR Extension: (Google Wallet) - C:\Users\clifford.clifford-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-26]
CHR Extension: (Gmail) - C:\Users\clifford.clifford-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-03]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-04-29]
CHR HKU\S-1-5-21-3861810467-1385391395-3362689643-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [198216 2016-04-21] (APN LLC.)
R2 AVP16.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2016-04-24] (Kaspersky Lab ZAO)
S3 BFE; . [0 2016-05-12] () <==== ATTENTION (zero byte File/Folder)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-04-29] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-04-29] (Microsoft Corporation)
R2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [792592 2016-04-08] (Garmin Ltd. or its subsidiaries)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
R2 IronTreeDL; C:\Program Files\Pastel IronTree\a5backup.exe [163840 2008-07-23] (Attix5 Ltd) [File not signed]
S3 MpsSvc; . [0 2016-05-12] () <==== ATTENTION (zero byte File/Folder)
R2 QDLService2kHP; C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe [330488 2009-10-01] (QUALCOMM, Inc.)
S2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2372080 2016-03-23] (IBM Corp.)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\STacSV.exe [229458 2010-03-17] (IDT, Inc.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 USBDLM; C:\USBDLM x86\USBDLM.exe [332768 2011-10-09] (Uwe Sieber - www.uwe-sieber.de) [File not signed]
S4 vcsFPService; C:\windows\system32\vcsFPService.exe [1664304 2010-02-18] (Validity Sensors, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\windows\System32\drivers\Afc.sys [18688 2006-11-11] (Arcsoft, Inc.)
R3 athr; C:\windows\System32\DRIVERS\athr.sys [2957312 2012-06-20] (Qualcomm Atheros Communications, Inc.)
R0 cm_km; C:\windows\System32\DRIVERS\cm_km.sys [201912 2015-07-06] (Kaspersky Lab ZAO)
S3 HP8207_8307; C:\windows\System32\DRIVERS\HP8207_8307.sys [13952 2010-02-04] (Windows ® Win 7 DDK provider)
S3 huawei_cdcacm; C:\windows\System32\DRIVERS\ew_jucdcacm.sys [85760 2011-04-18] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\windows\System32\DRIVERS\ew_juextctrl.sys [26496 2011-04-18] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\windows\System32\DRIVERS\ew_juwwanecm.sys [168448 2011-04-18] (Huawei Technologies Co., Ltd.)
S3 ivusb; C:\windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
R0 kl1; C:\windows\System32\DRIVERS\kl1.sys [153784 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\windows\System32\DRIVERS\klbackupdisk.sys [46776 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\windows\System32\DRIVERS\klbackupflt.sys [58224 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\windows\System32\DRIVERS\kldisk.sys [66976 2016-04-24] (AO Kaspersky Lab)
R3 klflt; C:\windows\System32\DRIVERS\klflt.sys [147328 2016-04-24] (AO Kaspersky Lab)
R1 klhk; C:\windows\System32\DRIVERS\klhk.sys [44728 2016-04-24] (AO Kaspersky Lab)
R1 KLIF; C:\windows\System32\DRIVERS\klif.sys [776088 2016-04-24] (AO Kaspersky Lab)
R1 KLIM6; C:\windows\System32\DRIVERS\klim6.sys [33976 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\windows\System32\DRIVERS\klkbdflt.sys [37048 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\windows\System32\DRIVERS\klmouflt.sys [38072 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\windows\System32\DRIVERS\klpd.sys [39304 2016-04-24] (AO Kaspersky Lab)
R1 kltdi; C:\windows\System32\DRIVERS\kltdi.sys [54328 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\windows\System32\DRIVERS\klwtp.sys [87736 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\windows\System32\DRIVERS\kneps.sys [156856 2015-06-23] (Kaspersky Lab ZAO)
R1 mfetdik; C:\windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.)
S3 qcfilterhp2k; C:\windows\System32\DRIVERS\qcfilterhp2k.sys [5248 2009-10-01] (QUALCOMM Incorporated)
S3 qcusbnethp2k; C:\windows\System32\DRIVERS\qcusbnethp2k.sys [201728 2009-10-01] (QUALCOMM Incorporated)
S3 qcusbserhp2k; C:\windows\System32\DRIVERS\qcusbserhp2k.sys [106368 2009-10-01] (QUALCOMM Incorporated)
R1 RapportCerberus_1609035; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1609035.sys [752008 2016-04-11] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [307016 2016-03-23] (IBM Corp.)
R0 RapportHades; C:\windows\System32\Drivers\RapportHades.sys [82056 2016-03-23] (IBM Corp.)
R3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [183176 2016-04-11] (IBM Corp.)
R0 RapportKELL; C:\windows\System32\Drivers\RapportKELL.sys [237544 2016-03-23] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [386152 2016-03-23] (IBM Corp.)
R0 sptd; C:\windows\System32\Drivers\sptd.sys [436792 2010-11-04] () [File not signed]
S4 USBAAPL; C:\windows\System32\Drivers\usbaapl.sys [42496 2011-08-02] (Apple, Inc.) [File not signed]
S3 vpcbus; C:\windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
S3 vpcusb; C:\windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
U3 a64sd571; C:\windows\system32\Drivers\a64sd571.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
S4 AgereSoftModem; system32\DRIVERS\AGRSM.sys [X]
S4 ARCVCAM; system32\DRIVERS\ArcSoftVCapture.sys [X]
S4 btwampfl; system32\drivers\btwampfl.sys [X]
S4 btwaudio; system32\drivers\btwaudio.sys [X]
S4 btwavdt; system32\DRIVERS\btwavdt.sys [X]
S4 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S4 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S4 catchme; \??\C:\Users\CLIFFO~1.CLI\AppData\Local\Temp\catchme.sys [X]
S4 HSPADataCardusbmdm; system32\DRIVERS\HSPADataCardusbmdm.sys [X]
S4 HSPADataCardusbnmea; system32\DRIVERS\HSPADataCardusbnmea.sys [X]
S4 HSPADataCardusbser; system32\DRIVERS\HSPADataCardusbser.sys [X]
S4 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S4 rtsuvc; system32\DRIVERS\rtsuvc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-15 10:43 - 2016-05-15 10:46 - 00000000 ____D C:\FRST
2016-05-15 10:35 - 2016-05-15 10:35 - 01733120 _____ (Farbar) C:\Users\clifford.clifford-HP\Downloads\FRST.exe
2016-05-14 21:20 - 2016-05-14 21:23 - 01920352 _____ (Kaspersky Lab) C:\Users\clifford.clifford-HP\Downloads\kis16.0.0.614abcden_9851.exe
2016-05-10 20:18 - 2016-04-23 18:24 - 00346312 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-05-10 20:18 - 2016-04-23 06:20 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-05-10 20:18 - 2016-04-23 06:20 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-05-10 20:18 - 2016-04-23 06:11 - 20350464 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-05-10 20:18 - 2016-04-23 06:08 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-05-10 20:18 - 2016-04-23 06:08 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-05-10 20:18 - 2016-04-23 06:07 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-05-10 20:18 - 2016-04-23 06:07 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-05-10 20:18 - 2016-04-23 06:04 - 02285568 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-05-10 20:18 - 2016-04-23 06:02 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-05-10 20:18 - 2016-04-23 06:01 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-05-10 20:18 - 2016-04-23 05:59 - 00476160 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-05-10 20:18 - 2016-04-23 05:58 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-05-10 20:18 - 2016-04-23 05:58 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-05-10 20:18 - 2016-04-23 05:58 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-05-10 20:18 - 2016-04-23 05:53 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-05-10 20:18 - 2016-04-23 05:50 - 00416256 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-05-10 20:18 - 2016-04-23 05:45 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-05-10 20:18 - 2016-04-23 05:44 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-05-10 20:18 - 2016-04-23 05:43 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-05-10 20:18 - 2016-04-23 05:41 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-05-10 20:18 - 2016-04-23 05:40 - 00279040 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-05-10 20:18 - 2016-04-23 05:39 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-05-10 20:18 - 2016-04-23 05:33 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-05-10 20:18 - 2016-04-23 05:31 - 00693248 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-05-10 20:18 - 2016-04-23 05:31 - 00689664 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-05-10 20:18 - 2016-04-23 05:30 - 02056192 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-05-10 20:18 - 2016-04-23 05:30 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-05-10 20:18 - 2016-04-23 05:26 - 13811200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-05-10 20:18 - 2016-04-23 05:12 - 02121216 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-05-10 20:18 - 2016-04-23 05:09 - 01312256 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-05-10 20:18 - 2016-04-23 05:07 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-05-10 20:18 - 2016-04-14 15:49 - 00603648 _____ (Microsoft Corporation) C:\windows\system32\d3d10level9.dll
2016-05-10 20:18 - 2016-04-09 08:54 - 00306176 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-05-10 20:18 - 2016-04-09 08:54 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-05-10 20:18 - 2016-04-09 07:40 - 02397696 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-05-10 20:18 - 2016-04-09 06:20 - 01230848 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2016-05-10 20:18 - 2016-03-09 20:34 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2016-05-10 20:17 - 2016-04-23 06:08 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-05-10 20:17 - 2016-04-23 05:58 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-05-10 20:17 - 2016-04-23 05:36 - 04611072 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-05-10 20:14 - 2016-04-09 08:59 - 03998952 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2016-05-10 20:14 - 2016-04-09 08:59 - 03943144 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-05-10 20:14 - 2016-04-09 08:59 - 00730344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2016-05-10 20:14 - 2016-04-09 08:59 - 00218856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2016-05-10 20:14 - 2016-04-09 08:59 - 00137960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-05-10 20:14 - 2016-04-09 08:59 - 00067304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-05-10 20:14 - 2016-04-09 08:57 - 01310528 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 01062400 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00655360 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00644096 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00260608 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00251392 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00223232 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00171520 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-05-10 20:14 - 2016-04-09 07:42 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-05-10 20:14 - 2016-04-09 07:42 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-05-10 20:14 - 2016-04-09 07:42 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-05-10 20:14 - 2016-04-09 07:42 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-05-10 20:14 - 2016-04-09 07:42 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-05-10 20:14 - 2016-04-09 07:40 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-05-10 20:14 - 2016-04-09 07:38 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-05-10 20:14 - 2016-04-09 07:38 - 00124416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-05-10 20:14 - 2016-04-09 07:38 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-05-10 20:14 - 2016-04-09 07:37 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-05-10 20:14 - 2016-04-09 07:37 - 00036352 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-05-10 20:14 - 2016-04-09 07:37 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-05-10 20:14 - 2016-04-09 07:37 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-05-05 18:36 - 2016-05-05 18:36 - 00065450 _____ C:\Users\clifford.clifford-HP\Documents\Proof of payment DR Smith - Tyre.pdf
2016-04-27 16:55 - 2016-04-27 16:55 - 00001820 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2016-04-27 16:55 - 2016-04-27 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-04-24 11:28 - 2016-04-24 11:28 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-04-24 10:34 - 2016-04-24 10:34 - 00002304 _____ C:\Users\clifford.clifford-HP\Desktop\Safe Money.lnk
2016-04-24 10:24 - 2016-04-24 10:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2016-04-24 10:24 - 2016-04-24 10:20 - 00002062 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2016-04-24 10:18 - 2016-04-24 11:31 - 00776088 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klif.sys
2016-04-24 10:18 - 2016-04-24 11:31 - 00147328 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klflt.sys
2016-04-18 19:42 - 2016-04-18 19:42 - 00000000 ____D C:\Users\clifford.clifford-HP\Desktop\New folder

