Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Ausus running slow [Solved]


  • This topic is locked This topic is locked
41 replies to this topic

#31 peachy_dar

peachy_dar

    Silver Member

  • Authentic Member
  • PipPipPip
  • 385 posts
  • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

Posted 02 November 2014 - 02:07 PM

FRST.TXT

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by FELIX PIROZZI (administrator) on FELIXPIROZZI-PC on 02-11-2014 12:33:16
Running from C:\Users\FELIX PIROZZI\Desktop
Loaded Profile: FELIX PIROZZI (Available profiles: FELIX PIROZZI & ROAD QUEEN)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(ASUSTeK Computer Inc.) C:\Windows\SysWOW64\AsHookDevice.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\klwtblfs.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\klwtblfs.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VX3000] => C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2369536 2010-03-14] (VIA)
HKLM-x32\...\Run: [RunAIShell] => C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe [232064 2009-12-23] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-2230745201-3027515346-1426160628-1001\...\Run: [IncrediMail] => C:\Program Files (x86)\IncrediMail\bin\IncMail.exe [444840 2014-07-13] (IncrediMail, Ltd.)
HKU\S-1-5-21-2230745201-3027515346-1426160628-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-24] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2236792 2013-03-15] (Eastman Kodak Company)
Startup: C:\Users\FELIX PIROZZI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll (Kaspersky Lab ZAO)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://snt153.mail....855#fid=flinbox
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x364335C44D02CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.triketalk...forum/forum.php
http://www.ebay.com/
https://weather.yaho.../city-12763639/
https://www.facebook.com/
https://www.youtube.com/
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2230745201-3027515346-1426160628-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll ()
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll ()
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.252.0.12

FireFox:
========
FF ProfilePath: C:\Users\FELIX PIROZZI\AppData\Roaming\Mozilla\Firefox\Profiles\430s4o3c.default
FF Homepage: hxxp://www.bing.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\FELIX PIROZZI\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-03-08]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-03-08]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Gevaarlijke websiteblokkering - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-03-08]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-03-08]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-03-08]

Chrome:
=======
CHR Profile: C:\Users\FELIX PIROZZI\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\FELIX PIROZZI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-30]
CHR Extension: (Google Drive) - C:\Users\FELIX PIROZZI\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-30]
CHR Extension: (YouTube) - C:\Users\FELIX PIROZZI\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-12]
CHR Extension: (Google Search) - C:\Users\FELIX PIROZZI\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-12]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\FELIX PIROZZI\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-04-12]
CHR Extension: (Safe Money) - C:\Users\FELIX PIROZZI\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-04-12]
CHR Extension: (Content Blocker) - C:\Users\FELIX PIROZZI\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-11-30]
CHR Extension: (Virtual Keyboard) - C:\Users\FELIX PIROZZI\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-04-12]
CHR Extension: (Google Wallet) - C:\Users\FELIX PIROZZI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-30]
CHR Extension: (Gmail) - C:\Users\FELIX PIROZZI\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-12]
CHR Extension: (Anti-Banner) - C:\Users\FELIX PIROZZI\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-04-12]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.googl...dnajaicnklhfplh [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-03] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-05] ()
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-04-01] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-06-05] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628288 2014-06-05] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-04-01] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-11-11] (Kaspersky Lab ZAO)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-02] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 12:33 - 2014-11-02 12:33 - 00020913 _____ () C:\Users\FELIX PIROZZI\Desktop\FRST.txt
2014-11-02 12:32 - 2014-11-02 12:32 - 00000000 ____D () C:\Users\FELIX PIROZZI\Desktop\FRST-OlderVersion
2014-10-31 15:44 - 2014-11-02 10:03 - 00001848 _____ () C:\Windows\setupact.log
2014-10-31 15:44 - 2014-10-31 15:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-25 09:49 - 2014-10-25 09:49 - 00000000 ____D () C:\Windows\ERUNT
2014-10-25 09:48 - 2014-10-25 09:48 - 01706144 _____ (Thisisu) C:\Users\FELIX PIROZZI\Desktop\JRT.exe
2014-10-25 09:43 - 2014-10-25 15:43 - 00000000 ____D () C:\AdwCleaner
2014-10-25 08:56 - 2014-10-25 08:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\52CD20D9.sys
2014-10-25 08:55 - 2014-10-25 08:55 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\5AF820B2.sys
2014-10-23 19:47 - 2014-11-02 12:32 - 00000000 ____D () C:\Users\FELIX PIROZZI\Desktop\OCTOBER PROBLEM
2014-10-23 19:46 - 2014-10-23 19:47 - 00854448 _____ () C:\Users\FELIX PIROZZI\Desktop\SecurityCheck.exe
2014-10-23 19:38 - 2014-10-23 19:38 - 05192704 _____ (AVAST Software) C:\Users\FELIX PIROZZI\Desktop\aswMBR.exe
2014-10-23 19:32 - 2014-11-02 12:33 - 00000000 ____D () C:\FRST
2014-10-23 19:31 - 2014-11-02 12:32 - 02114560 _____ (Farbar) C:\Users\FELIX PIROZZI\Desktop\FRST64.exe
2014-10-23 19:19 - 2014-10-23 19:19 - 00000000 ____D () C:\Users\FELIX PIROZZI\AppData\Roaming\KODAK AiO Home Center1084817063
2014-10-15 19:13 - 2014-10-15 19:13 - 00000000 ____D () C:\Users\FELIX PIROZZI\AppData\Roaming\KODAK AiO Home Center1347455477
2014-10-15 16:57 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 16:57 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 16:57 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 16:57 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 16:57 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 16:57 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 16:57 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 16:57 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 16:57 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 16:57 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 16:57 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 16:57 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 16:57 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 16:57 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 16:57 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 16:57 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 16:57 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 16:57 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 16:57 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 16:57 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 16:57 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 16:57 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 16:57 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 16:57 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 16:57 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 16:57 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 16:57 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 16:57 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 16:57 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 16:57 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 16:57 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 16:57 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 16:57 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 16:57 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 16:57 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 16:57 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 16:57 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 16:57 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 16:57 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 16:57 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 16:57 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 16:57 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 16:57 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 16:57 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 16:57 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 16:57 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 16:57 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 16:57 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 16:57 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 16:57 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 16:57 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 16:57 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 16:57 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 16:57 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 16:57 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 16:57 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 16:57 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 16:57 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 16:57 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 16:57 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 16:57 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 16:57 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 16:57 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 16:57 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 16:57 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 16:57 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 16:56 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 16:56 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 16:56 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 16:56 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 16:56 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 16:56 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 16:56 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 16:56 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 16:56 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 16:56 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 16:56 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 16:56 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 16:56 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 16:56 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 16:56 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 16:56 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 16:55 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 16:55 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 16:55 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 16:55 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 14:56 - 2014-10-15 14:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\4408270D.sys
2014-10-15 14:55 - 2014-10-15 14:55 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\4C3326E6.sys
2014-10-08 17:37 - 2014-10-08 17:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\3DD65ED7.sys
2014-10-06 16:23 - 2014-10-06 16:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\1EC72950.sys
2014-10-03 16:55 - 2014-10-03 16:55 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\57AA1091.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 12:28 - 2012-04-20 20:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-02 12:10 - 2011-12-24 10:32 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-02 10:56 - 2014-07-05 07:41 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-02 10:21 - 2014-03-08 16:08 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-11-02 10:12 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-02 10:12 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-02 10:10 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 10:09 - 2014-08-07 08:16 - 01840204 _____ () C:\Windows\WindowsUpdate.log
2014-11-02 10:08 - 2011-04-26 22:58 - 00000000 ____D () C:\ProgramData\Kodak
2014-11-02 10:03 - 2011-12-24 10:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-02 10:03 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-31 15:44 - 2011-04-26 20:17 - 04882058 _____ () C:\Windows\PFRO.log
2014-10-28 05:34 - 2011-04-26 22:56 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-25 14:59 - 2014-07-05 07:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-25 10:00 - 2014-07-05 07:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-25 10:00 - 2013-06-14 19:27 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-25 09:42 - 2014-03-16 19:17 - 01962496 _____ () C:\Users\FELIX PIROZZI\Desktop\AdwCleaner.exe
2014-10-23 19:05 - 2011-12-24 10:32 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-23 19:05 - 2011-12-24 10:32 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-20 13:48 - 2014-04-15 19:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-20 13:48 - 2013-03-10 14:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-16 03:26 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 02:35 - 2009-07-13 23:45 - 00409648 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 02:32 - 2014-05-06 18:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 02:15 - 2011-04-27 22:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 02:08 - 2013-08-14 08:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 02:01 - 2011-04-27 23:38 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-26 09:27

==================== End Of Log ============================


Darlene

    Advertisements

Register to Remove


#32 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,218 posts

Posted 03 November 2014 - 02:41 PM

Hello, peachy_dar.

 

Thank you for your logs.  We have a couple of entries to delete, but other than that, your logs look good.  You have not indicated how your computer is now running.  Let me know if there are still issues pending before we work through our final steps.

 

Please run the following Fix

Please open Notepad:  Press the Windows key + r (Win Key + r) > Type Notepad > Click OK.

  • Copy and paste the entire contents of the code box below:  To do this, highlight the contents of the box, right click on it, and select Copy > Right-click in the open Notepad and select Paste.
  • Save this to the same directory you saved FRST / FRST64 > Save it as fixlist.txt.

Note:  In order for the fix to work, fixlist.txt must be placed next to FRST / FRST64.  You can use your mouse to drag it in place.

Start
CloseProcesses:
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2230745201-3027515346-1426160628-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION 

Hosts:
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine.  Running this on another machine may cause damage to your operating system.


  • Run FRST / FRST64, press the Fix button once and wait.
  • When finished, the tool will generate a log on the Desktop (Fixlog.txt).  Please post it to your next reply.

 

CHECKLIST : In your next reply, please post the following:

  • Fixlog.txt
  • How is your computer running?  Are there any other issues?

 



#33 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,218 posts

Posted 05 November 2014 - 10:00 PM

Hello, peachy_dar.

 

Are you still with me?



#34 peachy_dar

peachy_dar

    Silver Member

  • Authentic Member
  • PipPipPip
  • 385 posts
  • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

Posted 06 November 2014 - 05:00 AM

hi

 

Sorry for the lack of attention on my end.  I will proceed this evening.  We have had a death in the family, and my daughter was diagnosed with walking pnuemonia this week, needless to say i't's been busy here!  No excuse I know, but I will be here this evening to follow up.

 

My husband says his pc is running better, but will get him to check again tonight.

 

dar


Darlene

#35 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,218 posts

Posted 06 November 2014 - 10:26 AM

Hello, peachy_dar.

 

I extend my sincerest sympathy for your loss and my good wishes for your daughter's recovery.

 

I will wait for your next reply.

 

 



#36 peachy_dar

peachy_dar

    Silver Member

  • Authentic Member
  • PipPipPip
  • 385 posts
  • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

Posted 06 November 2014 - 05:02 PM

hi

 

I'm home...things seem calm on the surface - thank you for your understanding. I apologize for holding this up.

 

After dinner I will give this a shot!

 

dar


Darlene

#37 peachy_dar

peachy_dar

    Silver Member

  • Authentic Member
  • PipPipPip
  • 385 posts
  • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

Posted 06 November 2014 - 07:15 PM

HI

 

this was short and sweet..nice!!  I asked my hubby how this machine is working over dinner, and he said there is a noticeable improvement.  He said some pages move slowly at times.  i told him well, Ebay gets alot of traffic, that could effect that.  Not sure if that is the truth or not, but it may be possible.

 

Here is the fixlog.txt below:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by FELIX PIROZZI at 2014-11-06 20:02:29 Run:2
Running from C:\Users\FELIX PIROZZI\Desktop
Loaded Profile: FELIX PIROZZI (Available profiles: FELIX PIROZZI & ROAD QUEEN)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2230745201-3027515346-1426160628-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2230745201-3027515346-1426160628-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
EmptyTemp: => Removed 31.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====


Darlene

#38 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,218 posts

Posted 07 November 2014 - 08:44 PM

Good work, peachy_dar! :)

 

Your computer now appears to be all clean. We need to perform a final bit of housekeeping. I am also including a list of recommendations to help you maintain a clean and secure system.

 

Regarding slow web pages -- there are many reasons why web pages can be slow-loading.  You may want to read these few short articles explaining some of them:

 

Why Does It Take So Long For Web pages To Load by Nicole Martinez found HERE.
Why Some Websites Are Much Slower Than Others by Lincoln Spector found HERE.
Why Does It Take So Long For Web Pages to Load by Leo Notenboom found HERE.
 

1. REMOVE DISINFECTION TOOLS

 

Please run the following application to ensure that all removal tools used during your system's disinfection are deleted.
Download Delfix from HERE and save it to your desktop.

  • Tick the following boxes:
  • Remove disinfection tools
  • Create registry backup
  • Purge system restore

 

 

Delfix.png

  • Click Run. > When finished, a report will open listing the tools that have been deleted.
  • Any remaining tools, logs, files or folders remaining on your desktop can be removed manually.

Malwarebytes Anti-Malware (MBAM)

 

You may wish to keep MBAM. Perform weekly updates and scans to maintain system security. If you choose to delete this programme, remove it from your Control Panel.

 

2. UPDATES

 

Remember to update regularly. Updates contain important changes to improve the performance, stability and security of programs that run on your system. Many web exploits search for outdated software with security flaws resulting in compromised personal files (banking and credit card information, ID data, passwords…) and cause other major issues.

 

Turn On Automatic Updates

 

You can stay up to date with the latest critical and security updates by using Automatic Updates. To turn on Automatic Updates:

  • Open your Control Panel > Click Windows Update.
  • In the left pane, click Change Settings.
  • Under Important Updates, click the down arrow and select Install updates automatically (recommended).
  • Under Recommended Updates, check Give me updates the same way I receive Important Updates.
  • Under Who can install updates, check Allow all users to install updates on this computer.
  • Click OK to apply the changes.  (Note: If Windows prompts you to confirm these changes, allow it.)
  • Close the window.

Adobe Reader

 

Your Adobe Reader is presently up-to-date.  To improve the functionality and security of your software, always keep it updated by visiting HERE. Updates safeguard your system against malicious attacks through PDF files.

 

Adobe Flash

 

You are presently running Adobe Flash 15 (Version 15.0.0.167).  Please update to Adobe Flash 11 (Version 15.0.0.189) HERE.  Updates ensure that your software works properly and may include changes to security or new product functionality.

 

3.  BROWSER SECURITY

 

Kaspersky Pure 3.0 Anti-Virus

 

New variants of malware are increasing daily making your computer very susceptible to attacks without updated protection.  By default, Kaspersky PURE 3.0  downloads update automatically.  If not, please visit Kaspersky HERE to update its databases.

 

Enable Kasperky Pure 3.0 Firewall

Ensure your Kaspersky firewall is enabled to protect your computer against malicious internet traffic. If it is disabled, you can find how-to support HERE to enable it.

 

Browser Updates

 

Your Firefox browser is out-dated.  Running older versions of a browser pose serious security vulnerabilities.  Updates increase the stability, security, speed, and functionality of your web browsers.  Download the latest version of any browser you use:

  • Internet Explorer:  HERE  
  • Mozilla Firefox:  HERE  
  • Google Chrome:  HERE

Turn On Safe Browsing Features

 

For Internet Explorer: Activate SmartScreen Filter

  • Open Internet Explorer.
  • Click Tools > SmartScreen Filter > Turn on SmartScreen Filter.

For Mozilla Firefox: 1.  Block Attack Sites and Web Forgeries

  • Open Firefox.
  • Click Tools > Options.
  • Click the Security tab and check mark the following:
    • Warn me when sites try to install add-ons
    • Block reported attack sites
    • Block reported web forgeries.

2.  AdBlock Plus

 

To remove online advertising and block all known malware domains, download AdBlock Plus from HERE.

 

For Google Chrome: Enable Phishing and Malware Protection

  • Open Google Chrome.
  • Click the Customize and control icon (wrench or 3 bars) located at the top right corner of the browser.
  • Click Settings > Show advanced settings > Under the Hood.
  • In the Privacy section, check mark Enable phishing and malware protection.
  • Restart Google Chrome to activate new settings.

4.  RECOMMENDATIONS:  ENHANCE YOUR SYSTEM SECURITY

 

If you are looking to add even more security features to protect your system, the following applications may be of interest to you.

 

For Internet Explorer:  SpywareBlaster

If Internet Explorer is your default browser, download SpywareBlaster from HERE. SpywareBlaster prevents malicious ActiveX objects from being downloaded onto your system.

 

For Firefox: No-Script

If Firefox is your default browser, download No-Script from HERE. No Script prevents malicious scripts from being executed on your system.

 

For All Browsers:  Web of Trust

To avoid untrustworthy sites while browsing, download Web of Trust (WOT) from HERE. WOT is compatible with all browsers and informs you which websites you can trust by displaying coloured rating symbols next to search results: Green (good), Yellow (caution), Red (dangerous).

.

5.  RECOMMENDED READING

 

To help you maintain a clean, safe, and healthy system, the following informative articles may be of interest to you:

The Dangers of P2P File Sharing HERE
How to Prevent Malware by Miekiemoes HERE
So How Did I Get Infected In the First Place? By Tony Klein HERE
Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams HERE
Help! My computer is Slow – How to improve system performance after malware removal by Miekiemoes HERE
Create Strong Passwords by Microsoft HERE
PC Safety and Security – What do I need to do? by Glaswegian HERE

 

Peachy_dar, thank you for using Whatthetech support and working patiently through all the procedures. Please respond to this thread one last time so we can mark it resolved.

 

Wishing you a very safe browsing experience.

 

~fbfbfb



#39 peachy_dar

peachy_dar

    Silver Member

  • Authentic Member
  • PipPipPip
  • 385 posts
  • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

Posted 08 November 2014 - 08:28 AM

here ya go!

 

# DelFix v10.8 - Logfile created 08/11/2014 at 09:26:02
# Updated 29/07/2014 by Xplode
# Username : FELIX PIROZZI - FELIXPIROZZI-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\AdwCleaner[R1].txt
Deleted : C:\AdwCleaner[S1].txt
Deleted : C:\ComboFix.txt
Deleted : C:\TDSSKiller.2.8.16.0_12.06.2013_17.54.12_log.txt
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #477 [Windows Update | 10/10/2014 19:09:43]
Deleted : RP #478 [Windows Update | 10/15/2014 21:45:03]
Deleted : RP #479 [Windows Update | 10/16/2014 07:00:51]
Deleted : RP #480 [Windows Update | 10/21/2014 19:00:16]
Deleted : RP #481 [Windows Update | 10/24/2014 19:30:25]
Deleted : RP #482 [Windows Update | 10/28/2014 22:30:51]
Deleted : RP #483 [Windows Update | 11/04/2014 20:08:05]

New restore point created !

########## - EOF - ##########
 


Darlene

#40 peachy_dar

peachy_dar

    Silver Member

  • Authentic Member
  • PipPipPip
  • 385 posts
  • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

Posted 08 November 2014 - 08:40 AM

Good Morning!

 

I did everything you suggested from above.  Most were already done prior!  To my knowledge, this pc is running fine.  altho, I never use it until he has a problem.  I have my own Asus laptop!

 

thank you for all your help and patience during this busy 2 week stretch we have had here!!

 

Have a great holiday season!

 

Dar


Darlene

    Advertisements

Register to Remove


#41 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,218 posts

Posted 08 November 2014 - 09:35 AM

You are quite welcome, peachy_dar.

 

I wish you and your family a wonderful and joyous holiday season as well.

 

~fbfbfb



#42 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,218 posts

Posted 08 November 2014 - 09:35 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users