Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017 Ran by Robert R. Fenichel (administrator) on CPU2015 (07-04-2017 12:31:59) Running from C:\Users\Robert R. Fenichel\Desktop Loaded Profiles: Robert R. Fenichel (Available Profiles: Robert R. Fenichel) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Code 42 Software) C:\Program Files\CrashPlan\CrashPlanService.exe (Trace Software International) C:\Program Files (x86)\image processing\SolidWorks\SOLIDWORKS Electrical\server\EwServer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe (Microsoft Corporation) G:\image processing\SolidWorks\electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_S10IC2.EXE (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe (Siber Systems) C:\Program Files (x86)\Internet\RoboForm\robotaskbaricon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Dassault Systèmes SolidWorks Corp.) C:\Program Files (x86)\image processing\SolidWorks\SOLIDWORKS\sldworks_fs.exe (The CoolMon Project) C:\Program Files (x86)\system tools\monitor\CoolInfo\CoolMon.exe (SourceForge.net) C:\Program Files (x86)\database\Password Safe\pwsafe.exe () G:\source code\Delphi\applications\infrastructure\CalendarClock\CalendarClockGadget.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Intel Corporation) C:\Program Files (x86)\hardware\motherboard\IAStorDataMgrSvc.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe () G:\source code\Delphi\applications\infrastructure\start menu\StartMenu.exe (iAnywhere Solutions, Inc.) C:\Program Files (x86)\database\Advantage\ARC\arc32.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe (QUALCOMM Incorporated) C:\Program Files (x86)\Internet\Eudora\Eudora.exe () G:\source code\Delphi\applications\household databases\home control\HomeControlProject.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-07-07] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2462536 2014-10-03] (NVIDIA Corporation) HKLM\...\Run: [EPSON Stylus Photo 2200] => C:\Windows\system32\spool\DRIVERS\x64\3\E_S10IC2.EXE [99840 2003-05-27] (SEIKO EPSON CORPORATION) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated) HKLM\...\Run: [CrashPlanTray] => C:\Program Files\CrashPlan\CrashPlanTray.exe [461184 2016-10-17] (Code 42 Software, Inc.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-06-15] (Intel Corporation) HKLM-x32\...\Run: [Bonus.SSR.FR10] => C:\Program Files (x86)\word processing\ABBYY OCR\Bonus.ScreenshotReader.exe [939272 2009-09-18] (ABBYY.) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-979816460-3853156291-1427404335-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Internet\RoboForm\RoboTaskBarIcon.exe [110376 2017-02-25] (Siber Systems) HKU\S-1-5-21-979816460-3853156291-1427404335-1000\...\RunOnce: [Uninstall C:\Users\Robert R. Fenichel\AppData\Local\Microsoft\OneDrive\17.3.4604.0120] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert R. Fenichel\AppData\Local\Microsoft\OneDrive\17.3.4604.0120" HKU\S-1-5-21-979816460-3853156291-1427404335-1000\...\Policies\Explorer: [NoStartMenuMorePrograms] 1 HKU\S-1-5-21-979816460-3853156291-1427404335-1000\...\MountPoints2: {f750e80c-71da-11e5-bf75-806e6f6e6963} - T:\Run.exe HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-10-13] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlanDesktop.lnk [2015-10-30] ShortcutTarget: CrashPlanDesktop.lnk -> C:\Program Files (x86)\system tools\backup\CrashPlan\CrashPlanDesktop.exe (No File) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-10-15] ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2015 Fast Start.lnk [2015-10-15] ShortcutTarget: SOLIDWORKS 2015 Fast Start.lnk -> C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS Background Downloader.lnk [2015-11-01] ShortcutTarget: SOLIDWORKS Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SOLIDWORKS Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.) Startup: C:\Users\Robert R. Fenichel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CoolMon.lnk [2015-10-13] ShortcutTarget: CoolMon.lnk -> C:\Program Files (x86)\system tools\monitor\CoolInfo\CoolMon.exe (The CoolMon Project) Startup: C:\Users\Robert R. Fenichel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk [2015-10-13] ShortcutTarget: Password Safe.lnk -> C:\Program Files (x86)\database\Password Safe\pwsafe.exe (SourceForge.net) Startup: C:\Users\Robert R. Fenichel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RRF background.lnk [2015-10-13] ShortcutTarget: RRF background.lnk -> G:\source code\Delphi\applications\infrastructure\background\Background.exe () Startup: C:\Users\Robert R. Fenichel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RRF clock gadget.lnk [2015-10-13] ShortcutTarget: RRF clock gadget.lnk -> G:\source code\Delphi\applications\infrastructure\CalendarClock\CalendarClockGadget.exe () GroupPolicy: Restriction <======= ATTENTION GroupPolicy\User: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-14] (Lavasoft Limited) Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-14] (Lavasoft Limited) Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-14] (Lavasoft Limited) Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-14] (Lavasoft Limited) Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-14] (Lavasoft Limited) Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-14] (Lavasoft Limited) Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-14] (Lavasoft Limited) Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-14] (Lavasoft Limited) Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-14] (Lavasoft Limited) Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-14] (Lavasoft Limited) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.122 Tcpip\..\Interfaces\{06E3C05D-7943-4997-885D-29E08AC5CC12}: [DhcpNameServer] 8.8.8.8 8.8.4.4 Tcpip\..\Interfaces\{93257A18-FF66-4342-A183-FF5CF43EE04C}: [DhcpNameServer] 192.168.1.254 75.153.171.122 Internet Explorer: ================== HKU\S-1-5-21-979816460-3853156291-1427404335-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nytimes.com/crosswords/index.html?page=home&module=SectionsNav&action=click&version=BrowseTree®ion=TopBar&contentCollection=Crossword&pgtype=Homepage&_r=0 SearchScopes: HKU\S-1-5-21-979816460-3853156291-1427404335-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D101415-A510D0E105D5B4CC49CF&form=CONBDF&conlogo=CT3330941&q={searchTerms} SearchScopes: HKU\S-1-5-21-979816460-3853156291-1427404335-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D101415-A510D0E105D5B4CC49CF&form=CONBDF&conlogo=CT3330941&q={searchTerms} BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-08] (AO Kaspersky Lab) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-03-05] (Microsoft Corporation) BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Internet\RoboForm\RoboForm-x64.dll [2017-02-25] (Siber Systems Inc.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\programming\Java\bin\ssv.dll [2015-10-30] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-03-05] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-05] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\programming\Java\bin\jp2ssv.dll [2015-10-30] (Oracle Corporation) BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-08] (AO Kaspersky Lab) BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Internet\RoboForm\roboform.dll [2017-02-25] (Siber Systems Inc.) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2012-11-04] (Logitech, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-03-05] (Microsoft Corporation) Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Internet\RoboForm\RoboForm-x64.dll [2017-02-25] (Siber Systems Inc.) Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-08] (AO Kaspersky Lab) Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Internet\RoboForm\roboform.dll [2017-02-25] (Siber Systems Inc.) Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-08] (AO Kaspersky Lab) Toolbar: HKU\S-1-5-21-979816460-3853156291-1427404335-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Internet\RoboForm\RoboForm-x64.dll [2017-02-25] (Siber Systems Inc.) Toolbar: HKU\S-1-5-21-979816460-3853156291-1427404335-1000 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-08] (AO Kaspersky Lab) Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Robert R. Fenichel\AppData\Roaming\Mozilla\Firefox\Profiles\702qq0q4.default [2017-04-07] FF NewTab: Mozilla\Firefox\Profiles\702qq0q4.default -> hxxp://www.bing.com/?pc=COSP&ptag=D101415-A510D0E105D5B4CC49CF&form=CONMHP&conlogo=CT3330941 FF SelectedSearchEngine: Mozilla\Firefox\Profiles\702qq0q4.default -> Bing® FF Homepage: Mozilla\Firefox\Profiles\702qq0q4.default -> hxxps://calendar.google.com/calendar/render?tab=mc#main_7 FF Extension: (Ghostery) - C:\Users\Robert R. Fenichel\AppData\Roaming\Mozilla\Firefox\Profiles\702qq0q4.default\Extensions\firefox@ghostery.com.xpi [2017-02-11] FF Extension: (uBlock Origin) - C:\Users\Robert R. Fenichel\AppData\Roaming\Mozilla\Firefox\Profiles\702qq0q4.default\Extensions\uBlock0@raymondhill.net.xpi [2017-03-13] FF Extension: (NoScript) - C:\Users\Robert R. Fenichel\AppData\Roaming\Mozilla\Firefox\Profiles\702qq0q4.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-03-17] FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-04-01] [not signed] FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-12-08] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-10-13] [not signed] FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Internet\RoboForm\Firefox\roboform.xpi FF Extension: (RoboForm Toolbar) - C:\Program Files (x86)\Internet\RoboForm\Firefox\roboform.xpi [2017-02-25] FF HKU\S-1-5-21-979816460-3853156291-1427404335-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Internet\RoboForm\Firefox\roboform.xpi FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-14] () FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\programming\Java\bin\dtplugin\npDeployJava1.dll [2015-10-30] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\programming\Java\bin\plugin2\npjp2.dll [2015-10-30] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems) FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\image processing\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-03] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-14] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-05] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-03] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-03] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\multimedia\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\multimedia\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems) FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\image processing\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-03] (Adobe Systems) FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-10-10] (pdfforge GmbH) Chrome: ======= CHR Profile: C:\Users\Robert R. Fenichel\AppData\Local\Google\Chrome\User Data\Default [2016-08-03] CHR Extension: (Google Slides) - C:\Users\Robert R. Fenichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-23] CHR Extension: (Google Docs) - C:\Users\Robert R. Fenichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-23] CHR Extension: (Google Drive) - C:\Users\Robert R. Fenichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-23] CHR Extension: (YouTube) - C:\Users\Robert R. Fenichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-23] CHR Extension: (Logitech SetPoint) - C:\Users\Robert R. Fenichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2016-03-23] CHR Extension: (Google Sheets) - C:\Users\Robert R. Fenichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-23] CHR Extension: (Kaspersky Protection) - C:\Users\Robert R. Fenichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2016-08-03] CHR Extension: (Google Docs Offline) - C:\Users\Robert R. Fenichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-03] CHR Extension: (Blue Gradient with Diagonal Lines) - C:\Users\Robert R. Fenichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkaofaeifenjdcgjmpnhlokifhmenpho [2016-08-03] CHR Extension: (Chrome Web Store Payments) - C:\Users\Robert R. Fenichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-03] CHR Extension: (Gmail) - C:\Users\Robert R. Fenichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-23] CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2015-10-13] CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Professional.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [806664 2009-09-08] (ABBYY) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated) R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3737792 2017-03-26] (Microsoft Corporation) S3 CoordinatorServiceHost; C:\Program Files (x86)\image processing\SolidWorks\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe [81400 2015-03-06] (Dassault Systèmes SolidWorks Corporation) R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [266112 2016-10-17] (Code 42 Software) S3 DirMngr; C:\Program Files (x86)\word processing\PGP\dirmngr.exe [218112 2013-08-20] () [File not signed] R2 ewserver; C:\Program Files (x86)\image processing\SolidWorks\SOLIDWORKS Electrical\server\EwServer.exe [184328 2015-03-05] (Trace Software International) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-10-03] (NVIDIA Corporation) R2 IAStorDataMgrSvc; C:\Program Files (x86)\hardware\motherboard\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation) S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab) R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab) R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-10-14] (Lavasoft Limited) [File not signed] R2 MSSQL$TEW_SQLEXPRESS; G:\image processing\SolidWorks\electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-10-03] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-10-03] (NVIDIA Corporation) S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [198192 2017-03-25] (Microsoft Corporation) [File not signed] S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH) S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.) R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17168 2015-10-14] () [File not signed] S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2015-10-15] (SolidWorks) [File not signed] S4 SQLAgent$TEW_SQLEXPRESS; G:\image processing\SolidWorks\electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) S4 NIApplicationWebServer64; "C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe" -user [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 ausb3hub; C:\Windows\System32\DRIVERS\ausb3hub.sys [395752 2015-10-13] (Intel Corporation) R3 ausb3xhc; C:\Windows\System32\DRIVERS\ausb3xhc.sys [807912 2015-10-13] (Intel Corporation) R3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2009-06-02] (www.winchiphead.com) R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab) R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [501216 2015-06-18] (Intel Corporation) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [31144 2015-06-23] (Intel Corporation) R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [96776 2015-11-16] (Intel Corporation) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab) R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab) R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [195296 2017-03-15] (AO Kaspersky Lab) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [313112 2017-03-15] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1035488 2017-03-15] (AO Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [57936 2016-12-08] (AO Kaspersky Lab) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-19] (AO Kaspersky Lab) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab) R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75696 2016-05-17] (AO Kaspersky Lab) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [135904 2017-03-15] (AO Kaspersky Lab) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [199392 2017-03-15] (AO Kaspersky Lab) S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [42944 2010-09-09] (hxxp://libusb-win32.sourceforge.net) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [178976 2015-07-07] (Intel Corporation) S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-10-03] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation) S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation) U5 UnlockerDriver5; C:\Program Files (x86)\system tools\edit\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () S3 Usbtmc; C:\Windows\System32\Drivers\ausbtmc.sys [24064 2014-11-07] (IVI Foundation) [File not signed] R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [131144 2017-01-16] (Oracle Corporation) R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [205440 2017-01-16] (Oracle Corporation) S3 cpuz134; \??\C:\Users\ROBERT~1.FEN\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-04-07 12:31 - 2017-04-07 12:32 - 00031835 _____ C:\Users\Robert R. Fenichel\Desktop\FRST.txt 2017-04-07 12:31 - 2017-04-07 12:31 - 02424832 _____ (Farbar) C:\Users\Robert R. Fenichel\Desktop\FRST64.exe 2017-04-07 11:27 - 2017-04-07 11:27 - 00009549 _____ C:\Users\Robert R. Fenichel\Desktop\spldr.zip 2017-04-07 11:27 - 2017-04-07 11:27 - 00000448 _____ C:\Users\Robert R. Fenichel\Desktop\spdlr.zip 2017-04-03 07:28 - 2017-04-03 07:43 - 00243422 _____ C:\Windows\ntbtlog.txt 2017-04-02 12:52 - 2017-04-07 11:39 - 00000000 ___RD C:\Users\Robert R. Fenichel\Desktop\freeze on boot 2017-04-02 10:51 - 2017-04-07 12:31 - 00000000 ____D C:\FRST 2017-04-01 22:26 - 2017-04-01 22:27 - 07908905 _____ C:\Users\Robert R. Fenichel\Downloads\PCNC770-3-UM-B1-4.pdf 2017-04-01 10:25 - 2017-04-02 08:05 - 00000000 ___DC C:\ProgramData\{F4125A5E-9503-4B59-B769-E73E50538BC9} 2017-04-01 10:25 - 2017-04-01 10:25 - 00000000 ____D C:\Users\Public\Documents\RBuilder 2017-03-24 11:19 - 2017-03-24 11:19 - 07023208 _____ (Tim Kosse) C:\Users\Robert R. Fenichel\Downloads\FileZilla_3.25.1_win64-setup.exe 2017-03-22 15:27 - 2017-03-22 15:27 - 00046520 _____ C:\Users\Robert R. Fenichel\Downloads\lookup.csv 2017-03-20 17:22 - 2017-03-20 17:22 - 00001305 _____ C:\Users\Robert R. Fenichel\Desktop\BangGood PS - Shortcut.lnk 2017-03-16 10:22 - 2017-03-16 10:22 - 07008040 _____ (Tim Kosse) C:\Users\Robert R. Fenichel\Downloads\FileZilla_3.25.0_win64-setup.exe 2017-03-13 10:50 - 2017-03-13 10:50 - 00000000 ____D C:\Users\Robert R. Fenichel\Documents\DipTrace Beta 2017-03-13 10:50 - 2017-03-13 10:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DipTrace Beta 2017-03-13 10:49 - 2017-03-13 10:49 - 00000000 ____D C:\Program Files\New folder ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-04-07 11:26 - 2016-11-21 09:53 - 00000000 ____D C:\Users\Robert R. Fenichel\AppData\LocalLow\Mozilla 2017-04-07 10:53 - 2015-10-13 14:45 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2017-04-07 10:19 - 2015-10-25 09:38 - 01027629 _____ C:\ads_err.adt 2017-04-07 10:19 - 2015-10-25 09:38 - 00018432 _____ C:\ads_err.adi 2017-04-07 02:00 - 2015-10-14 17:39 - 00000000 ____D C:\Users\Robert R. Fenichel\AppData\Local\Adobe 2017-04-06 21:58 - 2015-10-15 11:52 - 00000000 ____D C:\Users\Robert R. Fenichel\AppData\Roaming\Master Genealogist 2017-04-06 17:00 - 2015-10-14 10:34 - 00000036 _____ C:\Windows\iltwain.ini 2017-04-04 16:18 - 2015-10-15 11:33 - 00001217 _____ C:\Users\Robert R. Fenichel\Desktop\shared expenses.lnk 2017-04-04 13:31 - 2009-07-13 22:13 - 00925446 _____ C:\Windows\system32\PerfStringBackup.INI 2017-04-04 13:31 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf 2017-04-04 03:50 - 2016-05-18 10:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-04-04 03:50 - 2015-10-14 15:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2017-04-03 23:21 - 2015-10-13 14:00 - 00000000 ____D C:\Users\Robert R. Fenichel\AppData\Local\PasswordSafe 2017-04-03 10:50 - 2015-10-13 12:02 - 00010740 _____ C:\Windows\ads.ini 2017-04-03 08:42 - 2016-12-05 08:51 - 00005090 _____ C:\Users\Robert R. Fenichel\Desktop\scratch.txt 2017-04-03 08:01 - 2016-08-02 12:38 - 00003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} 2017-04-03 07:52 - 2009-07-13 21:45 - 00014944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-04-03 07:52 - 2009-07-13 21:45 - 00014944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-04-03 07:45 - 2015-11-20 22:54 - 00000093 _____ C:\HaxLogs.txt 2017-04-03 07:45 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-04-03 07:44 - 2015-10-13 12:54 - 00000000 ____D C:\ProgramData\NVIDIA 2017-04-03 00:19 - 2016-12-09 16:51 - 00000000 ___HD C:\ProgramData\{7AF976B5-59D4-4691-86FA-582467192CE2} 2017-04-03 00:19 - 2016-12-01 11:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-04-03 00:19 - 2015-10-14 10:34 - 00000000 ____D C:\Users\Public\Documents\DYMO Label 2017-04-03 00:19 - 2015-10-13 16:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-04-03 00:19 - 2015-10-13 15:31 - 00000000 ____D C:\Program Files\Common Files\AV 2017-04-03 00:19 - 2015-10-13 13:14 - 00000000 ____D C:\Users\Robert R. Fenichel\AppData\Local\WinZip 2017-04-03 00:19 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration 2017-04-03 00:19 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\AppCompat 2017-04-02 23:20 - 2016-01-01 17:35 - 00000398 __RSH C:\ProgramData\ntuser.pol 2017-04-02 23:20 - 2015-10-13 11:55 - 00000000 ____D C:\Users\Robert R. Fenichel 2017-04-02 14:45 - 2015-10-15 10:36 - 00000000 ____D C:\Users\Robert R. Fenichel\AppData\Roaming\gnupg 2017-03-24 19:14 - 2017-01-17 15:06 - 00012789 _____ C:\Users\Robert R. Fenichel\Desktop\scratch.xlsx 2017-03-24 11:20 - 2015-10-14 11:32 - 00000000 ____D C:\Users\Robert R. Fenichel\AppData\Roaming\FileZilla 2017-03-24 11:20 - 2015-10-14 11:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2017-03-23 15:03 - 2015-10-25 09:36 - 00000000 ____D C:\Users\Robert R. Fenichel\AppData\Local\CrashDumps 2017-03-17 14:12 - 2016-10-11 21:36 - 00025336 _____ C:\Users\Robert R. Fenichel\Desktop\home control log.txt 2017-03-15 10:21 - 2016-08-02 12:32 - 01035488 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys 2017-03-15 10:21 - 2016-08-02 12:32 - 00195296 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys 2017-03-15 10:21 - 2016-06-20 17:51 - 00313112 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys 2017-03-15 10:21 - 2016-06-14 17:47 - 00199392 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kneps.sys 2017-03-15 10:21 - 2016-06-02 22:39 - 00135904 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys 2017-03-14 17:27 - 2016-04-08 09:27 - 06847064 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2017-03-14 17:27 - 2015-11-14 10:49 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-03-14 17:27 - 2015-10-15 17:51 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-03-14 17:27 - 2015-10-15 17:51 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-03-14 17:27 - 2015-10-15 17:51 - 00000000 ____D C:\Windows\system32\Macromed 2017-03-14 17:27 - 2015-10-14 17:43 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-03-13 15:39 - 2015-10-14 16:48 - 00000000 ____D C:\Users\Robert R. Fenichel\AppData\Roaming\vlc 2017-03-13 11:20 - 2015-11-01 16:12 - 00098294 _____ C:\Windows\excal32.dat 2017-03-12 10:10 - 2009-07-13 22:08 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-03-10 17:38 - 2015-11-08 14:18 - 00000000 ____D C:\Users\Robert R. Fenichel\AppData\Local\SolidWorks 2017-03-10 11:50 - 2015-10-25 09:38 - 00009284 _____ C:\ads_err.adm 2017-03-08 13:38 - 2016-10-11 11:28 - 00145037 _____ C:\Users\Robert R. Fenichel\Desktop\clock anomaly.txt ==================== Files in the root of some directories ======= 2015-10-15 15:26 - 2017-03-01 10:26 - 0000132 _____ () C:\Users\Robert R. Fenichel\AppData\Roaming\Adobe BMP Format CS6 Prefs 2016-01-26 19:22 - 2016-01-26 19:22 - 0000132 _____ () C:\Users\Robert R. Fenichel\AppData\Roaming\Adobe GIF Format CS6 Prefs 2015-12-15 11:18 - 2017-01-12 16:36 - 0000132 _____ () C:\Users\Robert R. Fenichel\AppData\Roaming\Adobe PNG Format CS6 Prefs 2015-12-20 16:42 - 2017-03-01 09:59 - 0000667 _____ () C:\Users\Robert R. Fenichel\AppData\Roaming\Contact Sheet II.xml 2015-12-20 16:42 - 2017-03-01 10:00 - 0027112 _____ () C:\Users\Robert R. Fenichel\AppData\Roaming\ContactSheetII.log 2016-02-26 13:27 - 2016-04-14 11:31 - 0004632 _____ () C:\Users\Robert R. Fenichel\AppData\Roaming\LTspiceIV.ini 2015-10-15 14:18 - 2015-10-15 14:18 - 0000017 _____ () C:\Users\Robert R. Fenichel\AppData\Local\resmon.resmoncfg 2015-10-13 12:28 - 2015-10-13 12:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP: ==================== 2016-06-02 10:12 - 2017-02-25 10:19 - 21387040 _____ (Siber Systems) C:\Users\Robert R. Fenichel\AppData\Local\Temp\RoboForm-Setup.exe 2014-12-22 00:55 - 2014-12-22 00:55 - 0488960 _____ () C:\Users\Robert R. Fenichel\AppData\Local\Temp\sqlite3.exe 2016-06-07 21:30 - 2016-06-07 21:30 - 30533688 _____ () C:\Users\Robert R. Fenichel\AppData\Local\Temp\vlc-2.2.4-win32.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-03-19 09:59 ==================== End of FRST.txt ============================