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-15 10:40 - 2009-07-14 06:34 - 00025648 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-15 10:40 - 2009-07-14 06:34 - 00025648 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-15 10:39 - 2010-11-05 17:17 - 00000000 ____D C:\Users\clifford.clifford-HP\Documents\Outlook Files
2016-05-15 10:31 - 2014-02-11 17:19 - 00000886 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-15 10:00 - 2013-12-26 12:57 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-05-15 09:30 - 2013-12-24 17:53 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-05-15 01:31 - 2014-02-11 17:19 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-15 01:00 - 2013-12-26 19:32 - 00000000 ____D C:\Users\clifford.clifford-HP\AppData\Local\ElevatedDiagnostics
2016-05-13 17:00 - 2013-12-26 12:57 - 00797376 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2016-05-13 17:00 - 2013-12-26 12:57 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2016-05-13 15:07 - 2010-11-07 19:41 - 00000000 ____D C:\Users\clifford.clifford-HP\Documents\wataniwakelin
2016-05-13 11:09 - 2009-07-14 04:37 - 00000000 ____D C:\windows\inf
2016-05-13 07:50 - 2010-11-04 21:00 - 00002101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-13 07:35 - 2014-12-12 08:56 - 00000000 ____D C:\windows\system32\appraiser
2016-05-12 18:51 - 2009-07-14 04:37 - 00000000 ____D C:\windows\rescache
2016-05-12 09:56 - 2016-04-13 09:47 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-11 13:46 - 2010-06-07 11:36 - 00781790 _____ C:\windows\system32\PerfStringBackup.INI
2016-05-11 12:46 - 2011-02-14 20:14 - 00000000 ____D C:\Users\clifford.clifford-HP\AppData\Roaming\Skype
2016-05-11 03:39 - 2013-12-26 15:42 - 00441336 _____ C:\windows\system32\FNTCACHE.DAT
2016-05-11 03:39 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-05-11 03:16 - 2013-07-13 21:35 - 00000000 ____D C:\windows\system32\MRT
2016-05-11 03:06 - 2010-11-04 19:50 - 136686448 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-05-07 03:00 - 2015-04-05 17:40 - 00000000 ___SD C:\windows\system32\GWX
2016-05-06 15:50 - 2013-08-12 21:09 - 01287168 ___SH C:\Users\clifford.clifford-HP\Documents\Thumbs.db
2016-05-06 08:26 - 2015-05-30 19:19 - 00000000 ___RD C:\Program Files\Skype
2016-05-05 18:36 - 2011-03-27 16:30 - 00000000 ____D C:\Users\clifford.clifford-HP\AppData\Local\CutePDF Writer
2016-05-02 11:07 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\NDF
2016-04-30 00:28 - 2015-05-13 15:34 - 00000000 ____D C:\Program Files\TeamViewer
2016-04-27 16:56 - 2015-09-27 10:09 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-27 16:56 - 2015-09-27 10:09 - 00000000 ____D C:\Program Files\Garmin
2016-04-24 11:31 - 2015-06-08 19:43 - 00039304 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klpd.sys
2016-04-24 11:31 - 2015-06-06 08:48 - 00066976 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\kldisk.sys
2016-04-24 10:54 - 2010-12-04 15:53 - 00000000 ____D C:\Xpress09
2016-04-24 10:53 - 2013-07-29 21:12 - 00000000 ____D C:\Users\clifford.clifford-HP\Documents\Divorce Care
2016-04-24 10:38 - 2015-07-04 02:18 - 00044728 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klhk.sys
2016-04-24 10:24 - 2013-12-24 17:54 - 00000000 ____D C:\Program Files\Kaspersky Lab
2016-04-21 15:05 - 2010-11-04 20:40 - 00374944 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-04-15 06:43 - 2010-12-04 15:53 - 00000000 ___RD C:\Program Files\Pastel IronTree

==================== Files in the root of some directories =======

2013-10-18 07:07 - 2013-10-18 07:07 - 50053120 _____ () C:\Program Files\GUT201.tmp
2010-12-04 15:51 - 2010-12-04 15:51 - 0000190 _____ () C:\Program Files\Common Files\psasetup.log
2011-06-27 17:13 - 2011-07-11 17:56 - 0001849 _____ () C:\Users\clifford.clifford-HP\AppData\Roaming\GhostObjGAFix.xml
2015-11-06 12:06 - 2015-12-11 07:48 - 0003584 _____ () C:\Users\clifford.clifford-HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-20 09:55 - 2012-06-06 08:10 - 0007606 _____ () C:\Users\clifford.clifford-HP\AppData\Local\resmon.resmoncfg
2011-05-28 20:16 - 2011-05-28 20:16 - 0000000 _____ () C:\Users\clifford.clifford-HP\AppData\Local\{0E364DA1-126F-4936-9880-3C14B631A983}
2011-09-05 05:50 - 2011-09-05 05:50 - 0000000 _____ () C:\Users\clifford.clifford-HP\AppData\Local\{2768A2DB-06C3-407E-BA66-26FEF9C7B030}
2011-09-23 05:10 - 2011-09-23 05:10 - 0000000 _____ () C:\Users\clifford.clifford-HP\AppData\Local\{49993081-12E1-4AEA-A38B-233C28AF7AF9}
2011-09-27 05:31 - 2011-09-27 05:31 - 0000000 _____ () C:\Users\clifford.clifford-HP\AppData\Local\{5F30A0C1-F75F-42F9-A574-1EA7D087F28F}
2011-08-15 05:53 - 2011-08-15 05:53 - 0000000 _____ () C:\Users\clifford.clifford-HP\AppData\Local\{8F9C5EDB-4DCF-4550-ABFF-36DFF720CC30}
2011-08-30 05:51 - 2011-08-30 05:51 - 0000000 _____ () C:\Users\clifford.clifford-HP\AppData\Local\{E1A13BFD-B742-4A7E-AF3B-026236C84C6A}
2011-05-28 20:14 - 2011-05-28 20:19 - 0000000 _____ () C:\Users\clifford.clifford-HP\AppData\Local\{F67574EA-68F2-4BFA-A2A1-F3F0AF48645A}
2013-08-12 20:31 - 2013-08-12 20:31 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-11-07 17:26 - 2010-11-07 17:26 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2011-02-14 20:18 - 2011-02-14 20:18 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-11-07 16:58 - 2013-07-14 09:56 - 0001764 _____ () C:\ProgramData\FastPics.log
2010-11-10 15:43 - 2013-12-11 19:12 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
2010-11-07 16:57 - 2013-12-24 11:36 - 0001847 _____ () C:\ProgramData\lxec.log
2010-11-10 19:18 - 2012-04-23 12:26 - 0000919 _____ () C:\ProgramData\lxecDiagnostics.log
2010-11-07 16:58 - 2013-06-25 19:23 - 6205636 _____ () C:\ProgramData\lxecJSW.log
2010-11-07 16:11 - 2013-12-24 11:37 - 0369258 _____ () C:\ProgramData\lxecscan.log
2010-11-07 17:26 - 2010-11-07 17:26 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2013-07-04 19:10 - 2013-07-04 19:10 - 0009928 _____ () C:\ProgramData\SPL101A.tmp
2010-11-07 16:08 - 2010-11-07 16:08 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-28 11:26

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:14-05-2016
Ran by clifford (2016-05-15 10:48:28)
Running from C:\Users\clifford.clifford-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VFGWET10
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2010-08-13 23:47:03)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3861810467-1385391395-3362689643-500 - Administrator - Disabled)
clifford (S-1-5-21-3861810467-1385391395-3362689643-1002 - Administrator - Enabled) => C:\Users\clifford.clifford-HP
Guest (S-1-5-21-3861810467-1385391395-3362689643-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3861810467-1385391395-3362689643-1074 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20039 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version:  3.1 - Acro Software Inc.)
Elevated Installer (Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM\...\{2639b4f0-83b4-4f3d-942f-e4ba22a40b9b}) (Version: 4.1.19.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Deskjet 4620 series Basic Device Software (HKLM\...\{68FC9963-7678-4EC3-95CF-4501CB63CF19}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.4.18.7 - HP)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6275.0 - IDT)
Image Resizer Powertoy Clone for Windows (HKLM\...\{1E5F3CC6-D390-4393-A2AA-6CEC04F1705A}) (Version: 2.1 - Brice Lambson)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
Kaspersky Internet Security (HKLM\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Internet Security (Version: 16.0.0.614 - Kaspersky Lab) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.7 - Microsoft Corporation)
Microsoft Project Professional 2010 (HKLM\...\Office14.PRJPRO) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
Pastel IronTree (HKLM\...\{AD749773-164E-4B6F-A317-295EAB38E1CC}) (Version: 5.1.1.19 - Pastel IronTree)
Pastel Xpress 2009 (HKLM\...\{AAB32722-C885-4210-8F83-7BE2A047A298}) (Version: 10.2.3 - Softline Pastel)
Pervasive System Analyzer (HKLM\...\Pervasive System Analyzer) (Version:  - )
Pervasive.SQL 9.60 Workgroup for Windows (HKLM\...\{D8C0330E-C815-4C6F-9BFD-0FD570155790}) (Version: 9.60.016.000 - Pervasive Software Inc. )
Pre-Boot Security for HP ProtectTools (Version: 5.0.7.1 - Hewlett-Packard) Hidden
Qualcomm Gobi 2000 Package for HP (HKLM\...\{2E512A6C-AABE-414D-B52D-3E434D291989}) (Version: 1.1.18 - QUALCOMM)
Rapport (Version: 3.5.1609.47 - Trusteer) Hidden
Realtek Ethernet Controller All-In-One Windows Driver (HKLM\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30109 - Realtek Semiconductor Corp.)
Search App by Ask (HKLM\...\{4F524A2D-5350-4500-76A7-A758B70C2802}) (Version: 12.40.2.466 - APN, LLC) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPRO_{58FA40EF-ABA9-4FED-AD3D-318A6073934D}) (Version:  - Microsoft)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.1.0.9134 - Microsoft Corporation)
Skype™ 7.5 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
Striata Reader (HKLM\...\{13d868cf-47e9-4b3d-9366-a0c60f82e5aa}) (Version: 2.17-3 - Striata Communication Solutions)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1609.47 - Trusteer)
Validity Fingerprint Driver (HKLM\...\{78365FC6-09CA-4AC3-BC01-70FB46596047}) (Version: 4.0.15.0 - Validity Sensors, Inc.)
Vibosoft DR.Mobile for Android (HKU\S-1-5-21-3861810467-1385391395-3362689643-1002\...\Vibosoft DR.Mobile for Android) (Version: 2.0.0.9 - Vibosoft)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Wondershare Dr.Fone for Android(Build 5.0.3.4) (HKLM\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 5.0.3.4 - Wondershare Software Co.,Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3861810467-1385391395-3362689643-1002_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\clifford.clifford-HP\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3861810467-1385391395-3362689643-1002_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\clifford.clifford-HP\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3861810467-1385391395-3362689643-1002_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\clifford.clifford-HP\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3861810467-1385391395-3362689643-1002_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\clifford.clifford-HP\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3861810467-1385391395-3362689643-1002_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\clifford.clifford-HP\AppData\Local\Google\Update\1.3.22.3\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3861810467-1385391395-3362689643-1002_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\clifford.clifford-HP\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3861810467-1385391395-3362689643-1002_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\clifford.clifford-HP\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3861810467-1385391395-3362689643-1002_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\clifford.clifford-HP\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3861810467-1385391395-3362689643-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\clifford.clifford-HP\AppData\Local\Google\Update\1.3.22.3\psuser.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06DABEBC-CB6A-4281-9A8D-88A331BC5982} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-04-06] (Hewlett-Packard)
Task: {371A86C0-42D6-4C2D-B220-E47F2F36E9AB} - System32\Tasks\{EA828E05-5DEC-412A-B97C-0BB45E494F24} => pcalua.exe -a "C:\Users\clifford.clifford-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VFGWET10\converter.exe" -d C:\Users\clifford.clifford-HP\Desktop
Task: {4505BCC3-73F5-438E-B877-FCC455C26160} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {5186F3DA-5974-492C-B28B-3A198E3F3E72} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {56DBA7BE-F1C0-4843-ABDA-EE4D68AA0E04} - System32\Tasks\{FAD507B1-10B6-489B-98F3-851930138EDF} => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
Task: {62D9F36C-2ECB-4B0F-9638-4D8BC19E9C48} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-04-08] ()
Task: {6D0BF717-5E2F-4B57-9DA7-D1382417BF2D} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2015-11-11] (AO Kaspersky Lab)
Task: {8D46C9C7-2E80-4CAC-917F-131EEABBFC94} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {8E7FD129-51DC-4488-8254-CAF08EC4889B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-16] (Hewlett-Packard)
Task: {BBD97910-30B3-4C3B-9581-94DF9FF0A3ED} - System32\Tasks\{A71A1716-BF6B-48EA-A7B5-3AABCFF14BA9} => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
Task: {DAB0CD5F-4B76-4DC6-AE2D-15F8B1B1EA13} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {DB6F29DF-CA1B-4E51-85C6-C88B74AF66D0} - System32\Tasks\Pastel IronTree => C:\Program Files\Pastel IronTree\A5Tray.exe [2008-07-21] (Attix5)
Task: {EEC71D29-5F08-4FD0-8E7B-1BEED8A0C5B3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-02-14 13:31 - 2016-01-22 16:56 - 00089008 _____ () C:\windows\System32\cpwmon2k.dll
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\kpcengine.2.3.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-06-02 14:51 - 2015-06-02 14:51 - 00545792 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2007-04-15 13:43 - 2007-04-15 13:43 - 00112208 _____ () C:\PVSW\bin\w3dbsmgr.exe
2007-04-15 14:04 - 2007-04-15 14:04 - 00165456 _____ () C:\PVSW\bin\W3COMSRV.DLL
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-11-11 02:42 - 2015-11-11 02:42 - 01045672 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2013-12-26 10:54 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3861810467-1385391395-3362689643-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\clifford.clifford-HP\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ACDaemon => 3
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: BFE => 2
MSCONFIG\Services: IAANTMON => 2
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: lxecCATSCustConnectService => 2
MSCONFIG\Services: lxec_device => 2
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: UNS => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{08C89973-2704-44EC-AB2A-69304C35F2F5}] => (Allow) C:\PVSW\bin\w3dbsmgr.exe
FirewallRules: [{798C5B9B-5E13-4737-8763-AE6FBF02545A}] => (Allow) C:\PVSW\bin\w3dbsmgr.exe
FirewallRules: [TCP Query User{AED68038-584B-46F3-A787-0E15D6237CC6}C:\pvsw\bin\w3dbsmgr.exe] => (Block) C:\pvsw\bin\w3dbsmgr.exe
FirewallRules: [UDP Query User{B555AC73-6A2E-457C-A78E-4A2670CFC356}C:\pvsw\bin\w3dbsmgr.exe] => (Block) C:\pvsw\bin\w3dbsmgr.exe
FirewallRules: [{53266272-F9D0-46C4-A0E4-B94C62640D08}] => (Allow) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.

==================== Faulty Device Manager Devices =============

Name: HP Mobile Data Protection Sensor
Description: HP Mobile Data Protection Sensor
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: Accelerometer
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: Deskjet 4620 series
Description: Deskjet 4620 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/15/2016 09:01:30 AM) (Source: MsiInstaller) (EventID: 10005) (User: NTB-CWAKELIN)
Description: Application: Kaspersky Internet Security -- Internal Error 2771. AVScannerAndCoreFeature

Error: (05/12/2016 09:59:38 AM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (05/12/2016 09:54:08 AM) (Source: MsiInstaller) (EventID: 1024) (User: NTB-CWAKELIN)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F104E4700}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/10/2016 05:50:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.18283, time stamp: 0x56fc59cb
Faulting module name: igd10umd32.dll, version: 8.15.10.2086, time stamp: 0x4b80087f
Exception code: 0xc0000005
Fault offset: 0x000280a1
Faulting process id: 0x1608
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (05/06/2016 08:24:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: STacSV.exe, version: 1.0.6275.0, time stamp: 0x4ba0a94b
Faulting module name: STacSV.exe, version: 1.0.6275.0, time stamp: 0x4ba0a94b
Exception code: 0xc0000005
Fault offset: 0x00005c7a
Faulting process id: 0x570
Faulting application start time: 0xSTacSV.exe0
Faulting application path: STacSV.exe1
Faulting module path: STacSV.exe2
Report Id: STacSV.exe3

Error: (05/04/2016 12:14:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchIndexer.exe, version: 7.0.7601.17610, time stamp: 0x4dc0c672
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeaf722
Exception code: 0x40000015
Fault offset: 0x0005620a
Faulting process id: 0x1514
Faulting application start time: 0xSearchIndexer.exe0
Faulting application path: SearchIndexer.exe1
Faulting module path: SearchIndexer.exe2
Report Id: SearchIndexer.exe3

Error: (05/04/2016 12:14:03 PM) (Source: Windows Search Service) (EventID: 3014) (User: )
Description: An exception occurred. ID: 18. This is an internal error. Reproduce the error with the debugger attached and enable exceptions, then contact product support. One of the components loaded in your system is bad. You may be able to avoid the problem by recreating the index.

Details:
 0x%08x (0x00000006 - (HRESULT : 0x6))

Error: (05/03/2016 08:22:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.18283, time stamp: 0x56fc59cb
Faulting module name: ntdll.dll, version: 6.1.7601.23392, time stamp: 0x56eb2fd9
Exception code: 0xc0000017
Fault offset: 0x0007d6e9
Faulting process id: 0x7ec
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (05/03/2016 08:11:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18283 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1374

Start Time: 01d1a5013f914773

Termination Time: 250

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (05/03/2016 07:57:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: STacSV.exe, version: 1.0.6275.0, time stamp: 0x4ba0a94b
Faulting module name: STacSV.exe, version: 1.0.6275.0, time stamp: 0x4ba0a94b
Exception code: 0xc0000005
Fault offset: 0x00005c7a
Faulting process id: 0x5a8
Faulting application start time: 0xSTacSV.exe0
Faulting application path: STacSV.exe1
Faulting module path: STacSV.exe2
Report Id: STacSV.exe3

System errors:
=============
Error: (05/13/2016 02:09:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Rapport Management Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/12/2016 05:58:14 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (05/11/2016 07:39:44 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (05/11/2016 03:40:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends on the BFE service which failed to start because of the following error:
%%5

Error: (05/11/2016 03:39:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BFE service failed to start due to the following error:
%%5

Error: (05/09/2016 01:01:22 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.0.2 with the system
having network hardware address 2C-59-E5-4E-ED-E9. Network operations on this system may
be disrupted as a result.

Error: (05/08/2016 06:07:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Rapport Management Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/06/2016 08:25:38 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (05/06/2016 08:24:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends on the BFE service which failed to start because of the following error:
%%5

Error: (05/06/2016 08:23:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BFE service failed to start due to the following error:
%%5

CodeIntegrity:
===================================
  Date: 2014-10-16 00:52:38.293
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-16 00:52:38.090
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-16 00:52:37.856
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-16 00:52:37.528
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-16 00:52:37.201
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-16 00:52:37.045
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-16 00:52:36.748
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-16 00:52:36.733
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-16 00:52:36.702
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-16 00:52:36.499
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 68%
Total physical RAM: 2927.43 MB
Available physical RAM: 932.1 MB
Total Virtual: 7225.75 MB
Available Virtual: 3772.56 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:280.8 GB) (Free:72.13 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive j: (External 500GB) (Fixed) (Total:465.76 GB) (Free:346.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 628CCA43)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=280.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 005A61A2)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

Please help!!

 

Thanks

 



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:39 AM

Posted 15 May 2016 - 04:59 AM

Hello KZNDiver and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Uninstall programs

Please uninstall this program:

Search App by Ask


  • click Start, Settings, Control Panel, Add or Remove Programs
  • click on Advanced SystemCare 8 and then on Uninstall. Repeat this for the other programs listed above

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner by clicking on Scan
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please run FRST again and make sure there is a checkmark next to "Addition.txt" before you hit “Scan”.

Logs to include with next post:

AdwCleaner log
JRT.txt
New Frst.txt
New Addition.txt


Thanks

Satchfan


Edited by satchfan, 15 May 2016 - 05:02 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 KZNDiver

KZNDiver
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 15 May 2016 - 06:23 AM

I could not run the first step as Advanced SystemCare 8 does not appear under the list of programs

#4 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:39 AM

Posted 15 May 2016 - 07:20 AM

My apologies. I didn't edit my instructions properly.

 

You are meant to look for and uninstall Search App by Ask


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 KZNDiver

KZNDiver
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 15 May 2016 - 01:12 PM


Blush... I should have read the instructions properly.

I don't seem to have Advanced system care 8 but went to uninstall and found the app to uninstall. I tried uninstalling and get asked if I want to allow Search App (by APN LLC) to update software on this computer. If I say no, it goes back to uninstall. Can I say yes to this question?

#6 KZNDiver

KZNDiver
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 15 May 2016 - 02:11 PM

Hi Satchfan

OK I said yes and proceeded as per above instructions.

Log from AdwCleaner:

[-] Folder Deleted : C:\Users\clifford.clifford-HP\AppData\Roaming\Oxy
[-] Folder Deleted : C:\Users\clifford.clifford-HP\Documents\Add-in Express

***** [ Files ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\PCSuiteCalendarView
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Key Deleted : HKCU\Software\Escolade
[-] Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
[-] Key Deleted : HKLM\SOFTWARE\Allin1Convert_8hEI
[-] Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FCB9AE43-B7FF-45E7-9C49-A5ACEA238D63}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{34e26447-bf30-4c78-a5b9-61dfa8a55e67}
[-] Data Restored : HKU\S-1-5-21-3861810467-1385391395-3362689643-1002\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2684 bytes] - [15/05/2016 20:45:06]
C:\AdwCleaner\AdwCleaner[S1].txt - [2977 bytes] - [15/05/2016 20:42:02]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2830 bytes] ##########


Log from Junkware removal tool:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Professional x86
Ran by clifford (Administrator) on 2016/05/15 at 20:56:06.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 18

Failed to delete: C:\Users\clifford.clifford-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\70JRN1DJ (Temporary Internet Files Folder)
Failed to delete: C:\Users\clifford.clifford-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NQWO7ZBV (Temporary Internet Files Folder)
Failed to delete: C:\Users\clifford.clifford-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHNSISA5 (Temporary Internet Files Folder)
Successfully deleted: C:\Program Files\GUT201.tmp (File)
Successfully deleted: C:\ProgramData\SPL101A.tmp (File)
Successfully deleted: C:\Users\clifford.clifford-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\660T9GC3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\clifford.clifford-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7P31ZMX7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\clifford.clifford-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OJRYF3XA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\clifford.clifford-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VFGWET10 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\clifford.clifford-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WDJLIYRW (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\660T9GC3 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\70JRN1DJ (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7P31ZMX7 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NQWO7ZBV (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OJRYF3XA (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHNSISA5 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VFGWET10 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WDJLIYRW (Temporary Internet Files Folder)



Registry: 4

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FCB9AE43-B7FF-45E7-9C49-A5ACEA238D63} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{21411B10-E201-4821-ADB8-A7CDC1230E2E} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2016/05/15 at 21:00:37.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST.txt Log as follows:

can result of Farbar Recovery Scan Tool (FRST) (x86) Version:14-05-2016
Ran by clifford (administrator) on NTB-CWAKELIN (15-05-2016 21:04:15)
Running from C:\Users\clifford.clifford-HP\Downloads
Loaded Profiles: clifford (Available Profiles: clifford)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
(Attix5 Ltd) C:\Program Files\Pastel IronTree\a5backup.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(QUALCOMM, Inc.) C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Uwe Sieber - www.uwe-sieber.de) C:\USBDLM x86\USBDLM.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_21_0_0_242_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-17] (IDT, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKU\S-1-5-21-3861810467-1385391395-3362689643-1002\...\Run: [HP Deskjet 4620 series (NET)] => C:\Program Files\Hp\HP Deskjet 4620 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3861810467-1385391395-3362689643-1002\...\Run: [Wondershare Helper Compact.exe] => "C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe"
HKU\S-1-5-21-3861810467-1385391395-3362689643-1002\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [28919936 2015-05-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3861810467-1385391395-3362689643-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Pervasive.SQL Workgroup Engine.lnk [2010-12-04]
ShortcutTarget: Pervasive.SQL Workgroup Engine.lnk -> C:\PVSW\bin\w3dbsmgr.exe ()
Startup: C:\Users\clifford.clifford-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 4620 series (Network).lnk [2016-05-15]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 4620 series (Network).lnk -> C:\Program Files\Hp\HP Deskjet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\clifford.clifford-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 4620 series (Network).lnk [2016-05-15]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 4620 series (Network).lnk -> C:\Program Files\Hp\HP Deskjet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{43832BD7-EA70-494D-8703-35801B5FB0CC}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C6DBB964-C08F-4B54-AD9E-949CCE4EA007}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3861810467-1385391395-3362689643-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3861810467-1385391395-3362689643-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3861810467-1385391395-3362689643-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.za/
SearchScopes: HKLM -> DefaultScope {8FF9B1E1-48D5-435C-AF5E-3B8D6F9806E2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {8FF9B1E1-48D5-435C-AF5E-3B8D6F9806E2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3861810467-1385391395-3362689643-1002 -> DefaultScope {FCB9AE43-B7FF-45E7-9C49-A5ACEA238D63} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2016-04-24] (AO Kaspersky Lab)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2016-04-24] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-3861810467-1385391395-3362689643-1002 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
Toolbar: HKU\S-1-5-21-3861810467-1385391395-3362689643-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3861810467-1385391395-3362689643-1002 -> Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2016-04-24] (AO Kaspersky Lab)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3861810467-1385391395-3362689643-1002: @tools.google.com/Google Update;version=3 -> C:\Users\clifford.clifford-HP\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2013-12-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-3861810467-1385391395-3362689643-1002: @tools.google.com/Google Update;version=9 -> C:\Users\clifford.clifford-HP\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2013-12-07] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt => not found
FF HKLM\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2016-04-24]

Chrome:
=======
CHR Profile: C:\Users\clifford.clifford-HP\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\clifford.clifford-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-26]
CHR Extension: (Google Search) - C:\Users\clifford.clifford-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-26]
CHR Extension: (Google Wallet) - C:\Users\clifford.clifford-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-26]
CHR Extension: (Gmail) - C:\Users\clifford.clifford-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-03]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-04-29]
CHR HKU\S-1-5-21-3861810467-1385391395-3362689643-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP16.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2016-04-24] (Kaspersky Lab ZAO)
S3 BFE; . [0 2016-05-15] () <==== ATTENTION (zero byte File/Folder)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-04-29] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-04-29] (Microsoft Corporation)
R2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [792592 2016-04-08] (Garmin Ltd. or its subsidiaries)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
R2 IronTreeDL; C:\Program Files\Pastel IronTree\a5backup.exe [163840 2008-07-23] (Attix5 Ltd) [File not signed]
S3 MpsSvc; . [0 2016-05-15] () <==== ATTENTION (zero byte File/Folder)
R2 QDLService2kHP; C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe [330488 2009-10-01] (QUALCOMM, Inc.)
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2372080 2016-03-23] (IBM Corp.)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\STacSV.exe [229458 2010-03-17] (IDT, Inc.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 USBDLM; C:\USBDLM x86\USBDLM.exe [332768 2011-10-09] (Uwe Sieber - www.uwe-sieber.de) [File not signed]
S4 vcsFPService; C:\windows\system32\vcsFPService.exe [1664304 2010-02-18] (Validity Sensors, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\windows\System32\drivers\Afc.sys [18688 2006-11-11] (Arcsoft, Inc.)
R3 athr; C:\windows\System32\DRIVERS\athr.sys [2957312 2012-06-20] (Qualcomm Atheros Communications, Inc.)
R0 cm_km; C:\windows\System32\DRIVERS\cm_km.sys [201912 2015-07-06] (Kaspersky Lab ZAO)
S3 HP8207_8307; C:\windows\System32\DRIVERS\HP8207_8307.sys [13952 2010-02-04] (Windows ® Win 7 DDK provider)
S3 huawei_cdcacm; C:\windows\System32\DRIVERS\ew_jucdcacm.sys [85760 2011-04-18] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\windows\System32\DRIVERS\ew_juextctrl.sys [26496 2011-04-18] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\windows\System32\DRIVERS\ew_juwwanecm.sys [168448 2011-04-18] (Huawei Technologies Co., Ltd.)
S3 ivusb; C:\windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
R0 kl1; C:\windows\System32\DRIVERS\kl1.sys [153784 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\windows\System32\DRIVERS\klbackupdisk.sys [46776 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\windows\System32\DRIVERS\klbackupflt.sys [58224 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\windows\System32\DRIVERS\kldisk.sys [66976 2016-04-24] (AO Kaspersky Lab)
R3 klflt; C:\windows\System32\DRIVERS\klflt.sys [147328 2016-04-24] (AO Kaspersky Lab)
R1 klhk; C:\windows\System32\DRIVERS\klhk.sys [44728 2016-04-24] (AO Kaspersky Lab)
R1 KLIF; C:\windows\System32\DRIVERS\klif.sys [776088 2016-04-24] (AO Kaspersky Lab)
R1 KLIM6; C:\windows\System32\DRIVERS\klim6.sys [33976 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\windows\System32\DRIVERS\klkbdflt.sys [37048 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\windows\System32\DRIVERS\klmouflt.sys [38072 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\windows\System32\DRIVERS\klpd.sys [39304 2016-04-24] (AO Kaspersky Lab)
R1 kltdi; C:\windows\System32\DRIVERS\kltdi.sys [54328 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\windows\System32\DRIVERS\klwtp.sys [87736 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\windows\System32\DRIVERS\kneps.sys [156856 2015-06-23] (Kaspersky Lab ZAO)
R1 mfetdik; C:\windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.)
S3 qcfilterhp2k; C:\windows\System32\DRIVERS\qcfilterhp2k.sys [5248 2009-10-01] (QUALCOMM Incorporated)
S3 qcusbnethp2k; C:\windows\System32\DRIVERS\qcusbnethp2k.sys [201728 2009-10-01] (QUALCOMM Incorporated)
S3 qcusbserhp2k; C:\windows\System32\DRIVERS\qcusbserhp2k.sys [106368 2009-10-01] (QUALCOMM Incorporated)
R1 RapportCerberus_1609035; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1609035.sys [752008 2016-04-11] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [307016 2016-03-23] (IBM Corp.)
R0 RapportHades; C:\windows\System32\Drivers\RapportHades.sys [82056 2016-03-23] (IBM Corp.)
R0 RapportKELL; C:\windows\System32\Drivers\RapportKELL.sys [237544 2016-03-23] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [386152 2016-03-23] (IBM Corp.)
R0 sptd; C:\windows\System32\Drivers\sptd.sys [436792 2010-11-04] () [File not signed]
S4 USBAAPL; C:\windows\System32\Drivers\usbaapl.sys [42496 2011-08-02] (Apple, Inc.) [File not signed]
S3 vpcbus; C:\windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
S3 vpcusb; C:\windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
U3 aawusk5o; C:\windows\system32\Drivers\aawusk5o.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
S4 AgereSoftModem; system32\DRIVERS\AGRSM.sys [X]
S4 ARCVCAM; system32\DRIVERS\ArcSoftVCapture.sys [X]
S4 btwampfl; system32\drivers\btwampfl.sys [X]
S4 btwaudio; system32\drivers\btwaudio.sys [X]
S4 btwavdt; system32\DRIVERS\btwavdt.sys [X]
S4 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S4 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S4 catchme; \??\C:\Users\CLIFFO~1.CLI\AppData\Local\Temp\catchme.sys [X]
S4 HSPADataCardusbmdm; system32\DRIVERS\HSPADataCardusbmdm.sys [X]
S4 HSPADataCardusbnmea; system32\DRIVERS\HSPADataCardusbnmea.sys [X]
S4 HSPADataCardusbser; system32\DRIVERS\HSPADataCardusbser.sys [X]
S4 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S4 rtsuvc; system32\DRIVERS\rtsuvc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-15 21:04 - 2016-05-15 21:05 - 00018990 _____ C:\Users\clifford.clifford-HP\Downloads\FRST.txt
2016-05-15 21:00 - 2016-05-15 21:00 - 00003910 _____ C:\Users\clifford.clifford-HP\Desktop\JRT.txt
2016-05-15 20:53 - 2016-05-15 20:53 - 01610816 _____ (Malwarebytes) C:\Users\clifford.clifford-HP\Downloads\JRT.exe
2016-05-15 20:41 - 2016-05-15 20:45 - 00000000 ____D C:\AdwCleaner
2016-05-15 20:39 - 2016-05-15 20:41 - 03651136 _____ C:\Users\clifford.clifford-HP\Downloads\adwcleaner_5.117.exe
2016-05-15 10:43 - 2016-05-15 21:04 - 00000000 ____D C:\FRST
2016-05-15 10:35 - 2016-05-15 10:35 - 01733120 _____ (Farbar) C:\Users\clifford.clifford-HP\Downloads\FRST.exe
2016-05-14 21:20 - 2016-05-14 21:23 - 01920352 _____ (Kaspersky Lab) C:\Users\clifford.clifford-HP\Downloads\kis16.0.0.614abcden_9851.exe
2016-05-10 20:18 - 2016-04-23 18:24 - 00346312 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-05-10 20:18 - 2016-04-23 06:20 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-05-10 20:18 - 2016-04-23 06:20 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-05-10 20:18 - 2016-04-23 06:11 - 20350464 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-05-10 20:18 - 2016-04-23 06:08 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-05-10 20:18 - 2016-04-23 06:08 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-05-10 20:18 - 2016-04-23 06:07 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-05-10 20:18 - 2016-04-23 06:07 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-05-10 20:18 - 2016-04-23 06:04 - 02285568 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-05-10 20:18 - 2016-04-23 06:02 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-05-10 20:18 - 2016-04-23 06:01 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-05-10 20:18 - 2016-04-23 05:59 - 00476160 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-05-10 20:18 - 2016-04-23 05:58 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-05-10 20:18 - 2016-04-23 05:58 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-05-10 20:18 - 2016-04-23 05:58 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-05-10 20:18 - 2016-04-23 05:53 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-05-10 20:18 - 2016-04-23 05:50 - 00416256 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-05-10 20:18 - 2016-04-23 05:45 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-05-10 20:18 - 2016-04-23 05:44 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-05-10 20:18 - 2016-04-23 05:43 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-05-10 20:18 - 2016-04-23 05:41 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-05-10 20:18 - 2016-04-23 05:40 - 00279040 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-05-10 20:18 - 2016-04-23 05:39 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-05-10 20:18 - 2016-04-23 05:33 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-05-10 20:18 - 2016-04-23 05:31 - 00693248 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-05-10 20:18 - 2016-04-23 05:31 - 00689664 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-05-10 20:18 - 2016-04-23 05:30 - 02056192 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-05-10 20:18 - 2016-04-23 05:30 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-05-10 20:18 - 2016-04-23 05:26 - 13811200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-05-10 20:18 - 2016-04-23 05:12 - 02121216 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-05-10 20:18 - 2016-04-23 05:09 - 01312256 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-05-10 20:18 - 2016-04-23 05:07 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-05-10 20:18 - 2016-04-14 15:49 - 00603648 _____ (Microsoft Corporation) C:\windows\system32\d3d10level9.dll
2016-05-10 20:18 - 2016-04-09 08:54 - 00306176 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-05-10 20:18 - 2016-04-09 08:54 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-05-10 20:18 - 2016-04-09 07:40 - 02397696 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-05-10 20:18 - 2016-04-09 06:20 - 01230848 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2016-05-10 20:18 - 2016-03-09 20:34 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2016-05-10 20:17 - 2016-04-23 06:08 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-05-10 20:17 - 2016-04-23 05:58 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-05-10 20:17 - 2016-04-23 05:36 - 04611072 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-05-10 20:14 - 2016-04-09 08:59 - 03998952 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2016-05-10 20:14 - 2016-04-09 08:59 - 03943144 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-05-10 20:14 - 2016-04-09 08:59 - 00730344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2016-05-10 20:14 - 2016-04-09 08:59 - 00218856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2016-05-10 20:14 - 2016-04-09 08:59 - 00137960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-05-10 20:14 - 2016-04-09 08:59 - 00067304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-05-10 20:14 - 2016-04-09 08:57 - 01310528 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 01062400 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00655360 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00644096 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00260608 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00251392 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00223232 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00171520 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-05-10 20:14 - 2016-04-09 08:54 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-05-10 20:14 - 2016-04-09 07:42 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-05-10 20:14 - 2016-04-09 07:42 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-05-10 20:14 - 2016-04-09 07:42 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-05-10 20:14 - 2016-04-09 07:42 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-05-10 20:14 - 2016-04-09 07:42 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-05-10 20:14 - 2016-04-09 07:40 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-05-10 20:14 - 2016-04-09 07:38 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-05-10 20:14 - 2016-04-09 07:38 - 00124416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-05-10 20:14 - 2016-04-09 07:38 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-05-10 20:14 - 2016-04-09 07:37 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-05-10 20:14 - 2016-04-09 07:37 - 00036352 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-05-10 20:14 - 2016-04-09 07:37 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-05-10 20:14 - 2016-04-09 07:37 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-05-05 18:36 - 2016-05-05 18:36 - 00065450 _____ C:\Users\clifford.clifford-HP\Documents\Proof of payment DR Smith - Tyre.pdf
2016-04-27 16:55 - 2016-04-27 16:55 - 00001820 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2016-04-27 16:55 - 2016-04-27 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-04-24 11:28 - 2016-04-24 11:28 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-04-24 10:34 - 2016-04-24 10:34 - 00002304 _____ C:\Users\clifford.clifford-HP\Desktop\Safe Money.lnk
2016-04-24 10:24 - 2016-04-24 10:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2016-04-24 10:24 - 2016-04-24 10:20 - 00002062 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2016-04-24 10:18 - 2016-04-24 11:31 - 00776088 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klif.sys
2016-04-24 10:18 - 2016-04-24 11:31 - 00147328 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klflt.sys
2016-04-18 19:42 - 2016-04-18 19:42 - 00000000 ____D C:\Users\clifford.clifford-HP\Desktop\New folder

