Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Multiple processess running titled "tnulqltoe.exe *32" from Go

Started by fallswhoop98 , Jan 03 2015 11:18 AM
tnulqltoe

  • This topic is locked This topic is locked

#1
fallswhoop98
Posted 03 January 2015 - 11:18 AM

fallswhoop98

    New Member

  • Member
  • Pip
  • 9 posts

Our computer started acting funny (files won't open out of windows explorer, computer lagging, etc) and I noticed that there are 10-20 instances of a process titled "tnulqltoe.exe *32" running on the computer.  Task Manager says that the processes originate from Google Chrome.

 

When I tried to download OTL, I got a message that said "Your current security settings do not allow this file to be downloaded."  I could not figure out what setting that was, so I wonder if this is related to the virus/malware.  I was able to download the file on another computer and copy it over to the infected computer.  The log is posted below.

 

I would really appreciate your help in figuring out the problem.  Thanks!

 

Contents of OTL.txt

 

OTL logfile created on: 1/3/2015 9:09:31 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\chrissy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.95 Gb Total Physical Memory | 3.65 Gb Available Physical Memory | 61.39% Memory free
11.90 Gb Paging File | 8.81 Gb Available in Paging File | 74.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 441.63 Gb Total Space | 42.38 Gb Free Space | 9.60% Space Free | Partition Type: NTFS
Drive D: | 19.97 Gb Total Space | 2.16 Gb Free Space | 10.83% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.23% Space Free | Partition Type: FAT32
Drive G: | 15.67 Mb Total Space | 2.51 Mb Free Space | 16.03% Space Free | Partition Type: FAT
 
Computer Name: CHRISSY-HP | User Name: chrissy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/03 09:05:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\chrissy\Desktop\OTL.exe
PRC - [2014/11/10 21:52:55 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Users\chrissy\AppData\LocalLow\Adobe\Ptiepmgjdo\Siawesfwt\Tnulqltoe.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/06/06 13:55:30 | 001,480,600 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2011/02/01 15:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/12/26 11:15:23 | 000,266,240 | ---- | M] () -- C:\Users\chrissy\AppData\Local\Temp\fstqfzk.dll
MOD - [2014/11/10 21:52:55 | 014,669,128 | ---- | M] () -- C:\Users\chrissy\AppData\LocalLow\Adobe\Ptiepmgjdo\Siawesfwt\36.0.1985.143\PepperFlash\pepflashplayer.dll
MOD - [2014/11/10 21:52:55 | 008,537,928 | ---- | M] () -- C:\Users\chrissy\AppData\LocalLow\Adobe\Ptiepmgjdo\Siawesfwt\36.0.1985.143\pdf.dll
MOD - [2014/11/10 21:52:55 | 001,732,936 | ---- | M] () -- C:\Users\chrissy\AppData\LocalLow\Adobe\Ptiepmgjdo\Siawesfwt\36.0.1985.143\ffmpegsumo.dll
MOD - [2014/11/10 21:52:55 | 000,718,152 | ---- | M] () -- C:\Users\chrissy\AppData\LocalLow\Adobe\Ptiepmgjdo\Siawesfwt\36.0.1985.143\libglesv2.dll
MOD - [2014/11/10 21:52:55 | 000,353,096 | ---- | M] () -- C:\Users\chrissy\AppData\LocalLow\Adobe\Ptiepmgjdo\Siawesfwt\36.0.1985.143\ppgooglenaclpluginchrome.dll
MOD - [2014/11/10 21:52:55 | 000,126,280 | ---- | M] () -- C:\Users\chrissy\AppData\LocalLow\Adobe\Ptiepmgjdo\Siawesfwt\36.0.1985.143\libegl.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/21 20:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/09/08 07:42:28 | 000,305,152 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/10/11 03:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/12/12 21:34:37 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/12/12 16:33:09 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/20 16:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 20:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/03/06 01:21:52 | 000,039,056 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/06/19 12:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/06/18 20:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/08/31 23:11:00 | 002,425,960 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/08/19 07:44:30 | 000,260,424 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/30 02:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/02/01 15:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 15:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/06/26 12:53:54 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/06/26 12:53:47 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/07/30 12:32:08 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/07/30 12:32:08 | 000,102,240 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/04/12 18:45:04 | 001,860,672 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/29 21:04:01 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/29 21:04:01 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/09/08 07:42:28 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/09/02 13:46:00 | 000,339,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/08/23 23:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/06/09 20:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/04/26 13:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/07/28 11:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/05/14 15:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/03/26 20:26:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/12/04 15:46:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chrissy\AppData\Roaming\Mozilla\Extensions
[2014/12/07 21:17:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chrissy\AppData\Roaming\Mozilla\Firefox\Profiles\akdn4yie.default-1411873159929\extensions
[2014/12/12 21:34:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/12/12 21:34:07 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2014/12/12 21:33:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/12/12 21:34:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\14.1113.0.4_0\
CHR - Extension: No name found = C:\Users\chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe File not found
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Otgpuozkwdji] C:\Users\chrissy\AppData\Local\{7093A744-9E19-4332-AB8D-3CFF0FE4828A}\Otgpuozkwdji.dll ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_246_Plugin.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{379352D8-2A39-4078-AA50-2DA7D148BD7C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9DF1BA2-E8EB-4DBC-8242-8B601BAFDE1A}: DhcpNameServer = 40.20.1.201 40.20.1.202
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/03 09:07:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\chrissy\Desktop\OTL.exe
[2015/01/01 00:36:19 | 000,000,000 | ---D | C] -- C:\Users\chrissy\AppData\Local\{C05A1AA8-77F4-4A8A-80A5-906CD093C9D1}
[2014/12/18 21:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/12/16 22:29:20 | 000,135,384 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/16 22:28:25 | 000,096,472 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/12/16 22:28:25 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/12/16 22:28:25 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/12/16 22:27:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/12/15 23:33:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2014/12/12 21:33:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/12/08 22:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\chrissy\Documents\*.tmp files -> C:\Users\chrissy\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/03 09:10:23 | 000,796,812 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/01/03 09:10:23 | 000,671,870 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/01/03 09:10:23 | 000,126,706 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/01/03 09:05:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\chrissy\Desktop\OTL.exe
[2015/01/03 08:58:25 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/03 08:57:57 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/03 08:57:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/02 23:25:23 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_chrissy.job
[2015/01/02 21:35:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/02 20:32:42 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_chrissy.job
[2014/12/30 11:06:04 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForchrissy.job
[2014/12/23 21:33:50 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/23 21:33:50 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/19 21:17:32 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_chrissy.job
[2014/12/19 21:16:46 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/18 21:35:34 | 000,135,384 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/18 21:23:57 | 000,096,472 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/12/12 22:20:25 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/10 21:47:13 | 000,185,094 | ---- | M] () -- C:\Users\chrissy\Documents\cc_20141210_214545 backup.reg
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\chrissy\Documents\*.tmp files -> C:\Users\chrissy\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/12/10 21:46:16 | 000,185,094 | ---- | C] () -- C:\Users\chrissy\Documents\cc_20141210_214545 backup.reg
[2014/03/15 21:12:05 | 000,000,079 | ---- | C] () -- C:\Users\chrissy\AppData\Roaming\WB.CFG
[2013/06/26 12:54:09 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2013/06/26 12:54:09 | 000,217,536 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2013/06/26 12:54:09 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 20:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 19:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/08/16 13:26:50 | 000,000,000 | ---D | M] -- C:\Users\chrissy\AppData\Roaming\.minecraft
[2014/03/15 21:11:48 | 000,000,000 | ---D | M] -- C:\Users\chrissy\AppData\Roaming\1H1Q
[2012/06/18 21:19:10 | 000,000,000 | ---D | M] -- C:\Users\chrissy\AppData\Roaming\Blio
[2012/08/26 22:27:24 | 000,000,000 | ---D | M] -- C:\Users\chrissy\AppData\Roaming\Canon
[2014/05/16 13:24:22 | 000,000,000 | ---D | M] -- C:\Users\chrissy\AppData\Roaming\School Zone Preferences
[2014/10/23 21:26:34 | 000,000,000 | ---D | M] -- C:\Users\chrissy\AppData\Roaming\SoftGrid Client
[2012/06/18 14:19:02 | 000,000,000 | ---D | M] -- C:\Users\chrissy\AppData\Roaming\Synaptics
[2014/11/25 22:45:02 | 000,000,000 | ---D | M] -- C:\Users\chrissy\AppData\Roaming\systweak
[2012/08/14 20:42:54 | 000,000,000 | ---D | M] -- C:\Users\chrissy\AppData\Roaming\Temp
[2012/06/18 21:36:28 | 000,000,000 | ---D | M] -- C:\Users\chrissy\AppData\Roaming\TP
[2012/10/02 09:49:50 | 000,000,000 | ---D | M] -- C:\Users\chrissy\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >


  • 0

Advertisements

#2
BrianDrab
Posted 03 January 2015 - 02:35 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 
I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.



- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

 

I'll review your log now. I've seen this infection recently. Can you acknowledge that you have read everything above and also post the contents of the Extras.txt file that should be on the desktop?

 

Thanks.


  • 0

#3
fallswhoop98
Posted 04 January 2015 - 08:38 PM

fallswhoop98

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Thank you for your offer to help!  I have read all of the instructions you posted.

 

contents of extras.txt

 

OTL Extras logfile created on: 1/3/2015 9:09:32 AM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\chrissy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.95 Gb Total Physical Memory | 3.65 Gb Available Physical Memory | 61.39% Memory free
11.90 Gb Paging File | 8.81 Gb Available in Paging File | 74.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 441.63 Gb Total Space | 42.38 Gb Free Space | 9.60% Space Free | Partition Type: NTFS
Drive D: | 19.97 Gb Total Space | 2.16 Gb Free Space | 10.83% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.23% Space Free | Partition Type: FAT32
Drive G: | 15.67 Mb Total Space | 2.51 Mb Free Space | 16.03% Space Free | Partition Type: FAT
 
Computer Name: CHRISSY-HP | User Name: chrissy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig" = 0
"DisableSR" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig" = 0
"DisableSR" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F3BCE06-5E6E-4D17-A541-6123D677202C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0F870B58-9903-4546-A784-6DFD285D5032}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1425F408-53B8-4B21-A6FA-942D5910649D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{349819AD-2A5E-49B6-B60B-33E39A6A01E8}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | 
"{367E9C04-7EE0-456E-A3CC-CF49224A0C36}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{3A7AA2B7-D6FC-41A9-B7B7-7D04D50435A2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{44642D6D-9E6C-4A45-A845-2526615D4F3F}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | 
"{4F3E1952-6E1B-4EA8-92AE-5C4CCCADEEC4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{51CFFFD4-371D-484E-ADC9-A0D7F52AFD78}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{53294C31-A766-49E8-9E94-BF9AE0374BC3}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5BF09D35-2332-4F1E-A34C-E15E43A3ADFD}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5DBC5BC8-CAC9-4E21-8FC1-E705CE7FE15A}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | 
"{654F5E4C-448E-454E-8156-CABCB2543FF7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{71369F87-2F46-4A9F-9A16-93E17D4B51CD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{7213CF1A-BA60-44E7-B3AC-F535981484A1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7554A61B-2B39-4727-9715-4DD8CEF6A59C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7AD131B6-9F4B-4BD7-9546-B9A959BFBC5E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A5E2D36F-8AB7-420A-B132-C295D16A0A21}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AC3FCB80-2E91-4FEC-8A10-400FD8687549}" = lport=139 | protocol=6 | dir=in | app=system | 
"{ACB504C2-10FA-44A5-8898-31254BBFEC41}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B152353C-0EE9-4182-9BA0-168989B4FDE1}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | 
"{B2501105-22AD-47BC-BD47-954DF733B74D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B85D1119-1FE8-4826-A3EC-8BF7CB3982BA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BBB3BF29-3E41-4C29-84E4-5146F00461DC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{C9FA02AF-BCF6-476A-8D5C-04600A5C48FF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CA110BBC-6271-42E8-8BB3-76A8FCF2F791}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CC1A9875-9534-46C3-8758-4612F0C66C3C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DF519ADE-C2B3-407D-8060-CAF4DAE83DC8}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{E7FB3E81-6595-4080-8A3F-E4574EF3BFD7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F13255FA-F217-488E-84B4-DBBBBF70DF0E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07FB3E5F-64A1-4006-B734-297B30DABE2B}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe | 
"{0E1484A1-8285-4A0E-B031-53B139E92D64}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe | 
"{0EE42E53-869A-4642-B1AB-B561B616C48F}" = protocol=6 | dir=out | app=system | 
"{13650C12-5679-43D1-92B9-2CBFE2D1D56D}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | 
"{20301CAD-C990-4938-BFBD-3679BAC03EAC}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe | 
"{23B2DFB3-E1D2-46A4-B912-0174CDAEBB9F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{29205598-A1BB-4C72-8440-8038C1F01BDB}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe | 
"{2CFD4517-C092-4020-B3A2-D42D5F09378F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2F0EF935-8D4A-461B-AD37-0E7BDE80E75E}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe | 
"{301C918A-0A6E-472F-B2CA-13D41327A401}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{383FECBC-360B-4F86-8AD5-095E6C0FEFD8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3F16182E-E383-4660-ADF3-4650778AFD3C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{513D0805-3B81-4B27-A168-5B80D2A68D90}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5149F104-B644-44EE-9738-6CBA26539CC8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{538C8A6F-2738-4392-938B-1479906898B9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5513CA3D-ABA7-43D6-A9F0-68BCA1656A99}" = protocol=1 | dir=out | [email protected],-28544 | 
"{612341B2-32A2-41A6-AA51-8868A3C4AD38}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6563F003-5052-4AAA-9CE9-79C2BD6E6CFF}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe | 
"{6B8F6C50-AEE1-4BE6-9E21-3D1218AA47A3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6D9D6514-9FF8-4438-BE9C-7FD01C11E297}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{744819DE-B621-41D3-9AE9-4E8E51E40E97}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{84B3B1C6-F82F-44A4-9CB5-89CC7FE891CD}" = protocol=58 | dir=in | [email protected],-28545 | 
"{8988E108-CB44-46EE-BDE4-5B1DA6B37B45}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{90155409-060E-4781-8DE7-00FC8A070157}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{97DD6E56-401B-478E-AF2B-8833533D0A9F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{98B8F747-033D-4554-8296-A42814CA80CF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{9A913B21-16B3-41DA-BCC5-3067C1585F64}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe | 
"{9BA44728-7849-4C8C-87B9-4E0D4C6EC1B3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A498081E-2F9B-435C-842B-A26C18D1FC57}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{AD580A58-02B9-4847-B749-E3256498ED69}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe | 
"{BB2F8E2E-427A-4F51-AA1B-518412D38F91}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C86D58B4-852B-493B-AF6C-CB0747DCD19B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C9650E04-4181-4C62-BF0D-C4F6AEAA8173}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe | 
"{CA2C46DF-7D78-4AEF-A6CD-2CF8A7B6F079}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | 
"{D37DD0ED-F971-408B-A4CC-4B24549EF91A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D752F743-50D4-4FF1-B6B9-F41114CBA162}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe | 
"{E374CC8C-FADF-43ED-B9D9-EABB35FE87AA}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe | 
"{E489FACD-7D2C-4C2B-97F8-5995E1AD0DB8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FBAAD066-C8C4-4477-8517-163060D09851}" = protocol=1 | dir=in | [email protected],-28543 | 
"{FE08ABB2-4337-442A-BE3D-649AF3D9F975}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe | 
"{FE30BAAA-CF94-44DF-80E9-0FD3723A12EA}" = protocol=58 | dir=out | [email protected],-28546 | 
"TCP Query User{03320F0B-8B3A-48F8-949E-0128B68A7BB9}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{A6339807-B8E1-46B5-87AA-FF68730F6E2A}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 
"UDP Query User{14F1236D-44E0-4B2C-A597-3360C0105971}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{4DBD2BE1-2139-4E43-B266-824E38C067C3}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{562608FE-2051-4488-BF22-8CE4C03046AC}" = HP Security Assistant
"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6032497A-4479-462B-ADB8-A0A372BB9A23}" = HP Application Assistant
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"SynTPDeinstKey" = Synaptics TouchPad Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F03217060FF}" = Java 7 Update 60
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4741965C-AFD0-4D00-81D1-1039F96D4DC3}" = HP SimplePass PE 2011
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{675D093B-815D-47FD-AB2C-192EC751E8E2}" = HP Software Framework
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7E799992-5DA0-4A1A-9443-B1836B063FEC}" = HP Power Manager
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD32D05-002D-4771-94F4-5E91377A402C}" = 5D Embroidery Machine Communication
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{952682F8-F40D-11D7-AD8E-0050DA87D0EB}" = Print Workshop 2004 LE
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.0) MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}" = HP QuickWeb
"{BC6CB499-9F29-4B41-8B8B-FA7248525256}" = HP Documentation
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel® Identity Protection Technology 1.1.2.0
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D10B9BEF-B4DF-4719-8617-E23B1994A9D7}" = Pentair ScreenLogic
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}" = RealDownloader
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"DPP" = Canon Utilities Digital Photo Professional 3.4
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"Mozilla Firefox 34.0.5 (x86 en-US)" = Mozilla Firefox 34.0.5 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Picture Style Editor" = Canon Utilities Picture Style Editor
"RealPlayer 16.0" = RealPlayer
"Tweaks MyCalendar" = MyCalendar
"VIP Access SDK" = VIP Access SDK (1.0.1.2) 
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0fb78b17-33dd-4f01-921f-e7b582e57496" = Bejeweled 3
"WTA-1294232e-5d53-4dda-9c85-dc96e30f5f0b" = Chuzzle Deluxe
"WTA-23929246-54a7-4aa2-8d95-c5e1943f4097" = Farmscapes
"WTA-2deee181-8954-4c86-ba12-318ead1cc2e7" = Zuma's Revenge
"WTA-37dd1031-c97c-4c44-856e-2007cf8cdb53" = Torchlight
"WTA-3906e7a5-9705-49d0-a1dd-5addf4915de2" = Hoyle Card Games
"WTA-40d4eb6c-a47e-4faf-b345-decff69d0baa" = Mah Jong Medley
"WTA-43922a3d-4fc6-4b7e-bcb4-c0e91794aa2e" = Farm Frenzy
"WTA-48ca0b6a-88e4-4a82-bff9-1bbb4434ddda" = John Deere Drive Green
"WTA-70bdb47a-bfb3-4f7a-a7ad-3f2da8f52362" = RollerCoaster Tycoon 3: Platinum
"WTA-7f1420b0-c542-4fe2-91d9-2fecad0e1e93" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-86414a45-e649-4e73-9b6c-1f7708f270e7" = The Treasures of Mystery Island: The Ghost Ship
"WTA-91a83c29-1945-4e45-bb19-020d73d2cc53" = Virtual Villagers 4 - The Tree of Life
"WTA-94ab8d8a-33b3-4f5c-9948-3dbda2b40fd0" = Dora's World Adventure
"WTA-96556fdd-b466-4caa-8054-981f9047f2c9" = Polar Bowler
"WTA-a17f5b3e-82a4-42c2-8972-46ba7d3d019a" = Plants vs. Zombies - Game of the Year
"WTA-aef240cc-6248-4a38-b6c2-24e6297240ba" = Final Drive Fury
"WTA-af026e11-5bad-45a9-a519-774518dcc195" = Letters from Nowhere 2
"WTA-b0e5cd09-8b67-4262-b34d-6b2af29328d2" = Poker Superstars III
"WTA-bd059a34-8d14-4e7e-9d83-4f278e077763" = Luxor HD
"WTA-cf50aa26-b1f0-42c0-9195-f024a7e11b29" = Cradle of Rome 2
"WTA-de03069c-7636-4b58-acb6-a993eaaf1f81" = Blackhawk Striker 2
"WTA-e707aeec-d578-4e4a-82bd-49a73f2e6c3f" = FATE
"WTA-f0c6e8f5-dba3-445d-9d69-675a85b0c58e" = Polar Golfer
"WTA-f55141d6-84e4-4f71-8f8e-a1d36c425ff2" = Penguins!
"WTA-ff971db7-0a8b-449f-86b5-075eb5288d97" = Jewel Match 3
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Cool Calendar Packages" = Cool Calendar Packages
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/6/2014 11:36:41 PM | Computer Name = CHRISSY-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/6/2014 11:36:41 PM | Computer Name = CHRISSY-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 38875
 
Error - 12/6/2014 11:36:41 PM | Computer Name = CHRISSY-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 38875
 
Error - 12/7/2014 11:54:48 AM | Computer Name = CHRISSY-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/7/2014 11:54:48 AM | Computer Name = CHRISSY-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 44325999
 
Error - 12/7/2014 11:54:48 AM | Computer Name = CHRISSY-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 44325999
 
Error - 12/7/2014 1:09:42 PM | Computer Name = chrissy-HP | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 11.0.9600.17420,
 time stamp: 0x4a5bcd6e  Faulting module name: igd10umd32.dll, version: 8.15.10.2559,
 time stamp: 0x4ea1a852  Exception code: 0xc0000005  Fault offset: 0x003057a9  Faulting
 process id: 0x3d4  Faulting application start time: 0x01d012405369b928  Faulting application
 path: C:\Program Files\Internet Explorer\iexplore.exe  Faulting module path: C:\Windows\system32\igd10umd32.dll
Report
 Id: d52f252e-7e33-11e4-b7de-a0b3cc80d116
 
Error - 12/7/2014 2:52:52 PM | Computer Name = chrissy-HP | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 11.0.9600.17420,
 time stamp: 0x4a5bca28  Faulting module name: igd10umd32.dll, version: 8.15.10.2559,
 time stamp: 0x4ea1a852  Exception code: 0xc0000005  Fault offset: 0x003057a9  Faulting
 process id: 0x5784  Faulting application start time: 0x01d0124e25a044ee  Faulting application
 path: C:\Program Files\Internet Explorer\iexplore.exe  Faulting module path: C:\Windows\system32\igd10umd32.dll
Report
 Id: 3e938d7e-7e42-11e4-b7de-a0b3cc80d116
 
Error - 12/7/2014 3:29:16 PM | Computer Name = chrissy-HP | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 11.0.9600.17420,
 time stamp: 0x4a5bc100  Faulting module name: MSHTML.dll, version: 11.0.9600.17420,
 time stamp: 0x545ae63c  Exception code: 0xc00000fd  Fault offset: 0x0014ddbf  Faulting
 process id: 0x537c  Faulting application start time: 0x01d01252e439ce5b  Faulting application
 path: C:\Program Files\Internet Explorer\iexplore.exe  Faulting module path: C:\Windows\system32\MSHTML.dll
Report
 Id: 54851012-7e47-11e4-b7de-a0b3cc80d116
 
Error - 12/7/2014 9:12:15 PM | Computer Name = CHRISSY-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
[ Hewlett-Packard Events ]
Error - 8/30/2012 2:15:33 PM | Computer Name = chrissy-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportAssistant.Common.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportAssistant.Common.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
 HP.SupportAssistant.Common    Name: HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files
 (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 6091  Ram Utilization:
 50  TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()
 
 
Error - 8/30/2012 2:15:37 PM | Computer Name = chrissy-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   at HP.SupportAssistant.Common.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportAssistant.Common.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
 HP.SupportAssistant.Common    Name: HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files
 (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 6091  Ram Utilization:
 50  TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()
 
 
Error - 12/12/2012 4:00:25 PM | Computer Name = chrissy-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 12/12/2012 4:00:35 PM | Computer Name = chrissy-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: Failed to perform update.  StackTrace:   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager  InnerException.Message:
 Object '/fdcf70c6_1d17_47c6_82b2_a81663ee99f5/jbg6t+b4y7ywnnu0swg9dge0_45.rem' 
has been disconnected or does not exist at the server.    Name: hpsa_service.exe  Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 6091  Ram Utilization: 40  TargetSite: Void UpdateDetail(System.String)  
 
Error - 1/9/2013 4:42:49 PM | Computer Name = chrissy-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087  Server stack trace:      at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs, TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs)     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
 methodCall, ProxyOperationRuntime operation)     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
 message)    Exception rethrown at [0]  Message: The server did not provide a meaningful
 reply; this might be caused by a contract mismatch, a premature session shutdown
 or an internal server error.  StackTrace:  Server stack trace:      at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs, TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs)     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
 methodCall, ProxyOperationRuntime operation)     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
 message)    Exception rethrown at [0]:      at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
 reqMsg, IMessage retMsg)     at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
 msgData, Int32 type)     at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()
 
   at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Source: mscorlib
 
Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: en-US  RAM: 6091  Ram Utilization:   TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
 System.Runtime.Remoting.Messaging.IMessage)  
 
Error - 1/9/2013 4:43:09 PM | Computer Name = chrissy-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 3/7/2014 10:52:33 AM | Computer Name = chrissy-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
 
   at HP.SupportFramework.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan, Boolean isAsync)  Message: Failed to perform update.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
 
   at HP.SupportFramework.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan, Boolean isAsync)  Source: HP.ActiveCheckLocalMode.SessionManager
InnerException.Message:
 Object '/e466160c_6a2f_44e3_8b55_4c2c8064731a/8tmispju4xoy4gaysrt71r2w_25.rem' 
has been disconnected or does not exist at the server.    Name: hpsa_service.exe  Version:
 07.00.00.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 6091  Ram Utilization: 30  TargetSite: Void UpdateDetail(System.String)  
 
Error - 3/15/2014 10:25:15 PM | Computer Name = chrissy-HP | Source = HPSF.exe | ID = 2000
Description = 
 
[ HP Software Framework Events ]
Error - 6/20/2012 3:18:09 PM | Computer Name = chrissy-HP | Source = CaslWmi | ID = 5
Description = 2012/06/20 14:18:09.975|00000DC8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 6/20/2012 3:18:15 PM | Computer Name = chrissy-HP | Source = CaslWmi | ID = 5
Description = 2012/06/20 14:18:15.242|00001B84|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 6/27/2012 4:31:21 PM | Computer Name = chrissy-HP | Source = CaslWmi | ID = 5
Description = 2012/06/27 15:31:21.506|00001A34|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 7/4/2012 3:43:21 PM | Computer Name = chrissy-HP | Source = CaslWmi | ID = 5
Description = 2012/07/04 14:43:20.806|000024DC|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Not supported '
 
Error - 7/4/2012 3:43:22 PM | Computer Name = chrissy-HP | Source = CaslWmi | ID = 5
Description = 2012/07/04 14:43:22.113|000024DC|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 7/11/2012 1:03:45 PM | Computer Name = chrissy-HP | Source = CaslWmi | ID = 5
Description = 2012/07/11 12:03:45.798|000015E8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 7/11/2012 1:04:49 PM | Computer Name = chrissy-HP | Source = CaslWmi | ID = 5
Description = 2012/07/11 12:04:49.576|00001D38|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 7/11/2012 1:04:52 PM | Computer Name = chrissy-HP | Source = CaslWmi | ID = 5
Description = 2012/07/11 12:04:52.923|0000187C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 7/19/2012 10:52:46 AM | Computer Name = chrissy-HP | Source = CaslWmi | ID = 5
Description = 2012/07/19 09:52:46.555|00000BA4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 7/25/2012 12:34:45 PM | Computer Name = chrissy-HP | Source = CaslWmi | ID = 5
Description = 2012/07/25 11:34:45.758|000009F8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
[ System Events ]
Error - 2/3/2014 11:53:44 AM | Computer Name = chrissy-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR6.
 
Error - 2/6/2014 6:32:09 PM | Computer Name = chrissy-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR11.
 
Error - 2/18/2014 7:07:28 PM | Computer Name = chrissy-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:18:42 AM on ?2/?18/?2014 was unexpected.
 
Error - 2/18/2014 11:41:37 PM | Computer Name = chrissy-HP | Source = DCOM | ID = 10010
Description = 
 
Error - 3/4/2014 7:54:49 PM | Computer Name = chrissy-HP | Source = bowser | ID = 8003
Description = 
 
Error - 3/8/2014 11:36:52 AM | Computer Name = chrissy-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:35:57 AM on ?3/?8/?2014 was unexpected.
 
Error - 3/16/2014 10:23:36 PM | Computer Name = chrissy-HP | Source = DCOM | ID = 10010
Description = 
 
Error - 3/24/2014 8:55:04 PM | Computer Name = chrissy-HP | Source = DCOM | ID = 10010
Description = 
 
Error - 3/24/2014 8:55:07 PM | Computer Name = chrissy-HP | Source = DCOM | ID = 10010
Description = 
 
Error - 3/24/2014 8:55:37 PM | Computer Name = chrissy-HP | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >

  • 0

#4
BrianDrab
Posted 04 January 2015 - 08:56 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

No problem. One question I have. Are you aware that your System Restore is disabled? Was this intentional?


