The Far Bar recovery scan output:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-08-2015 01
Ran by Sander (administrator) on BAKBEEST (09-08-2015 22:27:35)
Running from C:\Users\Sander\Desktop
Loaded Profiles: Sander (Available Profiles: Sander)
Platform: Windows 8.1 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Video DSP\DriverMFTService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Gaming Center\vivokey.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Kaspersky Lab ZAO) C:\ProgramData\Kaspersky Lab\AVP15.0.2\Temp\temporaryFolder\updates\bin\kav15\15.0.2.361_kis_b\avp.exe.2346_2553_4126.removeOnNextReboot
(Kaspersky Lab ZAO) C:\ProgramData\Kaspersky Lab\AVP15.0.2\Temp\temporaryFolder\updates\bin\kav15\15.0.2.361_kis_b\avpui.exe.2346_2553_4126.removeOnNextReboot
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Camera\Camera.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2462536 2014-10-04] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3246920 2014-10-15] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\ASUSWSLoader.exe [63296 2014-08-20] ()
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-15] ()
HKLM-x32\...\Run: [ASUS ROG MacroKey] => C:\Program Files (x86)\ASUS\ASUS ROG MacroKey\Hid.exe [2036224 2014-07-30] (ASUS)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2980810981-1312304709-3873871237-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
http://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-2980810981-1312304709-3873871237-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.87.36.36 192.87.106.106
Tcpip\..\Interfaces\{24E7AF51-5ACB-4CB1-BAFD-464808851648}: [DhcpNameServer] 192.87.36.36 192.87.106.106
FireFox:
========
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com [2015-08-09] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-08-09] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-10-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-10-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.5\npGoogleUpdate3.dll [2015-08-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.5\npGoogleUpdate3.dll [2015-08-09] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com [2015-08-09]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-08-09]
Chrome:
=======
CHR Profile: C:\Users\Sander\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-09]
CHR Extension: (Google Docs) - C:\Users\Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-09]
CHR Extension: (Google Drive) - C:\Users\Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-09]
CHR Extension: (YouTube) - C:\Users\Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-09]
CHR Extension: (Google Search) - C:\Users\Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-09]
CHR Extension: (Kaspersky Protection) - C:\Users\Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-08-09]
CHR Extension: (Google Sheets) - C:\Users\Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-09]
CHR Extension: (Gmail) - C:\Users\Sander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-09]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] -
https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] -
https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe [71168 2014-08-20] (ASUS Cloud Corporation) [File not signed]
R2 AsusGameFirstService; C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe [345912 2014-08-29] (ASUSTeK)
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe [194000 2015-08-09] (Kaspersky Lab ZAO)
R2 DriverMFTService; C:\Program Files (x86)\Asus\ASUS Video DSP\DriverMFTService.exe [9728 2014-10-29] (ASUSTek Computer Inc.) [File not signed]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [102152 2014-10-01] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-10-04] (NVIDIA Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121288 2014-05-09] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel(R) Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-10-04] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-10-04] (NVIDIA Corporation)
S3 ThunderboltService; C:\Program Files\Intel\Thunderbolt Software\tbtsvc.exe [1179944 2014-05-13] (Intel Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-10-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-10-29] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-04-22] (Motorola Solutions, Inc.)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-08-09] (Kaspersky Lab UK Ltd)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [107208 2014-01-17] (GenesysLogic)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [192456 2014-05-09] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [77992 2014-08-04] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-08-09] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [64368 2015-08-09] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [159960 2015-08-09] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [226480 2015-08-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [831664 2015-08-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39792 2015-08-09] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [40304 2015-08-09] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [39792 2015-08-09] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [24944 2015-08-09] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [77680 2015-08-09] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [85360 2015-08-09] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [190648 2015-08-09] (Kaspersky Lab ZAO)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-08-09] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3446240 2014-06-18] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R1 NFC_Driver; C:\Windows\System32\drivers\NFC_Driver.sys [48336 2014-03-27] (Titan ARC Corp.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-10-04] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2014-10-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-10-29] (Microsoft Corporation)
R4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
S3 MFE_RR; \??\C:\Users\Sander\AppData\Local\Temp\mfe_rr.sys [X]
U0 msahci; system32\drivers\msahci.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-09 22:27 - 2015-08-09 22:27 - 00020246 _____ C:\Users\Sander\Desktop\FRST.txt
2015-08-09 22:27 - 2015-08-09 22:27 - 00000000 ____D C:\FRST
2015-08-09 22:06 - 2015-08-09 22:06 - 02169856 _____ (Farbar) C:\Users\Sander\Desktop\FRST64.exe
2015-08-09 21:57 - 2015-08-09 22:15 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2015-08-09 21:32 - 2015-08-09 21:33 - 03800100 _____ (Malwarebytes Corporation ) C:\Users\Sander\Downloads\mbam-setup-2.1.8.1057.exe.7xaiqw2.partial
2015-08-09 21:31 - 2015-08-09 21:31 - 00002281 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-09 21:31 - 2015-08-09 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-09 21:30 - 2015-08-09 21:47 - 00000000 _____ C:\Recovery.txt
2015-08-09 21:29 - 2015-08-09 21:34 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-09 21:29 - 2015-08-09 21:34 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-09 21:29 - 2015-08-09 21:31 - 00000000 ____D C:\Users\Sander\AppData\Local\Google
2015-08-09 21:29 - 2015-08-09 21:31 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-09 21:29 - 2015-08-09 21:29 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-09 21:29 - 2015-08-09 21:29 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-09 21:29 - 2015-08-09 21:29 - 00000000 ____D C:\Users\Sander\AppData\Local\Deployment
2015-08-09 21:29 - 2015-08-09 21:29 - 00000000 ____D C:\Users\Sander\AppData\Local\Apps\2.0
2015-08-09 21:27 - 2015-08-09 21:27 - 00000000 __SHD C:\Users\Sander\AppData\Local\EmieUserList
2015-08-09 21:27 - 2015-08-09 21:27 - 00000000 __SHD C:\Users\Sander\AppData\Local\EmieSiteList
2015-08-09 21:20 - 2015-08-09 21:20 - 00001142 _____ C:\Users\Sander\Desktop\Welcome to ASUS Product Registration.lnk
2015-08-09 21:05 - 2015-08-09 21:05 - 00002109 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2015-08-09 21:05 - 2015-08-09 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2015-08-09 21:05 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-08-09 21:04 - 2015-08-09 21:33 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-08-09 21:04 - 2015-08-09 21:09 - 00831664 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-08-09 21:04 - 2015-08-09 21:09 - 00159960 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-08-09 21:04 - 2015-08-09 21:04 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-08-09 20:16 - 2015-08-09 21:01 - 00000093 _____ C:\Users\Sander\AppData\Roaming\sp_data.sys
2015-08-09 19:51 - 2015-08-09 13:52 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Sander\Desktop\adla.exe
2015-08-09 19:51 - 2015-08-09 11:45 - 00783640 _____ (McAfee, Inc.) C:\Users\Sander\Desktop\lksajdla.exe
2015-08-09 15:38 - 2015-08-09 14:12 - 01797896 _____ (Malwarebytes Corporation) C:\Users\Sander\Desktop\6_lskmdlsad.exe
2015-08-09 15:36 - 2015-08-09 19:36 - 00000000 ____D C:\AdwCleaner
2015-08-09 15:36 - 2015-08-09 14:12 - 02248704 _____ C:\Users\Sander\Desktop\5_aksmdlaskd.exe
2015-08-09 15:23 - 2015-08-09 19:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-08-09 15:23 - 2015-08-09 19:39 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-09 15:23 - 2015-08-09 15:23 - 00028672 ___SH C:\Windows\system32\config\BCD-Template.LOG
2015-08-09 15:23 - 2015-08-09 15:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-09 15:21 - 2015-08-09 19:40 - 00000000 ____D C:\Users\Sander\Desktop\mbar
2015-08-09 15:21 - 2015-08-09 15:21 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-09 15:19 - 2015-08-09 14:05 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Sander\Desktop\1_askdlaskd.exe
2015-08-09 14:51 - 2015-08-09 14:51 - 00000000 ____D C:\Users\Sander\AppData\Roaming\WebStorage
2015-08-09 14:50 - 2015-08-09 21:55 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2980810981-1312304709-3873871237-1001
2015-08-09 14:46 - 2015-08-09 14:46 - 00000000 ____D C:\Users\Sander\Documents\My Received Files
2015-08-09 14:46 - 2015-08-09 14:46 - 00000000 ____D C:\Users\Sander\AppData\Roaming\ASUS
2015-08-09 14:45 - 2015-08-09 15:37 - 00000000 ____D C:\Users\Sander
2015-08-09 14:45 - 2015-08-09 15:08 - 00000000 ____D C:\ProgramData\USBChargerPlus
2015-08-09 14:45 - 2015-08-09 14:46 - 00000000 ____D C:\Users\Sander\AppData\Local\Packages
2015-08-09 14:45 - 2015-08-09 14:46 - 00000000 ____D C:\Users\Sander\AppData\Local\NVIDIA Corporation
2015-08-09 14:45 - 2015-08-09 14:45 - 00001448 _____ C:\Users\Sander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-09 14:45 - 2015-08-09 14:45 - 00000192 _____ C:\Windows\FixPatch.log
2015-08-09 14:45 - 2015-08-09 14:45 - 00000020 ___SH C:\Users\Sander\ntuser.ini
2015-08-09 14:45 - 2015-08-09 14:45 - 00000000 ____D C:\Users\Sander\AppData\Roaming\Intel
2015-08-09 14:45 - 2015-08-09 14:45 - 00000000 ____D C:\Users\Sander\AppData\Roaming\Adobe
2015-08-09 14:45 - 2015-08-09 14:45 - 00000000 ____D C:\Users\Sander\AppData\Local\VirtualStore
2015-08-09 14:45 - 2015-08-09 14:45 - 00000000 ____D C:\Users\Sander\AppData\Local\NVIDIA
2015-08-09 14:45 - 2014-10-29 16:11 - 00000000 ___RD C:\Users\Sander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-09 14:45 - 2014-10-29 15:20 - 00000000 ___RD C:\Users\Sander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-09 14:45 - 2014-03-18 17:27 - 00000369 _____ C:\Users\Sander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-08-09 14:45 - 2014-03-18 17:27 - 00000369 _____ C:\Users\Sander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-08-09 14:45 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Sander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-09 14:45 - 2013-08-22 17:36 - 00000000 ____D C:\Users\Sander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-09 22:23 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-08-09 22:03 - 2015-04-12 05:30 - 01823035 _____ C:\Windows\WindowsUpdate.log
2015-08-09 22:02 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-08-09 21:19 - 2014-11-22 14:12 - 00085360 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwtp.sys
2015-08-09 21:19 - 2014-11-20 13:39 - 00077680 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwfp.sys
2015-08-09 21:19 - 2014-11-10 17:48 - 00190648 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2015-08-09 21:19 - 2014-10-10 17:02 - 00039792 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys
2015-08-09 21:19 - 2014-08-19 12:31 - 00064368 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kldisk.sys
2015-08-09 21:19 - 2014-03-31 10:47 - 00478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2015-08-09 21:19 - 2013-04-12 14:34 - 00024944 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klpd.sys
2015-08-09 21:11 - 2015-04-12 05:43 - 00003400 _____ C:\Windows\System32\Tasks\ASUS Live Update1
2015-08-09 21:11 - 2015-04-12 05:43 - 00003390 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2015-08-09 21:09 - 2014-10-30 04:22 - 00040304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2015-08-09 21:09 - 2014-10-22 21:13 - 00226480 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-08-09 21:09 - 2013-08-08 16:11 - 00039792 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klmouflt.sys
2015-08-09 21:09 - 2013-01-14 20:10 - 00247016 _____ (Kaspersky Lab UK Ltd) C:\Windows\system32\Drivers\cm_km_w.sys
2015-08-09 21:08 - 2014-10-29 14:33 - 00810868 _____ C:\Windows\system32\perfh013.dat
2015-08-09 21:08 - 2014-10-29 14:33 - 00166216 _____ C:\Windows\system32\perfc013.dat
2015-08-09 21:08 - 2014-10-29 14:22 - 00806616 _____ C:\Windows\system32\perfh010.dat
2015-08-09 21:08 - 2014-10-29 14:22 - 00160306 _____ C:\Windows\system32\perfc010.dat
2015-08-09 21:08 - 2014-10-29 14:12 - 00814850 _____ C:\Windows\system32\perfh00C.dat
2015-08-09 21:08 - 2014-10-29 14:12 - 00163070 _____ C:\Windows\system32\perfc00C.dat
2015-08-09 21:08 - 2014-10-29 14:02 - 00767704 _____ C:\Windows\system32\perfh007.dat
2015-08-09 21:08 - 2014-10-29 14:02 - 00163124 _____ C:\Windows\system32\perfc007.dat
2015-08-09 21:08 - 2014-03-18 17:26 - 04646338 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-09 21:05 - 2013-08-22 17:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-08-09 21:05 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-08-09 21:01 - 2015-04-12 05:45 - 00000000 ____D C:\ProgramData\McAfee
2015-08-09 21:01 - 2015-04-12 05:34 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-09 21:01 - 2014-03-18 10:16 - 00003874 _____ C:\Windows\PFRO.log
2015-08-09 21:01 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-09 15:39 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\restore
2015-08-09 15:23 - 2014-10-29 08:16 - 00000000 __SHD C:\Recovery
2015-08-09 15:23 - 2013-08-22 17:36 - 00262144 _____ C:\Windows\system32\config\BCD-Template
2015-08-09 15:07 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-08-09 14:51 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-08-09 14:45 - 2014-10-29 15:02 - 00000000 ____D C:\Windows\Panther
2015-08-09 14:45 - 2014-10-29 13:24 - 00000000 ____D C:\Windows\Log
2015-08-09 14:44 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\Recovery
2015-08-09 14:24 - 2013-08-22 15:36 - 00000000 __RHD C:\Users\Default
2015-08-09 14:23 - 2013-08-22 16:44 - 00337808 _____ C:\Windows\system32\FNTCACHE.DAT
==================== Files in the root of some directories =======
2015-08-09 20:16 - 2015-08-09 21:01 - 0000093 _____ () C:\Users\Sander\AppData\Roaming\sp_data.sys
2015-04-12 05:39 - 2015-04-12 05:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-10-29 08:25 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-10-29 08:25 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-10-29 08:25 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
Files to move or delete:
====================
C:\ProgramData\SetStretch.VBS
Some files in TEMP:
====================
C:\Users\Sander\AppData\Local\Temp\0285311439146779mcinst.exe
C:\Users\Sander\AppData\Local\Temp\Quarantine.exe
C:\Users\Sander\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-08-09 14:23
==================== End of log ============================