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-15 21:00 - 2013-12-26 12:57 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-05-15 20:58 - 2009-07-14 06:34 - 00025648 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-15 20:58 - 2009-07-14 06:34 - 00025648 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-15 20:53 - 2013-12-24 17:53 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-05-15 20:50 - 2010-11-05 17:17 - 00000000 ____D C:\Users\clifford.clifford-HP\Documents\Outlook Files
2016-05-15 20:48 - 2014-02-11 17:19 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-15 20:47 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-05-15 20:31 - 2014-02-11 17:19 - 00000886 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-15 13:16 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\NDF
2016-05-15 13:15 - 2011-02-14 20:14 - 00000000 ____D C:\Users\clifford.clifford-HP\AppData\Roaming\Skype
2016-05-15 01:00 - 2013-12-26 19:32 - 00000000 ____D C:\Users\clifford.clifford-HP\AppData\Local\ElevatedDiagnostics
2016-05-13 17:00 - 2013-12-26 12:57 - 00797376 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2016-05-13 17:00 - 2013-12-26 12:57 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2016-05-13 15:07 - 2010-11-07 19:41 - 00000000 ____D C:\Users\clifford.clifford-HP\Documents\wataniwakelin
2016-05-13 11:09 - 2009-07-14 04:37 - 00000000 ____D C:\windows\inf
2016-05-13 07:50 - 2010-11-04 21:00 - 00002101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-13 07:35 - 2014-12-12 08:56 - 00000000 ____D C:\windows\system32\appraiser
2016-05-12 18:51 - 2009-07-14 04:37 - 00000000 ____D C:\windows\rescache
2016-05-12 09:56 - 2016-04-13 09:47 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-11 13:46 - 2010-06-07 11:36 - 00781790 _____ C:\windows\system32\PerfStringBackup.INI
2016-05-11 03:39 - 2013-12-26 15:42 - 00441336 _____ C:\windows\system32\FNTCACHE.DAT
2016-05-11 03:16 - 2013-07-13 21:35 - 00000000 ____D C:\windows\system32\MRT
2016-05-11 03:06 - 2010-11-04 19:50 - 136686448 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-05-07 03:00 - 2015-04-05 17:40 - 00000000 ___SD C:\windows\system32\GWX
2016-05-06 15:50 - 2013-08-12 21:09 - 01287168 ___SH C:\Users\clifford.clifford-HP\Documents\Thumbs.db
2016-05-06 08:26 - 2015-05-30 19:19 - 00000000 ___RD C:\Program Files\Skype
2016-05-05 18:36 - 2011-03-27 16:30 - 00000000 ____D C:\Users\clifford.clifford-HP\AppData\Local\CutePDF Writer
2016-04-30 00:28 - 2015-05-13 15:34 - 00000000 ____D C:\Program Files\TeamViewer
2016-04-27 16:56 - 2015-09-27 10:09 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-27 16:56 - 2015-09-27 10:09 - 00000000 ____D C:\Program Files\Garmin
2016-04-24 11:31 - 2015-06-08 19:43 - 00039304 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klpd.sys
2016-04-24 11:31 - 2015-06-06 08:48 - 00066976 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\kldisk.sys
2016-04-24 10:54 - 2010-12-04 15:53 - 00000000 ____D C:\Xpress09
2016-04-24 10:53 - 2013-07-29 21:12 - 00000000 ____D C:\Users\clifford.clifford-HP\Documents\Divorce Care
2016-04-24 10:38 - 2015-07-04 02:18 - 00044728 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klhk.sys
2016-04-24 10:24 - 2013-12-24 17:54 - 00000000 ____D C:\Program Files\Kaspersky Lab
2016-04-21 15:05 - 2010-11-04 20:40 - 00374944 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-04-15 06:43 - 2010-12-04 15:53 - 00000000 ___RD C:\Program Files\Pastel IronTree

==================== Files in the root of some directories =======

2010-12-04 15:51 - 2010-12-04 15:51 - 0000190 _____ () C:\Program Files\Common Files\psasetup.log
2011-06-27 17:13 - 2011-07-11 17:56 - 0001849 _____ () C:\Users\clifford.clifford-HP\AppData\Roaming\GhostObjGAFix.xml
2015-11-06 12:06 - 2015-12-11 07:48 - 0003584 _____ () C:\Users\clifford.clifford-HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-20 09:55 - 2012-06-06 08:10 - 0007606 _____ () C:\Users\clifford.clifford-HP\AppData\Local\resmon.resmoncfg
2011-05-28 20:16 - 2011-05-28 20:16 - 0000000 _____ () C:\Users\clifford.clifford-HP\AppData\Local\{0E364DA1-126F-4936-9880-3C14B631A983}
2011-09-05 05:50 - 2011-09-05 05:50 - 0000000 _____ () C:\Users\clifford.clifford-HP\AppData\Local\{2768A2DB-06C3-407E-BA66-26FEF9C7B030}
2011-09-23 05:10 - 2011-09-23 05:10 - 0000000 _____ () C:\Users\clifford.clifford-HP\AppData\Local\{49993081-12E1-4AEA-A38B-233C28AF7AF9}
2011-09-27 05:31 - 2011-09-27 05:31 - 0000000 _____ () C:\Users\clifford.clifford-HP\AppData\Local\{5F30A0C1-F75F-42F9-A574-1EA7D087F28F}
2011-08-15 05:53 - 2011-08-15 05:53 - 0000000 _____ () C:\Users\clifford.clifford-HP\AppData\Local\{8F9C5EDB-4DCF-4550-ABFF-36DFF720CC30}
2011-08-30 05:51 - 2011-08-30 05:51 - 0000000 _____ () C:\Users\clifford.clifford-HP\AppData\Local\{E1A13BFD-B742-4A7E-AF3B-026236C84C6A}
2011-05-28 20:14 - 2011-05-28 20:19 - 0000000 _____ () C:\Users\clifford.clifford-HP\AppData\Local\{F67574EA-68F2-4BFA-A2A1-F3F0AF48645A}
2013-08-12 20:31 - 2013-08-12 20:31 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-11-07 17:26 - 2010-11-07 17:26 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2011-02-14 20:18 - 2011-02-14 20:18 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-11-07 16:58 - 2013-07-14 09:56 - 0001764 _____ () C:\ProgramData\FastPics.log
2010-11-10 15:43 - 2013-12-11 19:12 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
2010-11-07 16:57 - 2013-12-24 11:36 - 0001847 _____ () C:\ProgramData\lxec.log
2010-11-10 19:18 - 2012-04-23 12:26 - 0000919 _____ () C:\ProgramData\lxecDiagnostics.log
2010-11-07 16:58 - 2013-06-25 19:23 - 6205636 _____ () C:\ProgramData\lxecJSW.log
2010-11-07 16:11 - 2013-12-24 11:37 - 0369258 _____ () C:\ProgramData\lxecscan.log
2010-11-07 17:26 - 2010-11-07 17:26 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2010-11-07 16:08 - 2010-11-07 16:08 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

