Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Spyware JOTZEY ?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Spyware JOTZEY ?

Unread postby eagleroofs2002 » March 9th, 2015, 5:22 am

Hi there.


I am using Kaspersky 2015 and have been receiving notices about an JOTZEY file that has been opened in my C-drive. I tried to remove this file without any luck.

Lately I have been receiving a lot of e-mails, that was supposed to be send out by me , returned. I do not know where the e-mail addresses comes from.

I can only assume that this is spyware or something similar.

Can anybody help to get rid of this activity.

Thanks

Johan

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 03
Ran by Jp (administrator) on JOHAN-PRIVAAT on 09-03-2015 10:43:30
Running from C:\Users\Jp\AppData\Local\Microsoft\Windows\INetCache\IE\XOU7JVAK
Loaded Profiles: Jp (Available profiles: UpdatusUser & Jp)
Platform: Windows 8.1 Single Language (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872720 2012-10-03] (ELAN Microelectronics Corp.)
HKLM\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\windows\system32\igfxpers.exe
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-15] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2013-01-23] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2013-01-23] (Lenovo(beijing) Limited)
HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-06] (Autodesk, Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-02] (Vimicro)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-26] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [MobileBroadband] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [408576 2011-04-19] (Vodafone)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-178571013-1627850510-3959465155-1002\...\Run: [IncrediMail] => C:\Program Files (x86)\IncrediMail\bin\IncMail.exe [367016 2014-04-17] (IncrediMail, Ltd.)
HKU\S-1-5-21-178571013-1627850510-3959465155-1002\...\Run: [Yahoo! Search] => C:\Users\Jp\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\dsrlte.exe
HKU\S-1-5-21-178571013-1627850510-3959465155-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2015-01-28] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-178571013-1627850510-3959465155-1002\...\Policies\Explorer: []
HKU\S-1-5-21-178571013-1627850510-3959465155-1002\...\MountPoints2: {9c807df1-d124-11e3-be8f-083e8eae8000} - "F:\setup_vmb_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-178571013-1627850510-3959465155-1002\...\MountPoints2: {efd6c403-77a7-11e4-bec9-083e8eae8000} - "H:\setup_vmb_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-178571013-1627850510-3959465155-1002\...\MountPoints2: {f0d08821-d09e-11e3-be8f-083e8eae8000} - "F:\setup_vmb_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-178571013-1627850510-3959465155-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [786432 2013-08-22] (Microsoft Corporation)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [184048 2013-12-26] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156256 2013-12-26] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Jp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-178571013-1627850510-3959465155-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKU\S-1-5-21-178571013-1627850510-3959465155-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
HKU\S-1-5-21-178571013-1627850510-3959465155-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> {3FA44D8D-01D7-4F9A-AE44-AC42EB40BAC3} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-178571013-1627850510-3959465155-1002 -> {3FA44D8D-01D7-4F9A-AE44-AC42EB40BAC3} URL =
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-09] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-09] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-03] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-03] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Tcpip\Parameters: [DhcpNameServer] 192.168.0.254 168.210.2.2
Tcpip\..\Interfaces\{25961DFE-E193-465B-A6CF-115982FA2056}: [NameServer] 196.207.36.251 196.207.36.254

