Jump to content

Infection? (pcreg) - help needed (and greatly appreciated!)

dornellas
 Share

Recommended Posts

dornellas

dornellas

Posted
Posted

I downloaded  Farbar Recovery Scan Tool and am copying two logs. Please be patient with me. I've been researching all this for months and the posts are so overwhelming, copy/pasting logs and downloading cleaning programs etc. I want to ensure I'm properly helping you - help me. (thank you!)

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014

Ran by Cindi (administrator) on CINDI-PC on 03-08-2014 01:16:15
Running from C:\Users\Cindi\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Kaseya International Limited) C:\Program Files (x86)\Vision Computers\VSNCMN39882456657476\Scripts\KAV\BinModules\Kav2Srv.exe
(Kaseya International Limited) C:\Program Files (x86)\Vision Computers\VSNCMN39882456657476\AgentMon.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
() C:\Program Files\pcreg\pcreg.exe
(RealVNC Ltd) C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe
(RealVNC Ltd) C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe
( ) C:\Program Files (x86)\Vision Computers\VSNCMN39882456657476\extensions\Lua.exe
( ) C:\Program Files (x86)\Vision Computers\VSNCMN39882456657476\extensions\Lua.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Kaseya International Limited) C:\Program Files (x86)\Vision Computers\VSNCMN39882456657476\KaUsrTsk.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(RealVNC Ltd) C:\Program Files (x86)\RealVNC\VNC4\vncclipboard.exe
(Kaseya) C:\Program Files (x86)\Vision Computers\VSNCMN39882456657476\DLLRunner32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam-msp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
() C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
( ) C:\Program Files (x86)\Vision Computers\VSNCMN39882456657476\extensions\Lua.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KASHVSNCMN39882456657476] => C:\Program Files (x86)\Vision Computers\VSNCMN39882456657476\KaUsrTsk.exe [583176 2014-03-26] (Kaseya International Limited)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [AVP] => c:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe [741360 2013-11-27] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [backupNowEZtray] => C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe [1294840 2013-11-07] (NTI Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-753680043-1529858624-672864294-1002\...\Policies\Explorer: [HideSCAHealth] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\Cindi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Cindi\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Cindi\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Cindi\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Cindi\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Cindi\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Cindi\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=100&itype=n&ver=12349&tm=327&src=ds&p={searchTerms}
SearchScopes: HKCU - DefaultScope {82B216CC-1E7B-4D3B-9C21-3971101312E5} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {82B216CC-1E7B-4D3B-9C21-3971101312E5} URL = https://www.google.com/search?q={searchTerms}
BHO: Start Savin BHO -> {181F2C09-56DD-4F98-86D7-59BA2BC59B5A} -> C:\Program Files (x86)\Start Savin\FrameworkBHO64.dll No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: hxxp://www.default-search.net?sid=476&aid=100&itype=n&ver=12349&tm=327&src=hmp
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Cindi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Cindi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (YouTube) - C:\Users\Cindi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-11]
CHR Extension: (Google Search) - C:\Users\Cindi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-11]
CHR Extension: (Any.do Extension) - C:\Users\Cindi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2014-07-24]
CHR Extension: (Google Wallet) - C:\Users\Cindi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Cindi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-11]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP; c:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe [741360 2013-11-27] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
R2 KaseyaConnectAPIService; C:\Program Files (x86)\Vision Computers\VSNCMN39882456657476\Scripts\KAV\BinModules\kav2srv.exe [449536 2014-03-17] (Kaseya International Limited) [File not signed]
R2 KAVSNCMN39882456657476; C:\Program Files (x86)\Vision Computers\VSNCMN39882456657476\AgentMon.exe [1140232 2014-03-26] (Kaseya International Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [46072 2013-11-07] (NTI Corporation)
R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [249024 2014-04-18] ()
R2 WinVNC4; C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe [1696496 2011-08-18] (RealVNC Ltd)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [27456 2012-07-09] (Intel Corporation)
R3 KAPFA; C:\windows\system32\drivers\KAPFA.SYS [33680 2014-03-26] (Kaseya)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-09-05] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [98400 2013-11-06] (Kaspersky Lab ZAO)
R1 KLFLTDEV; C:\Windows\System32\DRIVERS\klfltdev.sys [30816 2013-07-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [661600 2013-11-06] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-07-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2012-11-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177760 2013-07-01] (Kaspersky Lab ZAO)
S3 knetmon; C:\windows\system32\drivers\knetmon.sys [66960 2014-03-26] (Kaseya)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-03 01:16 - 2014-08-03 01:19 - 00019391 _____ () C:\Users\Cindi\Downloads\FRST.txt
2014-08-03 01:14 - 2014-08-03 01:16 - 00000000 ___DC () C:\FRST
2014-08-03 01:13 - 2014-08-03 01:13 - 02094080 _____ (Farbar) C:\Users\Cindi\Downloads\FRST64.exe
2014-08-03 01:07 - 2014-08-03 01:07 - 01084928 _____ (Farbar) C:\Users\Cindi\Downloads\FRST.exe
2014-08-03 00:52 - 2014-08-03 00:52 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-03 00:50 - 2014-08-03 00:50 - 02347384 _____ (ESET) C:\Users\Cindi\Downloads\esetsmartinstaller_enu.exe
2014-08-01 14:04 - 2014-08-02 16:32 - 00000000 ____D () C:\Users\Cindi\Desktop\REILLY_RiRiDesigns
2014-07-29 18:28 - 2014-08-01 13:46 - 00000000 ____D () C:\Users\Cindi\Desktop\CUSTOMER_MeuCow
2014-07-29 15:46 - 2010-02-07 19:29 - 00007680 _____ () C:\ProgramData\Z@!-442e31d0-3d20-477b-8732-cde23e1641fc.tmp
2014-07-28 07:28 - 2014-07-30 08:32 - 00000000 ____D () C:\Users\Cindi\Desktop\2009 kindergarten
2014-07-27 18:22 - 2014-07-27 18:23 - 00296616 _____ () C:\windows\Minidump\072714-25490-01.dmp
2014-07-27 18:22 - 2014-07-27 18:22 - 616236162 _____ () C:\windows\MEMORY.DMP
2014-07-21 08:07 - 2014-07-21 08:06 - 00319912 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-07-21 08:06 - 2014-07-21 08:06 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-07-21 08:06 - 2014-07-21 08:06 - 00189352 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-07-21 08:06 - 2014-07-21 08:06 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2014-07-21 08:05 - 2014-07-21 08:03 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-07-21 08:03 - 2014-07-21 08:03 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-07-21 08:03 - 2014-07-21 08:03 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-07-21 08:03 - 2014-07-21 08:03 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-16 08:37 - 2014-07-22 22:34 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-16 08:31 - 2014-07-23 08:05 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-16 08:31 - 2014-07-22 22:34 - 00000000 ____D () C:\Users\Cindi\Desktop\mbar
2014-07-15 18:43 - 2014-07-15 18:43 - 00000017 _____ () C:\Users\Cindi\AppData\Local\resmon.resmoncfg
2014-07-15 17:13 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-15 17:13 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-15 17:13 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-15 17:13 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-15 17:13 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-15 17:13 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-15 17:13 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-15 17:13 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-15 17:13 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-15 17:13 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-15 17:13 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-15 17:13 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-15 17:13 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-15 17:13 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-15 17:13 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-15 17:13 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-15 17:13 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-15 17:13 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-15 17:13 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-15 17:13 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-15 17:13 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-15 17:13 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-15 17:13 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-15 17:13 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-15 17:13 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-15 17:13 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-15 17:13 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-15 17:13 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-15 17:13 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-15 17:13 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-15 17:13 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-15 17:13 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-15 17:13 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-15 17:13 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-15 17:13 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-15 17:13 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-15 17:13 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-15 17:13 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-15 17:13 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-15 17:13 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-15 17:13 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-15 17:13 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-15 17:13 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-15 17:13 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-15 17:13 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-15 17:13 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-15 17:13 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-15 17:13 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-15 17:13 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-15 17:13 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-15 17:13 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-15 17:13 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-15 17:13 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-15 17:13 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-15 17:13 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-15 17:13 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-15 17:03 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-15 17:03 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-15 17:03 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-07-15 16:59 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-15 16:59 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-15 16:59 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-15 16:59 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-15 16:59 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-15 16:59 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-15 16:59 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-15 16:59 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-15 16:59 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-15 16:59 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-15 16:59 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-15 16:59 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-07-15 16:58 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-15 16:58 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-15 16:58 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-15 16:58 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-15 16:58 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-15 16:58 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-15 16:58 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-15 16:58 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-15 16:57 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-15 16:57 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-15 10:24 - 2014-07-15 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Endpoint Security 10 for Windows
2014-07-15 08:30 - 2014-07-15 08:30 - 00000000 ____D () C:\Users\softupdate.Cindi-PC.002
2014-07-15 08:30 - 2013-08-13 15:40 - 00002106 _____ () C:\Users\softupdate.Cindi-PC.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-07-15 08:30 - 2013-06-11 14:30 - 00000000 ____D () C:\Users\softupdate.Cindi-PC.002\AppData\Roaming\Macromedia
2014-07-15 08:30 - 2010-11-20 22:51 - 00001449 _____ () C:\Users\softupdate.Cindi-PC.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-15 08:30 - 2010-11-20 22:51 - 00001415 _____ () C:\Users\softupdate.Cindi-PC.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-07-15 08:30 - 2010-11-20 22:50 - 00000020 ___SH () C:\Users\softupdate.Cindi-PC.002\ntuser.ini
2014-07-15 08:30 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\softupdate.Cindi-PC.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-15 08:30 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\softupdate.Cindi-PC.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-14 22:42 - 2014-07-27 18:22 - 00000000 ____D () C:\windows\Minidump
2014-07-10 19:08 - 2014-07-10 19:08 - 00001214 _____ () C:\Users\Cindi\AppData\Local\recently-used.xbel
2014-07-09 19:33 - 2014-07-28 07:38 - 00000840 _____ () C:\windows\setupact.log
2014-07-09 19:33 - 2014-07-09 19:33 - 00000000 _____ () C:\windows\setuperr.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-03 01:19 - 2014-08-03 01:16 - 00019391 _____ () C:\Users\Cindi\Downloads\FRST.txt
2014-08-03 01:18 - 2009-07-14 00:45 - 00031280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-03 01:18 - 2009-07-14 00:45 - 00031280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-03 01:16 - 2014-08-03 01:14 - 00000000 ___DC () C:\FRST
2014-08-03 01:16 - 2013-08-07 11:11 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-03 01:15 - 2014-04-29 21:35 - 12130008 _____ () C:\windows\SysWOW64\connector.log
2014-08-03 01:13 - 2014-08-03 01:13 - 02094080 _____ (Farbar) C:\Users\Cindi\Downloads\FRST64.exe
2014-08-03 01:07 - 2014-08-03 01:07 - 01084928 _____ (Farbar) C:\Users\Cindi\Downloads\FRST.exe
2014-08-03 00:53 - 2013-06-11 14:29 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-03 00:52 - 2014-08-03 00:52 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-03 00:50 - 2014-08-03 00:50 - 02347384 _____ (ESET) C:\Users\Cindi\Downloads\esetsmartinstaller_enu.exe
2014-08-03 00:32 - 2013-08-07 11:04 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-03 00:19 - 2013-09-09 10:31 - 2246476800 _____ () C:\Users\Cindi\Desktop\backup.pst
2014-08-03 00:19 - 2013-08-18 15:43 - 00000000 ____D () C:\Users\Cindi\Documents\Outlook Files
2014-08-02 23:34 - 2013-08-07 22:28 - 01402746 _____ () C:\windows\WindowsUpdate.log
2014-08-02 16:32 - 2014-08-01 14:04 - 00000000 ____D () C:\Users\Cindi\Desktop\REILLY_RiRiDesigns
2014-08-02 14:53 - 2013-06-11 14:29 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-02 13:11 - 2013-08-07 10:48 - 00000000 ___DC () C:\kworking
2014-08-02 03:59 - 2014-04-24 15:19 - 00004974 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Cindi-PC-Cindi Cindi-PC
2014-08-01 13:46 - 2014-07-29 18:28 - 00000000 ____D () C:\Users\Cindi\Desktop\CUSTOMER_MeuCow
2014-08-01 10:57 - 2013-08-20 14:36 - 00000000 ____D () C:\Users\Cindi\AppData\Roaming\ZoomBrowser EX
2014-08-01 10:57 - 2013-08-20 14:35 - 00000000 ____D () C:\Users\Cindi\AppData\Roaming\CameraWindowDC
2014-07-31 23:06 - 2013-08-19 13:59 - 00000000 ____D () C:\Users\Cindi\Documents\REILLY
2014-07-30 08:32 - 2014-07-28 07:28 - 00000000 ____D () C:\Users\Cindi\Desktop\2009 kindergarten
2014-07-28 07:38 - 2014-07-09 19:33 - 00000840 _____ () C:\windows\setupact.log
2014-07-28 07:38 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-27 18:23 - 2014-07-27 18:22 - 00296616 _____ () C:\windows\Minidump\072714-25490-01.dmp
2014-07-27 18:22 - 2014-07-27 18:22 - 616236162 _____ () C:\windows\MEMORY.DMP
2014-07-27 18:22 - 2014-07-14 22:42 - 00000000 ____D () C:\windows\Minidump
2014-07-27 18:22 - 2013-06-11 13:48 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-27 18:22 - 2013-06-11 13:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-26 08:45 - 2013-06-11 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 22:51 - 2013-08-19 13:52 - 00000000 ____D () C:\Users\Cindi\Documents\CARLY
2014-07-24 13:00 - 2014-05-08 13:23 - 00000000 ____D () C:\Users\Public\Desktop\Vision Computers Tools
2014-07-23 19:43 - 2013-06-11 14:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-23 08:05 - 2014-07-16 08:31 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-23 08:00 - 2014-01-16 10:14 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-23 08:00 - 2013-06-11 22:10 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-23 08:00 - 2013-06-11 22:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-22 22:34 - 2014-07-16 08:37 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-22 22:34 - 2014-07-16 08:31 - 00000000 ____D () C:\Users\Cindi\Desktop\mbar
2014-07-22 00:00 - 2010-11-20 23:47 - 00274486 _____ () C:\windows\PFRO.log
2014-07-22 00:00 - 2009-07-14 00:45 - 00407336 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-21 21:17 - 2013-08-11 19:19 - 00101800 _____ () C:\Users\Cindi\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-21 11:03 - 2013-08-07 10:48 - 00000000 ____D () C:\temp
2014-07-21 08:06 - 2014-07-21 08:07 - 00319912 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-07-21 08:06 - 2014-07-21 08:06 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-07-21 08:06 - 2014-07-21 08:06 - 00189352 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-07-21 08:06 - 2014-07-21 08:06 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2014-07-21 08:03 - 2014-07-21 08:05 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-07-21 08:03 - 2014-07-21 08:03 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-07-21 08:03 - 2014-07-21 08:03 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-07-21 08:03 - 2014-07-21 08:03 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-20 00:45 - 2014-05-21 08:07 - 00002189 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-16 10:23 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2014-07-15 18:43 - 2014-07-15 18:43 - 00000017 _____ () C:\Users\Cindi\AppData\Local\resmon.resmoncfg
2014-07-15 17:23 - 2014-05-10 09:41 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-15 17:23 - 2011-04-12 04:28 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-15 17:23 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-15 17:23 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-15 17:16 - 2013-08-07 10:51 - 00000000 ____D () C:\windows\system32\MRT
2014-07-15 17:14 - 2013-06-11 10:44 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-15 13:51 - 2014-04-24 00:19 - 00000000 ____D () C:\Program Files\pcreg
2014-07-15 10:39 - 2013-08-27 09:47 - 00000361 ____C () C:\rkill.log
2014-07-15 10:37 - 2013-08-27 09:31 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-07-15 10:24 - 2014-07-15 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Endpoint Security 10 for Windows
2014-07-15 08:30 - 2014-07-15 08:30 - 00000000 ____D () C:\Users\softupdate.Cindi-PC.002
2014-07-10 19:08 - 2014-07-10 19:08 - 00001214 _____ () C:\Users\Cindi\AppData\Local\recently-used.xbel
2014-07-09 19:33 - 2014-07-09 19:33 - 00000000 _____ () C:\windows\setuperr.log
2014-07-09 13:23 - 2013-08-14 16:13 - 00001266 _____ () C:\Users\Cindi\Desktop\Sure Cuts A Lot 3.lnk
2014-07-08 18:32 - 2013-08-07 11:04 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 18:32 - 2013-08-07 11:04 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 18:32 - 2013-06-11 22:07 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-07 17:17 - 2013-08-14 16:50 - 00000000 ____D () C:\Users\Cindi\AppData\Roaming\PrimoPDF
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-28 08:52
 
==================== End Of Log ============================
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by Cindi at 2014-08-03 01:20:34
Running from C:\Users\Cindi\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Endpoint Security 10 for Windows (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Endpoint Security 10 for Windows (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (x32 Version: 3.07 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
AKVIS ArtWork (HKLM\...\{DA2B4016-343D-4564-BE1C-99D84BE9673D}) (Version: 8.0.1681.10118 - AKVIS)
AKVIS Sketch (HKLM\...\{AC0BAA05-28E6-4911-B3F3-0AE2EB0F54A1}) (Version: 15.0.2674.10091 - AKVIS)
AKVIS Sketch (HKLM-x32\...\{AC0BAA05-28E6-4911-B3F3-0AE2EB0F54A1}) (Version: 12.5.2265.7774 - AKVIS)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - )
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 2.5.0.15 - )
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 0.9.3.9 - )
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.0.0.8 - )
Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.0.0.15 - )
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.1.15 - )
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 6.4.0.5 - )
Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.0.0.5 - )
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.20.44 - )
Canon Utilities RemoteCapture DC (HKLM-x32\...\RemoteCaptureDC) (Version: 3.0.1.8 - )
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - )
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.0.0.246 - )
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.0.0.19 - )
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\{B9082609-19CD-3D8D-B53C-E1F0D3F409E3}) (Version: 65.223.114 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 7520 series Help (HKLM-x32\...\{08295D09-E002-48F8-905D-34E4B08509BA}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 7520 series Product Improvement Study (HKLM\...\{16B872EE-C458-41BD-BEAE-52758A3F3168}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417065FF}) (Version: 7.0.650 - Oracle)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.19 - Oracle, Inc.) Hidden
Java 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Kaspersky Endpoint Security 10 for Windows (HKLM\...\{04CF7FBD-E56C-446D-8FC9-DD444BDBEE8E}) (Version: 10.2.1.23 - Kaspersky Lab)
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4623.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 10 Menu TemplatePack Basic (x32 Version: 10.6.10000.0.0 - Nero AG) Hidden
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.20030 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10400.2.100 - Nero AG)
Nero Control Center 10 (x32 Version: 10.6.13000.0.11 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.21800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.19900.9.11 - Nero AG) Hidden
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.6.10600.4.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10500.1.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10800.6.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10300.1.100 - Nero AG)
Nero Kwik Media (x32 Version: 1.18.20100 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{7E21FC0E-E116-44BD-A38E-3149F5E14496}) (Version: 10.5.10400 - Nero AG)
Nero Prerequisite Installer 1.0 (HKLM-x32\...\{1E7901CE-BE8B-46F6-86AC-24620659ED4E}) (Version: 11.0.12300 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.10.10700.5.100 - Nero AG)
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG)
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.4.11000.9.100 - Nero AG)
nero.prerequisites.msi (x32 Version: 11.0.20012 - Nero AG) Hidden
NTI Backup Now EZ (HKLM-x32\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 3.0.2.55 - NTI Corporation)
NTI Backup Now EZ (x32 Version: 3.0.2.55 - NTI Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
PosteRazor (HKLM-x32\...\PosteRazor_is1) (Version: 1.5.2 - Alessandro Portale)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6804 - Realtek Semiconductor Corp.)
Silhouette Studio (HKLM-x32\...\{0706D4E8-C4DD-408C-94DA-4F7E8B3BCC66}) (Version: 3.0.343 - Silhouette America)
Sure Cuts A Lot 3.064 (HKLM-x32\...\Sure Cuts A Lot 3_is1) (Version:  - Craft Edge)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
TSST OEM Content (HKLM-x32\...\{885AFEC2-0809-47CE-8B3F-00AEC19DDD5F}) (Version: 10.0.10300.0.0 - Nero AG)
Vision Computers (757190_356651_2091888.root.homeusers - msp.visioncomputers.com) (HKLM-x32\...\KAVSNCMN39882456657476) (Version: 6.5.0.1 - Kaseya)
VNC Enterprise Edition E4.6.3 (HKLM-x32\...\RealVNC_is1) (Version: E4.6.3 - RealVNC Ltd)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-753680043-1529858624-672864294-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Cindi\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-753680043-1529858624-672864294-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Cindi\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-753680043-1529858624-672864294-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Cindi\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-753680043-1529858624-672864294-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Cindi\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-753680043-1529858624-672864294-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Cindi\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
15-07-2014 21:35:43 7.15.14; scan malware, kaspersky, 12 imp. window updates
16-07-2014 13:02:38 7.16.14 - disk defrag
20-07-2014 15:30:28 Windows Update
21-07-2014 22:12:58 Weekly Desktop Maintenance
22-07-2014 15:00:33 Windows Backup
26-07-2014 11:01:32 Windows Update
27-07-2014 19:02:02 Weekly Desktop Maintenance
29-07-2014 17:01:10 Windows Backup
31-07-2014 17:43:09 7.31.2014 - restore
01-08-2014 12:11:15 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2014-06-03 11:24 - 00464718 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {2E8CE02C-03E2-4A72-8C24-9B78191BD3C1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-05-13] (Microsoft Corporation)
Task: {3D8A92F2-91BC-4B8E-B239-0493FEEC141C} - System32\Tasks\AdobeAAMUpdater-1.0-Cindi-PC-Cindi => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {4B518F79-2F66-4BCD-8390-2281C62CC881} - System32\Tasks\Microsoft\Windows\PLA\KCTR$1736 => Rundll32.exe C:\windows\system32\pla.dll,PlaHost "KCTR$1736" "$(Arg0)"
Task: {570718FC-609F-4922-AC56-2C172949ED11} - System32\Tasks\Microsoft\Windows\PLA\KCTR$1729 => Rundll32.exe C:\windows\system32\pla.dll,PlaHost "KCTR$1729" "$(Arg0)"
Task: {5E3408C0-06FF-48E3-AB42-82C6BE161E64} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe
Task: {61FD76CB-E06C-4B29-B52E-2CF2FE340B8D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {62ECDEE8-AEEB-462A-9518-FC54ADA0C6C2} - System32\Tasks\Microsoft\Windows\PLA\KCTR$1442 => Rundll32.exe C:\windows\system32\pla.dll,PlaHost "KCTR$1442" "$(Arg0)"
Task: {6941AE84-9B6B-4D5F-A4D2-AC4AE0580B78} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-11] (Google Inc.)
Task: {6CC04635-B688-4FED-89EE-F14906245598} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {73C6EE86-791D-431E-ADF2-31BFDB4B722A} - System32\Tasks\Microsoft\Windows\PLA\KCTR$1769 => Rundll32.exe C:\windows\system32\pla.dll,PlaHost "KCTR$1769" "$(Arg0)"
Task: {76655CB2-9FC1-45E6-8B15-0E4D025C059C} - System32\Tasks\Microsoft\Windows\PLA\KCTR$1435 => Rundll32.exe C:\windows\system32\pla.dll,PlaHost "KCTR$1435" "$(Arg0)"
Task: {773DB586-3CCD-4364-A6F9-318CD34F69BB} - System32\Tasks\Microsoft\Windows\PLA\KCTR$1089 => Rundll32.exe C:\windows\system32\pla.dll,PlaHost "KCTR$1089" "$(Arg0)"
Task: {8B3F5D8C-8709-4140-9EC9-B77F157716C8} - System32\Tasks\HPCustParticipation HP Photosmart 7520 series => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {A8941495-155F-401A-8360-DF64F64A5C18} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-11] (Google Inc.)
Task: {AAA9BB18-5805-4024-AB18-7FFA10D9E63F} - System32\Tasks\Microsoft\Windows\PLA\KCTR$1437 => Rundll32.exe C:\windows\system32\pla.dll,PlaHost "KCTR$1437" "$(Arg0)"
Task: {BCA2FD02-ACA2-417C-BCC6-BA86D8E7FEC2} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Cindi-PC-Cindi Cindi-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-06-15] (Microsoft Corporation)
Task: {D9E2546F-10DF-4211-B549-60118FFC98C5} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-08-14 16:46 - 2011-02-28 18:37 - 00095008 _____ () C:\windows\System32\Primomonnt.dll
2014-03-28 06:19 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-04-18 08:47 - 2014-04-18 08:47 - 00249024 _____ () C:\Program Files\pcreg\pcreg.exe
2014-06-15 06:52 - 2014-06-15 06:52 - 08890536 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-06-12 01:43 - 2012-05-21 10:38 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-08-14 11:10 - 2009-07-20 12:35 - 00018960 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2013-08-14 11:10 - 2009-07-20 04:00 - 00077824 _____ () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
2014-08-03 00:54 - 2014-06-26 07:44 - 00358144 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-07 10:48 - 2014-03-26 15:00 - 00925696 _____ () C:\Program Files (x86)\Vision Computers\VSNCMN39882456657476\libkacm.dll
2013-11-07 17:14 - 2013-11-07 17:14 - 00465824 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ\sqlite3.dll
2013-11-27 21:21 - 2013-11-27 21:21 - 01309888 _____ () c:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\kpcengine.2.2.dll
2013-08-07 10:48 - 2014-03-26 15:00 - 00110592 _____ () C:\Program Files (x86)\Vision Computers\VSNCMN39882456657476\extensions\scripts\socket\core.dll
2013-08-07 10:48 - 2014-03-26 15:00 - 00073728 _____ () C:\Program Files (x86)\Vision Computers\VSNCMN39882456657476\extensions\scripts\mime\core.dll
2013-08-07 11:10 - 2013-08-07 11:10 - 00167936 _____ () C:\Program Files (x86)\Vision Computers\VSNCMN39882456657476\lua5.1.dll
2014-07-20 00:45 - 2014-07-15 05:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-20 00:45 - 2014-07-15 05:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-20 00:45 - 2014-07-15 05:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-20 00:45 - 2014-07-15 05:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-20 00:45 - 2014-07-15 05:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-03-17 18:33 - 2014-03-17 18:33 - 00122024 _____ () C:\Program Files\Microsoft Office 15\root\Office15\JitV.dll
2014-06-15 06:48 - 2014-06-15 06:48 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\Office15\AppVIsvStream32.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:054B9966
AlternateDataStreams: C:\ProgramData\TEMP:C59E90A4
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KAVSNCMN39882456657476 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KAVSNCMN39882456657476 => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: pcreg => C:\Program Files\pcreg\service.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/03/2014 00:52:02 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (08/02/2014 11:11:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12090
 
Error: (08/02/2014 11:11:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12090
 
Error: (08/02/2014 11:11:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/02/2014 11:11:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11029
 
Error: (08/02/2014 11:11:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11029
 
Error: (08/02/2014 11:11:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/02/2014 11:10:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10015
 
Error: (08/02/2014 11:10:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10015
 
Error: (08/02/2014 11:10:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (08/02/2014 02:59:28 PM) (Source: volmgr) (EventID: 45) (User: )
Description: The system could not sucessfully load the crash dump driver.
 
Error: (08/02/2014 01:46:24 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Peer Networking Identity Manager service, but this action failed with the following error: 
%%1056
 
Error: (08/02/2014 01:41:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Peer Name Resolution Protocol service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (08/02/2014 01:41:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Peer Networking Grouping service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (08/02/2014 01:41:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Peer Networking Identity Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (07/31/2014 07:35:10 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{DD602649-4E15-4D7D-87F7-67926115C3A8} because another computer on the network has the same name.  The server could not start.
 
Error: (07/30/2014 07:00:14 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (07/30/2014 07:00:14 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (07/30/2014 07:00:12 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (07/29/2014 01:42:12 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{DD602649-4E15-4D7D-87F7-67926115C3A8} because another computer on the network has the same name.  The server could not start.
 
 
Microsoft Office Sessions:
=========================
Error: (08/03/2014 00:52:02 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cindi\Downloads\esetsmartinstaller_enu.exe
 
Error: (08/02/2014 11:11:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12090
 
Error: (08/02/2014 11:11:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12090
 
Error: (08/02/2014 11:11:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/02/2014 11:11:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11029
 
Error: (08/02/2014 11:11:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11029
 
Error: (08/02/2014 11:11:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/02/2014 11:10:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10015
 
Error: (08/02/2014 11:10:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10015
 
Error: (08/02/2014 11:10:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-02 23:57:02.778
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-02 23:57:02.775
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-02 23:57:02.772
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-02 23:22:58.121
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-02 23:22:58.119
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-02 23:22:58.117
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-02 14:27:30.238
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\My Files(Cindi-PC)\Native\C\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-02 14:27:30.222
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\My Files(Cindi-PC)\Native\C\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-02 14:27:30.222
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\My Files(Cindi-PC)\Native\C\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-02 13:19:15.985
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 72%
Total physical RAM: 3992.04 MB
Available physical RAM: 1093.21 MB
Total Pagefile: 7982.27 MB
Available Pagefile: 4324.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (OSDisk) (Fixed) (Total:464.77 GB) (Free:364.4 GB) NTFS
Drive f: (TOSHIBA EXT) (Fixed) (Total:465.66 GB) (Free:59.16 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: DDC05D48)
Partition 1: (Active) - (Size=1011 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 466 GB) (Disk ID: 0E936084)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

Link to post
Share on other sites
TwinHeadedEagle

TwinHeadedEagle

Posted
Posted

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
    
 
    
Before we start please read and note the following:
    
Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
Do not paste the logs in your posts, attachments make my work easier. There is a Attach Files option below which you can use to attach your reports. Always attach reports from all tools.
Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
Note that we may live in totally different time zones, what may cause some delays between answers.
Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
    
icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
 
P2P/Piracy Warning:

  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.
 
 
 
 

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware
 
Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.

  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.
  • Save the file to your desktop and include its content in your next reply.

fixlist.txt

Link to post
Share on other sites
dornellas

dornellas

Posted
  • Author
Posted

thank you, in advance, for your help patience. Ok - so I have the two files saved on my desktop. I right-clicked to run as admin, clicked fix button and this is what it said - see screen grab. Darn - I can't find the attachment feature it says, 'no fixtlist.text'.  The fixlist.text should be be in the same folder/director as the tool.' I have the fistlist.text and the additional on my desktop. What am I doing wrong. Do I need to put the tool and the 2 files in a FOLDER on my desktop?

 

thank you,

 

Cindi

Link to post
Share on other sites
dornellas

dornellas

Posted
  • Author
Posted

Ok - another issue. I have malwarebytes on my system  - it was part of the package when I purchased my system. I'm adding screen grab of the 'about' malwarebytes. Opened program, did update. When I go to settings tab there is none of this: "in the left panel choose Detctions & protection and tick Scan for rootkits".  Going to attach screen grab of that too.

 

 

post-169126-0-38714000-1407070192_thumb.

post-169126-0-71736700-1407070195_thumb.

Link to post
Share on other sites
dornellas

dornellas

Posted
  • Author
Posted

Let me ask you this. My system 'came' with malwarebytes. The company company put it on there and 'manages it'. If I have issues they can go in remotely through my system. If I update via the link and get the free update under PRO, is that going to mess up the program or relationship with  the computer company that manages my malwarebytes? Sorry if I'm being unclear...I, of course, wanted the best/latest version but I'm afraid if I do this then if the computer company comes in remotely, it's a different 'version' (not just updated) of the malewarebytes they initially installed. 

 

(Again - thank you so much for your assistance). 

Link to post
Share on other sites
dornellas

dornellas

Posted
  • Author
Posted

I don't know the license. I appreciate your understanding. I only have 7 days left with this company to manage my computer. I probably am not renewing with them because they've done a poor job helping me but I still have those 7 days and don't want to mess it up incase I need them in those 7 remaining days of my contract. Thank you again for your understanding.

Link to post
Share on other sites
TwinHeadedEagle

TwinHeadedEagle

Posted
Posted

Okay,

 

 

 

adwcleaner_new.png Fix with AdwCleaner
 
Please download AdwCleaner by Xplode and save the file to your desktop.
 
  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
Follow the prompts and click Scan
When finished, please click Clean.
Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.

 
Please include the contents of that file in your reply.
 
 
 
 
Tell me how is  your PC now?
Link to post
Share on other sites
dornellas

dornellas

Posted
  • Author
Posted

Avast was installed on my system and now I can't even access anything on The Internet on this computer. I'm typing this on my ipad. I tried to uninstall the vast but it won't. Says it needs administrator permission. I tried to do a system restore and it wouldn't go through. I'm freaking out- I'm so upset

Link to post
Share on other sites
dornellas

dornellas

Posted
  • Author
Posted

I got the avast clean - mostly.  I was googling (on ipad for hours) and found if I went to network & sharing center, there's an avast there and if I disabled it there, I could access the internet. Then was able to use your link/file from above. OMG! BUT, when I do a search on c; drive for avast...there's still a handful of avast docs that didn't delete (see screen grab).  OMG - I'm so sorry this happed. I was furious. I went out with my daughters (school starts tomorrow for them) and came back and had this downloaded on my system. SO mad. 

Anyway - should I start ALL over - so that all logs you are seeing now include 'avast'?

 

Thank you,

post-169126-0-15105400-1407106464_thumb.

Link to post
Share on other sites
TwinHeadedEagle

TwinHeadedEagle

Posted
Posted

I would like you to use this utility from Safe mode to completely remove Avast

 

http://www.avast.com/uninstall-utility

 

How to start Windows in Safe Mode --> http://windows.microsoft.com/en-us/windows/start-computer-safe-mode#start-computer-safe-mode=windows-7

 

 

 

Then, re-run FRST again, check Addition.txt, press Scan and attach both reports.

Link to post
Share on other sites
dornellas

dornellas

Posted
  • Author
Posted

I apologize, I can't seem to find the very first post/email you sent and it  doesn't seem to be on this thread or I'm losing it... Can you please re-tell me how to do this 'Then, re-run FRST again, check Addition.txt, press Scan and attach both reports." and send any link? I'm sorry - it's been a long day. thank you

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.