Some files in TEMP:
====================
C:\Users\clifford.clifford-HP\AppData\Local\temp\libeay32.dll
C:\Users\clifford.clifford-HP\AppData\Local\temp\msvcr120.dll
C:\Users\clifford.clifford-HP\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-28 11:26

==================== End of FRST.txt ============================

Addition.txt log as follows:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:14-05-2016
Ran by clifford (2016-05-15 21:05:46)
Running from C:\Users\clifford.clifford-HP\Downloads
Microsoft Windows 7 Professional Service Pack 1 (X86) (2010-08-13 23:47:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3861810467-1385391395-3362689643-500 - Administrator - Disabled)
clifford (S-1-5-21-3861810467-1385391395-3362689643-1002 - Administrator - Enabled) => C:\Users\clifford.clifford-HP
Guest (S-1-5-21-3861810467-1385391395-3362689643-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3861810467-1385391395-3362689643-1074 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Disabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Internet Security (Disabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20039 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version: 3.1 - Acro Software Inc.)
Elevated Installer (Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM\...\{2639b4f0-83b4-4f3d-942f-e4ba22a40b9b}) (Version: 4.1.19.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Deskjet 4620 series Basic Device Software (HKLM\...\{68FC9963-7678-4EC3-95CF-4501CB63CF19}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.4.18.7 - HP)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6275.0 - IDT)
Image Resizer Powertoy Clone for Windows (HKLM\...\{1E5F3CC6-D390-4393-A2AA-6CEC04F1705A}) (Version: 2.1 - Brice Lambson)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
Kaspersky Internet Security (HKLM\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Internet Security (Version: 16.0.0.614 - Kaspersky Lab) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.7 - Microsoft Corporation)
Microsoft Project Professional 2010 (HKLM\...\Office14.PRJPRO) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
Pastel IronTree (HKLM\...\{AD749773-164E-4B6F-A317-295EAB38E1CC}) (Version: 5.1.1.19 - Pastel IronTree)
Pastel Xpress 2009 (HKLM\...\{AAB32722-C885-4210-8F83-7BE2A047A298}) (Version: 10.2.3 - Softline Pastel)
Pervasive System Analyzer (HKLM\...\Pervasive System Analyzer) (Version: - )
Pervasive.SQL 9.60 Workgroup for Windows (HKLM\...\{D8C0330E-C815-4C6F-9BFD-0FD570155790}) (Version: 9.60.016.000 - Pervasive Software Inc. )
Pre-Boot Security for HP ProtectTools (Version: 5.0.7.1 - Hewlett-Packard) Hidden
Qualcomm Gobi 2000 Package for HP (HKLM\...\{2E512A6C-AABE-414D-B52D-3E434D291989}) (Version: 1.1.18 - QUALCOMM)
Rapport (Version: 3.5.1609.47 - Trusteer) Hidden
Realtek Ethernet Controller All-In-One Windows Driver (HKLM\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30109 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPRO_{58FA40EF-ABA9-4FED-AD3D-318A6073934D}) (Version: - Microsoft)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.1.0.9134 - Microsoft Corporation)
Skype™ 7.5 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
Striata Reader (HKLM\...\{13d868cf-47e9-4b3d-9366-a0c60f82e5aa}) (Version: 2.17-3 - Striata Communication Solutions)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1609.47 - Trusteer)
Validity Fingerprint Driver (HKLM\...\{78365FC6-09CA-4AC3-BC01-70FB46596047}) (Version: 4.0.15.0 - Validity Sensors, Inc.)
Vibosoft DR.Mobile for Android (HKU\S-1-5-21-3861810467-1385391395-3362689643-1002\...\Vibosoft DR.Mobile for Android) (Version: 2.0.0.9 - Vibosoft)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Wondershare Dr.Fone for Android(Build 5.0.3.4) (HKLM\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 5.0.3.4 - Wondershare Software Co.,Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3861810467-1385391395-3362689643-1002_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\clifford.clifford-HP\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3861810467-1385391395-3362689643-1002_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\clifford.clifford-HP\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3861810467-1385391395-3362689643-1002_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\clifford.clifford-HP\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3861810467-1385391395-3362689643-1002_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\clifford.clifford-HP\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3861810467-1385391395-3362689643-1002_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\clifford.clifford-HP\AppData\Local\Google\Update\1.3.22.3\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3861810467-1385391395-3362689643-1002_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\clifford.clifford-HP\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3861810467-1385391395-3362689643-1002_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\clifford.clifford-HP\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3861810467-1385391395-3362689643-1002_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\clifford.clifford-HP\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3861810467-1385391395-3362689643-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\clifford.clifford-HP\AppData\Local\Google\Update\1.3.22.3\psuser.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06DABEBC-CB6A-4281-9A8D-88A331BC5982} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-04-06] (Hewlett-Packard)
Task: {371A86C0-42D6-4C2D-B220-E47F2F36E9AB} - System32\Tasks\{EA828E05-5DEC-412A-B97C-0BB45E494F24} => pcalua.exe -a "C:\Users\clifford.clifford-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VFGWET10\converter.exe" -d C:\Users\clifford.clifford-HP\Desktop
Task: {4505BCC3-73F5-438E-B877-FCC455C26160} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {5186F3DA-5974-492C-B28B-3A198E3F3E72} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {56DBA7BE-F1C0-4843-ABDA-EE4D68AA0E04} - System32\Tasks\{FAD507B1-10B6-489B-98F3-851930138EDF} => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
Task: {62D9F36C-2ECB-4B0F-9638-4D8BC19E9C48} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-04-08] ()
Task: {6D0BF717-5E2F-4B57-9DA7-D1382417BF2D} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2015-11-11] (AO Kaspersky Lab)
Task: {8D46C9C7-2E80-4CAC-917F-131EEABBFC94} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {8E7FD129-51DC-4488-8254-CAF08EC4889B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-16] (Hewlett-Packard)
Task: {BBD97910-30B3-4C3B-9581-94DF9FF0A3ED} - System32\Tasks\{A71A1716-BF6B-48EA-A7B5-3AABCFF14BA9} => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
Task: {DAB0CD5F-4B76-4DC6-AE2D-15F8B1B1EA13} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {DB6F29DF-CA1B-4E51-85C6-C88B74AF66D0} - System32\Tasks\Pastel IronTree => C:\Program Files\Pastel IronTree\A5Tray.exe [2008-07-21] (Attix5)
Task: {EEC71D29-5F08-4FD0-8E7B-1BEED8A0C5B3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-02-14 13:31 - 2016-01-22 16:56 - 00089008 _____ () C:\windows\System32\cpwmon2k.dll
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\kpcengine.2.3.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-06-02 14:51 - 2015-06-02 14:51 - 00545792 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2013-12-26 10:54 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3861810467-1385391395-3362689643-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\clifford.clifford-HP\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ACDaemon => 3
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: BFE => 2
MSCONFIG\Services: IAANTMON => 2
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: lxecCATSCustConnectService => 2
MSCONFIG\Services: lxec_device => 2
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: UNS => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{08C89973-2704-44EC-AB2A-69304C35F2F5}] => (Allow) C:\PVSW\bin\w3dbsmgr.exe
FirewallRules: [{798C5B9B-5E13-4737-8763-AE6FBF02545A}] => (Allow) C:\PVSW\bin\w3dbsmgr.exe
FirewallRules: [TCP Query User{AED68038-584B-46F3-A787-0E15D6237CC6}C:\pvsw\bin\w3dbsmgr.exe] => (Block) C:\pvsw\bin\w3dbsmgr.exe
FirewallRules: [UDP Query User{B555AC73-6A2E-457C-A78E-4A2670CFC356}C:\pvsw\bin\w3dbsmgr.exe] => (Block) C:\pvsw\bin\w3dbsmgr.exe
FirewallRules: [{53266272-F9D0-46C4-A0E4-B94C62640D08}] => (Allow) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Name: HP Mobile Data Protection Sensor
Description: HP Mobile Data Protection Sensor
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: Accelerometer
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: Deskjet 4620 series
Description: Deskjet 4620 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/15/2016 08:15:30 PM) (Source: MsiInstaller) (EventID: 10005) (User: NTB-CWAKELIN)
Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall:

Internet Explorer

Error: (05/15/2016 09:01:30 AM) (Source: MsiInstaller) (EventID: 10005) (User: NTB-CWAKELIN)
Description: Application: Kaspersky Internet Security -- Internal Error 2771. AVScannerAndCoreFeature

Error: (05/12/2016 09:59:38 AM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (05/12/2016 09:54:08 AM) (Source: MsiInstaller) (EventID: 1024) (User: NTB-CWAKELIN)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F104E4700}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/10/2016 05:50:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.18283, time stamp: 0x56fc59cb
Faulting module name: igd10umd32.dll, version: 8.15.10.2086, time stamp: 0x4b80087f
Exception code: 0xc0000005
Fault offset: 0x000280a1
Faulting process id: 0x1608
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (05/06/2016 08:24:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: STacSV.exe, version: 1.0.6275.0, time stamp: 0x4ba0a94b
Faulting module name: STacSV.exe, version: 1.0.6275.0, time stamp: 0x4ba0a94b
Exception code: 0xc0000005
Fault offset: 0x00005c7a
Faulting process id: 0x570
Faulting application start time: 0xSTacSV.exe0
Faulting application path: STacSV.exe1
Faulting module path: STacSV.exe2
Report Id: STacSV.exe3

Error: (05/04/2016 12:14:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchIndexer.exe, version: 7.0.7601.17610, time stamp: 0x4dc0c672
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeaf722
Exception code: 0x40000015
Fault offset: 0x0005620a
Faulting process id: 0x1514
Faulting application start time: 0xSearchIndexer.exe0
Faulting application path: SearchIndexer.exe1
Faulting module path: SearchIndexer.exe2
Report Id: SearchIndexer.exe3

Error: (05/04/2016 12:14:03 PM) (Source: Windows Search Service) (EventID: 3014) (User: )
Description: An exception occurred. ID: 18. This is an internal error. Reproduce the error with the debugger attached and enable exceptions, then contact product support. One of the components loaded in your system is bad. You may be able to avoid the problem by recreating the index.

Details:
0x%08x (0x00000006 - (HRESULT : 0x6))

Error: (05/03/2016 08:22:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.18283, time stamp: 0x56fc59cb
Faulting module name: ntdll.dll, version: 6.1.7601.23392, time stamp: 0x56eb2fd9
Exception code: 0xc0000017
Fault offset: 0x0007d6e9
Faulting process id: 0x7ec
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (05/03/2016 08:11:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18283 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1374

Start Time: 01d1a5013f914773

Termination Time: 250

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:


System errors:
=============
Error: (05/15/2016 08:49:17 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (05/15/2016 08:48:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends on the BFE service which failed to start because of the following error:
%%5

Error: (05/15/2016 08:47:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BFE service failed to start due to the following error:
%%5

Error: (05/15/2016 08:45:35 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (05/15/2016 08:45:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/15/2016 08:45:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/15/2016 08:45:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (05/15/2016 08:45:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s).

Error: (05/15/2016 08:45:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (05/15/2016 08:45:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The USBDLM service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===================================
Date: 2014-10-16 00:52:38.293
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-16 00:52:38.090
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-16 00:52:37.856
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-16 00:52:37.528
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-16 00:52:37.201
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-16 00:52:37.045
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-16 00:52:36.748
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-16 00:52:36.733
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-16 00:52:36.702
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-16 00:52:36.499
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 53%
Total physical RAM: 2927.43 MB
Available physical RAM: 1353.33 MB
Total Virtual: 7225.75 MB
Available Virtual: 4044.91 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:280.8 GB) (Free:72.86 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 628CCA43)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=280.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End of Addition.txt ============================


Please note that I will be leaving tomorrow morning early for a 2 day business trip to Johannesburg and will only be able to continue with this on my return on Tuesday evening as my husband has no clue how to proceed with this. I will resume following your instructions at that point. Please do not delete or think I have given up on this post

Thanks

KZNDiver

#7 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:39 AM

Posted 15 May 2016 - 03:10 PM

Please note that I will be leaving tomorrow morning early for a 2 day business trip to Johannesburg and will only be able to continue with this on my return on Tuesday evening

 

That's fine. As long as you let me know, the topic will stay open.

 

Have a good trip.

 

Take care

 

Nina


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#8 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:39 AM

Posted 16 May 2016 - 08:22 AM

When you return please do the following:

Run McAfee removal tool using the link below

McAfee Removal Tool

================================================

You need to move Farbar Recovery Scan Tool to your desktop otherwise fixes will not work.

  • go to your Downloads folder and locate Farbar Recovery Scan Tool
  • right click and select Cut
  • go to an empty spot on your desktop, right click and select Paste

Farbar Recovery Scan Tool should now be on your desktop.

================================================

Run Farbar Recovery Scan Tool

Open notepad (Start >All Programs > Accessories > Notepad). Please copy the entire contents of the code box below and paste it into Notepad.

CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3861810467-1385391395-3362689643-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {8FF9B1E1-48D5-435C-AF5E-3B8D6F9806E2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {8FF9B1E1-48D5-435C-AF5E-3B8D6F9806E2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3861810467-1385391395-3362689643-1002 -> DefaultScope {FCB9AE43-B7FF-45E7-9C49-A5ACEA238D63} URL =
Toolbar: HKU\S-1-5-21-3861810467-1385391395-3362689643-1002 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
Toolbar: HKU\S-1-5-21-3861810467-1385391395-3362689643-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt => not found
S3 BFE; . [0 2016-05-15] () <==== ATTENTION (zero byte File/Folder)
S3 MpsSvc; . [0 2016-05-15] () <==== ATTENTION (zero byte File/Folder)
U3 aawusk5o; C:\windows\system32\Drivers\aawusk5o.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
S4 AgereSoftModem; system32\DRIVERS\AGRSM.sys [X]
S4 ARCVCAM; system32\DRIVERS\ArcSoftVCapture.sys [X]
S4 btwampfl; system32\drivers\btwampfl.sys [X]
S4 btwaudio; system32\drivers\btwaudio.sys [X]
S4 btwavdt; system32\DRIVERS\btwavdt.sys [X]
S4 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S4 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S4 catchme; \??\C:\Users\CLIFFO~1.CLI\AppData\Local\Temp\catchme.sys [X]
S4 HSPADataCardusbmdm; system32\DRIVERS\HSPADataCardusbmdm.sys [X]
S4 HSPADataCardusbnmea; system32\DRIVERS\HSPADataCardusbnmea.sys [X]
S4 HSPADataCardusbser; system32\DRIVERS\HSPADataCardusbser.sys [X]
S4 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S4 rtsuvc; system32\DRIVERS\rtsuvc.sys [X]
2011-06-27 17:13 - 2011-07-11 17:56 - 0001849 _____ () C:\Users\clifford.clifford-HP\AppData\Roaming\GhostObjGAFix.xml
2011-05-28 20:16 - 2011-05-28 20:16 - 0000000 _____ () C:\Users\clifford.clifford-HP\AppData\Local\{0E364DA1-126F-4936-9880-3C14B631A983}
2011-09-05 05:50 - 2011-09-05 05:50 - 0000000 _____ () C:\Users\clifford.clifford-HP\AppData\Local\{2768A2DB-06C3-407E-BA66-26FEF9C7B030}
2011-09-23 05:10 - 2011-09-23 05:10 - 0000000 _____ () C:\Users\clifford.clifford-HP\AppData\Local\{49993081-12E1-4AEA-A38B-233C28AF7AF9}
2011-09-27 05:31 - 2011-09-27 05:31 - 0000000 _____ () C:\Users\clifford.clifford-HP\AppData\Local\{5F30A0C1-F75F-42F9-A574-1EA7D087F28F}
2011-08-15 05:53 - 2011-08-15 05:53 - 0000000 _____ () C:\Users\clifford.clifford-HP\AppData\Local\{8F9C5EDB-4DCF-4550-ABFF-36DFF720CC30}
2011-08-30 05:51 - 2011-08-30 05:51 - 0000000 _____ () C:\Users\clifford.clifford-HP\AppData\Local\{E1A13BFD-B742-4A7E-AF3B-026236C84C6A}
2011-05-28 20:14 - 2011-05-28 20:19 - 0000000 _____ () C:\Users\clifford.clifford-HP\AppData\Local\{F67574EA-68F2-4BFA-A2A1-F3F0AF48645A}
Task: {371A86C0-42D6-4C2D-B220-E47F2F36E9AB} - System32\Tasks\{EA828E05-5DEC-412A-B97C-0BB45E494F24} => pcalua.exe -a "C:\Users\clifford.clifford-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VFGWET10\converter.exe" -d C:\Users\clifford.clifford-HP\Desktop
C:\Users\clifford.clifford-HP\AppData\Local\{0E364DA1-126F-4936-9880-3C14B631A983}
C:\Users\clifford.clifford-HP\AppData\Local\{2768A2DB-06C3-407E-BA66-26FEF9C7B030}
C:\Users\clifford.clifford-HP\AppData\Local\{49993081-12E1-4AEA-A38B-233C28AF7AF9}
C:\Users\clifford.clifford-HP\AppData\Local\{5F30A0C1-F75F-42F9-A574-1EA7D087F28F}
C:\Users\clifford.clifford-HP\AppData\Local\{8F9C5EDB-4DCF-4550-ABFF-36DFF720CC30}
C:\Users\clifford.clifford-HP\AppData\Local\{E1A13BFD-B742-4A7E-AF3B-026236C84C6A}
C:\Users\clifford.clifford-HP\AppData\Local\{F67574EA-68F2-4BFA-A2A1-F3F0AF48645A}
C:\Users\clifford.clifford-HP\AppData\Roaming\GhostObjGAFix.xml
cmd: ipconfig /flushdns
EmptyTemp:

NOTE: this script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST then click Fix just once and wait
  • it will create a log (Fixlog.txt); please post it to your reply.

================================================

Run Security Check

Download Security Check by screen317 from here.

  • save it to your Desktop.
  • double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • a Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED!, try rebooting the system and then run SecurityCheck again.

Logs to include with next post:

Fixlog.txt
checkup.txt


Thanks

Nina


Edited by satchfan, 16 May 2016 - 09:16 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:39 AM

Posted 19 May 2016 - 04:39 PM

Hi KZNDiver

Please let me know if you are ready to continue.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#10 KZNDiver

KZNDiver
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 21 May 2016 - 03:35 AM

Hi Nina

 

Sorry I have been so long in getting back to you.  It's been a busy week.

 

Logs below:

 

Fixlog.txt

 

ix result of Farbar Recovery Scan Tool (x86) Version:14-05-2016
Ran by clifford (2016-05-21 10:04:28) Run:1
Running from C:\Users\clifford.clifford-HP\Desktop
Loaded Profiles: clifford (Available Profiles: clifford)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3861810467-1385391395-3362689643-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {8FF9B1E1-48D5-435C-AF5E-3B8D6F9806E2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {8FF9B1E1-48D5-435C-AF5E-3B8D6F9806E2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3861810467-1385391395-3362689643-1002 -> DefaultScope {FCB9AE43-B7FF-45E7-9C49-A5ACEA238D63} URL =
Toolbar: HKU\S-1-5-21-3861810467-1385391395-3362689643-1002 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
Toolbar: HKU\S-1-5-21-3861810467-1385391395-3362689643-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt => not found
S3 BFE; . [0 2016-05-15] () <==== ATTENTION (zero byte File/Folder)
S3 MpsSvc; . [0 2016-05-15] () <==== ATTENTION (zero byte File/Folder)
U3 aawusk5o; C:\windows\system32\Drivers\aawusk5o.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
S4 AgereSoftModem; system32\DRIVERS\AGRSM.sys [X]
S4 ARCVCAM; system32\DRIVERS\ArcSoftVCapture.sys [X]
S4 btwampfl; system32\drivers\btwampfl.sys [X]
S4 btwaudio; system32\drivers\btwaudio.sys [X]
S4 btwavdt; system32\DRIVERS\btwavdt.sys [X]
S4 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S4 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S4 catchme; \??\C:\Users\CLIFFO~1.CLI\AppData\Local\Temp\catchme.sys [X]
S4 HSPADataCardusbmdm; system32\DRIVERS\HSPADataCardusbmdm.sys [X]
S4 HSPADataCardusbnmea; system32\DRIVERS\HSPADataCardusbnmea.sys [X]
S4 HSPADataCardusbser; system32\DRIVERS\HSPADataCardusbser.sys [X]
S4 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S4 rtsuvc; system32\DRIVERS\rtsuvc.sys [X]
2011-06-27 17:13 - 2011-07-11 17:56 - 0001849 _____ () C:\Users\clifford.clifford-HP\AppData\Roaming\GhostObjGAFix.xml
2011-05-28 20:16 - 2011-05-28 20:16 - 0000000 _____ () C:\Users\clifford.clifford-HP\AppData\Local\{0E364DA1-126F-4936-9880-3C14B631A983}
2011-09-05 05:50 - 2011-09-05 05:50 - 0000000 _____ () C:\Users\clifford.clifford-HP\AppData\Local\{2768A2DB-06C3-407E-BA66-26FEF9C7B030}
2011-09-23 05:10 - 2011-09-23 05:10 - 0000000 _____ () C:\Users\clifford.clifford-HP\AppData\Local\{49993081-12E1-4AEA-A38B-233C28AF7AF9}
2011-09-27 05:31 - 2011-09-27 05:31 - 0000000 _____ () C:\Users\clifford.clifford-HP\AppData\Local\{5F30A0C1-F75F-42F9-A574-1EA7D087F28F}
2011-08-15 05:53 - 2011-08-15 05:53 - 0000000 _____ () C:\Users\clifford.clifford-HP\AppData\Local\{8F9C5EDB-4DCF-4550-ABFF-36DFF720CC30}
2011-08-30 05:51 - 2011-08-30 05:51 - 0000000 _____ () C:\Users\clifford.clifford-HP\AppData\Local\{E1A13BFD-B742-4A7E-AF3B-026236C84C6A}
2011-05-28 20:14 - 2011-05-28 20:19 - 0000000 _____ () C:\Users\clifford.clifford-HP\AppData\Local\{F67574EA-68F2-4BFA-A2A1-F3F0AF48645A}
Task: {371A86C0-42D6-4C2D-B220-E47F2F36E9AB} - System32\Tasks\{EA828E05-5DEC-412A-B97C-0BB45E494F24} => pcalua.exe -a "C:\Users\clifford.clifford-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VFGWET10\converter.exe" -d C:\Users\clifford.clifford-HP\Desktop
C:\Users\clifford.clifford-HP\AppData\Local\{0E364DA1-126F-4936-9880-3C14B631A983}
C:\Users\clifford.clifford-HP\AppData\Local\{2768A2DB-06C3-407E-BA66-26FEF9C7B030}
C:\Users\clifford.clifford-HP\AppData\Local\{49993081-12E1-4AEA-A38B-233C28AF7AF9}
C:\Users\clifford.clifford-HP\AppData\Local\{5F30A0C1-F75F-42F9-A574-1EA7D087F28F}
C:\Users\clifford.clifford-HP\AppData\Local\{8F9C5EDB-4DCF-4550-ABFF-36DFF720CC30}
C:\Users\clifford.clifford-HP\AppData\Local\{E1A13BFD-B742-4A7E-AF3B-026236C84C6A}
C:\Users\clifford.clifford-HP\AppData\Local\{F67574EA-68F2-4BFA-A2A1-F3F0AF48645A}
C:\Users\clifford.clifford-HP\AppData\Roaming\GhostObjGAFix.xml
cmd: ipconfig /flushdns
EmptyTemp:

*****************

Error: (0) Failed to create a restore point.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-3861810467-1385391395-3362689643-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8FF9B1E1-48D5-435C-AF5E-3B8D6F9806E2}" => key removed successfully.
HKCR\CLSID\{8FF9B1E1-48D5-435C-AF5E-3B8D6F9806E2} => key not found.
HKU\S-1-5-21-3861810467-1385391395-3362689643-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-21-3861810467-1385391395-3362689643-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => value removed successfully.
HKCR\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => key not found.
HKU\S-1-5-21-3861810467-1385391395-3362689643-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKLM\Software\Mozilla\Firefox\Extensions\\otis@digitalpersona.com => value removed successfully.
BFE => service removed successfully.
MpsSvc => service removed successfully.
aawusk5o => service not found.
AgereSoftModem => service removed successfully.
ARCVCAM => service removed successfully.
btwampfl => service removed successfully.
btwaudio => service removed successfully.
btwavdt => service removed successfully.
btwl2cap => service removed successfully.
btwrchid => service removed successfully.
catchme => service removed successfully.
HSPADataCardusbmdm => service removed successfully.
HSPADataCardusbnmea => service removed successfully.
HSPADataCardusbser => service removed successfully.
pccsmcfd => service removed successfully.
rtsuvc => service removed successfully.
C:\Users\clifford.clifford-HP\AppData\Roaming\GhostObjGAFix.xml => moved successfully
C:\Users\clifford.clifford-HP\AppData\Local\{0E364DA1-126F-4936-9880-3C14B631A983} => moved successfully
C:\Users\clifford.clifford-HP\AppData\Local\{2768A2DB-06C3-407E-BA66-26FEF9C7B030} => moved successfully
C:\Users\clifford.clifford-HP\AppData\Local\{49993081-12E1-4AEA-A38B-233C28AF7AF9} => moved successfully
C:\Users\clifford.clifford-HP\AppData\Local\{5F30A0C1-F75F-42F9-A574-1EA7D087F28F} => moved successfully
C:\Users\clifford.clifford-HP\AppData\Local\{8F9C5EDB-4DCF-4550-ABFF-36DFF720CC30} => moved successfully
C:\Users\clifford.clifford-HP\AppData\Local\{E1A13BFD-B742-4A7E-AF3B-026236C84C6A} => moved successfully
C:\Users\clifford.clifford-HP\AppData\Local\{F67574EA-68F2-4BFA-A2A1-F3F0AF48645A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{371A86C0-42D6-4C2D-B220-E47F2F36E9AB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{371A86C0-42D6-4C2D-B220-E47F2F36E9AB}" => key removed successfully.
C:\Windows\System32\Tasks\{EA828E05-5DEC-412A-B97C-0BB45E494F24} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EA828E05-5DEC-412A-B97C-0BB45E494F24}" => key removed successfully.
"C:\Users\clifford.clifford-HP\AppData\Local\{0E364DA1-126F-4936-9880-3C14B631A983}" => not found.
"C:\Users\clifford.clifford-HP\AppData\Local\{2768A2DB-06C3-407E-BA66-26FEF9C7B030}" => not found.
"C:\Users\clifford.clifford-HP\AppData\Local\{49993081-12E1-4AEA-A38B-233C28AF7AF9}" => not found.
"C:\Users\clifford.clifford-HP\AppData\Local\{5F30A0C1-F75F-42F9-A574-1EA7D087F28F}" => not found.
"C:\Users\clifford.clifford-HP\AppData\Local\{8F9C5EDB-4DCF-4550-ABFF-36DFF720CC30}" => not found.
"C:\Users\clifford.clifford-HP\AppData\Local\{E1A13BFD-B742-4A7E-AF3B-026236C84C6A}" => not found.
"C:\Users\clifford.clifford-HP\AppData\Local\{F67574EA-68F2-4BFA-A2A1-F3F0AF48645A}" => not found.
"C:\Users\clifford.clifford-HP\AppData\Roaming\GhostObjGAFix.xml" => not found.

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 4.4 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 10:06:02 ====

 

Checkup.txt here:

 

 Results of screen317's Security Check version 1.014 --- 12/23/15 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner    
 Java 7 Update 67 
 Java version 32-bit out of Date!
 Google Chrome (50.0.2661.102)
 Google Chrome (50.0.2661.94)
 Google Chrome (SetupMetrics.pma..)
````````Process Check: objlist.exe by Laurent```````` 
 Kaspersky Lab Kaspersky Internet Security 16.0.0 avp.exe 
 Kaspersky Lab Kaspersky Internet Security 16.0.0 avpui.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Thanks Nina



#11 KZNDiver

KZNDiver
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 21 May 2016 - 05:08 AM

Hi Nina

 

In the process of following your instructions, Java wanted to update and I said No.  If I need to update, please let me know.  I see in the text above that the Java version 32 bit is out of date, and this may be because I would not allow it.

 

Thanks for the help

 

Chat later

Debbie



#12 KZNDiver

KZNDiver
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 21 May 2016 - 01:10 PM

Hi Nina

 

After following the instructions above when I tried to run Kaspersky it was still corrupt but this time gave me a message that the Base Filtering Engine (BFE) service was missing.  I Googled how to fix it, followed the instructions on hageltech.com, and Kaspersky is no longer corrupt and seems to be working fine.

 

Thanks so much for your help.  I think whatever you did helped to uncover the problem

 

Take care



#13 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:39 AM

Posted 22 May 2016 - 06:42 AM

It's my turn to apologise and I’m so sorry for not replying sooner. I was away for 24 hours and was assured that I’d have Internet access but had neither that nor a mobile phone signal so was unable to receive replies or answer them.

I arrived back 20 minutes ago and now that things are restored to normal let’s continue.

Please download Malwarebytes Anti-Malware to your desktop.

  • double-click mb3-setup-1878.1878-3.4.5.2467.exe and follow the prompts to install the program
  • at the end, be sure a checkmark is placed next to the following
    • Launch Malwarebytes Anti-Malware
    • a 14 day trial of the Premium features is pre-selected: deselect this if you don’t want it, (it won’t diminish the scanning and removal capabilities of the program.
  • click Finish.
  • on the Dashboard, click Update Now
  • after the update completes, click the Scan Now' button.
  • if an update is available, clicking the Update Now button will update it
  • a Threat Scan will begin.
  • when the scan is complete, if malware has been detected, click Apply Actions to allow MBAM to clean what was found
  • when the prompt to restart the computer appears, click Yes.
  • after the restart once you are back at your desktop, open MBAM once more
  • click on the “History” tab, the “Application Logs”
  • double-click on the scan log which shows the date and time of the scan just performed.
  • click Copy to Clipboard
  • please paste the contents of the clipboard into your reply.

Can you tell me if there are any outstanding problems.

Nina

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#14 KZNDiver

KZNDiver
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 22 May 2016 - 11:48 AM

Hi Nina

 

I hope you enjoyed your break away.  No problem about not getting back soon

 

Instructions followed and results shown below

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2016/05/22
Scan Time: 06:15 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.05.22.04
Rootkit Database: v2016.05.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: clifford

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 304100
Time Elapsed: 21 min, 41 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.ASK, HKU\S-1-5-21-3861810467-1385391395-3362689643-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FCB9AE43-B7FF-45E7-9C49-A5ACEA238D63}, Quarantined, [5c900dcb7b1ee74f06d058782bd89b65],

Registry Values: 2
PUP.Optional.ASK, HKU\S-1-5-21-3861810467-1385391395-3362689643-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FCB9AE43-B7FF-45E7-9C49-A5ACEA238D63}|FaviconURL, http://www.search.ask.com/favicon.ico, Quarantined, [5c900dcb7b1ee74f06d058782bd89b65]
PUP.Optional.ASK, HKU\S-1-5-21-3861810467-1385391395-3362689643-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FCB9AE43-B7FF-45E7-9C49-A5ACEA238D63}|URL, http://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11406&pf=V7&p2=^BBE^OSJ000^YY^ZA&gct=&itbv=12.16.2.53&apn_uid=69DA0F6A-6158-4CC8-A0B5-8ADD02AD74CF&apn_ptnrs=BBE&apn_dtid=^OSJ000^YY^ZA&apn_dbr=ie_11.0.9600.17280&doi=2014-09-30&trgb=IE&q={searchTerms}&psv=&pt=tb, Quarantined, [fdefb622acede5513b9b08c8db28ab55]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

Most of the problems seem to be resolved, but I have installed Kaspersky Safe Money as I have been having weird problems in my internet banking site since yesterday.  The first time it worked fine and now it wont launch

 

I thought technology was supposed to make our lives easier :smash:

 

Regards

Debbie



#15 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:39 AM

Posted 22 May 2016 - 04:18 PM

Most of the problems seem to be resolved

 

Are there any current Kaspersky issues and, apart from your banking probem, is there something else?

 

Nina


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users