  • 0

#5
fallswhoop98
Posted 04 January 2015 - 09:53 PM

fallswhoop98

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

I do not believe that I intentionally disabled the System Restore.


  • 0

#6
BrianDrab
Posted 05 January 2015 - 10:32 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Thank you for your information. Please follow the instructions below.

 

Step#1 - Warnings

 

Low on Disk Space
Your C:\ drive is low on space. It has about 10% percent free disk space. This can adversely affect the performance of your computer. It's recommended to have at least 15% free disk space so that tools such as the automated defragger can keep your drive optimized.

 

 

Step#2 - JRT
 
Note: Please disable your Antivirus Software before doing Bullet#1. Info on how to do this is here.
1. Download Junkware Removal Tool to your desktop.
2. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
3, The tool will open and start scanning your system.
4. Please be patient as this can take a while to complete depending on your system's specifications.
5. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
6. Close the text file and reboot your machine.
7. After your machine is rebooted, please re-enable your antivirus.
8. Post the contents of JRT.txt into your next message.

 

 

Step#3 - OTL Fix

1. Right click on OTL.exe and choose Run as administrator.
2. Copy all the code below and paste it into the Custom Scans/Fixes section at the very bottom of the OTL program. Do NOT include the word Quote.
 
 

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows NT\SystemRestore]

 

:Commands
[CreateRestorePoint]

 

:OTL
PRC - [2014/11/10 21:52:55 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Users\chrissy\AppData\LocalLow\Adobe\Ptiepmgjdo\Siawesfwt\Tnulqltoe.exe
MOD - [2014/12/26 11:15:23 | 000,266,240 | ---- | M] () -- C:\Users\chrissy\AppData\Local\Temp\fstqfzk.dll
MOD - [2014/11/10 21:52:55 | 014,669,128 | ---- | M] () -- C:\Users\chrissy\AppData\LocalLow\Adobe\Ptiepmgjdo\Siawesfwt\36.0.1985.143\PepperFlash\pepflashplayer.dll
MOD - [2014/11/10 21:52:55 | 008,537,928 | ---- | M] () -- C:\Users\chrissy\AppData\LocalLow\Adobe\Ptiepmgjdo\Siawesfwt\36.0.1985.143\pdf.dll
MOD - [2014/11/10 21:52:55 | 001,732,936 | ---- | M] () -- C:\Users\chrissy\AppData\LocalLow\Adobe\Ptiepmgjdo\Siawesfwt\36.0.1985.143\ffmpegsumo.dll
MOD - [2014/11/10 21:52:55 | 000,718,152 | ---- | M] () -- C:\Users\chrissy\AppData\LocalLow\Adobe\Ptiepmgjdo\Siawesfwt\36.0.1985.143\libglesv2.dll
MOD - [2014/11/10 21:52:55 | 000,353,096 | ---- | M] () -- C:\Users\chrissy\AppData\LocalLow\Adobe\Ptiepmgjdo\Siawesfwt\36.0.1985.143\ppgooglenaclpluginchrome.dll
MOD - [2014/11/10 21:52:55 | 000,126,280 | ---- | M] () -- C:\Users\chrissy\AppData\LocalLow\Adobe\Ptiepmgjdo\Siawesfwt\36.0.1985.143\libegl.dll
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKCU..\Run: [Otgpuozkwdji] C:\Users\chrissy\AppData\Local\{7093A744-9E19-4332-AB8D-3CFF0FE4828A}\Otgpuozkwdji.dll ()
[2015/01/01 00:36:19 | 000,000,000 | ---D | C] -- C:\Users\chrissy\AppData\Local\{C05A1AA8-77F4-4A8A-80A5-906CD093C9D1}

 

:Files
C:\Users\chrissy\AppData\LocalLow\Adobe\Ptiepmgjdo
C:\Users\chrissy\AppData\Local\{7093A744-9E19-4332-AB8D-3CFF0FE4828A}

 

:Commands
[EmptyTemp]

 
3. Click the Run Fix button. OTL will ask to reboot the machine. Please do so when asked.
4. After the reboot a log file should open. Copy/Paste the contents of the log that opens and post in your next reply. If for some reason the log file does not appear then you can
    open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder,
    and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

 

 

Step#4 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

 

Step#5 - FRST Scan
 
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.

 

  

 

Items for your next post

1. JRT Log

2. OTL Fix Log

3. AdwCleaner Log

4. FRST and Addition logs


  • 0

#7
fallswhoop98
Posted 05 January 2015 - 11:58 PM

fallswhoop98

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Thanks!  Let me know if you have any other recommended steps.

 

Contents of JRT log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by chrissy on Mon 01/05/2015 at 23:00:34.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\chrissy\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{01F4FEE3-6919-4502-8312-ADB2D47CB478}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{04E9AD4F-1E67-48AC-A0EB-896B9A656FAF}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{067F5188-9E60-4952-B711-5A8A607731FC}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{074095DD-F4E8-44A0-9E8E-E68648C8A1E0}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{07D107FE-7762-4ADC-A876-B021EF664536}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{0874B1C8-ED42-4B69-A126-9DAAE1CD6AAE}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{08C14852-B933-4D09-BA40-4B272FAB141B}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{0D5FF501-39A6-4CF5-94AB-89F431CF0CFA}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{0DC2C2B4-1D0D-44B5-86F8-09E99A220B25}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{107EEF76-A900-41BA-BE2F-776C83030159}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{14E2B145-1EEA-4DA4-B424-2F1972A3142C}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{1837ECED-9515-4CAD-AE88-95FEBA560F0F}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{1914989E-48C6-4FB0-AB3A-40236C67E988}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{1A556A12-795A-4770-84D5-149B7F2E7D47}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{1AEAB636-CDC3-4ED0-96A6-4E5B9F38ACF7}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{1D162F58-72B4-4BDF-B1E0-1F594520F1DD}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{1F2F7B76-BD6F-4FB3-B95E-87E0F7A5D2E2}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{217986D4-6568-4054-967F-D599E4C7C834}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{22F0F5C4-0F88-48E9-9430-95BF5762E936}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{24C3A161-C111-4FAC-B365-9082FCCA5574}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{2A383A8F-92F7-4F0E-A6DE-036C8262E197}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{2BFED33C-356F-46F3-82E4-C4C40955A8E4}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{300AF66A-E9AA-40A6-89E3-5AEE0F1B754C}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{30650A7F-940E-4F40-BE3E-A9E51E917FBB}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{310B9045-6B0E-421D-84CE-18C2949E3AAD}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{3424153C-A0AD-4DB9-86D0-2283EB746389}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{34B75BAC-88D1-4295-A691-E3A48E0E541B}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{3537DE25-AEBE-4E17-BDC2-BBCBF9D93A79}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{35ED4907-2B7E-412D-A85A-BFB64084A84B}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{3609D000-57E0-408A-BB79-D2C68DA6519F}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{372BFF15-ED8C-41FE-96EA-3D09459E5815}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{375AF241-2E80-416C-9A4D-D2BEC8DE86F6}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{39FC1752-32F6-44E8-BAF7-1D7D7637BF55}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{3B2F2381-E1D4-4D42-9DE4-164983984798}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{3B914261-93D0-4B19-A76C-AE2FC2B070A0}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{3D480859-8478-4E44-8EC4-0C76E1C4304B}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{3E0DF59F-847D-474D-A69D-6AA70DBDA682}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{416DAB83-25C8-46C6-AD04-87F9FFB775DD}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{4809F075-477A-4252-AD2F-1C9085EB9ACB}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{495AE8EE-ED64-46BF-969E-6CC5CA771191}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{4A848CFA-6E37-495C-895A-B687C4E52C24}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{4A92B2A8-B9EB-477C-9899-F0B612676B1D}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{4B7CE9C3-A61D-4475-A6B2-E0F426A5721F}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{4C50A33F-524B-4129-8ED1-DC1162558F1F}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{52FAE0BF-DA76-4677-9A7A-9F7159E8DD72}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{5465BC55-857A-4DE9-ACF0-4AE8D461982D}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{54E0FFEA-0092-4CD1-8B20-6742B7F48877}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{55E9C427-E80A-4754-AE7F-89B6D4E46E50}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{56D1F8DA-C713-4E59-9149-F4D8873978D6}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{57089599-6F1B-4E0A-A8B4-A22B83AE8BEF}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{5CCFF429-8E7D-42B9-9F47-162C48673D54}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{5F14B25F-4A8A-47DB-8CA2-2206482C9695}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{643A71B2-5580-48F9-9CD4-0658B91CCCC2}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{66F43116-CE6D-46FC-BC4C-C1ADAC0800AD}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{6B38EE4C-FD1C-4847-A98F-8449F3F36F13}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{6D847045-2371-46EE-9877-C4044D8E57C2}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{70B65D25-B4AC-4C09-B903-88FD5BC4905D}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{73C78FE7-E6CD-42FD-BC72-90E13BF90274}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{77CD76F6-E413-4453-99D8-DF8E0C379A61}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{791A3B68-0F61-4BB0-A9F0-6708E86040C9}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{7950628D-EB02-46EE-B1AA-EEFDDCF2F5DA}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{81C3C106-05C9-4E5B-91FD-561D0DCC6A23}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{84946CFD-F074-45C5-9C82-DBD94F325A42}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{8620183C-28C4-442A-9116-63BA58D1DAFC}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{87F118B7-AD62-4497-829B-2EDB8C37F3D0}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{8B36B408-BBB6-4583-9C3D-851E856DA8AF}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{8C9B897F-69E6-49BB-BA08-93BCDB167265}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{8CD4A707-7E76-487F-AF11-F5A7B25D89B3}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{980ADE56-A310-4B16-86A4-93A29B4DEEFB}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{9827CBE1-F7D4-4697-B474-411339CBF61F}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{9C767808-67D2-4C70-84E2-03C00BC1D676}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{A09A55F7-7965-4134-904A-20AEB5ADE82E}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{A58081CD-66C5-49DD-AC6E-4E528F24EE5D}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{A5B18DF5-3271-43A2-8171-7CEBBE22F182}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{A6912BD9-7B31-4692-8E87-CD74B68B199B}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{A7FFD9B5-C6B0-4289-ABF1-FCB4BB131EA2}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{A8F974DF-3661-444A-9682-B350D4494BC2}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{AAA54144-521D-4109-9FC5-2AC4B076D2B7}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{B19B7F6F-8AB9-498E-B301-40086828C1B5}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{B5D18FE4-52B3-4846-903A-06EEE2A4721D}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{BAEBB411-5040-4E0E-AFCE-DCFFAE6C4E82}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{BBD42D96-28AF-4F5D-AE8E-E89911B62E34}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{BF46F357-2BD9-4B3F-A51C-BF12313AA625}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{C05A1AA8-77F4-4A8A-80A5-906CD093C9D1}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{C0B73AA2-04D9-47B2-A5E2-484E1CA18299}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{C1468567-68E4-4172-BEA6-E6B4192E7B06}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{C4C5F8B9-5D2B-494F-A586-0F720D7376E5}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{CACBB649-1208-40DB-A7CB-C581F98C9E67}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{CB6911EC-9A3A-4C39-BFEB-36F325E74E05}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{CBC50FCE-E58F-420B-AA67-60A7D6F10506}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{CCA36994-59D1-4AD4-A3AB-C69A3F3C2778}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{D0A216F6-AF97-45D8-B55B-1D52A3048797}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{DA28626B-FC7B-4B50-9988-46FE591C418B}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{DC139673-160C-4C54-98E5-2456D0C7BF1D}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{DD885D3F-AB19-4C28-BE94-A8C6DD11E5FB}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{E5F3DAEF-0A48-4C4F-82C6-9E55766F9914}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{E90BD108-ECAF-40D1-A1BA-E9CCB227A15C}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{EFD2012B-5807-43E0-848F-6D423DC21A5F}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{F2A42A03-D152-4647-9D84-B01CAE8C00B0}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{F2AAEEDD-DD91-4733-A3BB-36DA2536F8B1}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{F430E6F0-19EA-4DCB-8BF7-A84A1686FB84}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{F910F274-29C4-4458-9F57-280E6024E889}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{FA8E7EEB-0A82-4759-985D-A1AB5FBF4DDF}
Successfully deleted: [Empty Folder] C:\Users\chrissy\appdata\local\{FC371725-4471-4F04-ABA4-6DD0F177103B}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/05/2015 at 23:05:58.55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Contents of OTL fix log
 
All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows NT\SystemRestore\ not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Process Tnulqltoe.exe killed successfully!
Releasing module C:\Users\chrissy\AppData\Local\Temp\fstqfzk.dll
C:\Users\chrissy\AppData\Local\Temp\fstqfzk.dll moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Conime deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Otgpuozkwdji deleted successfully.
C:\Users\chrissy\AppData\Local\{7093A744-9E19-4332-AB8D-3CFF0FE4828A}\Otgpuozkwdji.dll moved successfully.
Folder C:\Users\chrissy\AppData\Local\{C05A1AA8-77F4-4A8A-80A5-906CD093C9D1}\ not found.
========== FILES ==========
C:\Users\chrissy\AppData\LocalLow\Adobe\Ptiepmgjdo\Siawesfwt\Dictionaries folder moved successfully.
C:\Users\chrissy\AppData\LocalLow\Adobe\Ptiepmgjdo\Siawesfwt\36.0.1985.143\VisualElements folder moved successfully.
C:\Users\chrissy\AppData\LocalLow\Adobe\Ptiepmgjdo\Siawesfwt\36.0.1985.143\PepperFlash folder moved successfully.
C:\Users\chrissy\AppData\LocalLow\Adobe\Ptiepmgjdo\Siawesfwt\36.0.1985.143\Locales folder moved successfully.
C:\Users\chrissy\AppData\LocalLow\Adobe\Ptiepmgjdo\Siawesfwt\36.0.1985.143\Extensions folder moved successfully.
C:\Users\chrissy\AppData\LocalLow\Adobe\Ptiepmgjdo\Siawesfwt\36.0.1985.143\default_apps folder moved successfully.
C:\Users\chrissy\AppData\LocalLow\Adobe\Ptiepmgjdo\Siawesfwt\36.0.1985.143 folder moved successfully.
C:\Users\chrissy\AppData\LocalLow\Adobe\Ptiepmgjdo\Siawesfwt folder moved successfully.
C:\Users\chrissy\AppData\LocalLow\Adobe\Ptiepmgjdo\elkyiuwkfnoi folder moved successfully.
C:\Users\chrissy\AppData\LocalLow\Adobe\Ptiepmgjdo\Dmgbqnyjfay folder moved successfully.
C:\Users\chrissy\AppData\LocalLow\Adobe\Ptiepmgjdo folder moved successfully.
C:\Users\chrissy\AppData\Local\{7093A744-9E19-4332-AB8D-3CFF0FE4828A} folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: chrissy
->Temp folder emptied: 4188946 bytes
->Temporary Internet Files folder emptied: 409031207 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 222381783 bytes
->Google Chrome cache emptied: 105894519 bytes
->Flash cache emptied: 506 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19374 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 707.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01052015_230934
 
Files\Folders moved on Reboot...
File\Folder C:\Users\chrissy\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File move failed. C:\Users\chrissy\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
C:\Windows\temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\FXSTIFFDebugLogFile.txt moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
Contents of AdwCleaner log
 
# AdwCleaner v4.106 - Report created 05/01/2015 at 23:31:12
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : chrissy - CHRISSY-HP
# Running from : C:\Users\chrissy\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\Tweaks
Folder Deleted : C:\Program Files\PC Optimizer Pro
Folder Deleted : C:\Users\chrissy\AppData\Roaming\1H1Q
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Windows\System32\roboot64.exe
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Enthusiast Games.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\systweak
Key Deleted : HKLM\SOFTWARE\systweak
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Mozilla Firefox v34.0.5 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\chrissy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\chrissy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [2231 octets] - [05/01/2015 23:28:26]
AdwCleaner[S0].txt - [2155 octets] - [05/01/2015 23:31:12]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2215 octets] ##########
 
Contents of FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015
Ran by chrissy (administrator) on CHRISSY-HP on 05-01-2015 23:35:11
Running from C:\Users\chrissy\Desktop
Loaded Profile: chrissy (Available profiles: chrissy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2922496 2011-06-16] (Eastman Kodak Company)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-07] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-03-26] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2234840 2012-06-18] (Eastman Kodak Company)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\chrissy\AppData\Roaming\Mozilla\Firefox\Profiles\akdn4yie.default-1411873159929
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2014-12-12]
FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-03-26]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\chrissy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-09]
CHR Extension: (Google Drive) - C:\Users\chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-09]
CHR Extension: (YouTube) - C:\Users\chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-09]
CHR Extension: (Google Cast) - C:\Users\chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-07-09]
CHR Extension: (Google Search) - C:\Users\chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-09]
CHR Extension: (Google Wallet) - C:\Users\chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-09]
CHR Extension: (Gmail) - C:\Users\chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-09]
CHR HKLM-x32\...\Chrome\Extension: [bfmogjcijkfeahcajecmmegieipfbdcc] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-08-18]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Kodak AiO Status Monitor Service; C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [777728 2012-06-19] (Eastman Kodak Company) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-05 23:35 - 2015-01-05 23:38 - 00014678 _____ () C:\Users\chrissy\Desktop\FRST.txt
2015-01-05 23:34 - 2015-01-05 23:35 - 00000000 ____D () C:\FRST
2015-01-05 23:28 - 2015-01-05 23:31 - 00000000 ____D () C:\AdwCleaner
2015-01-05 23:09 - 2015-01-05 23:09 - 00000000 ____D () C:\_OTL
2015-01-05 23:05 - 2015-01-05 23:05 - 00012775 _____ () C:\Users\chrissy\Desktop\JRT.txt
2015-01-05 23:00 - 2015-01-05 23:00 - 00000000 ____D () C:\Windows\ERUNT
2015-01-05 22:58 - 2015-01-05 22:57 - 02123776 _____ (Farbar) C:\Users\chrissy\Desktop\FRST64.exe
2015-01-05 22:58 - 2015-01-05 22:55 - 02173952 _____ () C:\Users\chrissy\Desktop\AdwCleaner.exe
2015-01-05 22:58 - 2015-01-05 22:54 - 01707939 _____ (Thisisu) C:\Users\chrissy\Desktop\JRT.exe
2015-01-03 09:38 - 2015-01-03 09:38 - 00085006 _____ () C:\Users\chrissy\Desktop\Extras.Txt
2015-01-03 09:36 - 2015-01-03 09:36 - 00072506 _____ () C:\Users\chrissy\Desktop\OTL.Txt
2015-01-03 09:07 - 2015-01-03 09:05 - 00602112 _____ (OldTimer Tools) C:\Users\chrissy\Desktop\OTL.exe
2015-01-03 09:01 - 2015-01-03 09:01 - 00068174 _____ () C:\Users\chrissy\Downloads\newborns.htm
2014-12-22 23:10 - 2014-12-22 23:10 - 00000537 _____ () C:\DelFix.txt
2014-12-20 17:18 - 2014-12-20 17:18 - 00003789 _____ () C:\Users\chrissy\Downloads\fixlist.txt
2014-12-19 21:16 - 2015-01-05 23:32 - 00002456 _____ () C:\Windows\PFRO.log
2014-12-18 21:35 - 2015-01-05 23:21 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-17 22:03 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 22:02 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 21:28 - 2014-12-26 21:18 - 00003348 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3213345147-4210730247-2188965704-1000
2014-12-17 21:28 - 2014-12-26 21:18 - 00003218 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3213345147-4210730247-2188965704-1000
2014-12-16 22:29 - 2014-12-18 21:35 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-16 22:28 - 2014-12-18 21:23 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-16 22:28 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-16 22:28 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-16 22:27 - 2014-12-16 22:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-16 22:18 - 2014-12-16 22:27 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\chrissy\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-15 23:33 - 2014-12-15 23:33 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-15 22:23 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-15 22:23 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-15 22:23 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-15 22:23 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-15 22:23 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-15 22:23 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-15 22:23 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-15 22:23 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-15 22:23 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-15 22:23 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-12 21:42 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-12 21:42 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-12 21:33 - 2014-12-12 21:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-12 21:33 - 2014-11-26 19:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-12 21:33 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-12 21:33 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-12 21:33 - 2014-11-21 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-12 21:33 - 2014-11-21 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-12 21:33 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-12 21:33 - 2014-11-21 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-12 21:33 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-12 21:33 - 2014-11-21 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-12 21:33 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-12 21:33 - 2014-11-21 20:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-12 21:33 - 2014-11-21 20:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-12 21:33 - 2014-11-21 20:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-12 21:33 - 2014-11-21 20:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-12 21:33 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-12 21:33 - 2014-11-21 20:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-12 21:33 - 2014-11-21 20:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-12 21:33 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-12 21:33 - 2014-11-21 20:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-12 21:33 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-12 21:33 - 2014-11-21 20:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-12 21:33 - 2014-11-21 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-12 21:33 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-12 21:33 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-12 21:33 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-12 21:33 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-12 21:33 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-12 21:33 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-12 21:33 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-12 21:33 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-12 21:33 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-12 21:33 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-12 21:33 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-12 21:33 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-12 21:33 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-12 21:33 - 2014-11-21 19:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-12 21:33 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-12 21:33 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-12 21:33 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-12 21:33 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-12 21:33 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-12 21:33 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-12 21:33 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-12 21:33 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-12 21:33 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-12 21:33 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-12 21:33 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-12 21:33 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-12 21:33 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-12 21:33 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-12 21:33 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-12 21:33 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-12 21:33 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-12 21:33 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-12 21:27 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-12 21:27 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-12 21:27 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-12 21:21 - 2014-12-03 20:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-12 21:21 - 2014-12-03 20:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-12 21:21 - 2014-12-03 20:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-12 21:21 - 2014-12-03 20:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-12 21:21 - 2014-12-03 20:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-12 21:21 - 2014-12-03 20:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-12 21:21 - 2014-12-03 20:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-12 21:21 - 2014-12-01 17:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-12 21:21 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-12 21:21 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-12 21:21 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-12 21:21 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-12 21:21 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-12 21:21 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-12 21:21 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-12 21:21 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-12 21:21 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-12 21:21 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-12 21:16 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-12 21:16 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 22:02 - 2015-01-05 23:32 - 00001882 _____ () C:\Windows\setupact.log
2014-12-10 22:02 - 2014-12-10 22:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-10 21:46 - 2014-12-10 21:47 - 00185094 _____ () C:\Users\chrissy\Documents\cc_20141210_214545 backup.reg
2014-12-08 22:27 - 2014-12-16 22:07 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-08 22:23 - 2014-12-08 22:25 - 05162080 _____ (Piriform Ltd) C:\Users\chrissy\Downloads\ccsetup500.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-05 23:38 - 2011-12-12 02:30 - 01972426 _____ () C:\Windows\WindowsUpdate.log
2015-01-05 23:35 - 2014-07-09 15:19 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-05 23:32 - 2014-07-09 15:19 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-05 23:32 - 2012-06-18 21:28 - 00000000 ____D () C:\ProgramData\Kodak
2015-01-05 23:32 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-05 23:31 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-05 23:29 - 2009-07-13 22:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-05 23:29 - 2009-07-13 22:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-05 23:21 - 2012-12-04 15:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-05 23:09 - 2012-06-18 12:06 - 00000000 ____D () C:\Users\chrissy\AppData\Local\AuthenTec
2015-01-05 23:01 - 2013-10-18 11:25 - 00000000 ____D () C:\Users\chrissy\AppData\Local\{6475797A-84E2-4673-9040-48AC730D5F97}
2015-01-05 23:00 - 2009-07-13 23:13 - 00796812 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-05 22:51 - 2013-02-02 09:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-05 15:29 - 2012-06-18 14:18 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B276584C-4FEB-4413-8A30-A2AEF7C479B9}
2015-01-03 11:06 - 2014-08-30 21:30 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForchrissy
2015-01-03 11:06 - 2014-08-30 21:30 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForchrissy.job
2014-12-29 23:36 - 2014-09-01 09:31 - 00003370 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3213345147-4210730247-2188965704-1000
2014-12-29 23:36 - 2014-02-18 21:45 - 00003240 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3213345147-4210730247-2188965704-1000
2014-12-24 22:26 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-12-19 23:04 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-12-19 20:44 - 2012-08-10 21:05 - 00000000 ____D () C:\Users\chrissy\AppData\Local\CrashDumps
2014-12-17 21:43 - 2009-07-13 23:08 - 00030492 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-15 23:33 - 2014-05-07 14:44 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-15 23:33 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-15 23:33 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-15 23:22 - 2013-08-14 07:53 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-15 22:36 - 2012-08-08 20:40 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-12 22:20 - 2014-07-09 15:20 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 16:33 - 2013-02-02 09:14 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-12 16:33 - 2012-12-04 15:53 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-12 16:33 - 2011-10-29 21:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 22:22 - 2013-05-12 14:55 - 00189952 ___SH () C:\Users\chrissy\Desktop\Thumbs.db
2014-12-10 21:49 - 2014-08-16 21:54 - 00003114 _____ () C:\Windows\System32\Tasks\{51FD0240-2160-4FBA-9C8D-4C7DFF571147}
2014-12-09 09:36 - 2007-01-01 19:25 - 00000000 ____D () C:\Windows\Panther
2014-12-08 22:19 - 2013-07-31 18:49 - 00000000 ____D () C:\ProgramData\Apple
 
Some content of TEMP:
====================
C:\Users\chrissy\AppData\Local\Temp\Quarantine.exe
C:\Users\chrissy\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-19 22:51
 
==================== End Of Log ============================
 
Contents of Addition log
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2015
Ran by chrissy at 2015-01-05 23:38:50
Running from C:\Users\chrissy\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
5D Embroidery Machine Communication (HKLM-x32\...\{8DD32D05-002D-4771-94F4-5E91377A402C}) (Version: 1.05.1000 - VSM Software Ltd.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 6.2.3.10 - Your Company Name) Hidden
aioscnnr (x32 Version: 7.3.4.0 - Your Company Name) Hidden
AuthenTec TrueAPI (Version: 1.3.0.139 - AuthenTec, Inc.) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Utilities Digital Photo Professional 3.4 (HKLM-x32\...\DPP) (Version: 3.4.0.0 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.3.0.0 - Canon Inc.)
center (x32 Version: 6.2.5.0 - Eastman Kodak Company) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cool Calendar Packages (HKU\S-1-5-21-3213345147-4210730247-2188965704-1000\...\Cool Calendar Packages) (Version:  - ) <==== ATTENTION
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4528 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
essentials (x32 Version: 6.0.14.0 - Eastman Kodak Company) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{6032497A-4479-462B-ADB8-A0A372BB9A23}) (Version: 1.0.409.3882 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{BC6CB499-9F29-4B41-8B8B-FA7248525256}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{562608FE-2051-4488-BF22-8CE4C03046AC}) (Version: 1.0.12 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP SimplePass PE 2011 (HKLM-x32\...\{4741965C-AFD0-4D00-81D1-1039F96D4DC3}) (Version: 5.3.0.264 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kodak AIO Printer (Version: 7.5.0.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.5.9.60 - Eastman Kodak Company)
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyCalendar (HKLM-x32\...\Tweaks MyCalendar) (Version: 1.1.3 - Tweaks)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pentair ScreenLogic (HKLM-x32\...\{D10B9BEF-B4DF-4719-8617-E23B1994A9D7}) (Version: 5.2.580.0 - Pentair)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
Print Workshop 2004 LE (HKLM-x32\...\{952682F8-F40D-11D7-AD8E-0050DA87D0EB}) (Version:  - )
Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.2.13.0 - Ralink)
RealDownloader (x32 Version: 1.3.1 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.85 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VIP Access SDK (1.0.1.2)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.2 - Symantec Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
05-01-2015 23:09:45 OTL Restore Point - 1/5/2015 11:09:45 PM
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {03A81BDE-2303-4284-991B-D06B10F4DC2D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {12901ADC-E4C6-40CD-9066-5DE9822267AE} - System32\Tasks\HPCeeScheduleForchrissy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {15C265AC-8F27-48EF-8CFC-41021255D7BA} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3213345147-4210730247-2188965704-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {27A34EC6-9AB8-4DA3-991C-41E7DB79A885} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-09] (Google Inc.)
Task: {37C90F94-6AD3-4878-A247-874F46522E9A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-09] (Google Inc.)
Task: {3D4E0F6A-A9DC-45D2-9DC4-6FFCF865D327} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3213345147-4210730247-2188965704-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {4B765FEA-E288-473A-B128-6C3EE7A8A6EB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-12] (Adobe Systems Incorporated)
Task: {536E9346-25A7-469C-8E1F-BF4DFC909D54} - System32\Tasks\{51FD0240-2160-4FBA-9C8D-4C7DFF571147} => pcalua.exe -a C:\ProgramData\Blasteroids\uninstall.exe -c /kb=y /ic=1
Task: {6231A2C3-CEB3-4318-BD4D-563D718E712D} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3213345147-4210730247-2188965704-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {A17AF7A7-F54F-484B-BFBB-4D847F23671B} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3213345147-4210730247-2188965704-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-03-06] (RealNetworks, Inc.)
Task: {A197C99F-30D6-4606-9511-8249B96AD4DB} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3213345147-4210730247-2188965704-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {BA24867C-6346-49D2-82A3-E421BB7ADA0E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {BD20E36D-5C3E-4F35-B845-783B02A043FE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe
Task: {BF755A26-384D-4427-BC5E-70791F6515F5} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-09-28] (CyberLink)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForchrissy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-03-06 01:21 - 2013-03-06 01:21 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-12-19 22:34 - 2011-12-19 22:34 - 00108880 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
2011-08-26 13:53 - 2011-08-26 13:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-10-18 18:47 - 2014-10-18 18:47 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c152a64e30c5b94894d75ac86aa7aad2\IsdiInterop.ni.dll
2011-12-12 02:28 - 2011-04-30 02:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3213345147-4210730247-2188965704-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3213345147-4210730247-2188965704-1004 - Limited - Enabled)
chrissy (S-1-5-21-3213345147-4210730247-2188965704-1000 - Administrator - Enabled) => C:\Users\chrissy
Guest (S-1-5-21-3213345147-4210730247-2188965704-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3213345147-4210730247-2188965704-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/05/2015 11:32:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/05/2015 11:32:45 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.
 
Error: (01/05/2015 11:32:45 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.
 
Error: (01/05/2015 11:32:45 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: XML document load failed for file: C:\ProgramData\VirtualizedApplications\Patch_ready\{90140011-0066-0409-0000-0000000FF1CE}\descriptor.xml HResult: 0x1. OException caught while loading the descriptor xml
 
Error: (01/05/2015 11:22:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/05/2015 11:22:16 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.
 
Error: (01/05/2015 11:22:16 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.
 
Error: (01/05/2015 11:22:16 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: XML document load failed for file: C:\ProgramData\VirtualizedApplications\Patch_ready\{90140011-0066-0409-0000-0000000FF1CE}\descriptor.xml HResult: 0x1. OException caught while loading the descriptor xml
 
 
System errors:
=============
Error: (01/05/2015 11:31:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/05/2015 11:31:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (01/05/2015 11:31:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (01/05/2015 11:31:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/05/2015 11:31:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/05/2015 11:31:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (01/05/2015 11:31:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (01/05/2015 11:31:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Software Framework Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/05/2015 11:31:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Client Virtualization Handler service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/05/2015 11:31:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (01/05/2015 11:32:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/05/2015 11:32:45 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.
 
Error: (01/05/2015 11:32:45 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.
 
Error: (01/05/2015 11:32:45 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: XML document load failed for file: C:\ProgramData\VirtualizedApplications\Patch_ready\{90140011-0066-0409-0000-0000000FF1CE}\descriptor.xml HResult: 0x1. OException caught while loading the descriptor xml
 
Error: (01/05/2015 11:22:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/05/2015 11:22:16 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.
 
Error: (01/05/2015 11:22:16 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.
 
Error: (01/05/2015 11:22:16 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: XML document load failed for file: C:\ProgramData\VirtualizedApplications\Patch_ready\{90140011-0066-0409-0000-0000000FF1CE}\descriptor.xml HResult: 0x1. OException caught while loading the descriptor xml
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 32%
Total physical RAM: 6091.86 MB
Available physical RAM: 4093.85 MB
Total Pagefile: 12181.9 MB
Available Pagefile: 10301.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:441.63 GB) (Free:41.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:19.97 GB) (Free:2.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
Drive g: () (Removable) (Total:0.02 GB) (Free:0.01 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E861ED1B)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=441.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
 
========================================================
Disk: 1 (Size: 15.8 MB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

  • 0

#8
BrianDrab
Posted 06 January 2015 - 10:00 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Thank you. Looks like the main infection is killed. A few more things to clean up. Let's check to ensure there is nothing else.

 

Step#1 - Warnings

No Antivirus Detected
It's critical that you have a reputable antivirus software installed on your machine at all times. One AV is a must have! But never more than one, as this can and will cause conflicts and false readings. I have listed a couple recommended free AV's below which are as good as any paid subscription AV, as long as you allow them to update themselves. Before continuing on you need to download and install one to prevent any infections from spreading. I use Microsoft Security Essentials on my home machines but the choice is yours.
 
Microsoft Security Essentials
Avast! (If you decide on this one, please ensure you uncheck the Google Toolbar and Google Chrome that is offered on the first screen of the install...unless you want them for some reason). In addition if you choose Avast!, please ensure that Windows Defender is disabled. Instructions for doing so are here.

 

Step#2 - Uninstalls
Please uninstall the following programs one at a time. Instructions for doing so are here.

If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are either outdated, malware/adware, have a bad reputation or are not recommended. If you absolutely must have one of them I suggest that you wait until you are declared clean before reinstalling.

 

Java 7 Update 60 (You will have a chance later to update this to the newest version if you actually use Java)

 

 

Step#3 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   636bytes   105 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

 

Step#4 - Fix IE Ability to Download

If you still get a message "Your current security settings do not allow this file to be downloaded" when attempting to download in IE please follow these instructions to rectify.

1. Open Internet Explorer

2. Click the Tools icon (picture of the gear icon in the upper right) and select Internet Options.

InternetOptions.JPG

 

3. Click the Security tab and click on Reset all zones to default level.

ResetAllZones.JPG

 

4. Click OK.

5. Close IE and re-open it and you should now be able to download again. The malware likely changed these settings on you.

 

 

Step#5 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

  

 

Items for your next post

1. FRST Fix log

2. Rootkit Scan log


  • 0

#9
fallswhoop98
Posted 08 January 2015 - 11:29 PM

fallswhoop98

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

FRST fix log (fixlog.txt)

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2015
Ran by chrissy at 2015-01-07 01:10:19 Run:1
Running from C:\Users\chrissy\Desktop
Loaded Profile: chrissy (Available profiles: chrissy)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
2015-01-05 23:01 - 2013-10-18 11:25 - 00000000 ____D () C:\Users\chrissy\AppData\Local\{6475797A-84E2-4673-9040-48AC730D5F97}
Task: {536E9346-25A7-469C-8E1F-BF4DFC909D54} - System32\Tasks\{51FD0240-2160-4FBA-9C8D-4C7DFF571147} => pcalua.exe -a C:\ProgramData\Blasteroids\uninstall.exe -c /kb=y /ic=1
cmd: bitsadmin /reset /allusers
EmptyTemp:
*****************
 
Restore point was successfully created.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Users\chrissy\AppData\Local\{6475797A-84E2-4673-9040-48AC730D5F97} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{536E9346-25A7-469C-8E1F-BF4DFC909D54}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{536E9346-25A7-469C-8E1F-BF4DFC909D54}" => Key deleted successfully.
C:\Windows\System32\Tasks\{51FD0240-2160-4FBA-9C8D-4C7DFF571147} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{51FD0240-2160-4FBA-9C8D-4C7DFF571147}" => Key deleted successfully.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{FA33E727-A570-4E33-95DB-436ADD869945} canceled.
{D1A1AEF7-D960-43B3-9BD9-A1536CC7D5B7} canceled.
{C2B9DCD6-2EA8-4179-8D26-090207F8B761} canceled.
{6F195595-46F1-42A2-AB19-3591DCE6841D} canceled.
{3BB40938-39D6-4F4A-BC1B-B77D410972AD} canceled.
{970A617F-DFBB-46A8-B67A-C6A0C784D8AA} canceled.
{FF8B1824-218B-46CA-9D15-2C3959B5A4B4} canceled.
{B5338A89-5B74-4718-80B5-1002E438BC6A} canceled.
{D21696E0-F29D-4420-812A-6C9DE71D6358} canceled.
{2B0290E1-72D4-4176-8308-F3ABA1D2E3FF} canceled.
{3944BD89-037C-4E30-9CBF-E38A1912D557} canceled.
{778849EC-BB85-4750-8A5D-3FC187D586EB} canceled.
{BED56C31-CC05-4FB0-8B8F-8DDA1D44BF41} canceled.
{A6CAF443-8A68-4846-8B2C-F03AADAE7217} canceled.
{2BB32739-160A-4567-A669-0416CAD397D2} canceled.
{994FB5D6-411E-496E-AAC4-0E7BE7BFDAD3} canceled.
{A10A8144-E5E0-4249-948B-DD56037461F9} canceled.
{F1F98B69-47C7-43AA-A33A-BD899CC1458C} canceled.
{F0F65BDB-0548-47A1-92EA-0AD96A8605CC} canceled.
{9EDBC44C-2B35-4EAD-8EDD-22253EFE13C2} canceled.
{FA803F4D-7892-486E-8DAE-C08758AD77C8} canceled.
{E87D14AE-2BC2-452B-BD86-3C04AE1B60EB} canceled.
{9EBBFA21-6C83-4EBE-BCF1-8098847E28F8} canceled.
{239AF16D-D3B2-46C7-B1C6-4029C998CC98} canceled.
{BDD00924-DB67-44DE-8716-A78459A60C93} canceled.
{72CB35C2-EFF4-42C9-AECF-FCEAF06436C9} canceled.
{77ADB6C4-5BCA-4399-ABB9-358D5167663F} canceled.
{13EC1694-BD30-4820-A4BD-1E2FC1EECECD} canceled.
28 out of 28 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 155.6 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 01:10:41 ====

 

 

Rootkit scan log

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-01-08 20:24:48
-----------------------------
20:24:48.649    OS Version: Windows x64 6.1.7601 Service Pack 1
20:24:48.649    Number of processors: 4 586 0x2A07
20:24:48.649    ComputerName: CHRISSY-HP  UserName: chrissy
20:24:51.691    Initialize success
20:24:52.533    VM: initialized successfully
20:24:52.533    VM: Intel CPU BiosDisabled 
20:27:01.291    AVAST engine defs: 15010801
20:27:19.871    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:27:19.871    Disk 0 Vendor: Hitachi_ JE3O Size: 476940MB BusType: 3
20:27:19.980    Disk 0 MBR read successfully
20:27:19.995    Disk 0 MBR scan
20:27:20.073    Disk 0 Windows 7 default MBR code
20:27:20.073    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
20:27:20.089    Disk 0 default boot code
20:27:20.136    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       452229 MB offset 409600
20:27:20.198    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        20447 MB offset 926574592
20:27:20.245    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0     4063 MB offset 968450048
20:27:20.495    Disk 0 scanning C:\Windows\system32\drivers
20:27:45.236    Service scanning
20:28:33.378    Modules scanning
20:28:33.394    Disk 0 trace - called modules:
20:28:33.425    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
20:28:33.425    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008ab2060]
20:28:33.440    3 CLASSPNP.SYS[fffff88001cd543f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa800620a050]
20:28:35.796    AVAST engine scan C:\Windows
20:28:40.601    AVAST engine scan C:\Windows\system32
20:36:30.957    AVAST engine scan C:\Windows\system32\drivers
20:37:04.575    AVAST engine scan C:\Users\chrissy
22:20:35.757    AVAST engine scan C:\ProgramData
22:24:53.969    Disk 0 statistics 5272708/0/0 @ 0.59 MB/s
22:24:53.969    Scan finished successfully
23:22:46.270    Disk 0 MBR has been saved successfully to "C:\Users\chrissy\Desktop\MBR.dat"
23:22:46.301    The log file has been saved successfully to "C:\Users\chrissy\Desktop\aswMBR.txt"

  • 0

#10
BrianDrab
Posted 09 January 2015 - 07:08 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Thank you. Now that the main infection is gone I'd like to ensure nothing else is lurking around. Please follow the instructions below. How's your machine doing?

 

 

Step#1 - Uninstalls
 
Please uninstall the following programs one at a time. Instructions for doing so are here.

If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are either outdated, malware/adware, have a bad reputation or are not recommended.

 

Cool Calendar Packages (unless you use it and must have it)
 

Step#2 - Security Check
 
1. Download Security Check from here or here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 

Step#3 - Malwarebytes Scan

  • I see you have Malwarebytes installed. Please open up this program.
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
  • RootKitCheckBox.JPG
     
  • Click the Scan button at the top of the form and then click Scan Now.
    2.JPG
  • If anything is detected, there will be an Apply Actions button. Please click this.
  • Once the scan completes click the View detailed log link.
    3.JPG
  • Then click the Copy to clipboard button and paste into your next post.
    4.JPG

 

Step#4 - ESET Online Scanner and Post Results
Before running this scan, please temporarily disable your antivirus software to avoid conflicts. You can re-enable once it's done. Instructions for doing this on many AVs are here.

 

  • Please go here and click on 1.JPG
  • Note: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (esetsmartinstaller_enu.exe). Go ahead and download and run this file.
  • Please accept the ESET Online Scanner EULA and click Start.
  • If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
  • 2.JPG
     
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed, if anything was detected please click the List of found threats link.
  • ThreatsFound.JPG
     
  • Then click the Copy to Clipboard link and paste this information into your next reply.
  • CopyToClipboard.JPG

     

     

  • Then you may click the Back button.
  • Check Uninstall Application on Close before clicking finish.

  

 
Items for your next post

1. Security Check scan

2. Malwarebytes log
3. Contents of the ESET log file

4. How's your machine doing?

 


  • 0

Advertisements

#11
fallswhoop98
Posted 11 January 2015 - 12:08 PM

fallswhoop98

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

The computer seems to be working better.  Thanks for all of your help.

 

Here are the logs you requested.  It didn't look like Malwarebytes found anything (I only have the free version) but ESET did point out a few threats.

 

Security Check scan log (checkup.txt)

 

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
  Adobe Flash Player 15.0.0.246 Flash Player out of Date!  
 Adobe Reader 10.1.0 Adobe Reader out of Date!  
 Mozilla Firefox (34.0.5) 
 Google Chrome (39.0.2171.71) 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 
Malwarebytes log
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/10/2015
Scan Time: 4:26:01 PM
Logfile: malwarebyteslog.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.10.17
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: chrissy
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 374007
Time Elapsed: 1 hr, 12 min, 2 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
List of ESET threats
 
C:\AdwCleaner\Quarantine\C\Users\chrissy\AppData\Roaming\1H1Q\Cool Calendar Packages\uninstaller.exe.vir Win32/InstallCore.AZ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application
C:\FRST\Quarantine\C\Users\chrissy\AppData\Local\{6475797A-84E2-4673-9040-48AC730D5F97}\Otgpuozkwdji.dll a variant of Win32/Kryptik.CUHG trojan
C:\Users\chrissy\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000 Win32/Somoto.G potentially unwanted application
C:\Users\chrissy\Downloads\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\_OTL\MovedFiles\01052015_230934\C_Users\chrissy\AppData\Local\Temp\fstqfzk.dll a variant of Win32/Kryptik.CUHG trojan
C:\_OTL\MovedFiles\01052015_230934\C_Users\chrissy\AppData\Local\{7093A744-9E19-4332-AB8D-3CFF0FE4828A}\Otgpuozkwdji.dll a variant of Win32/Kryptik.CUHG trojan

  • 0

#12
BrianDrab
Posted 11 January 2015 - 10:20 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

No problem. One item left to fix below.

 

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   128bytes   99 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.


  • 0

#13
fallswhoop98
Posted 13 January 2015 - 09:35 PM

fallswhoop98

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Contents:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-01-2015 02
Ran by chrissy at 2015-01-13 21:29:58 Run:2
Running from C:\Users\chrissy\Desktop
Loaded Profile: chrissy (Available profiles: chrissy)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
C:\Users\chrissy\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000 
EmptyTemp:
 
*****************
 
Restore point was successfully created.
C:\Users\chrissy\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000 => Moved successfully.
EmptyTemp: => Removed 239.5 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 21:30:50 ====

  • 0

#14
BrianDrab
Posted 14 January 2015 - 01:30 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

OK, let's get you buttoned up before we cleanup our tools. That way it will help keep you protected. We need to update Adobe Reader and Flash. We also had you uninstall your old version of Java so I'll provide instructions below to install the new version however only install this software if you know you need/use it.

 

1. Keep Adobe Reader Updated
1. Uninstall Adobe Reader. Click here for instructions on how to uninstall a program.
2. Install the newest version from this website.
Note: Make sure to uncheck the Optional Offer (i.e. Google Chrome, Google Toolbar) unless you really want it.
NOTE: You should disable JavaScript in the program as this is a highly exploitable method for the bad guys to get in your machine. Follow these instructions to disable it in Adobe Reader.
3. Open Adobe Reader
4. Select Edit from the menu and select Preferences
5. Click on JavaScript in the left column and uncheck Enable Acrobat JavaScript.
6. Click OK and close the program.
NOTE: Many installers, including Adobe Reader, offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

 

2. Adobe Flash Player
There's a very nasty piece of malware going around right now called Cryptowall. It's very destructive and there s a variant exploiting unpatched versions of Adobe Flash. Let's make sure you get current.

 

1. Go here   and click on the Player Download Center link.
2. You will be brought to the install/update page. Ensure you uncheck any optional offers (unless you want them of course) and then click on Install Now.
Install.JPG
 
3. You may be prompted to run the installer. Go ahead and do this.
4. When it's complete, click Finish. You now have the latest version. You can verify by going back to this website if you feel the need.

 

 

3. Keeping Java Updated
WARNING: Java is one of the most exploited programs at this time. The Department of Homeland Security recommends that computer users disable Java. You can read more about this here.
I would recommend that you completely uninstall Java unless you need it to run an important software. If you need it or are unsure or uncomfortable with removing it then I would recommend that you disable Java in your browsers until you need it and then enable it at that time. (See How to disable Java in your web browser and How to unplug Java from the browser). If you don't uninstall it, it's also important that you follow the directions below to update to the latest version of Java.
 
1. Go to this page to download the latest version of Java SE Runtime Environment JRE 8 Update 25.
2. When you click this link you will need to click the "Accept License Agreement" radio button and then click on the "Windows x86 Offline" installer link. You will notice that there is also a Windows x64 link option, however even if you are using a 64-bit operating system, it's very likely you aren't running a 64-bit browser and should only download the "Windows x86 Offline" installer. To determine if you are using a 64-bit browser you can follow these instructions. If you find that you AREusing a 64-bit browser then you can download the "Windows x64" one.
8u25.JPG
3. Once you click on the appropriate link, please download this to your Desktop like we have with all of our tools.
4. Close any programs you may have running - especially your web browser.
5. Then from your desktop, right click on the file that was downloaded (jre-8u25-windows-i586.exe or jre-8u25-windows-x64.exe) and select Run as an Administrator to install the latest version. Accept all the defaults and you're good to go.
Note: Java has been notorious for installing foistware (software downloaded without the users knowledge). If you follow the instructions I provided no foistware will be installed but that doesn't mean it won't in the future. While performing the install of this software or any software for that matter, pay attention to each screen and ensure you uncheck any extra software that you don't want installed (i.e. Ask Toolbar, Chrome Browser, etc.).
 

 

 

Let me know when these are done. Thank you.


  • 0

#15
BrianDrab
Posted 18 January 2015 - 09:25 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: tnulqltoe

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP