Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very Slow Computer


  • This topic is locked This topic is locked
17 replies to this topic

#1 momdotts

momdotts

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 01 May 2015 - 03:18 PM

I constantly was getting BSOD... I worked with Kaspersky support... So far / so good with the BSOD issue... but - the computer is running ridiculously slow!

 

I don't know if I have some sort of virus, malware, etc. somewhere... this is what has been done so far

 

chkdsk /r /f

 

updated to Kaspersky 2015 Internet Security

 

I don't want to run any additional scans until you tell me what you need / want.

 

I'm running Vista home premium

8 GB ram

 

Thank you!

 

 



BC AdBot (Login to Remove)

 


#2 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:30 AM

Posted 05 May 2015 - 09:24 AM

Hello momdotts,

Welcome to Bleeping Computer! :welcome:

My name is Cody and I'll be helping you clean up your computer. :)

I will reply to your posts as soon as possible -- typically within 24 hours. In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.

Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.

==========================================================================

Some points for you to keep in mind:
  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.
==========================================================================

Farbar Recovery Scan Tool (FRST)
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop.
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should.
  • Double click the icon.
  • Click Yes to the disclaimer.
  • Make sure the Addition.txt box is checked.
  • Click Scan and allow the program to run.
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen.
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#3 momdotts

momdotts
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 05 May 2015 - 02:36 PM

Cody,

First and foremost... Thank you very much!  Below please find the two documents requested:

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-05-2015
Ran by Barbara (administrator) on BARBARA-PC on 05-05-2015 15:19:54
Running from C:\Users\Barbara\Downloads
Loaded Profiles: Barbara (Available profiles: Barbara)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1420571675\ee\aolsoftware.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1420571675\ee\aolupdates.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\shellmon.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2008-12-04] (Intel Corporation)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1533728 2015-04-01] (Seagate Technology LLC)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2328676749-41169590-3530807978-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-04-01] (Seagate Technology LLC)
HKU\S-1-5-21-2328676749-41169590-3530807978-1000\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.7\AOL.EXE [72296 2014-09-16] (AOL Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk [2015-01-17]
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk [2015-01-17]
ShortcutTarget: Adobe Acrobat Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKU\S-1-5-21-2328676749-41169590-3530807978-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-2328676749-41169590-3530807978-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
SearchScopes: HKLM -> DefaultScope {AB52EDAA-AF1A-4031-A9EB-9F255A937C16} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM -> {34D89E8B-3BF8-4591-ACE1-BFCC24ACC745} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM -> {AB52EDAA-AF1A-4031-A9EB-9F255A937C16} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 -> DefaultScope {AB52EDAA-AF1A-4031-A9EB-9F255A937C16} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 -> {34D89E8B-3BF8-4591-ACE1-BFCC24ACC745} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {AB52EDAA-AF1A-4031-A9EB-9F255A937C16} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKU\S-1-5-21-2328676749-41169590-3530807978-1000 -> DefaultScope {AB52EDAA-AF1A-4031-A9EB-9F255A937C16} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKU\S-1-5-21-2328676749-41169590-3530807978-1000 -> {34D89E8B-3BF8-4591-ACE1-BFCC24ACC745} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-2328676749-41169590-3530807978-1000 -> {AB52EDAA-AF1A-4031-A9EB-9F255A937C16} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23] (Adobe Systems Incorporated)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll [2009-01-22] (Microsoft Corp.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll [2009-01-22] (Microsoft Corp.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
Toolbar: HKU\S-1-5-21-2328676749-41169590-3530807978-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-17] ()
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-04-30] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-04-30] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-04-30] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-05]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-04-30]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-04-30]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-04-30]
 
Chrome: 
=======
CHR Profile: C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-06]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-01-17] (Macrovision Europe Ltd.) [File not signed]
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-02-13] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157992 2015-04-01] (Seagate Technology LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
S2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [56008 2015-04-30] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [151240 2014-11-28] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [245960 2014-10-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [842440 2015-04-30] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30920 2014-10-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [30920 2014-10-30] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdf; C:\Windows\System32\DRIVERS\kltdf.sys [75976 2014-11-06] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [57032 2014-10-09] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [181960 2014-11-10] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\EX64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
S1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [X]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-05 15:19 - 2015-05-05 15:21 - 00019308 _____ () C:\Users\Barbara\Downloads\FRST.txt
2015-05-05 15:18 - 2015-05-05 15:20 - 00000000 ____D () C:\FRST
2015-05-05 15:18 - 2015-05-05 15:18 - 02101248 _____ (Farbar) C:\Users\Barbara\Downloads\FRST64.exe
2015-05-05 15:16 - 2015-05-05 15:16 - 00415232 _____ (Farbar) C:\Users\Barbara\Downloads\FSS.exe
2015-05-04 10:08 - 2015-05-04 10:10 - 00293352 _____ () C:\Windows\Minidump\Mini050415-01.dmp
2015-05-04 05:04 - 2015-05-04 10:27 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\29620CD9.sys
2015-05-03 22:34 - 2015-05-03 22:35 - 00289224 _____ () C:\Windows\Minidump\Mini050315-02.dmp
2015-05-03 18:32 - 2015-05-03 18:32 - 00322024 _____ () C:\Windows\Minidump\Mini050315-01.dmp
2015-05-02 21:22 - 2015-05-02 21:22 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\08F85D76.sys
2015-05-02 12:33 - 2015-05-02 12:34 - 00289224 _____ () C:\Windows\Minidump\Mini050215-01.dmp
2015-04-30 16:38 - 2015-04-30 16:38 - 00002167 _____ () C:\Users\Barbara\Desktop\Safe Money.lnk
2015-04-30 16:28 - 2015-04-30 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-04-30 16:28 - 2015-04-30 16:22 - 00002041 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-04-30 15:46 - 2014-10-22 21:13 - 00245960 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-04-30 13:35 - 2015-04-30 13:36 - 196619072 _____ (Kaspersky Lab) C:\Users\Barbara\Downloads\kis15.0.2.361en_7255 (1).exe
2015-04-30 13:33 - 2015-04-30 13:40 - 196619072 _____ (Kaspersky Lab) C:\Users\Barbara\Downloads\kis15.0.2.361en_7255.exe
2015-04-25 07:22 - 2015-04-25 07:22 - 00317896 _____ () C:\Windows\Minidump\Mini042515-01.dmp
2015-04-24 12:17 - 2015-04-24 12:17 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\21294AE6.sys
2015-04-24 12:16 - 2015-04-24 12:16 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\57664AAF.sys
2015-04-24 11:02 - 2015-04-24 11:02 - 00000000 ____D () C:\ProgramData\WindowsSearch
2015-04-24 09:45 - 2015-04-24 09:45 - 00000000 _____ () C:\sfc
2015-04-24 07:58 - 2015-04-24 07:59 - 02347384 _____ (ESET) C:\Users\Barbara\Downloads\esetsmartinstaller_enu (1).exe
2015-04-24 07:33 - 2015-04-24 07:33 - 00272600 _____ () C:\Windows\Minidump\Mini042415-01.dmp
2015-04-23 09:38 - 2015-04-23 09:38 - 00280968 _____ () C:\Windows\Minidump\Mini042315-02.dmp
2015-04-23 09:09 - 2015-04-23 09:10 - 00297480 _____ () C:\Windows\Minidump\Mini042315-01.dmp
2015-04-20 15:58 - 2015-04-20 15:58 - 00000761 _____ () C:\Users\Barbara\Desktop\µTorrent.lnk
2015-04-20 15:56 - 2015-04-23 13:06 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\uTorrent
2015-04-20 15:55 - 2015-04-20 15:55 - 01743952 _____ (BitTorrent Inc.) C:\Users\Barbara\Downloads\uTorrent.exe
2015-04-20 15:55 - 2015-04-20 15:55 - 00012256 _____ () C:\Users\Barbara\Downloads\Windows-Vista-64-bit-Repair-Disc.zip
2015-04-20 10:41 - 2015-04-20 09:35 - 16736520 _____ (Kaspersky Lab) C:\Users\Barbara\Desktop\KasperskyLogUtility.exe
2015-04-20 08:47 - 2015-04-20 08:47 - 00000680 _____ () C:\Users\Barbara\AppData\Local\d3d9caps.dat
2015-04-20 08:18 - 2015-04-20 08:18 - 00317896 _____ () C:\Windows\Minidump\Mini042015-02.dmp
2015-04-20 07:52 - 2015-04-20 07:52 - 00262144 _____ () C:\Windows\Minidump\Mini042015-01.dmp
2015-04-18 13:59 - 2015-04-18 13:59 - 05197824 _____ () C:\Users\Barbara\Downloads\HPSupportSolutionsFramework-11.51.0049.msi
2015-04-18 09:16 - 2015-04-18 09:16 - 00289224 _____ () C:\Windows\Minidump\Mini041815-03.dmp
2015-04-18 08:33 - 2015-04-18 08:33 - 00289224 _____ () C:\Windows\Minidump\Mini041815-02.dmp
2015-04-18 08:22 - 2015-04-18 08:23 - 00314528 _____ () C:\Windows\Minidump\Mini041815-01.dmp
2015-04-17 14:13 - 2015-04-17 14:13 - 00305608 _____ () C:\Windows\Minidump\Mini041715-01.dmp
2015-04-16 20:51 - 2015-04-16 20:51 - 00000000 ____D () C:\AOL
2015-04-15 03:19 - 2015-03-04 22:25 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 03:19 - 2015-03-04 21:58 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 03:18 - 2015-03-13 22:22 - 01585248 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 03:18 - 2015-03-13 22:22 - 01168080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 03:18 - 2015-03-12 21:44 - 04691384 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 03:18 - 2015-03-12 21:44 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 03:18 - 2015-03-12 21:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 03:18 - 2015-03-12 21:30 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 03:18 - 2015-03-12 21:30 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 03:18 - 2015-03-12 21:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 03:18 - 2015-03-12 21:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 03:18 - 2015-03-12 20:08 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 03:18 - 2015-03-12 20:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 03:18 - 2015-03-12 20:08 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 03:03 - 2015-03-04 22:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 03:03 - 2015-03-04 22:14 - 00360384 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 03:03 - 2015-03-04 21:58 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 03:02 - 2015-03-08 21:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 03:02 - 2015-03-08 20:40 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 14:44 - 2015-03-09 20:31 - 17882112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 14:44 - 2015-03-09 20:19 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 14:44 - 2015-03-09 20:19 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 14:44 - 2015-03-09 20:18 - 10931200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 14:44 - 2015-03-09 20:14 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 14:44 - 2015-03-09 20:14 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 14:44 - 2015-03-09 20:13 - 02157568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 14:44 - 2015-03-09 20:13 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 14:44 - 2015-03-09 20:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-14 14:44 - 2015-03-09 20:13 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 14:44 - 2015-03-09 20:13 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 14:44 - 2015-03-09 20:13 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-14 14:44 - 2015-03-09 20:13 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 14:44 - 2015-03-09 20:13 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 14:44 - 2015-03-09 20:12 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 14:44 - 2015-03-09 20:12 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 14:44 - 2015-03-09 20:12 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 14:44 - 2015-03-09 20:12 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 14:44 - 2015-03-09 20:12 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 14:44 - 2015-03-09 20:12 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-14 14:44 - 2015-03-09 20:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-14 14:44 - 2015-03-09 20:12 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-14 14:44 - 2015-03-09 19:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 14:44 - 2015-03-09 19:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 14:44 - 2015-03-09 19:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 14:44 - 2015-03-09 19:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 14:44 - 2015-03-09 18:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 14:44 - 2015-03-09 18:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 14:44 - 2015-03-09 18:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 14:44 - 2015-03-09 18:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 14:44 - 2015-03-09 18:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-14 14:44 - 2015-03-09 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 14:44 - 2015-03-09 18:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-04-14 14:44 - 2015-03-09 18:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 14:44 - 2015-03-09 18:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 14:44 - 2015-03-09 18:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 14:44 - 2015-03-09 18:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 14:44 - 2015-03-09 18:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 14:44 - 2015-03-09 18:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 14:44 - 2015-03-09 18:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 14:44 - 2015-03-09 18:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 14:44 - 2015-03-09 18:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-04-14 14:44 - 2015-03-09 18:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-04-14 14:44 - 2015-03-09 18:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-04-06 12:17 - 2015-04-06 12:17 - 05944320 _____ () C:\Users\Barbara\Downloads\Chapter 14 (1).ppt
2015-04-06 12:09 - 2015-04-06 12:09 - 05944320 _____ () C:\Users\Barbara\Downloads\Chapter 14.ppt
2015-04-06 12:09 - 2015-04-06 12:09 - 02476544 _____ () C:\Users\Barbara\Downloads\Chapter 12.ppt
2015-04-06 12:09 - 2015-04-06 12:09 - 02006016 _____ () C:\Users\Barbara\Downloads\Nationalistic & Endemic Terrorism.ppt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-05 15:15 - 2015-01-06 15:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-05 15:13 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-05 15:13 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-05 15:12 - 2015-03-24 13:04 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-05 15:12 - 2015-01-06 15:06 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-05 15:12 - 2015-01-05 17:00 - 01052856 _____ () C:\Windows\WindowsUpdate.log
2015-05-05 10:50 - 2015-01-06 18:07 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-05 10:42 - 2015-01-07 15:51 - 00000000 ____D () C:\GroundsKeeper Pro v7.0.1
2015-05-04 16:23 - 2015-01-06 15:06 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-04 10:08 - 2015-02-05 17:22 - 1991928422 _____ () C:\Windows\MEMORY.DMP
2015-05-04 10:08 - 2015-02-05 17:22 - 00000000 ____D () C:\Windows\Minidump
2015-05-04 10:08 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-02 16:33 - 2006-11-02 11:42 - 00023662 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-02 16:32 - 2015-02-10 12:58 - 00003520 _____ () C:\Windows\System32\Tasks\Seagate_Install_Launch
2015-05-02 16:31 - 2015-02-24 08:40 - 00002701 _____ () C:\Users\Public\Desktop\Seagate Dashboard.lnk
2015-05-02 16:31 - 2015-02-24 08:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2015-05-02 10:08 - 2015-01-27 16:33 - 00000000 ____D () C:\Users\Barbara\AppData\Local\CutePDF Writer
2015-05-01 11:23 - 2015-03-24 13:04 - 00000943 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-01 11:23 - 2015-03-24 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-01 11:23 - 2015-01-15 17:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-30 18:34 - 2006-11-02 09:33 - 00000000 __RHD () C:\Users\Default
2015-04-30 17:11 - 2014-12-13 18:21 - 00842440 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-04-30 17:11 - 2014-08-19 12:31 - 00056008 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kldisk.sys
2015-04-30 16:28 - 2015-01-06 18:07 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-04-30 16:21 - 2015-01-05 17:04 - 00000000 ____D () C:\Users\Barbara
2015-04-29 19:39 - 2015-01-06 15:06 - 00002027 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-29 19:34 - 2015-01-08 08:57 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-04-25 07:28 - 2006-11-02 08:46 - 00758370 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-24 10:19 - 2006-11-02 11:21 - 00403552 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-23 13:06 - 2015-01-17 13:33 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-04-23 13:06 - 2006-11-02 09:34 - 00000000 ____D () C:\Windows\system32\spool
2015-04-23 13:06 - 2006-11-02 09:34 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-04-23 13:06 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\registration
2015-04-23 13:06 - 2006-11-02 08:33 - 74186752 _____ () C:\Windows\system32\config\software_previous
2015-04-23 13:06 - 2006-11-02 08:33 - 51118080 _____ () C:\Windows\system32\config\system_previous
2015-04-23 13:00 - 2006-11-02 08:33 - 66322432 _____ () C:\Windows\system32\config\components_previous
2015-04-23 13:00 - 2006-11-02 08:33 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-04-23 09:13 - 2015-01-05 18:34 - 00000000 ____D () C:\Windows\pss
2015-04-23 08:30 - 2006-11-02 08:33 - 00262144 _____ () C:\Windows\system32\config\default_previous
2015-04-23 08:25 - 2006-11-02 08:33 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-04-21 09:49 - 2008-01-20 23:26 - 00208186 _____ () C:\Windows\PFRO.log
2015-04-20 10:33 - 2006-11-02 11:27 - 00161836 _____ () C:\Windows\setupact.log
2015-04-20 07:54 - 2015-01-05 17:27 - 00111368 _____ () C:\Users\Barbara\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-19 07:25 - 2015-01-06 12:38 - 00000000 ____D () C:\Users\Barbara\Desktop\Matt - STAC
2015-04-17 14:31 - 2015-01-06 15:08 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-17 14:31 - 2015-01-06 15:08 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-17 14:31 - 2015-01-06 15:08 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 03:17 - 2015-01-08 16:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 03:13 - 2015-01-06 12:10 - 00751766 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 03:11 - 2015-01-06 08:58 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 03:04 - 2006-11-02 08:35 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-04-14 09:37 - 2015-03-24 13:04 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2015-03-24 13:04 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2015-03-24 13:04 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-06 11:45 - 2015-01-07 16:27 - 00000000 ____D () C:\Users\Barbara\AppData\Local\CUSTPDF Writer
 
==================== Files in the root of some directories =======
 
2015-01-08 11:17 - 2015-01-15 17:00 - 0000112 _____ () C:\Users\Barbara\AppData\Roaming\wklnhst.dat
2015-04-20 08:47 - 2015-04-20 08:47 - 0000680 _____ () C:\Users\Barbara\AppData\Local\d3d9caps.dat
2015-02-27 17:25 - 2015-02-27 17:25 - 0003584 _____ () C:\Users\Barbara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
Some content of TEMP:
====================
C:\Users\Barbara\AppData\Local\Temp\3931e665-34db-461d-85ab-15ea627a3857.setup.exe
C:\Users\Barbara\AppData\Local\Temp\AcsInstall.dll
C:\Users\Barbara\AppData\Local\Temp\setup.exe
C:\Users\Barbara\AppData\Local\Temp\SHFOLDER.DLL
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-04 10:17
 
==================== End Of Log ============================
 
ADDITION:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-05-2015
Ran by Barbara at 2015-05-05 15:21:53
Running from C:\Users\Barbara\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2328676749-41169590-3530807978-500 - Administrator - Disabled)
Barbara (S-1-5-21-2328676749-41169590-3530807978-1000 - Administrator - Enabled) => C:\Users\Barbara
Guest (S-1-5-21-2328676749-41169590-3530807978-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2328676749-41169590-3530807978-1000\...\uTorrent) (Version: 3.4.3.39944 - BitTorrent Inc.)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adkad PDF (HKLM\...\Adkad PDF) (Version:  3.0 - )
Adobe Acrobat 8 Professional - English, Français, Deutsch (HKLM-x32\...\Adobe Acrobat 8 Professional - English, Français, Deutsch) (Version: 8.0.0 - Adobe Systems)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2602 - CyberLink Corp.)
Default Manager (x32 Version: 1.0.105.0 - Microsoft Corporation) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GroundsKeeper Pro v7.0.1 (HKLM-x32\...\{25D45C63-0DB4-4C5A-B566-FA37A3B75A0F}) (Version: 7.0.1 - Adkad Technologies)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 5.1.5144.16 - PC-Doctor, Inc.)
HP Active Support Library (HKLM-x32\...\{0295F89F-F698-4101-9A7D-49F407EC2D82}) (Version: 3.1.10.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{B84739A3-F943-47E4-95D8-96381EF5AC48}) (Version: 5.7.0.2945 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.66 - WildTangent)
HP MediaSmart Demo (HKLM-x32\...\{290CA856-3737-4874-864B-BA142F4823C8}_is1) (Version: 1.0.0.0 - Hewlett-Packard Company)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.2.2719 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.2.2809 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}) (Version: 2.1.12 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Software (HKLM\...\{5F240DB8-0D74-4F13-86C3-929760392A8D}) (Version: 1.0.5.0 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{1CC069FA-1A86-402E-9787-3F04E652C67A}) (Version: 10.1.0001 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{47F36D92-E58E-456D-B73C-3382737E4C42}) (Version: 4.000.013.003 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.2.361 - Kaspersky Lab) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1402 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1402 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{7F10292C-A190-4176-A665-A1ED3478DF86}) (Version: 1.18.3.2 - LightScribe)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.552.0 - Microsoft Live Search Toolbar)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.12 - Hewlett-Packard Company)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2602 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2602 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2611 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.2611 - CyberLink Corp.) Hidden
Python 2.6 pywin32-212 (HKLM-x32\...\pywin32-py2.6) (Version: 2.12 - Python Software Foundation)
Python 2.6.1 (HKLM-x32\...\{9CC89170-000B-457D-91F1-53691F85B223}) (Version: 2.6.1150 - Python Software Foundation)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.0.2102.0 - Seagate)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
26-03-2015 03:59:56 Scheduled Checkpoint
27-03-2015 01:12:32 Scheduled Checkpoint
28-03-2015 02:33:07 Scheduled Checkpoint
29-03-2015 01:51:59 Scheduled Checkpoint
31-03-2015 10:25:14 Windows Update
01-04-2015 11:59:19 Scheduled Checkpoint
02-04-2015 01:55:21 Scheduled Checkpoint
03-04-2015 00:00:02 Scheduled Checkpoint
04-04-2015 02:03:35 Scheduled Checkpoint
05-04-2015 00:30:55 Scheduled Checkpoint
06-04-2015 00:22:34 Scheduled Checkpoint
07-04-2015 00:30:30 Scheduled Checkpoint
07-04-2015 02:50:50 Windows Update
09-04-2015 01:19:52 Scheduled Checkpoint
10-04-2015 00:39:10 Scheduled Checkpoint
10-04-2015 03:00:10 Windows Update
13-04-2015 07:20:46 Scheduled Checkpoint
14-04-2015 00:19:09 Scheduled Checkpoint
14-04-2015 02:39:29 Windows Update
15-04-2015 00:00:05 Scheduled Checkpoint
15-04-2015 03:00:43 Windows Update
16-04-2015 00:02:00 Scheduled Checkpoint
17-04-2015 17:10:49 Scheduled Checkpoint
18-04-2015 11:38:26 Scheduled Checkpoint
18-04-2015 13:59:17 Installed HP Support Solutions Framework
20-04-2015 13:07:12 Scheduled Checkpoint
21-04-2015 10:00:13 Windows Update
22-04-2015 00:00:51 Scheduled Checkpoint
23-04-2015 08:34:09 Windows Update
24-04-2015 10:34:56 Windows Update
28-04-2015 02:10:24 Windows Update
30-04-2015 15:46:56 First Restore Point
30-04-2015 16:17:57 Device Driver Package Install: Kaspersky Lab Network Service
30-04-2015 16:19:56 Device Driver Package Install: Kaspersky Lab
30-04-2015 16:20:36 Device Driver Package Install: Kaspersky Lab System devices
30-04-2015 16:25:46 First Restore Point
30-04-2015 18:19:24 First Restore Point
30-04-2015 18:33:37 Device Driver Package Install: Kaspersky Lab Network Service
01-05-2015 08:21:31 Windows Update
02-05-2015 14:14:23 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 08:34 - 2006-09-18 17:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {21141971-5051-4770-8C0A-B16F34A01867} - System32\Tasks\Barbara1 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-04-01] (Seagate Technology LLC)
Task: {5E150511-858F-4E4F-B63B-AEBF96BE2548} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02] (PC-Doctor, Inc.)
Task: {962FD589-593E-4192-BF8B-721708F3D62D} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04] (Hewlett-Packard)
Task: {B5A7BD77-09A8-48E6-A138-9767CF942E1C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-17] (Adobe Systems Incorporated)
Task: {BB2B49E4-4804-421E-9B60-C1D7B8DD3C49} - System32\Tasks\Barbara1 Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-04-01] (Seagate Technology LLC)
Task: {C125ED32-8F09-4A6F-B414-FA9B4650DC0E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-06] (Google Inc.)
Task: {F2AE3D98-606F-4348-86F5-AB95DEB8DEBE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-06] (Google Inc.)
Task: {F448E3CB-FF61-44D5-84AD-CA477CDF69DF} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2015-04-01] (Seagate Technology LLC)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe5-fh scripts\monthly.xml
 
==================== Loaded Modules (whitelisted) ==============
 
2015-01-07 15:51 - 2013-04-11 11:01 - 00089600 _____ () C:\Windows\System32\custmon64i.dll
2015-01-27 16:24 - 2013-10-23 16:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2014-09-16 14:17 - 2014-09-16 14:17 - 00048640 _____ () C:\Program Files (x86)\AOL Desktop 9.7\zlib.dll
2014-09-16 14:17 - 2014-09-16 14:17 - 21151232 _____ () C:\Program Files (x86)\AOL Desktop 9.7\libcef.dll
2014-09-16 14:17 - 2014-09-16 14:17 - 00648704 _____ () C:\Program Files (x86)\AOL Desktop 9.7\libglesv2.dll
2014-09-16 14:17 - 2014-09-16 14:17 - 00122880 _____ () C:\Program Files (x86)\AOL Desktop 9.7\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2328676749-41169590-3530807978-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Barbara\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk => C:\Windows\pss\PictureMover.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AOL Fast Start => "C:\Program Files (x86)\AOL Desktop 9.7\AOL.EXE" -b
MSCONFIG\startupreg: CLMLServer for HP TouchSmart => "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
MSCONFIG\startupreg: DVDAgent => "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
MSCONFIG\startupreg: HostManager => "C:\Program Files (x86)\Common Files\AOL\1420571675\ee\AOLSoftware.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Health Check Scheduler => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSCONFIG\startupreg: HP Remote Software => C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Microsoft Default Manager => "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SmartMenu => %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MSCONFIG\startupreg: TSMAgent => "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
MSCONFIG\startupreg: UpdateLBPShortCut => "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: UpdatePDIRShortCut => "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
MSCONFIG\startupreg: UpdatePSTShortCut => "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{E97C606C-D462-42E4-B23C-9937DBB667EE}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{C2F289FD-17C8-4A2D-B686-7251386BA486}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{8D39C6D3-AD00-4FD4-8756-E17626FE29EB}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{08051D15-EB70-45A3-8BE7-2A56406BC983}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{9AC44264-6E74-4330-B36C-0FDC4388B676}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{319F6CD7-B43C-43A9-9194-8F7DD96448C1}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{7855103F-F7AF-4AF1-8F65-E30A662DDC46}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{47888011-5AF7-483A-8958-AAB9F6DD6A7E}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{F1573E3A-F353-423D-A868-B87887F16507}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{59677EE4-930F-493D-8782-6F3095F040F4}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{1C4E76E7-64C6-4673-A640-E6A49116C0AD}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{3941D7CB-4278-4144-B0F1-E955BA1EB144}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{32B0115F-739C-49F0-86D0-531B5EA6C19F}] => (Allow) LPort=80
FirewallRules: [{350CCE80-F847-4445-8C79-30BB0F625663}] => (Allow) LPort=80
FirewallRules: [{695F2862-9C20-44C8-BB27-68D1AED304AA}] => (Allow) LPort=80
FirewallRules: [{91A8D646-0868-43C5-8723-BFA9C0535800}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{6FCAFF85-246A-4CDC-A7DD-0D6A2EA4B163}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{5FA67031-6079-4243-8435-6E6D1A18A159}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{64F2156E-B9B0-4223-A6D5-AC2BA3E3087C}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{B0CA3009-8F9C-4EAD-A7E8-1DF9989F4164}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1420571675\ee\aolsoftware.exe
FirewallRules: [{3A72E0EA-89E3-4510-8A5D-1CDAE15EBF79}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1420571675\ee\aolsoftware.exe
FirewallRules: [{2D56AFA9-8D8C-4752-8931-F637F293753A}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{8410B867-0DA6-4F01-8406-03497835BF84}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{FA57000B-CD69-4821-893E-1DAD62DDA3B5}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{AA938CDA-268C-4097-B491-A47FD6689E35}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{586A7AF1-7F01-49F1-AA5B-92882E10839A}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{D58091DA-DE60-4384-B350-99D3D2E20D80}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{B667810E-AB17-4952-9DD9-1ED9A5DD5934}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{1E09EA11-8BE3-4C72-BF78-892A28098E61}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{C47999E6-A112-40D3-AF2F-CA32695C24CC}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\aolbrowser.exe
FirewallRules: [{E91CD898-1ED2-43E8-98A3-CBD7D71B2922}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\aolbrowser.exe
FirewallRules: [{C9E46DCE-6CC1-4887-9DDE-B99FDA4041CD}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\outlook.exe
FirewallRules: [{58491D2F-A3FC-48A9-A91E-71F0DDC7642E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE
FirewallRules: [{4AC48FBC-46B0-4EAF-8739-6D793C82DB8E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE
FirewallRules: [{362442DF-F353-4592-AB5A-8EE80753CC3E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE
FirewallRules: [{4F244D4A-F32F-4873-BE34-A37E248949C5}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE
FirewallRules: [TCP Query User{DD1E2DF2-3F0E-40F9-83DE-B858855AB023}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{80C49018-F372-4AB4-8391-861144135284}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{8C68DFE4-7C43-4606-90D2-3FDC4BD1D0F5}] => (Allow) LPort=8888
FirewallRules: [TCP Query User{6D07A9C5-8ED1-4B3F-A0D6-74D5D953A4FB}C:\users\barbara\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\barbara\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{92E5696C-C14A-427F-865E-FAD076BB0C7F}C:\users\barbara\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\barbara\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{151DE17B-7AB2-4B50-813E-E0869FB916FF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E06C8185-FD37-41BC-92CC-D0FED71E4C1A}] => (Allow) LPort=8888
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Tun Miniport Adapter #2
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/05/2015 06:31:13 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\svchost.exe -k netsvcs; Descripton = Windows Update; Hr = 0x81000101).
 
Error: (05/04/2015 10:10:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/03/2015 10:36:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/03/2015 06:35:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/02/2015 04:39:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/02/2015 00:35:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/02/2015 00:01:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/01/2015 04:56:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program aolupdates.exe version 16.4.6.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1330
Start Time: 01d084505346e26c
Termination Time: 291
 
Error: (05/01/2015 03:53:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/30/2015 06:20:37 PM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1 - 0000000000000168,0x00530194,0000000000000000,0,000000000014EF90,4096,[0]).
 
 
Operation:
   Query Shadow Copies
 
 
System errors:
=============
Error: (05/05/2015 03:12:16 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000ShellHWDetection
 
Error: (05/05/2015 08:39:16 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Netman
 
Error: (05/05/2015 06:22:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Volume Shadow Copy%%1053
 
Error: (05/05/2015 06:22:10 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Volume Shadow Copy
 
Error: (05/05/2015 06:21:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Volume Shadow Copy%%1053
 
Error: (05/05/2015 06:21:27 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Volume Shadow Copy
 
Error: (05/05/2015 06:21:22 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 
Error: (05/05/2015 06:16:33 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
 
Error: (05/05/2015 05:52:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Modules Installer%%1053
 
Error: (05/05/2015 05:52:12 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Modules Installer
 
 
Microsoft Office Sessions:
=========================
Error: (04/20/2015 08:01:28 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (04/20/2015 08:00:54 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 21 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-05-05 15:21:36.454
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-05 15:21:36.267
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-05 15:21:36.080
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-05 15:21:34.738
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-05 15:21:34.379
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-05 15:21:34.192
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-05 15:21:34.020
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-05 15:21:33.833
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-05 15:21:33.334
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\klif.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-05 15:21:33.147
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\klif.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 86%
Total physical RAM: 1898.83 MB
Available physical RAM: 251 MB
Total Pagefile: 4052.87 MB
Available Pagefile: 1377.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (HP) (Fixed) (Total:917.83 GB) (Free:613.95 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.68 GB) (Free:1.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive j: (Seagate Backup Plus Drive) (Fixed) (Total:1397.26 GB) (Free:715.66 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=917.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (Size: 1397.3 GB) (Disk ID: 99EAFBDA)
Partition 1: (Active) - (Size=1397.3 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 


Edited by momdotts, 05 May 2015 - 02:38 PM.


#4 momdotts

momdotts
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 07 May 2015 - 07:06 AM

NEW FRST REPORT & ADDITION - DUE TO LATEST BSOD

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2015 01
Ran by Barbara (administrator) on BARBARA-PC on 07-05-2015 07:38:02
Running from C:\Users\Barbara\Downloads
Loaded Profiles: Barbara (Available profiles: Barbara)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\shellmon.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1420571675\ee\aolsoftware.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1420571675\ee\aolupdates.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\RacAgent.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Barbara\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2008-12-04] (Intel Corporation)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1533728 2015-04-01] (Seagate Technology LLC)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [260608 2009-04-11] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2328676749-41169590-3530807978-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-04-01] (Seagate Technology LLC)
HKU\S-1-5-21-2328676749-41169590-3530807978-1000\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.7\AOL.EXE [72296 2014-09-16] (AOL Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk [2015-01-17]
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk [2015-01-17]
ShortcutTarget: Adobe Acrobat Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKU\S-1-5-21-2328676749-41169590-3530807978-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-2328676749-41169590-3530807978-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
SearchScopes: HKLM -> DefaultScope {AB52EDAA-AF1A-4031-A9EB-9F255A937C16} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM -> {34D89E8B-3BF8-4591-ACE1-BFCC24ACC745} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM -> {AB52EDAA-AF1A-4031-A9EB-9F255A937C16} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 -> DefaultScope {AB52EDAA-AF1A-4031-A9EB-9F255A937C16} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 -> {34D89E8B-3BF8-4591-ACE1-BFCC24ACC745} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {AB52EDAA-AF1A-4031-A9EB-9F255A937C16} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKU\S-1-5-21-2328676749-41169590-3530807978-1000 -> DefaultScope {AB52EDAA-AF1A-4031-A9EB-9F255A937C16} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKU\S-1-5-21-2328676749-41169590-3530807978-1000 -> {34D89E8B-3BF8-4591-ACE1-BFCC24ACC745} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-2328676749-41169590-3530807978-1000 -> {AB52EDAA-AF1A-4031-A9EB-9F255A937C16} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23] (Adobe Systems Incorporated)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll [2009-01-22] (Microsoft Corp.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll [2009-01-22] (Microsoft Corp.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
Toolbar: HKU\S-1-5-21-2328676749-41169590-3530807978-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-17] ()
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-04-30] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-04-30] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-04-30] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-05]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-04-30]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-04-30]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-04-30]
 
Chrome: 
=======
CHR Profile: C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-06]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-01-17] (Macrovision Europe Ltd.) [File not signed]
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-02-13] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157992 2015-04-01] (Seagate Technology LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
S2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [56008 2015-04-30] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [151240 2014-11-28] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [245960 2014-10-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [842440 2015-04-30] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30920 2014-10-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [30920 2014-10-30] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdf; C:\Windows\System32\DRIVERS\kltdf.sys [75976 2014-11-06] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [57032 2014-10-09] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [181960 2014-11-10] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\EX64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
S1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [X]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-07 07:30 - 2015-05-07 07:31 - 02102272 _____ (Farbar) C:\Users\Barbara\Downloads\FRST64 (1).exe
2015-05-07 07:16 - 2015-05-07 07:16 - 00301544 _____ () C:\Windows\Minidump\Mini050715-01.dmp
2015-05-05 15:21 - 2015-05-05 15:30 - 00035012 _____ () C:\Users\Barbara\Downloads\Addition.txt
2015-05-05 15:19 - 2015-05-07 07:46 - 00019878 _____ () C:\Users\Barbara\Downloads\FRST.txt
2015-05-05 15:18 - 2015-05-07 07:38 - 00000000 ____D () C:\FRST
2015-05-05 15:18 - 2015-05-05 15:18 - 02101248 _____ (Farbar) C:\Users\Barbara\Downloads\FRST64.exe
2015-05-05 15:16 - 2015-05-05 15:16 - 00415232 _____ (Farbar) C:\Users\Barbara\Downloads\FSS.exe
2015-05-04 10:08 - 2015-05-04 10:10 - 00293352 _____ () C:\Windows\Minidump\Mini050415-01.dmp
2015-05-04 05:04 - 2015-05-04 10:27 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\29620CD9.sys
2015-05-03 22:34 - 2015-05-03 22:35 - 00289224 _____ () C:\Windows\Minidump\Mini050315-02.dmp
2015-05-03 18:32 - 2015-05-03 18:32 - 00322024 _____ () C:\Windows\Minidump\Mini050315-01.dmp
2015-05-02 21:22 - 2015-05-02 21:22 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\08F85D76.sys
2015-05-02 12:33 - 2015-05-02 12:34 - 00289224 _____ () C:\Windows\Minidump\Mini050215-01.dmp
2015-04-30 16:38 - 2015-04-30 16:38 - 00002167 _____ () C:\Users\Barbara\Desktop\Safe Money.lnk
2015-04-30 16:28 - 2015-04-30 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-04-30 16:28 - 2015-04-30 16:22 - 00002041 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-04-30 15:46 - 2014-10-22 21:13 - 00245960 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-04-30 13:35 - 2015-04-30 13:36 - 196619072 _____ (Kaspersky Lab) C:\Users\Barbara\Downloads\kis15.0.2.361en_7255 (1).exe
2015-04-30 13:33 - 2015-04-30 13:40 - 196619072 _____ (Kaspersky Lab) C:\Users\Barbara\Downloads\kis15.0.2.361en_7255.exe
2015-04-25 07:22 - 2015-04-25 07:22 - 00317896 _____ () C:\Windows\Minidump\Mini042515-01.dmp
2015-04-24 12:17 - 2015-04-24 12:17 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\21294AE6.sys
2015-04-24 12:16 - 2015-04-24 12:16 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\57664AAF.sys
2015-04-24 11:02 - 2015-04-24 11:02 - 00000000 ____D () C:\ProgramData\WindowsSearch
2015-04-24 09:45 - 2015-04-24 09:45 - 00000000 _____ () C:\sfc
2015-04-24 07:58 - 2015-04-24 07:59 - 02347384 _____ (ESET) C:\Users\Barbara\Downloads\esetsmartinstaller_enu (1).exe
2015-04-24 07:33 - 2015-04-24 07:33 - 00272600 _____ () C:\Windows\Minidump\Mini042415-01.dmp
2015-04-23 09:38 - 2015-04-23 09:38 - 00280968 _____ () C:\Windows\Minidump\Mini042315-02.dmp
2015-04-23 09:09 - 2015-04-23 09:10 - 00297480 _____ () C:\Windows\Minidump\Mini042315-01.dmp
2015-04-20 15:55 - 2015-04-20 15:55 - 01743952 _____ (BitTorrent Inc.) C:\Users\Barbara\Downloads\uTorrent.exe
2015-04-20 15:55 - 2015-04-20 15:55 - 00012256 _____ () C:\Users\Barbara\Downloads\Windows-Vista-64-bit-Repair-Disc.zip
2015-04-20 10:41 - 2015-04-20 09:35 - 16736520 _____ (Kaspersky Lab) C:\Users\Barbara\Desktop\KasperskyLogUtility.exe
2015-04-20 08:47 - 2015-04-20 08:47 - 00000680 _____ () C:\Users\Barbara\AppData\Local\d3d9caps.dat
2015-04-20 08:18 - 2015-04-20 08:18 - 00317896 _____ () C:\Windows\Minidump\Mini042015-02.dmp
2015-04-20 07:52 - 2015-04-20 07:52 - 00262144 _____ () C:\Windows\Minidump\Mini042015-01.dmp
2015-04-18 13:59 - 2015-04-18 13:59 - 05197824 _____ () C:\Users\Barbara\Downloads\HPSupportSolutionsFramework-11.51.0049.msi
2015-04-18 09:16 - 2015-04-18 09:16 - 00289224 _____ () C:\Windows\Minidump\Mini041815-03.dmp
2015-04-18 08:33 - 2015-04-18 08:33 - 00289224 _____ () C:\Windows\Minidump\Mini041815-02.dmp
2015-04-18 08:22 - 2015-04-18 08:23 - 00314528 _____ () C:\Windows\Minidump\Mini041815-01.dmp
2015-04-17 14:13 - 2015-04-17 14:13 - 00305608 _____ () C:\Windows\Minidump\Mini041715-01.dmp
2015-04-16 20:51 - 2015-04-16 20:51 - 00000000 ____D () C:\AOL
2015-04-15 03:19 - 2015-03-04 22:25 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 03:19 - 2015-03-04 21:58 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 03:18 - 2015-03-13 22:22 - 01585248 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 03:18 - 2015-03-13 22:22 - 01168080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 03:18 - 2015-03-12 21:44 - 04691384 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 03:18 - 2015-03-12 21:44 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 03:18 - 2015-03-12 21:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 03:18 - 2015-03-12 21:30 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 03:18 - 2015-03-12 21:30 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 03:18 - 2015-03-12 21:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 03:18 - 2015-03-12 21:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 03:18 - 2015-03-12 20:08 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 03:18 - 2015-03-12 20:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 03:18 - 2015-03-12 20:08 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 03:03 - 2015-03-04 22:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 03:03 - 2015-03-04 22:14 - 00360384 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 03:03 - 2015-03-04 21:58 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 03:02 - 2015-03-08 21:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 03:02 - 2015-03-08 20:40 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 14:44 - 2015-03-09 20:31 - 17882112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 14:44 - 2015-03-09 20:19 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 14:44 - 2015-03-09 20:19 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 14:44 - 2015-03-09 20:18 - 10931200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 14:44 - 2015-03-09 20:14 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 14:44 - 2015-03-09 20:14 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 14:44 - 2015-03-09 20:13 - 02157568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 14:44 - 2015-03-09 20:13 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 14:44 - 2015-03-09 20:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-14 14:44 - 2015-03-09 20:13 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 14:44 - 2015-03-09 20:13 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 14:44 - 2015-03-09 20:13 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-14 14:44 - 2015-03-09 20:13 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 14:44 - 2015-03-09 20:13 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 14:44 - 2015-03-09 20:12 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 14:44 - 2015-03-09 20:12 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 14:44 - 2015-03-09 20:12 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 14:44 - 2015-03-09 20:12 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 14:44 - 2015-03-09 20:12 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 14:44 - 2015-03-09 20:12 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-14 14:44 - 2015-03-09 20:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-14 14:44 - 2015-03-09 20:12 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-14 14:44 - 2015-03-09 19:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 14:44 - 2015-03-09 19:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 14:44 - 2015-03-09 19:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 14:44 - 2015-03-09 19:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 14:44 - 2015-03-09 18:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 14:44 - 2015-03-09 18:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 14:44 - 2015-03-09 18:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 14:44 - 2015-03-09 18:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 14:44 - 2015-03-09 18:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-14 14:44 - 2015-03-09 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 14:44 - 2015-03-09 18:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-04-14 14:44 - 2015-03-09 18:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 14:44 - 2015-03-09 18:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 14:44 - 2015-03-09 18:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 14:44 - 2015-03-09 18:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 14:44 - 2015-03-09 18:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 14:44 - 2015-03-09 18:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 14:44 - 2015-03-09 18:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 14:44 - 2015-03-09 18:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 14:44 - 2015-03-09 18:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-04-14 14:44 - 2015-03-09 18:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-04-14 14:44 - 2015-03-09 18:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-07 07:38 - 2015-01-06 15:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-07 07:38 - 2015-01-05 17:00 - 01067977 _____ () C:\Windows\WindowsUpdate.log
2015-05-07 07:33 - 2015-01-06 18:07 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-07 07:24 - 2015-01-06 15:06 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-07 07:19 - 2015-03-24 13:04 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-07 07:16 - 2015-02-05 17:22 - 1991936614 _____ () C:\Windows\MEMORY.DMP
2015-05-07 07:16 - 2015-02-05 17:22 - 00000000 ____D () C:\Windows\Minidump
2015-05-07 07:16 - 2015-01-06 15:06 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-07 07:16 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-07 07:16 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-07 07:16 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-05 10:42 - 2015-01-07 15:51 - 00000000 ____D () C:\GroundsKeeper Pro v7.0.1
2015-05-02 16:33 - 2006-11-02 11:42 - 00023918 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-02 16:32 - 2015-02-10 12:58 - 00003520 _____ () C:\Windows\System32\Tasks\Seagate_Install_Launch
2015-05-02 16:31 - 2015-02-24 08:40 - 00002701 _____ () C:\Users\Public\Desktop\Seagate Dashboard.lnk
2015-05-02 16:31 - 2015-02-24 08:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2015-05-02 10:08 - 2015-01-27 16:33 - 00000000 ____D () C:\Users\Barbara\AppData\Local\CutePDF Writer
2015-05-01 11:23 - 2015-03-24 13:04 - 00000943 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-01 11:23 - 2015-03-24 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-01 11:23 - 2015-01-15 17:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-30 18:34 - 2006-11-02 09:33 - 00000000 __RHD () C:\Users\Default
2015-04-30 17:11 - 2014-12-13 18:21 - 00842440 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-04-30 17:11 - 2014-08-19 12:31 - 00056008 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kldisk.sys
2015-04-30 16:28 - 2015-01-06 18:07 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-04-30 16:21 - 2015-01-05 17:04 - 00000000 ____D () C:\Users\Barbara
2015-04-29 19:39 - 2015-01-06 15:06 - 00002027 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-29 19:34 - 2015-01-08 08:57 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-04-25 07:28 - 2006-11-02 08:46 - 00758370 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-24 10:19 - 2006-11-02 11:21 - 00403552 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-23 13:06 - 2015-01-17 13:33 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-04-23 13:06 - 2006-11-02 09:34 - 00000000 ____D () C:\Windows\system32\spool
2015-04-23 13:06 - 2006-11-02 09:34 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-04-23 13:06 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\registration
2015-04-23 13:06 - 2006-11-02 08:33 - 74186752 _____ () C:\Windows\system32\config\software_previous
2015-04-23 13:06 - 2006-11-02 08:33 - 51118080 _____ () C:\Windows\system32\config\system_previous
2015-04-23 13:00 - 2006-11-02 08:33 - 66322432 _____ () C:\Windows\system32\config\components_previous
2015-04-23 13:00 - 2006-11-02 08:33 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-04-23 09:13 - 2015-01-05 18:34 - 00000000 ____D () C:\Windows\pss
2015-04-23 08:30 - 2006-11-02 08:33 - 00262144 _____ () C:\Windows\system32\config\default_previous
2015-04-23 08:25 - 2006-11-02 08:33 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-04-21 09:49 - 2008-01-20 23:26 - 00208186 _____ () C:\Windows\PFRO.log
2015-04-20 10:33 - 2006-11-02 11:27 - 00161836 _____ () C:\Windows\setupact.log
2015-04-20 07:54 - 2015-01-05 17:27 - 00111368 _____ () C:\Users\Barbara\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-19 07:25 - 2015-01-06 12:38 - 00000000 ____D () C:\Users\Barbara\Desktop\Matt - STAC
2015-04-17 14:31 - 2015-01-06 15:08 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-17 14:31 - 2015-01-06 15:08 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-17 14:31 - 2015-01-06 15:08 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 03:17 - 2015-01-08 16:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 03:13 - 2015-01-06 12:10 - 00751766 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 03:11 - 2015-01-06 08:58 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 03:04 - 2006-11-02 08:35 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-04-14 09:37 - 2015-03-24 13:04 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2015-03-24 13:04 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2015-03-24 13:04 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
 
==================== Files in the root of some directories =======
 
2015-01-08 11:17 - 2015-01-15 17:00 - 0000112 _____ () C:\Users\Barbara\AppData\Roaming\wklnhst.dat
2015-04-20 08:47 - 2015-04-20 08:47 - 0000680 _____ () C:\Users\Barbara\AppData\Local\d3d9caps.dat
2015-02-27 17:25 - 2015-02-27 17:25 - 0003584 _____ () C:\Users\Barbara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
Some content of TEMP:
====================
C:\Users\Barbara\AppData\Local\Temp\3931e665-34db-461d-85ab-15ea627a3857.setup.exe
C:\Users\Barbara\AppData\Local\Temp\AcsInstall.dll
C:\Users\Barbara\AppData\Local\Temp\setup.exe
C:\Users\Barbara\AppData\Local\Temp\SHFOLDER.DLL
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-07 07:24
 

 

==================== End Of Log ============================
 
ADDITION.TXT
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2015 01
Ran by Barbara at 2015-05-07 07:50:15
Running from C:\Users\Barbara\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2328676749-41169590-3530807978-500 - Administrator - Disabled)
Barbara (S-1-5-21-2328676749-41169590-3530807978-1000 - Administrator - Enabled) => C:\Users\Barbara
Guest (S-1-5-21-2328676749-41169590-3530807978-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adkad PDF (HKLM\...\Adkad PDF) (Version:  3.0 - )
Adobe Acrobat 8 Professional - English, Français, Deutsch (HKLM-x32\...\Adobe Acrobat 8 Professional - English, Français, Deutsch) (Version: 8.0.0 - Adobe Systems)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2602 - CyberLink Corp.)
Default Manager (x32 Version: 1.0.105.0 - Microsoft Corporation) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GroundsKeeper Pro v7.0.1 (HKLM-x32\...\{25D45C63-0DB4-4C5A-B566-FA37A3B75A0F}) (Version: 7.0.1 - Adkad Technologies)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 5.1.5144.16 - PC-Doctor, Inc.)
HP Active Support Library (HKLM-x32\...\{0295F89F-F698-4101-9A7D-49F407EC2D82}) (Version: 3.1.10.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{B84739A3-F943-47E4-95D8-96381EF5AC48}) (Version: 5.7.0.2945 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.66 - WildTangent)
HP MediaSmart Demo (HKLM-x32\...\{290CA856-3737-4874-864B-BA142F4823C8}_is1) (Version: 1.0.0.0 - Hewlett-Packard Company)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.2.2719 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.2.2809 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}) (Version: 2.1.12 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Software (HKLM\...\{5F240DB8-0D74-4F13-86C3-929760392A8D}) (Version: 1.0.5.0 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{1CC069FA-1A86-402E-9787-3F04E652C67A}) (Version: 10.1.0001 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{47F36D92-E58E-456D-B73C-3382737E4C42}) (Version: 4.000.013.003 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.2.361 - Kaspersky Lab) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1402 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1402 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{7F10292C-A190-4176-A665-A1ED3478DF86}) (Version: 1.18.3.2 - LightScribe)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.552.0 - Microsoft Live Search Toolbar)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.12 - Hewlett-Packard Company)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2602 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2602 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2611 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.2611 - CyberLink Corp.) Hidden
Python 2.6 pywin32-212 (HKLM-x32\...\pywin32-py2.6) (Version: 2.12 - Python Software Foundation)
Python 2.6.1 (HKLM-x32\...\{9CC89170-000B-457D-91F1-53691F85B223}) (Version: 2.6.1150 - Python Software Foundation)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.0.2102.0 - Seagate)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
27-03-2015 01:12:32 Scheduled Checkpoint
28-03-2015 02:33:07 Scheduled Checkpoint
29-03-2015 01:51:59 Scheduled Checkpoint
31-03-2015 10:25:14 Windows Update
01-04-2015 11:59:19 Scheduled Checkpoint
02-04-2015 01:55:21 Scheduled Checkpoint
03-04-2015 00:00:02 Scheduled Checkpoint
04-04-2015 02:03:35 Scheduled Checkpoint
05-04-2015 00:30:55 Scheduled Checkpoint
06-04-2015 00:22:34 Scheduled Checkpoint
07-04-2015 00:30:30 Scheduled Checkpoint
07-04-2015 02:50:50 Windows Update
09-04-2015 01:19:52 Scheduled Checkpoint
10-04-2015 00:39:10 Scheduled Checkpoint
10-04-2015 03:00:10 Windows Update
13-04-2015 07:20:46 Scheduled Checkpoint
14-04-2015 00:19:09 Scheduled Checkpoint
14-04-2015 02:39:29 Windows Update
15-04-2015 00:00:05 Scheduled Checkpoint
15-04-2015 03:00:43 Windows Update
16-04-2015 00:02:00 Scheduled Checkpoint
17-04-2015 17:10:49 Scheduled Checkpoint
18-04-2015 11:38:26 Scheduled Checkpoint
18-04-2015 13:59:17 Installed HP Support Solutions Framework
20-04-2015 13:07:12 Scheduled Checkpoint
21-04-2015 10:00:13 Windows Update
22-04-2015 00:00:51 Scheduled Checkpoint
23-04-2015 08:34:09 Windows Update
24-04-2015 10:34:56 Windows Update
28-04-2015 02:10:24 Windows Update
30-04-2015 15:46:56 First Restore Point
30-04-2015 16:17:57 Device Driver Package Install: Kaspersky Lab Network Service
30-04-2015 16:19:56 Device Driver Package Install: Kaspersky Lab
30-04-2015 16:20:36 Device Driver Package Install: Kaspersky Lab System devices
30-04-2015 16:25:46 First Restore Point
30-04-2015 18:19:24 First Restore Point
30-04-2015 18:33:37 Device Driver Package Install: Kaspersky Lab Network Service
01-05-2015 08:21:31 Windows Update
02-05-2015 14:14:23 Scheduled Checkpoint
05-05-2015 19:25:45 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 08:34 - 2006-09-18 17:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {21141971-5051-4770-8C0A-B16F34A01867} - System32\Tasks\Barbara1 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-04-01] (Seagate Technology LLC)
Task: {5E150511-858F-4E4F-B63B-AEBF96BE2548} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02] (PC-Doctor, Inc.)
Task: {962FD589-593E-4192-BF8B-721708F3D62D} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04] (Hewlett-Packard)
Task: {B5A7BD77-09A8-48E6-A138-9767CF942E1C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-17] (Adobe Systems Incorporated)
Task: {BB2B49E4-4804-421E-9B60-C1D7B8DD3C49} - System32\Tasks\Barbara1 Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-04-01] (Seagate Technology LLC)
Task: {C125ED32-8F09-4A6F-B414-FA9B4650DC0E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-06] (Google Inc.)
Task: {F2AE3D98-606F-4348-86F5-AB95DEB8DEBE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-06] (Google Inc.)
Task: {F448E3CB-FF61-44D5-84AD-CA477CDF69DF} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2015-04-01] (Seagate Technology LLC)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe5-fh scripts\monthly.xml
 
==================== Loaded Modules (whitelisted) ==============
 
2015-01-07 15:51 - 2013-04-11 11:01 - 00089600 _____ () C:\Windows\System32\custmon64i.dll
2015-01-27 16:24 - 2013-10-23 16:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2014-09-16 14:17 - 2014-09-16 14:17 - 00048640 _____ () C:\Program Files (x86)\AOL Desktop 9.7\zlib.dll
2014-09-16 14:17 - 2014-09-16 14:17 - 21151232 _____ () C:\Program Files (x86)\AOL Desktop 9.7\libcef.dll
2014-09-16 14:17 - 2014-09-16 14:17 - 00648704 _____ () C:\Program Files (x86)\AOL Desktop 9.7\libglesv2.dll
2014-09-16 14:17 - 2014-09-16 14:17 - 00122880 _____ () C:\Program Files (x86)\AOL Desktop 9.7\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2328676749-41169590-3530807978-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Barbara\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk => C:\Windows\pss\PictureMover.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AOL Fast Start => "C:\Program Files (x86)\AOL Desktop 9.7\AOL.EXE" -b
MSCONFIG\startupreg: CLMLServer for HP TouchSmart => "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
MSCONFIG\startupreg: DVDAgent => "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
MSCONFIG\startupreg: HostManager => "C:\Program Files (x86)\Common Files\AOL\1420571675\ee\AOLSoftware.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Health Check Scheduler => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSCONFIG\startupreg: HP Remote Software => C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Microsoft Default Manager => "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SmartMenu => %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MSCONFIG\startupreg: TSMAgent => "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
MSCONFIG\startupreg: UpdateLBPShortCut => "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: UpdatePDIRShortCut => "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
MSCONFIG\startupreg: UpdatePSTShortCut => "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{E97C606C-D462-42E4-B23C-9937DBB667EE}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{C2F289FD-17C8-4A2D-B686-7251386BA486}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{8D39C6D3-AD00-4FD4-8756-E17626FE29EB}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{08051D15-EB70-45A3-8BE7-2A56406BC983}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{9AC44264-6E74-4330-B36C-0FDC4388B676}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{319F6CD7-B43C-43A9-9194-8F7DD96448C1}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{7855103F-F7AF-4AF1-8F65-E30A662DDC46}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{47888011-5AF7-483A-8958-AAB9F6DD6A7E}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{F1573E3A-F353-423D-A868-B87887F16507}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{59677EE4-930F-493D-8782-6F3095F040F4}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{1C4E76E7-64C6-4673-A640-E6A49116C0AD}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{3941D7CB-4278-4144-B0F1-E955BA1EB144}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{32B0115F-739C-49F0-86D0-531B5EA6C19F}] => (Allow) LPort=80
FirewallRules: [{350CCE80-F847-4445-8C79-30BB0F625663}] => (Allow) LPort=80
FirewallRules: [{695F2862-9C20-44C8-BB27-68D1AED304AA}] => (Allow) LPort=80
FirewallRules: [{91A8D646-0868-43C5-8723-BFA9C0535800}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{6FCAFF85-246A-4CDC-A7DD-0D6A2EA4B163}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{5FA67031-6079-4243-8435-6E6D1A18A159}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{64F2156E-B9B0-4223-A6D5-AC2BA3E3087C}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{B0CA3009-8F9C-4EAD-A7E8-1DF9989F4164}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1420571675\ee\aolsoftware.exe
FirewallRules: [{3A72E0EA-89E3-4510-8A5D-1CDAE15EBF79}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1420571675\ee\aolsoftware.exe
FirewallRules: [{2D56AFA9-8D8C-4752-8931-F637F293753A}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{8410B867-0DA6-4F01-8406-03497835BF84}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{FA57000B-CD69-4821-893E-1DAD62DDA3B5}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{AA938CDA-268C-4097-B491-A47FD6689E35}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{586A7AF1-7F01-49F1-AA5B-92882E10839A}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{D58091DA-DE60-4384-B350-99D3D2E20D80}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{B667810E-AB17-4952-9DD9-1ED9A5DD5934}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{1E09EA11-8BE3-4C72-BF78-892A28098E61}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{C47999E6-A112-40D3-AF2F-CA32695C24CC}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\aolbrowser.exe
FirewallRules: [{E91CD898-1ED2-43E8-98A3-CBD7D71B2922}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\aolbrowser.exe
FirewallRules: [TCP Query User{DD1E2DF2-3F0E-40F9-83DE-B858855AB023}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{80C49018-F372-4AB4-8391-861144135284}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{8C68DFE4-7C43-4606-90D2-3FDC4BD1D0F5}] => (Allow) LPort=8888
FirewallRules: [TCP Query User{6D07A9C5-8ED1-4B3F-A0D6-74D5D953A4FB}C:\users\barbara\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\barbara\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{92E5696C-C14A-427F-865E-FAD076BB0C7F}C:\users\barbara\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\barbara\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{151DE17B-7AB2-4B50-813E-E0869FB916FF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E06C8185-FD37-41BC-92CC-D0FED71E4C1A}] => (Allow) LPort=8888
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Tun Miniport Adapter #2
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/07/2015 07:17:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/05/2015 06:31:13 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\svchost.exe -k netsvcs; Descripton = Windows Update; Hr = 0x81000101).
 
Error: (05/04/2015 10:10:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/03/2015 10:36:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/03/2015 06:35:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/02/2015 04:39:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/02/2015 00:35:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/02/2015 00:01:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/01/2015 04:56:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program aolupdates.exe version 16.4.6.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1330
Start Time: 01d084505346e26c
Termination Time: 291
 
Error: (05/01/2015 03:53:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (05/07/2015 07:37:18 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
 
Error: (05/07/2015 07:32:20 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (05/07/2015 07:24:22 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Eventlog
 
Error: (05/07/2015 07:22:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Presentation Foundation Font Cache 4.0.0.0%%1053
 
Error: (05/07/2015 07:22:57 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Presentation Foundation Font Cache 4.0.0.0
 
Error: (05/07/2015 07:20:27 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86
 
Error: (05/07/2015 07:18:36 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000stisvc
 
Error: (05/07/2015 07:17:48 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
SRTSP
SRTSPX
 
Error: (05/07/2015 07:17:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Norton Internet Security%%3
 
Error: (05/07/2015 07:16:43 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:32:27 PM on 5/5/2015 was unexpected.
 
 
Microsoft Office Sessions:
=========================
Error: (04/20/2015 08:01:28 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (04/20/2015 08:00:54 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 21 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-05-07 07:58:06.827
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-07 07:49:26.515
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-07 07:49:26.359
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-07 07:49:26.188
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-07 07:49:26.032
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-07 07:49:24.378
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-07 07:49:24.222
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-07 07:49:24.066
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-07 07:49:23.770
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-07 07:49:19.761
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\klif.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 69%
Total physical RAM: 1898.83 MB
Available physical RAM: 574.05 MB
Total Pagefile: 4052.87 MB
Available Pagefile: 1552.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (HP) (Fixed) (Total:917.83 GB) (Free:616.37 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.68 GB) (Free:1.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive j: (Seagate Backup Plus Drive) (Fixed) (Total:1397.26 GB) (Free:715.66 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=917.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (Size: 1397.3 GB) (Disk ID: 99EAFBDA)
Partition 1: (Active) - (Size=1397.3 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#5 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:30 AM

Posted 07 May 2015 - 08:49 PM

Hello momdotts,

 

Before performing a fix, I'd like to ask further about a couple things. :)

 

In your first post you mentioned you have 8GB of RAM, but your logs show only 2GB of physical RAM. The rest is in virtual memory which is considerably slower than real RAM, and obviously, isn't actually RAM. Aside from any possible malware that may be on your machine (I will be further addressing that in my next post), your machine is running a 64-bit version of Windows Vista (which is a resource-hungry operating system even as 32-bit). These, along with Kaspersky (a resource-hungry AV solution) may be the primary factors in your computer's performance.

 

We can try to make some changes on the software/operating system side of things, but to see a significant increase in performance you will need to increase the amount of physical RAM in your machine. Please let me know if this is something you would like to pursue and I can help you do so.

 

=============================================================

 

Also, please read over the following.

 

goGMWSt.gifP2P Warning

I see you have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent). I advise you avoid P2P file sharing programs; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infested with malware - wormsbackdoor TrojansIRCBots, and rootkits propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install malware. The best way to reduce the risk of infection is to avoid these types of web sites and P2P programs. Please read the following articles for more information.

Your P2P software can be removed by following the instructions below.

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the aforementioned program(s), right-click and click Uninstall. Follow the prompts.

If you choose not to, please refrain from using the program(s) during this process.

 

=============================================================

 

Lastly, in your latest post you said that you experienced another BSOD.

 

Did you happen to write down the STOP code at the top? If so, please provide it in your next post. If not, if you experience the BSOD again, please write the STOP code down and provide it in a subsequent post at that information will help determine what is causing the BSOD.

 

=============================================================

 

What I'd like to see in your next post:  :thumbsup2:

  • Would you like to pursue purchasing and installing additional RAM?
  • Decision regarding uTorrent on your machine?
  • BSOD stop code?

Edited by TheShooter93, 07 May 2015 - 08:51 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#6 momdotts

momdotts
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 08 May 2015 - 08:44 AM

Good morning - I installed Speccy so I could check on the RAM, etc.  uTorrent was removed and no longer there when I did the appwiz.cpl (thought I had removed it)  I do not have the BSOD stop code.  (sorry)  I have never had a memory problem before.  Kaspersky needed me to do a full dump and had me change allocations when this issue started.  I don't want to change any settings, etc. until you tell me what to do.  Also, I believe I am at the max for RAM at 8GB for this machine.  Here's a Speccy report

I just got off the phone with Kaspersky and they had me uninstall Int. Sec. 2015 & put 2014 back on.  They have had known issues with memory, etc.  I will run a Speccy once 2014 is fully installed.  They indicate my memory will be where it should be once I do this.


#7 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:30 AM

Posted 08 May 2015 - 08:57 AM

Good morning momdotts,

Kaspersky needed me to do a full dump and had me change allocations when this issue started.

Could you please explain what you mean by this? What did they have you dump? And what allocations were changed?

Also, I believe I am at the max for RAM at 8GB for this machine.

As I explained in my previous post, your logs are indicating that you do not have 8GB of RAM on your system. Instead, you have 2GB of RAM and 8GB of virtual RAM.
 
It's possible the log may be incorrect, so I would like to do the following to confirm.

 

==========

Download and run Crucial's System Scanner.

Take a screenshot of the results and attach it in your next post.

If you can't get a screenshot, post the following information:

  • The type of RAM installed.
  • How much RAM is installed.
  • Total amount of RAM slots.
  • Number of RAM slots occupied.

============================================

 

As for Kaspersky 2014, is this software now fully installed, updated, and running?

 

Kaspersky 2015 has been removed from your computer?


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#8 momdotts

momdotts
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 08 May 2015 - 12:30 PM

this is the scan by crucial:

http://www.crucial.com/usa/en/scanview/87882A5A31D926C3

 

 As to the Dump File... I don't understand what that is either!  Most computers do "mini dumps"  they had me do a "full dump" when I had the BSOD and send it to them via a ftp file.  They also had me adjust some memory files back then so we could send them this file.

 

I have Never had memory file issues before this... BSOD - yes - but no memory issues

 

 

Also, I was able to install Kaspersky 2014 again.  It is up & running.. 

 

Below is the Speccy

Summary
Operating System
Windows Vista Home Premium 64-bit SP2
CPU
Intel Core 2 Quad Q8200 @ 2.33GHz 33 °C
Yorkfield 45nm Technology
RAM
8.00GB Dual-Channel DDR2 @ 400MHz (6-6-6-18)
Motherboard
PEGATRON CORPORATION Benicia (CPU 1) 34 °C
Graphics
HP 2009 (1280x1024@60Hz)
Intel G33/G31 Express Chipset Family (HP)
Storage
931GB Western Digital WDC WD10EADS-65L5B1 (SATA) 31 °C
1397GB Seagate BUP Slim SL USB Device (USB (SATA)) 26 °C
Optical Drives
TSSTcorp CDDVDW TS-H653R
Audio
Realtek High Definition Audio
Operating System
Windows Vista Home Premium 64-bit SP2
Computer type: Desktop
Installation Date: 1/5/2015 6:55:32 PM


#9 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:30 AM

Posted 09 May 2015 - 07:31 AM

Hi momdotts,

 

Thank you for those logs, they do confirm you have 8GB of physical RAM installed. I'm not sure why the FRST log was reporting only 2GB.

 

Next I would like to make sure this is not an OS issue by restarting your computer and checking the amount of used memory out of total memory. Please do the following.

  • Restart your computer.
  • Once back in Windows, right-click your Taskbar.
  • Choose Task Manager.
  • Click the Performance tab.
  • Please report all information under the "Physical Memory (MB)" section.

508x564xwindows-task-manager-free-vs-cac


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#10 momdotts

momdotts
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 10 May 2015 - 11:40 AM

Physical Memory (MB)

Total     1898

Cached   635

Free            0

 

Is it possible that something running is taking all the memory?  Should we try to run a program i.e. Hijack to see if there's some amiss?



#11 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:30 AM

Posted 10 May 2015 - 04:13 PM

Hi momdotts,

 

According to your Task Manager, Windows is only detecting 2GB out of the 8GB installed in your system. We will need to troubleshoot as to why this is the case and resolve it.

 

Once Windows is able to detect and use all 8GB your performance issues should subside.

 

Please do the following.

 

===========================================

 

Checking RAM in BIOS

 

We are going to boot into your computer's BIOS and see how much installed RAM is detected.

 

To do that you will need to:

  • Reboot your computer.
  • As the computer is booting up, press F2 repeatedly until the BIOS menu appears.
  • Each BIOS is different so I cannot provide specific instructions, but you will need to navigate to a page that displays the amount of installed memory.
  • Please report that information in your next post.

===========================================

Is it possible that something running is taking all the memory?  Should we try to run a program i.e. Hijack to see if there's some amiss?

HijackThis is a fairly outdated program and has a number of issues running on 64-bit operating systems.

 

FRST, the program we first ran, showed a minimal amount of malicious entries - nothing that would cause the symptoms you're describing. We will be returning to the FRST log to clean up the entries that were present, but I believe our resolution lies within solving the RAM problem (Windows not detecting and using all 8GB).


Edited by TheShooter93, 10 May 2015 - 04:15 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#12 momdotts

momdotts
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 10 May 2015 - 04:45 PM

OS Name Microsoft® Windows Vista™ Home Premium
Version 6.0.6002 Service Pack 2 Build 6002
Other OS Description Not Available
OS Manufacturer Microsoft Corporation
System Name BARBARA-PC
System Manufacturer HP-Pavilion
System Model NP192AA-ABA p6140f
System Type x64-based PC
Processor Intel® Core™2 Quad  CPU   Q8200  @ 2.33GHz, 2333 Mhz, 4 Core(s), 4 Logical Processor(s)
BIOS Version/Date American Megatrends Inc. 5.43, 9/10/2009
SMBIOS Version 2.5
Windows Directory C:\Windows
System Directory C:\Windows\system32
Boot Device \Device\HarddiskVolume1
Locale United States
Hardware Abstraction Layer Version = "6.0.6002.18005"
User Name Barbara-PC\Administrator
Time Zone Eastern Daylight Time
Installed Physical Memory (RAM) 8.00 GB
Total Physical Memory 1.85 GB
Available Physical Memory 276 MB
Total Virtual Memory 3.96 GB
Available Virtual Memory 1.72 GB
Page File Space 2.15 GB
Page File C:\pagefile.sys


#13 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:30 AM

Posted 12 May 2015 - 06:48 AM

Hello momdotts,

 

I've been doing some research to try to find out why we are seeing differing reports regarding how much RAM is installed in your system. My instructor and I believe this may be because of a limitation in your BIOS.

 

There have been other cases (http://lime-technology.com/forum/index.php?topic=32430.0) where a user's system was not utilizing all installed RAM and a BIOS update solved the issue. In addition, your HP Pavilion p6140f Desktop PC, had a BIOS update 3 years after your system's current version. This BIOS update fixed a number of issues, including some related to installed RAM and system hangs.

 

The process of updating your BIOS can cause your system to be un-bootable if the process is interrupted by power loss, data corruption, etc. Make sure you perform this when your system's power is stable (not during a lightning storm).

 

===========================================

 

Updating Your BIOS

 

Please reference this article for details on updating your BIOS. You can use it along with my instructions below.

  • Download the BIOS update file (sp46442.exe) from the HP Pavilion p6140f Desktop PC support site.
    • When downloading, make sure to check "download only" instead of "HP Download Manager". This will make sure you only download what you need and not any extra software.
  • Run the installer and see if it includes a utility to backup your current BIOS. If it does not, you will need to download and run the Universal BIOS Backup Tool.
    • I have not personally used the Universal BIOS Backup Tool and cannot personally vouch for it. It is reviewed well and highly recommended on many online forums dealing with BIOS updates.
  • Run sp46442.exe and let it complete.
  • Follow the on-screen instructions that should ultimately result in a reboot of your system and an updated BIOS. 

===========================================

 

If you have any questions about the process or get stuck feel free to stop and ask/let me know.

 

Ultimately, I do not believe your problems are malware related and if the above process does not fix your problems, I suggest posting to the Vista Forum on BleepingComputer.


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#14 momdotts

momdotts
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 12 May 2015 - 09:39 AM

Thank you for all of your help.  I will have to post on the Vista forum, as unfortunately, the BIOS would not even update!  Downloaded it, etc. -- but still have 5.43



#15 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:30 AM

Posted 12 May 2015 - 10:30 PM

Can elaborate on exactly what happened?

 

Also, if you do decide to post to the Vista forum please link to this thread so anyone helping you can see what we've done so far (and let me know you've posted there).


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users