There is virus that is occurring that pops up a webpage that is very difficullt to close. It pertends to be a Microsoft Support site, but uses what seem to be random letter .us domains.
Examples-
lvsdigw._us
ffwzbv._us
Underbars added for safety.
OS = WIN-XT
Browser = Firefox 52.1.2
Computer = Dell Insperon 530
It's my mother's computer, she's 93, and doesn't need much.
---------------------
DDS.txt File -
---------------------
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by SRB1 at 18:55:37 on 2017-05-31
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3317.1895 [GMT -5:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avanquest\PowerDesk\PDHookServer.exe
C:\Program Files\Raxco\PerfectUpdater\perfectupdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
E:\Internet\FireFox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4071012
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = Google
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
BHO: Kaspersky Protection: {2E38825B-8815-42CF-9126-C58BC28D4591} - c:\program files\kaspersky lab\kaspersky internet security 17.0.0\ieext\ie_plugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
TB: Kaspersky Protection Toolbar: {093F479D-712E-46CD-9E06-62E734A05F68} - c:\program files\kaspersky lab\kaspersky internet security 17.0.0\ieext\ie_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PDHookServer] c:\program files\avanquest\powerdesk\PDHookServer.exe
uRun: [PUReminder] c:\program files\raxco\perfectupdater\perfectupdater.exe -rem
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SystemTray] SysTray.Exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267575219265
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{7EDC1C43-1165-44ED-919E-0F4619205565} : NameServer = 207.177.24.2,207.177.24.3,8.8.8.8
TCP: Interfaces\{7EDC1C43-1165-44ED-919E-0F4619205565} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{CE43CC31-1043-48C7-99B7-776480DD1CDD} : NameServer = 207.177.24.2,167.142.225.3
TCP: Interfaces\{CE43CC31-1043-48C7-99B7-776480DD1CDD} : DHCPNameServer = 192.168.2.1
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
AppInit_DLLs= c:\windows\system32\FileMonitor32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\srb1\application data\mozilla\firefox\profiles\dcnu8t2q.default-1461271856187\
FF - prefs.js: browser.startup.homepage - file:///E:/Internet/momhome.htm
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.33.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.50428.0\npctrlui.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1228198.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_24_0_0_221.dll
FF - plugin: e:\programs\quicktime\plugins\npqtplugin.dll
FF - plugin: e:\programs\quicktime\plugins\npqtplugin2.dll
FF - plugin: e:\programs\quicktime\plugins\npqtplugin3.dll
FF - plugin: e:\programs\quicktime\plugins\npqtplugin4.dll
FF - plugin: e:\programs\quicktime\plugins\npqtplugin5.dll
FF - plugin: e:\programs\quicktime\plugins\npqtplugin6.dll
FF - plugin: e:\programs\quicktime\plugins\npqtplugin7.dll
.
============= SERVICES / DRIVERS ===============
.
R0 cm_km;AO Kaspersky Lab Cryptographic Module x86 (56 bit);c:\windows\system32\drivers\cm_km.sys [2016-6-10 170840]
R0 hotcore2;hotcore2;c:\windows\system32\drivers\hotcore2.sys [2007-10-17 30808]
R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2016-6-2 165296]
R0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\drivers\klbackupdisk.sys [2016-6-8 57264]
R1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\drivers\klbackupflt.sys [2016-6-15 77656]
R1 klhk;Kaspersky Lab service driver;c:\windows\system32\drivers\klhk.sys [2017-1-10 128496]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2017-1-10 796384]
R1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\drivers\klpd.sys [2016-6-1 41392]
R1 kltdf;kltdf;c:\windows\system32\drivers\kltdf.sys [2016-5-18 82352]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2016-5-18 71088]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2016-6-14 165088]
R2 AVP17.0.0;Kaspersky Anti-Virus Service 17.0.0;c:\program files\kaspersky lab\kaspersky internet security 17.0.0\avp.exe [2016-6-28 241544]
R2 kldisk;kldisk;c:\windows\system32\drivers\kldisk.sys [2016-6-1 69000]
R2 PDFSFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [2012-8-23 69016]
R3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\drivers\klflt.sys [2017-1-10 159448]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2016-5-23 50080]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2016-5-19 44976]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2015-6-7 37040]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9ab8d2cadb36d;Google Update Service (gupdate1c9ab8d2cadb36d);c:\program files\google\update\GoogleUpdate.exe [2009-3-23 144200]
S3 kltap;Kaspersky Security Data Escort Adapter;c:\windows\system32\drivers\kltap.sys [2016-6-22 42336]
S3 KSDE1.0.0;Kaspersky Secure Connection Service 1.0.0;c:\program files\kaspersky lab\kaspersky secure connection 1.0\ksde.exe [2016-6-28 241544]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\62A77F3E.sys [2016-8-23 170200]
S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2007-10-17 18432]
S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2007-10-17 14336]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2017-05-18 20:45:47 803320 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-05-18 20:45:47 144888 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-05-18 20:09:48 2404 ----a-w- c:\windows\system32\ASOROSet.bin
2017-04-11 10:32:02 159448 ----a-w- c:\windows\system32\drivers\klflt.sys
2017-04-11 10:32:00 128496 ----a-w- c:\windows\system32\drivers\klhk.sys
2017-03-14 09:50:34 165088 ----a-w- c:\windows\system32\drivers\kneps.sys
.
============= FINISH: 18:56:08.62 ===============
ATTACH.txt file attached.
-------------------------
Steve/bluewizard
Examples-
lvsdigw._us
ffwzbv._us
Underbars added for safety.
OS = WIN-XT
Browser = Firefox 52.1.2
Computer = Dell Insperon 530
It's my mother's computer, she's 93, and doesn't need much.
---------------------
DDS.txt File -
---------------------
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by SRB1 at 18:55:37 on 2017-05-31
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3317.1895 [GMT -5:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avanquest\PowerDesk\PDHookServer.exe
C:\Program Files\Raxco\PerfectUpdater\perfectupdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
E:\Internet\FireFox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4071012
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = Google
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
BHO: Kaspersky Protection: {2E38825B-8815-42CF-9126-C58BC28D4591} - c:\program files\kaspersky lab\kaspersky internet security 17.0.0\ieext\ie_plugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
TB: Kaspersky Protection Toolbar: {093F479D-712E-46CD-9E06-62E734A05F68} - c:\program files\kaspersky lab\kaspersky internet security 17.0.0\ieext\ie_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PDHookServer] c:\program files\avanquest\powerdesk\PDHookServer.exe
uRun: [PUReminder] c:\program files\raxco\perfectupdater\perfectupdater.exe -rem
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SystemTray] SysTray.Exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267575219265
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{7EDC1C43-1165-44ED-919E-0F4619205565} : NameServer = 207.177.24.2,207.177.24.3,8.8.8.8
TCP: Interfaces\{7EDC1C43-1165-44ED-919E-0F4619205565} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{CE43CC31-1043-48C7-99B7-776480DD1CDD} : NameServer = 207.177.24.2,167.142.225.3
TCP: Interfaces\{CE43CC31-1043-48C7-99B7-776480DD1CDD} : DHCPNameServer = 192.168.2.1
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
AppInit_DLLs= c:\windows\system32\FileMonitor32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\srb1\application data\mozilla\firefox\profiles\dcnu8t2q.default-1461271856187\
FF - prefs.js: browser.startup.homepage - file:///E:/Internet/momhome.htm
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.33.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.50428.0\npctrlui.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1228198.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_24_0_0_221.dll
FF - plugin: e:\programs\quicktime\plugins\npqtplugin.dll
FF - plugin: e:\programs\quicktime\plugins\npqtplugin2.dll
FF - plugin: e:\programs\quicktime\plugins\npqtplugin3.dll
FF - plugin: e:\programs\quicktime\plugins\npqtplugin4.dll
FF - plugin: e:\programs\quicktime\plugins\npqtplugin5.dll
FF - plugin: e:\programs\quicktime\plugins\npqtplugin6.dll
FF - plugin: e:\programs\quicktime\plugins\npqtplugin7.dll
.
============= SERVICES / DRIVERS ===============
.
R0 cm_km;AO Kaspersky Lab Cryptographic Module x86 (56 bit);c:\windows\system32\drivers\cm_km.sys [2016-6-10 170840]
R0 hotcore2;hotcore2;c:\windows\system32\drivers\hotcore2.sys [2007-10-17 30808]
R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2016-6-2 165296]
R0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\drivers\klbackupdisk.sys [2016-6-8 57264]
R1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\drivers\klbackupflt.sys [2016-6-15 77656]
R1 klhk;Kaspersky Lab service driver;c:\windows\system32\drivers\klhk.sys [2017-1-10 128496]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2017-1-10 796384]
R1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\drivers\klpd.sys [2016-6-1 41392]
R1 kltdf;kltdf;c:\windows\system32\drivers\kltdf.sys [2016-5-18 82352]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2016-5-18 71088]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2016-6-14 165088]
R2 AVP17.0.0;Kaspersky Anti-Virus Service 17.0.0;c:\program files\kaspersky lab\kaspersky internet security 17.0.0\avp.exe [2016-6-28 241544]
R2 kldisk;kldisk;c:\windows\system32\drivers\kldisk.sys [2016-6-1 69000]
R2 PDFSFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [2012-8-23 69016]
R3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\drivers\klflt.sys [2017-1-10 159448]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2016-5-23 50080]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2016-5-19 44976]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2015-6-7 37040]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9ab8d2cadb36d;Google Update Service (gupdate1c9ab8d2cadb36d);c:\program files\google\update\GoogleUpdate.exe [2009-3-23 144200]
S3 kltap;Kaspersky Security Data Escort Adapter;c:\windows\system32\drivers\kltap.sys [2016-6-22 42336]
S3 KSDE1.0.0;Kaspersky Secure Connection Service 1.0.0;c:\program files\kaspersky lab\kaspersky secure connection 1.0\ksde.exe [2016-6-28 241544]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\62A77F3E.sys [2016-8-23 170200]
S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2007-10-17 18432]
S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2007-10-17 14336]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2017-05-18 20:45:47 803320 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-05-18 20:45:47 144888 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-05-18 20:09:48 2404 ----a-w- c:\windows\system32\ASOROSet.bin
2017-04-11 10:32:02 159448 ----a-w- c:\windows\system32\drivers\klflt.sys
2017-04-11 10:32:00 128496 ----a-w- c:\windows\system32\drivers\klhk.sys
2017-03-14 09:50:34 165088 ----a-w- c:\windows\system32\drivers\kneps.sys
.
============= FINISH: 18:56:08.62 ===============
ATTACH.txt file attached.
-------------------------
Steve/bluewizard