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll [2010-10-19] (Exent Technologies Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-09] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-10-09] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-09] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-11-19] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-06]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-06]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-10-06]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-10-06]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-10-06]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HomePage: Default -> hxxp://rts.dsrlte.com
CHR StartupUrls: Default -> "hxxp://rts.dsrlte.com"
CHR DefaultSearchKeyword: Default -> dsrlte.com
CHR DefaultNewTabURL: Default -> http://rts.dsrlte.com?affID=pr_10bdd8cb ... 5ad812037d
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Exent® AOD Gecko Plugin) - C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Nitro PDF plugin for Firefox and Chrome) - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
CHR Profile: C:\Users\Jp\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-22]
CHR Extension: (Google Drive) - C:\Users\Jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\Jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-22]
CHR Extension: (Google Search) - C:\Users\Jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-22]
CHR Extension: (Kaspersky Protection) - C:\Users\Jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-10-29]
CHR Extension: (Google Wallet) - C:\Users\Jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-22]
CHR Extension: (Gmail) - C:\Users\Jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-22]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/deta ... ojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/deta ... ojhbllhbho [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [959256 2012-11-15] (Broadcom Corporation.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [517464 2015-01-28] (Garmin Ltd or its subsidiaries)
R2 hasplms; C:\Windows\system32\hasplms.exe [4608320 2014-11-26] (SafeNet Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-11-19] (Nitro PDF Software)
R2 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9216 2011-04-19] (Vodafone) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-11-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-11-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 akshasp; C:\Windows\system32\DRIVERS\akshasp.sys [60488 2014-07-15] (SafeNet Inc.)
R3 akshhl; C:\Windows\system32\DRIVERS\akshhl.sys [63944 2014-07-15] (SafeNet Inc.)
R3 aksusb; C:\Windows\system32\DRIVERS\aksusb.sys [303624 2014-07-15] (SafeNet Inc.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 bthav; C:\Windows\system32\drivers\bthav.sys [40448 2008-07-10] (CSR, plc)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R3 BTHprint; C:\Windows\system32\DRIVERS\bthprint.sys [62976 2013-08-22] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [331608 2014-07-15] (SafeNet Inc.)
S3 huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [196608 2011-04-18] (Huawei Technologies Co., Ltd.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2014-10-09] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2014-10-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-15] (Research In Motion Limited)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [975104 2012-08-24] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-11-14] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-07-25] (Exent Technologies Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-09 10:43 - 2015-03-09 10:43 - 00000000 ____D () C:\FRST
2015-03-09 08:55 - 2015-03-09 08:55 - 00000165 ____H () C:\Users\Jp\Documents\~$Sales 2015.xlsm
2015-03-09 08:40 - 2015-03-09 08:40 - 00000165 ____H () C:\Users\Jp\Documents\~$Quotes 2015.xlsm
2015-03-04 17:25 - 2015-03-04 17:25 - 00000000 _____ () C:\Users\Jp\Documents\47450610
2015-02-20 21:22 - 2015-02-03 21:31 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-20 21:22 - 2015-02-03 21:31 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-20 21:17 - 2015-02-20 21:17 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-20 18:25 - 2015-02-20 18:25 - 00000017 _____ () C:\Users\Jp\AppData\Local\resmon.resmoncfg
2015-02-20 16:18 - 2014-08-23 09:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-02-20 16:18 - 2014-08-23 09:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-02-20 16:18 - 2014-08-23 08:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2015-02-20 16:18 - 2014-08-23 07:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2015-02-20 16:18 - 2014-08-23 06:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2015-02-20 16:18 - 2014-07-10 06:08 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\lockscreencn.dll
2015-02-20 16:11 - 2015-01-10 11:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-20 16:11 - 2015-01-10 11:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-20 16:11 - 2015-01-10 10:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-20 16:11 - 2014-10-29 04:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-20 16:11 - 2014-10-29 04:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-20 16:11 - 2014-10-29 03:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-20 16:11 - 2014-10-29 03:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-20 16:11 - 2014-10-29 03:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-20 16:11 - 2014-10-29 03:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-20 16:11 - 2014-10-29 03:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-20 16:11 - 2014-10-29 03:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-20 16:10 - 2014-08-02 02:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-02-20 16:09 - 2015-01-16 00:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-20 16:09 - 2015-01-16 00:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-20 16:09 - 2015-01-14 06:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-20 16:09 - 2015-01-14 05:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-20 16:09 - 2015-01-14 00:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-20 16:09 - 2015-01-14 00:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-20 16:09 - 2014-12-09 05:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-20 16:09 - 2014-12-09 03:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-20 16:09 - 2014-11-10 04:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2015-02-20 16:09 - 2014-11-10 03:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2015-02-20 16:09 - 2014-10-29 04:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-20 16:09 - 2014-10-29 04:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-20 16:09 - 2014-10-29 04:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-20 16:09 - 2014-10-29 04:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-20 16:09 - 2014-10-29 03:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-20 16:09 - 2014-07-15 20:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2015-02-20 16:09 - 2014-07-15 10:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2015-02-20 16:09 - 2014-07-15 10:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2015-02-20 16:09 - 2014-07-15 10:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2015-02-20 16:08 - 2014-12-19 10:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-20 16:08 - 2014-12-19 10:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-20 16:08 - 2014-12-12 04:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-02-20 16:08 - 2014-12-09 03:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-02-20 16:08 - 2014-10-31 01:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-02-20 16:08 - 2014-10-31 01:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-02-20 16:08 - 2014-08-15 02:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2015-02-20 16:07 - 2014-12-12 02:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-02-20 16:07 - 2014-12-09 01:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-20 16:03 - 2014-12-19 08:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-02-20 16:01 - 2015-02-04 01:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-20 16:01 - 2015-02-04 01:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-20 16:01 - 2015-02-04 01:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-20 16:01 - 2015-02-03 01:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-20 16:01 - 2015-02-03 01:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-20 16:01 - 2015-02-03 01:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-20 16:01 - 2014-12-03 01:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-02-20 16:01 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2015-02-20 16:01 - 2014-07-24 05:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-02-20 16:00 - 2014-12-08 21:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-02-20 16:00 - 2014-12-08 21:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-02-20 16:00 - 2014-12-08 21:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-02-20 16:00 - 2014-12-08 21:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-02-20 16:00 - 2014-12-08 21:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-02-20 16:00 - 2014-12-08 21:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-02-20 16:00 - 2014-12-08 21:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-02-20 16:00 - 2014-12-08 21:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-02-20 16:00 - 2014-12-06 05:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-02-20 16:00 - 2014-12-06 03:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-02-20 16:00 - 2014-12-06 03:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-02-20 16:00 - 2014-11-10 01:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-02-20 16:00 - 2014-11-10 01:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-02-20 16:00 - 2014-11-10 01:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-02-20 16:00 - 2014-11-10 01:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-02-20 16:00 - 2014-11-01 01:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-02-20 16:00 - 2014-11-01 01:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-02-20 16:00 - 2014-10-29 06:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-02-20 16:00 - 2014-10-29 06:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-02-20 16:00 - 2014-10-29 05:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-02-20 16:00 - 2014-10-29 05:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-02-20 16:00 - 2014-10-29 05:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-02-20 16:00 - 2014-10-29 05:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-02-20 16:00 - 2014-10-29 05:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-02-20 16:00 - 2014-10-29 05:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-02-20 16:00 - 2014-10-29 05:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-02-20 16:00 - 2014-10-29 05:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-02-20 16:00 - 2014-10-29 05:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-02-20 16:00 - 2014-10-29 04:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-02-20 16:00 - 2014-10-29 03:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-02-20 16:00 - 2014-10-29 03:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-02-20 16:00 - 2014-10-29 03:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-02-20 16:00 - 2014-10-29 03:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-02-20 15:59 - 2015-01-10 10:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-20 15:59 - 2014-07-12 06:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-02-17 16:37 - 2015-02-17 16:37 - 00000000 ____D () C:\Users\Jp\Documents\Garmin
2015-02-17 16:35 - 2015-02-17 16:35 - 00000000 ____D () C:\Users\Jp\AppData\Local\Garmin
2015-02-17 16:13 - 2015-02-17 16:13 - 00000000 ____D () C:\Users\Jp\AppData\Roaming\Garmin
2015-02-17 16:12 - 2015-02-17 16:35 - 00000000 ____D () C:\ProgramData\Garmin
2015-02-17 16:12 - 2015-02-17 16:12 - 00003556 _____ () C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2015-02-17 16:12 - 2015-02-17 16:12 - 00001915 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2015-02-17 16:12 - 2015-02-17 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-02-17 16:12 - 2015-02-17 16:12 - 00000000 ____D () C:\Program Files (x86)\Garmin
2015-02-17 16:11 - 2015-02-17 16:11 - 00000000 ____D () C:\ProgramData\Package Cache

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-09 10:36 - 2014-11-17 08:25 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-09 10:36 - 2014-04-22 09:11 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-09 10:21 - 2014-11-14 10:12 - 01567855 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-09 10:18 - 2014-09-24 09:20 - 00005388 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-09 10:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-09 09:49 - 2013-05-16 04:25 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-178571013-1627850510-3959465155-1002
2015-03-09 09:12 - 2014-04-11 10:46 - 00000000 ____D () C:\Users\Jp\AppData\Local\MiTek
2015-03-09 07:44 - 2013-08-22 16:46 - 00396145 _____ () C:\WINDOWS\setupact.log
2015-03-09 07:38 - 2014-11-15 07:28 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A1C1127D-737A-4263-80E1-59EB0FBE9744}
2015-03-09 07:36 - 2014-11-17 08:24 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-07 13:56 - 2015-01-07 12:34 - 00440037 _____ () C:\Users\Jp\Documents\Sales 2015.xlsm
2015-03-06 16:30 - 2015-01-06 12:06 - 00704037 _____ () C:\Users\Jp\Documents\Quotes 2015.xlsm
2015-03-06 12:48 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-06 12:48 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-06 10:22 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-05 09:57 - 2014-09-24 09:08 - 00015940 _____ () C:\WINDOWS\PFRO.log
2015-03-03 17:12 - 2014-04-16 18:01 - 00000000 ____D () C:\Users\Jp\Documents\FILES TO BE MAILED
2015-03-03 17:12 - 2013-05-16 04:28 - 00000000 ____D () C:\Users\Jp\AppData\Roaming\Nitro PDF
2015-03-02 17:07 - 2014-04-16 18:03 - 01966314 _____ () C:\Users\Jp\Documents\Sales 2014.xlsm
2015-03-02 14:35 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-02 14:25 - 2014-11-14 11:20 - 00095744 ___SH () C:\Users\Jp\Desktop\Thumbs.db
2015-02-26 10:27 - 2014-11-14 10:20 - 00000000 ____D () C:\Users\Jp
2015-02-26 09:06 - 2014-12-03 12:41 - 00000000 ____D () C:\Users\Jp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth
2015-02-25 08:27 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-20 21:20 - 2013-08-22 16:44 - 00492704 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-20 21:17 - 2014-09-24 11:58 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-20 21:17 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-02-20 21:17 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2015-02-20 21:17 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2015-02-20 16:59 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-20 16:54 - 2014-04-16 17:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-20 07:40 - 2014-04-22 08:54 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-17 16:12 - 2013-01-23 10:23 - 00000000 ____D () C:\Program Files\DIFX
2015-02-17 15:42 - 2014-04-24 16:42 - 00927956 _____ () C:\Users\Jp\Downloads\cbsidlm-cbsi188-Garmin_MapSource-SEO-75123302.exe.7xjvcsr.partial
2015-02-11 11:48 - 2013-05-16 04:20 - 00000000 ____D () C:\Users\Jp\Documents\Bluetooth Exchange Folder
2015-02-10 12:46 - 2015-02-06 12:39 - 01304224 _____ () C:\Users\Jp\Desktop\201502061107.tif
2015-02-09 07:31 - 2014-11-17 08:25 - 00003906 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-09 07:31 - 2014-11-17 08:24 - 00003670 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2014-04-17 10:45 - 2014-12-09 06:44 - 0010752 _____ () C:\Users\Jp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-20 18:25 - 2015-02-20 18:25 - 0000017 _____ () C:\Users\Jp\AppData\Local\resmon.resmoncfg
2011-04-18 15:39 - 2011-04-18 15:39 - 0226364 ____R () C:\ProgramData\DeviceManager.xml.rc4
2013-01-23 09:57 - 2013-01-23 09:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-05-30 18:54 - 2013-05-30 18:54 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some content of TEMP:
====================
C:\Users\Jp\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Jp\AppData\Local\Temp\Quarantine.exe
C:\Users\Jp\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-06 13:20

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2015 03
Ran by Jp at 2015-03-09 10:44:37
Running from C:\Users\Jp\AppData\Local\Microsoft\Windows\INetCache\IE\XOU7JVAK
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
AutoCAD 2013 - English (HKLM\...\AutoCAD 2013 - English) (Version: 19.0.55.0 - Autodesk)
AutoCAD 2013 - English (Version: 19.0.55.0 - Autodesk) Hidden
AutoCAD 2013 Language Pack - English (Version: 19.0.55.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.0.84.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Inventor Fusion 2013 (HKLM\...\Autodesk Inventor Fusion 2013) (Version: 2.0.0.206 - Autodesk, Inc.)
Autodesk Inventor Fusion 2013 (Version: 2.0.0.206 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion plug-in for AutoCAD 2013 (HKLM\...\Autodesk Inventor Fusion plug-in for AutoCAD 2013) (Version: 0.2.0.230 - Autodesk)
Autodesk Inventor Fusion plug-in for AutoCAD 2013 (Version: 0.2.0.230 - Autodesk) Hidden
Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013 (Version: 0.2.0.230 - Autodesk) Hidden
Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
Autodesk Sync (HKLM\...\{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}) (Version: 3.5.24.0 - Autodesk, Inc.)
Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\Canon Laser Printer/Scanner/Fax Extended Survey Program) (Version: 1.0.198.10000 - CANON INC.)
Canon Laser Printer/Scanner/Fax Extended Survey Program (Version: 1.0.198 - CANON INC.) Hidden
Canon MF Toolbox 4.9.1.1.mf14 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf14 - CANON INC.)
Canon MF8200C Series (HKLM\...\{C2938963-3BB0-41cd-9769-E28814C59075}) (Version: 4.2.0.0 - CANON INC.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.44.50 - Conexant)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Elevated Installer (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.5 - Lenovo)
Energy Management (x32 Version: 8.0.2.5 - Lenovo) Hidden
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
FloorPlan 3D v11 (HKLM-x32\...\{DA2C34F3-3686-4A29-8D9C-2BE12CFB631C}) (Version: 11.0 - IMSI)
FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.79.00 - Exent Technologies)
Garmin Express (HKLM-x32\...\{714dc1e5-69a4-4ecd-9552-93397e084298}) (Version: 3.2.29.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
IncrediMail (x32 Version: 6.3.9.5274 - IncrediMail) Hidden
IncrediMail 2.0 (HKLM-x32\...\IncrediMail) (Version: 6.3.9.5274 - IncrediMail Ltd.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.4300 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.12.824.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.10.2 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4310.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4310.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.5926 - Lenovo)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Nitro Pro 8 (HKLM\...\{FEB91DE4-3B51-4CB2-9CC4-E14577A85976}) (Version: 8.0.7.3 - Nitro)
NVIDIA Graphics Driver 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Port Royale 3 (HKLM-x32\...\{E07A21E5-1C16-41E7-9617-2D38CF3A642C}) (Version: 1.2.1.0 - Gaming Minds Studios GmbH)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
RealDwg 2009 For PrimeCAD (HKLM-x32\...\{362B316C-E754-4320-B7CF-BCA659B7011A}) (Version: 1.0.0 - MiTek)
RealDWG2005 (HKLM-x32\...\{19313881-2440-47D1-82EB-A573D9AD5DE7}) (Version: 1.0.0 - Mitek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Striata Reader (HKLM-x32\...\{13d868cf-47e9-4b3d-9366-a0c60f82e5aa}) (Version: 2.17-3 - Striata Communication Solutions)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
Vodafone Mobile Broadband Lite (HKLM-x32\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.2.103.31248 - Vodafone)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-178571013-1627850510-3959465155-1002_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-178571013-1627850510-3959465155-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-178571013-1627850510-3959465155-1002_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-178571013-1627850510-3959465155-1002_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2013\en-US\acadficn.dll (Autodesk, Inc.)

==================== Restore Points =========================

17-02-2015 16:11:10 Garmin Express
20-02-2015 16:34:41 Windows Update
02-03-2015 09:19:25 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {157173D9-24DE-461B-86E4-A8C1662BCEA0} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {2AD94F21-11BD-4D0A-AFDA-1484BFD85B5E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4D98DBDB-95E6-4217-8170-4ECA5694FEBE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {4F20C81D-CCF6-413C-A9AD-FE5BC9E8A27F} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {4F27F77B-AFD9-4C7B-AFE3-CB6585EE21A2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-22] (Google Inc.)
Task: {540CF290-BE87-48B9-8AD0-F51D41D8EC45} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2015-01-28] ()
Task: {74AFE0A1-BEB7-4766-99F4-5F01309826C8} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {8BBD64E5-91E9-4428-8CE2-9366C15F09BB} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {9737EE13-BEA6-4030-A963-C4FE0B21BCAD} - System32\Tasks\Canon\OIPPESP\Canon OIP Product Extended Survey Program => C:\Program Files\Canon\OIPPESP\Cnpspcnt.exe [2012-10-10] (CANON INC.)
Task: {A4E24B74-A3E6-4A5F-9BFB-CC4AADCD8DDB} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {CABBBCAD-11CA-46D8-9A5A-C8FD0E8EA88A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-10-16] (Lenovo)
Task: {E15F284D-D523-4287-ADF3-60D1AAF4141C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-22] (Google Inc.)
Task: {FA39D278-1B9E-4C67-8688-9168BA56072F} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-04-11 10:45 - 2013-08-01 10:05 - 00087040 _____ () C:\WINDOWS\System32\redmonnt.dll
2012-11-15 15:51 - 2012-11-15 15:51 - 00048920 _____ () C:\Program Files\Lenovo\Bluetooth Software\btwleapi.dll
2013-12-26 19:42 - 2013-12-26 19:42 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2013-01-23 09:47 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-04-17 09:29 - 2014-04-17 09:29 - 00268712 _____ () C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll
2014-04-17 09:29 - 2014-04-17 09:29 - 00033128 _____ () C:\Program Files (x86)\IncrediMail\Bin\IMHttpComm.dll
2014-04-17 09:29 - 2014-04-17 09:29 - 00072104 _____ () C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll
2014-04-17 09:29 - 2014-04-17 09:29 - 00108888 _____ () C:\Program Files (x86)\IncrediMail\Bin\pmc.dll
2014-04-17 09:29 - 2014-04-17 09:29 - 00133544 _____ () C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll
2014-04-17 09:29 - 2014-04-17 09:29 - 00080296 _____ () C:\Program Files (x86)\IncrediMail\bin\ImAppRU.dll
2011-04-19 16:12 - 2011-04-19 16:12 - 00308736 _____ () C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.View.Taskbar.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-178571013-1627850510-3959465155-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Jp\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.0.254 - 168.210.2.2

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-178571013-1627850510-3959465155-500 - Administrator - Disabled)
Guest (S-1-5-21-178571013-1627850510-3959465155-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-178571013-1627850510-3959465155-1004 - Limited - Enabled)
Jp (S-1-5-21-178571013-1627850510-3959465155-1002 - Administrator - Enabled) => C:\Users\Jp
UpdatusUser (S-1-5-21-178571013-1627850510-3959465155-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/09/2015 10:18:37 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (03/09/2015 10:18:37 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (03/09/2015 07:39:07 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (03/09/2015 07:39:07 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (03/07/2015 01:04:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Mi200032.exe, version: 5.64.211.0, time stamp: 0x519ea468
Faulting module name: Mi200032.exe, version: 5.64.211.0, time stamp: 0x519ea468
Exception code: 0xc0000005
Fault offset: 0x00423b15
Faulting process id: 0x%9
Faulting application start time: 0xMi200032.exe0
Faulting application path: Mi200032.exe1
Faulting module path: Mi200032.exe2
Report Id: Mi200032.exe3
Faulting package full name: Mi200032.exe4
Faulting package-relative application ID: Mi200032.exe5

Error: (03/07/2015 10:22:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LAYOUT32.exe, version: 5.64.211.0, time stamp: 0x519ea94b
Faulting module name: LAYOUT32.exe, version: 5.64.211.0, time stamp: 0x519ea94b
Exception code: 0xc0000005
Fault offset: 0x0089589d
Faulting process id: 0x%9
Faulting application start time: 0xLAYOUT32.exe0
Faulting application path: LAYOUT32.exe1
Faulting module path: LAYOUT32.exe2
Report Id: LAYOUT32.exe3
Faulting package full name: LAYOUT32.exe4
Faulting package-relative application ID: LAYOUT32.exe5

Error: (03/07/2015 09:09:09 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (03/07/2015 09:09:09 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (03/07/2015 09:04:42 AM) (Source: VmbService) (EventID: 0) (User: )
Description: GetLoggedOnUser

Error: (03/07/2015 09:04:35 AM) (Source: VmbService) (EventID: 0) (User: )
Description: GetLoggedOnUser


System errors:
=============
Error: (03/09/2015 09:30:55 AM) (Source: DCOM) (EventID: 10010) (User: JOHAN-PRIVAAT)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (03/09/2015 09:30:25 AM) (Source: DCOM) (EventID: 10010) (User: JOHAN-PRIVAAT)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (03/09/2015 09:25:32 AM) (Source: DCOM) (EventID: 10010) (User: JOHAN-PRIVAAT)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (03/09/2015 09:25:00 AM) (Source: DCOM) (EventID: 10010) (User: JOHAN-PRIVAAT)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (03/09/2015 07:46:55 AM) (Source: DCOM) (EventID: 10010) (User: JOHAN-PRIVAAT)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (03/09/2015 07:46:25 AM) (Source: DCOM) (EventID: 10010) (User: JOHAN-PRIVAAT)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (03/09/2015 07:41:17 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer JP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B3ECAC3B-90B6-477F-BBB9-2E27A1D89E76}.
The master browser is stopping or an election is being forced.

Error: (03/07/2015 01:57:38 PM) (Source: DCOM) (EventID: 10010) (User: JOHAN-PRIVAAT)
Description: {F2F6A7B0-0E74-49BF-ABDF-8A0778554472}

Error: (03/07/2015 01:57:37 PM) (Source: DCOM) (EventID: 10010) (User: JOHAN-PRIVAAT)
Description: {F2F6A7B0-0E74-49BF-ABDF-8A0778554472}

Error: (03/07/2015 09:59:55 AM) (Source: DCOM) (EventID: 10010) (User: JOHAN-PRIVAAT)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


Microsoft Office Sessions:
=========================
Error: (03/09/2015 10:18:37 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (03/09/2015 10:18:37 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance163707000000000000000000008F020000

Error: (03/09/2015 07:39:07 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (03/09/2015 07:39:07 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance163707000000000000000000008F020000

Error: (03/07/2015 01:04:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Mi200032.exe5.64.211.0519ea468Mi200032.exe5.64.211.0519ea468c000000500423b15

Error: (03/07/2015 10:22:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: LAYOUT32.exe5.64.211.0519ea94bLAYOUT32.exe5.64.211.0519ea94bc00000050089589d

Error: (03/07/2015 09:09:09 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (03/07/2015 09:09:09 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance163707000000000000000000008F020000

Error: (03/07/2015 09:04:42 AM) (Source: VmbService) (EventID: 0) (User: )
Description: GetLoggedOnUser

Error: (03/07/2015 09:04:35 AM) (Source: VmbService) (EventID: 0) (User: )
Description: GetLoggedOnUser


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 51%
Total physical RAM: 3961.77 MB
Available physical RAM: 1919.95 MB
Total Pagefile: 5241.77 MB
Available Pagefile: 2685.85 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:883.74 GB) (Free:718.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.39 GB) NTFS
Drive f: () (Removable) (Total:3.72 GB) (Free:3.67 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D52B38FD)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 04030201)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)

==================== End Of Log ============================
eagleroofs2002
Active Member
 
Posts: 1
Joined: March 9th, 2015, 4:10 am
Advertisement
Register to Remove

Re: Spyware JOTZEY ?

Unread postby mAL_rEm018 » March 9th, 2015, 9:47 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.


Hello eagleroofs2002,

My name is mAL_rEm018, but feel free to call me mAL :). I'm an undergraduate trainee and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.

To make sure everything goes smoothly, I would like you to observe the following rules:
  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread. Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum. Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

I am currently reviewing you logs and will return as soon as possible, with additional instructions. In the meantime I would like you to read and get acquainted with the following topic: HOW TO GET HELP IN THIS FORUM - everyone must read this, where the conditions for receiving help here are explained.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Spyware JOTZEY ?

Unread postby mAL_rEm018 » March 11th, 2015, 11:05 am

Hello eagleroofs2002,


Please answer the following question:
  • Could you tell me if this computer is used for business purposes?


I would like you to run the following scans..

MGA Diagnostics
  • Please download and save the following tool to your desktop Link.
  • Right-click on MGADiag.exe and select Run as Administrator.
  • Select Continue. The diagnosis will now begin.
  • When the process is over, click Copy.
  • Open Notepad and paste the contents.
  • Save this file as MGADiag.txt.
  • Post the content on MGADiag.txt in your next reply.

Next...

CKScanner
  • Please download CKScanner from Here
  • Save it to your Desktop.
  • Right-Click on CKScanner.exe and select Run as Administrator.
  • Select Search For Files
  • When the scan in finished, click on Save List To File.
  • Open CKFiles.txt on your desktop and post the contents in your next reply.
    Only run CKScanner.exe once.

-----------------------------------------
In your next reply, I would like to see..
  • Answer to my question.
  • Contents of MGADiag.txt
  • Contents of CKFiles.txt
    Please post everything in the order given.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Spyware JOTZEY ?

Unread postby Gary R » March 14th, 2015, 1:39 pm

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 138 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware