Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Multiple "tnulqltoe.exe*32" processes running shown from Googl

tnulqltoe .exe malware virus

  • This topic is locked This topic is locked

#1
Skrily21

Skrily21

    Member

  • Member
  • PipPip
  • 11 posts

I am trying to fix my sister-in-laws computer and notice it is running really slow and there are multiple processes running labeled as being "tnulqltoe.exe*32" that show they have originated from Google Chrome. I have installed an anti-virus program on the computer and have run a tdsskiller and it has not solved the problem. I was able to install OTL and run it and I will paste the log. Can anyone please help me!

 

 

OTL logfile created on: 1/16/2015 9:30:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\nancy\Documents
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.95 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 42.82% Memory free
7.90 Gb Paging File | 4.81 Gb Available in Paging File | 60.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 441.63 Gb Total Space | 380.88 Gb Free Space | 86.24% Space Free | Partition Type: NTFS
Drive D: | 19.97 Gb Total Space | 2.16 Gb Free Space | 10.83% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.07 Gb Free Space | 27.12% Space Free | Partition Type: FAT32
Drive F: | 4.58 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: NANCY-HP | User Name: nancy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- C:\Users\nancy\My Documents\OTL.exe
PRC - [2014/12/03 10:06:08 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/11/24 19:31:18 | 003,875,048 | ---- | M] (Sendori) -- C:\Program Files (x86)\Sendori\sndappv2.exe
PRC - [2014/11/24 19:31:18 | 000,120,040 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriSvc.exe
PRC - [2014/11/24 19:31:18 | 000,083,176 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\ST.exe
PRC - [2014/11/24 19:31:18 | 000,022,760 | ---- | M] (sendori) -- C:\Program Files (x86)\Sendori\Sendori.Service.exe
PRC - [2014/11/21 06:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/06/26 12:34:54 | 000,205,600 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriUp.exe
PRC - [2013/11/11 22:18:04 | 000,356,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
PRC - [2013/09/25 15:42:10 | 000,818,888 | ---- | M] (Infowatch) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
PRC - [2013/05/13 19:09:12 | 000,270,624 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/03/05 12:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/10/13 22:28:24 | 006,346,040 | ---- | M] (Radialpoint SafeCare Inc.) -- C:\Program Files (x86)\Windstream\Service Agent\Windstream Service AgentComHandler.exe
PRC - [2011/10/13 22:28:20 | 010,315,064 | ---- | M] (Radialpoint SafeCare Inc.) -- C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe
PRC - [2011/10/13 22:28:18 | 010,204,472 | ---- | M] (Windstream) -- C:\Program Files (x86)\Windstream\Service Agent\Windstream Service Agent.exe
PRC - [2011/09/28 18:42:14 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/08/19 16:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/08/19 08:44:30 | 000,260,424 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011/08/19 08:44:12 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011/08/19 08:43:46 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2011/04/25 14:34:34 | 001,393,976 | ---- | M] (Windstream) -- C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe
PRC - [2011/04/25 14:34:32 | 002,037,048 | ---- | M] (Windstream) -- C:\Program Files (x86)\Windstream\Diagnostic Tools\DiagnosticTools.exe
PRC - [2011/02/24 03:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/02/01 16:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 16:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/20 22:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009/07/13 20:14:30 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\regsvr32.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/01/05 19:03:17 | 000,247,808 | ---- | M] () -- C:\Users\nancy\AppData\Local\Apple Computer\Otgpuozkwdji.dll
MOD - [2014/10/11 12:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/02/12 19:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/12/20 18:19:26 | 000,479,752 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/21 21:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/09/08 08:42:28 | 000,305,152 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2015/01/13 21:01:02 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/03 10:06:08 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/11/24 19:31:18 | 003,875,048 | ---- | M] (Sendori) [Auto | Running] -- C:\Program Files (x86)\Sendori\sndappv2.exe -- (sndappv2)
SRV - [2014/11/24 19:31:18 | 000,120,040 | ---- | M] (Sendori, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sendori\SendoriSvc.exe -- (Application Sendori)
SRV - [2014/11/24 19:31:18 | 000,022,760 | ---- | M] (sendori) [Auto | Running] -- C:\Program Files (x86)\Sendori\Sendori.Service.exe -- (Service Sendori)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/11/11 22:18:04 | 000,356,128 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe -- (AVP)
SRV - [2013/11/04 17:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/25 15:42:10 | 000,818,888 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/13 19:09:12 | 000,270,624 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/10/13 22:28:20 | 010,315,064 | ---- | M] (Radialpoint SafeCare Inc.) [Auto | Running] -- C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe -- (ServicepointService)
SRV - [2011/09/01 00:11:00 | 002,425,960 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/08/19 08:44:30 | 000,260,424 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/04/30 03:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/04/25 14:34:34 | 001,393,976 | ---- | M] (Windstream) [Auto | Running] -- C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe -- (HsdService)
SRV - [2011/02/24 03:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/02/01 16:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 16:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/01/15 21:07:47 | 000,628,288 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2015/01/15 21:07:47 | 000,458,336 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2015/01/15 21:07:47 | 000,029,792 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2014/12/29 19:29:30 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2013/11/11 22:18:00 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013/11/11 22:18:00 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013/11/11 22:18:00 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013/11/11 22:18:00 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/06 14:37:20 | 000,030,752 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/12 18:45:04 | 001,860,672 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/29 22:04:01 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/29 22:04:01 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/09/08 08:42:28 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/09/02 14:46:00 | 000,339,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/08/26 14:54:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/08/26 14:53:52 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/24 00:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/06/09 21:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/06/02 14:39:44 | 000,084,536 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\CSCrySec.sys -- (CSCrySec)
DRV:64bit: - [2011/06/02 14:39:44 | 000,066,616 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV:64bit: - [2011/04/26 14:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/11 01:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/07/28 12:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010/03/02 18:27:30 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/02 18:27:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....ch={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...kw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{F7C85DDA-5CEF-4D20-844E-F7A087668262}: "URL" = http://www.amazon.co...ds={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com...=iehp-3.10-1403
IE - HKLM\..\SearchScopes,DefaultScope = {09695C53-76E8-44A0-8DA5-1C781E20568B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{8c9ef753-beb6-4582-b653-93ac59274437}: "URL" = http://search.mywebs...or={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....ch={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...kw={searchTerms}
IE - HKLM\..\SearchScopes\{F7C85DDA-5CEF-4D20-844E-F7A087668262}: "URL" = http://www.amazon.co...ds={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Old Start Page = http://www.windstreambusiness.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.net/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {22dfbf5b-a7cd-4b25-9471-3dc68c71855f} - No CLSID value found
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {09695C53-76E8-44A0-8DA5-1C781E20568B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{09695C53-76E8-44A0-8DA5-1C781E20568B}: "URL" = http://search.condui...4491960330&UM=2
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{8c9ef753-beb6-4582-b653-93ac59274437}: "URL" = http://search.mywebs...or={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....=ieds-3.10-1403
IE - HKCU\..\SearchScopes\{BC364A5B-3538-42A8-80F8-0AD2A51E7D56}: "URL" = http://search.condui...&q={searchTerms}
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....ch={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...kw={searchTerms}
IE - HKCU\..\SearchScopes\{F7C85DDA-5CEF-4D20-844E-F7A087668262}: "URL" = http://www.amazon.co...ds={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Windstream\Service Agent\nprpspa.dll (Windstream)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.BringMeSports_1c.com/Plugin: C:\Program Files (x86)\BringMeSports_1cEI\Installr\1.bin\NP1cEISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Windstream\Service Agent\nprpspa.dll (Windstream)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2015/01/15 21:19:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2015/01/15 21:19:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2015/01/15 21:18:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2015/01/15 21:18:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2015/01/15 21:19:01 | 000,000,000 | ---D | M]
 
[2013/09/13 07:54:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nancy\AppData\Roaming\Mozilla\Extensions
[2013/09/13 07:04:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/01 09:48:47 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/09/13 07:04:06 | 000,000,000 | ---D | M] (Define Ext) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: BringMeSports Installer Plugin Stub (Enabled) = C:\Program Files (x86)\BringMeSports_1cEI\Installr\1.bin\NP1cEISB.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotive.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: DocuCom PDF Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
CHR - plugin: Windows Live\\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windstream Service Agent (Enabled) = C:\Program Files (x86)\Windstream\Service Agent\nprpspa.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: No name found = C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfmogjcijkfeahcajecmmegieipfbdcc\1.0_1\
CHR - Extension: No name found = C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgiifhjbblnglipdbpdgagphlcbililb\10.22.0.88_1\
CHR - Extension: No name found = C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgiifhjbblnglipdbpdgagphlcbililb\10.22.0.88_1\nativeMessaging\nmHost
CHR - Extension: No name found = C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmmhpfbhngkongobaoibpmnijjokabmj\1.0_1\
CHR - Extension: No name found = C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2013/02/03 19:20:17 | 000,445,399 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15295 more lines...
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {22DFBF5B-A7CD-4B25-9471-3DC68C71855F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DiagnosticTools.exe] C:\Program Files (x86)\Windstream\Diagnostic Tools\DiagnosticTools.exe (Windstream)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Sendori Tray] C:\Program Files (x86)\Sendori\ST.exe (Sendori, Inc.)
O4 - HKLM..\Run: [Windstream Service Agent.exe] C:\Program Files (x86)\Windstream\Service Agent\Windstream Service Agent.exe (Windstream)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [Otgpuozkwdji] C:\Users\nancy\AppData\Local\Apple Computer\Otgpuozkwdji.dll ()
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKCU..\RunOnce: [Adobe Speed Launcher] 1421393103 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 24
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Marketplace (Microsoft Corporation)
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\Sendori64.dll (Sendori)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\Sendori64.dll (Sendori)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\Sendori64.dll (Sendori)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\Sendori64.dll (Sendori)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\Sendori64.dll (Sendori)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\Sendori.dll (Sendori)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62B473C5-07C5-41E0-AFD0-1F7BA552FEF0}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1A71CAA-6D25-463E-A299-BDD87A7469C5}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4cbded84-eab1-11e1-9609-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4cbded84-eab1-11e1-9609-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/16 09:25:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\nancy\Documents\OTL.exe
[2015/01/15 19:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0
[2015/01/15 19:20:45 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2015/01/15 19:20:42 | 005,553,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015/01/15 19:20:40 | 003,971,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2015/01/15 19:20:38 | 003,916,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2015/01/15 19:20:37 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2015/01/15 19:20:37 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2015/01/15 19:20:37 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2015/01/15 19:16:57 | 000,066,616 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys
[2015/01/15 19:16:34 | 000,084,536 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSCrySec.sys
[2015/01/15 19:15:25 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2015/01/15 19:15:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InfoWatch
[2015/01/15 19:15:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2015/01/15 19:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2015/01/15 19:13:07 | 000,628,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2015/01/15 19:13:07 | 000,092,768 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2015/01/14 21:24:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2015/01/14 21:24:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
[2015/01/13 21:00:56 | 005,013,680 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2015/01/13 19:33:44 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2015/01/13 19:33:41 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2014/12/19 21:50:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2014/12/17 19:14:54 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/12/17 19:14:54 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/16 10:01:10 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/16 09:25:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\nancy\Documents\OTL.exe
[2015/01/16 08:34:26 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/16 08:34:25 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/16 08:08:13 | 000,799,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/01/16 08:08:13 | 000,675,282 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/01/16 08:08:13 | 000,126,890 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/01/16 08:04:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/16 02:23:51 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/15 21:07:47 | 000,628,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2015/01/15 21:07:47 | 000,458,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys
[2015/01/15 21:07:47 | 000,092,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2015/01/15 21:07:47 | 000,029,792 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klim6.sys
[2015/01/15 19:52:32 | 000,002,220 | ---- | M] () -- C:\Users\nancy\Desktop\Safe Money.lnk
[2015/01/15 19:20:48 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
[2015/01/15 18:53:32 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFornancy.job
[2015/01/13 21:01:01 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015/01/13 21:01:01 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2015/01/13 21:00:56 | 005,013,680 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2015/01/03 21:25:25 | 000,001,597 | ---- | M] () -- C:\Users\nancy\Desktop\Remanufacture Aux Mod Service for 05 09 Chevy GMC Truck Radio Am FM CD Player  eBay.url
[2014/12/29 19:29:30 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
 
========== Files Created - No Company Name ==========
 
[2015/01/15 19:52:28 | 000,002,220 | ---- | C] () -- C:\Users\nancy\Desktop\Safe Money.lnk
[2015/01/15 19:23:48 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
[2015/01/03 21:25:25 | 000,001,597 | ---- | C] () -- C:\Users\nancy\Desktop\Remanufacture Aux Mod Service for 05 09 Chevy GMC Truck Radio Am FM CD Player  eBay.url
[2014/02/25 17:51:20 | 000,775,124 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/09/13 07:04:54 | 000,000,258 | RHS- | C] () -- C:\Users\nancy\ntuser.pol
[2013/03/29 19:59:23 | 000,000,408 | ---- | C] () -- C:\Windows\SysWow64\iolo.ini
[2013/02/03 19:28:46 | 000,000,640 | ---- | C] () -- C:\Windows\wininit.ini
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 364 bytes -> C:\ProgramData\Temp:F2721624
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2
 


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I believe I know what this is however, I would like you to run a different analysis tool which will show me all the necessary areas

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
Skrily21

Skrily21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

 

 

OTL Extras logfile created on: 1/16/2015 9:30:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\nancy\Documents
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.95 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 42.82% Memory free
7.90 Gb Paging File | 4.81 Gb Available in Paging File | 60.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 441.63 Gb Total Space | 380.88 Gb Free Space | 86.24% Space Free | Partition Type: NTFS
Drive D: | 19.97 Gb Total Space | 2.16 Gb Free Space | 10.83% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.07 Gb Free Space | 27.12% Space Free | Partition Type: FAT32
Drive F: | 4.58 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: NANCY-HP | User Name: nancy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A2C276-D4E1-4543-A848-6693EB2EF7E0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0E0B7C85-3A05-4E65-AB0C-59AC3625973E}" = rport=137 | protocol=17 | dir=out | app=system |
"{1C8740DA-2AF4-4CDB-8805-946F2551A5AA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{35E1E4E1-151E-4510-914A-020DD941D514}" = rport=445 | protocol=6 | dir=out | app=system |
"{402AD551-9E45-40C4-BBF8-2E98F88D0A3C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{403F3E5D-5635-4DE3-AAAF-DFDD97091A57}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{45F1D055-7C7D-4C79-B7CC-09E6DF6AFBE1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6509019E-1461-48AC-8BAC-42F5F748C079}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{654F5E4C-448E-454E-8156-CABCB2543FF7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6D2A40D1-6DF0-49CF-9CBF-70C14094B9D5}" = lport=445 | protocol=6 | dir=in | app=system |
"{80328884-BEE1-42DF-8A65-BE5FD773BA32}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{812A2F0A-BEEA-46AB-B02A-A8D799A062E2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9EDFBA88-FAD3-480C-BD3B-8BC390B194BA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AC0C8333-445F-404A-B34C-3A1417FEFDFA}" = lport=137 | protocol=17 | dir=in | app=system |
"{BBB3BF29-3E41-4C29-84E4-5146F00461DC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BF6C52D4-5052-4CD7-BD5A-9FB3CF6D4516}" = lport=138 | protocol=17 | dir=in | app=system |
"{C17DAC65-B0E7-4199-8CC1-45DE50280FCB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C195C778-F3CC-4234-8299-712E21AE9B73}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CA3CEF87-8F41-4939-BD7B-3F49045EBBF7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DB3B3155-74FF-4C4F-A869-F1BD3B55F70C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DF4288C7-DBC4-437E-B8DD-3C49B4AC917F}" = lport=139 | protocol=6 | dir=in | app=system |
"{E0DF7B70-DD71-4E2F-BDE0-55CA7BCBECA7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{F0FAA4F9-0D39-4BEB-8132-C4E7F550C4CF}" = rport=138 | protocol=17 | dir=out | app=system |
"{F7B16FFD-74CD-4122-B68F-5E4CBF6A39D1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FEB718CD-CB62-4F99-9FB1-625292DE8F21}" = rport=139 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EE1629D-67D2-45E2-9361-09DBE88DDF5A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1023D87D-C8B9-42AE-81C0-8E4947133687}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{13650C12-5679-43D1-92B9-2CBFE2D1D56D}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{21F44C5F-9443-460A-8A6C-C20760B454F2}" = protocol=17 | dir=in | app=c:\program files (x86)\shop to win 27\troubleshooter.exe |
"{23B2DFB3-E1D2-46A4-B912-0174CDAEBB9F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{27A7AD6D-1B6D-4721-B84D-92225C471C62}" = protocol=1 | dir=out | [email protected],-28544 |
"{2BC0C4D2-70E6-4722-A725-671B53C2B98E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3AC2C87D-2805-4D28-A89F-AA98365DC45A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3DB0334F-C27A-471A-A4B1-CA0647448524}" = protocol=58 | dir=in | [email protected],-28545 |
"{3DF0538C-BCEE-4190-AA3F-255C54AFCB8D}" = protocol=1 | dir=in | [email protected],-28543 |
"{41F29B9E-3AAA-48C5-8969-060AA0321D72}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{47C38308-9D05-404B-9A9F-77A8B1CCE8E9}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |
"{490DA001-D85A-4959-8E39-C8C98B91C43D}" = protocol=6 | dir=in | app=c:\programdata\esafe\egdpsvc.exe |
"{51CF5233-DA71-4349-BAD8-6EB9E169DE32}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{520891A4-65CB-4F22-B75C-8288A158584F}" = protocol=6 | dir=out | app=system |
"{538C8A6F-2738-4392-938B-1479906898B9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{539B500C-F225-4143-B83E-BE14E3ECA549}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5508A1B9-2C1D-45DE-8C94-C4E71BA9AB75}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{605A01B8-9EF0-4B69-9834-72E11504AC18}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{64F8E655-A0EF-4E0A-9810-5DDF29A8F9C5}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{6D347717-FB9A-435A-8CA5-20E6FA987A7C}" = protocol=6 | dir=in | app=c:\program files (x86)\windstream\service agent\servicepointservice.exe |
"{8077CC33-6377-45DC-9A2E-754B4AF56DC1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{85FCD14A-C1AA-4800-A301-F40EF6CE98C0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8988E108-CB44-46EE-BDE4-5B1DA6B37B45}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{90155409-060E-4781-8DE7-00FC8A070157}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A1298112-CDAF-4EFF-BF9F-3B97B4582F79}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A4BE4498-B239-48BF-A579-E1F2BB8569B9}" = protocol=17 | dir=in | app=c:\program files (x86)\iolo\system shield\sysshield.exe |
"{AD580A58-02B9-4847-B749-E3256498ED69}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe |
"{B3268178-02E0-4A6A-97B1-68CC02BA5CB3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B8028B8E-D708-4812-9853-25ABBA3B14BF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B8C6E4E0-8FFE-47FA-8B34-47D6990692A3}" = protocol=58 | dir=out | [email protected],-28546 |
"{BFE2F9B9-8537-43B2-BFB3-75A9DE5892C3}" = protocol=6 | dir=in | app=c:\program files (x86)\shop to win 27\troubleshooter.exe |
"{BFF37FBB-1EF7-480F-AE70-812D3E4C380C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C9650E04-4181-4C62-BF0D-C4F6AEAA8173}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe |
"{CA2C46DF-7D78-4AEF-A6CD-2CF8A7B6F079}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{DA0A2950-2A9E-4034-8313-83FB844203BA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E4FE04B6-79CF-4D94-9E0A-5D830ED329CA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E5B6B080-ABFB-4C74-8075-D9F125CDA5DC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E943E8EE-15B5-4E2A-B573-7D9B63E34E24}" = protocol=17 | dir=in | app=c:\program files (x86)\windstream\service agent\servicepointservice.exe |
"{F217DA86-C358-4636-873F-744DE1C68B8A}" = protocol=6 | dir=in | app=c:\program files (x86)\iolo\system shield\sysshield.exe |
"{F7E1D53B-2983-42F4-96D4-06517DF7CFCA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{0CE7EBAF-157D-4111-9146-057CB2A4023E}" = HP Application Assistant
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}" = iTunes
"{309768A4-A2BB-4930-A5A2-8169678C9B4C}" = iCloud
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{562608FE-2051-4488-BF22-8CE4C03046AC}" = HP Security Assistant
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}" = Apple Mobile Device Support
"{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}" = HP Launch Box
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"SynTPDeinstKey" = Synaptics TouchPad Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1DD35C-59F6-4292-9E61-823286BF31E1}_is1" = Shop To Win
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}" = QuickTime 7
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4741965C-AFD0-4D00-81D1-1039F96D4DC3}" = HP SimplePass PE 2011
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5F6C549F-78DA-4E0E-AE70-0BD981936D99}" = Nuance PDF Reader
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{675D093B-815D-47FD-AB2C-192EC751E8E2}" = HP Software Framework
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{741006D1-7B2B-4E33-B2B0-831F282EEF64}" = Blio
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E799992-5DA0-4A1A-9443-B1836B063FEC}" = HP Power Manager
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}" = Apple Application Support
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.13) MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}" = HP QuickWeb
"{BC6CB499-9F29-4B41-8B8B-FA7248525256}" = HP Documentation
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel® Identity Protection Technology 1.1.2.0
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}" = Kaspersky PURE 3.0
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}" = HP Support Assistant
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}" = Kaspersky PURE 3.0
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"RadialpointClientGateway_is1" = Windstream Service Agent 4.1.15
"RadialpointHomeSecurityDashboard_is1" = Windstream Diagnostic Tools 3.0.21
"RadialpointSecurityAdvisorService_is1" = Radialpoint Security Advisor 2.5.15
"RadialpointServicepointDashboardExtensions_is1" = Radialpoint Servicepoint Dashboard Extensions version 14.11.5.45116
"Sendori" = Sendori
"VIP Access SDK" = VIP Access SDK (1.0.1.2)
"WildTangent hp Master Uninstall" = HP Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0fb78b17-33dd-4f01-921f-e7b582e57496" = Bejeweled 3
"WTA-1294232e-5d53-4dda-9c85-dc96e30f5f0b" = Chuzzle Deluxe
"WTA-1ad2f684-8e29-4e52-92ab-d15a5d7e17cd" = Bejeweled 2 Deluxe
"WTA-23929246-54a7-4aa2-8d95-c5e1943f4097" = Farmscapes
"WTA-2deee181-8954-4c86-ba12-318ead1cc2e7" = Zuma's Revenge
"WTA-37dd1031-c97c-4c44-856e-2007cf8cdb53" = Torchlight
"WTA-3906e7a5-9705-49d0-a1dd-5addf4915de2" = Hoyle Card Games
"WTA-40d4eb6c-a47e-4faf-b345-decff69d0baa" = Mah Jong Medley
"WTA-43922a3d-4fc6-4b7e-bcb4-c0e91794aa2e" = Farm Frenzy
"WTA-48ca0b6a-88e4-4a82-bff9-1bbb4434ddda" = John Deere Drive Green
"WTA-70bdb47a-bfb3-4f7a-a7ad-3f2da8f52362" = RollerCoaster Tycoon 3: Platinum
"WTA-7f1420b0-c542-4fe2-91d9-2fecad0e1e93" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-86414a45-e649-4e73-9b6c-1f7708f270e7" = The Treasures of Mystery Island: The Ghost Ship
"WTA-91a83c29-1945-4e45-bb19-020d73d2cc53" = Virtual Villagers 4 - The Tree of Life
"WTA-94ab8d8a-33b3-4f5c-9948-3dbda2b40fd0" = Dora's World Adventure
"WTA-96556fdd-b466-4caa-8054-981f9047f2c9" = Polar Bowler
"WTA-a17f5b3e-82a4-42c2-8972-46ba7d3d019a" = Plants vs. Zombies - Game of the Year
"WTA-aef240cc-6248-4a38-b6c2-24e6297240ba" = Final Drive Fury
"WTA-af026e11-5bad-45a9-a519-774518dcc195" = Letters from Nowhere 2
"WTA-b0e5cd09-8b67-4262-b34d-6b2af29328d2" = Poker Superstars III
"WTA-bd059a34-8d14-4e7e-9d83-4f278e077763" = Luxor HD
"WTA-cf50aa26-b1f0-42c0-9195-f024a7e11b29" = Cradle of Rome 2
"WTA-de03069c-7636-4b58-acb6-a993eaaf1f81" = Blackhawk Striker 2
"WTA-e707aeec-d578-4e4a-82bd-49a73f2e6c3f" = FATE
"WTA-f0c6e8f5-dba3-445d-9d69-675a85b0c58e" = Polar Golfer
"WTA-f55141d6-84e4-4f71-8f8e-a1d36c425ff2" = Penguins!
"WTA-ff971db7-0a8b-449f-86b5-075eb5288d97" = Jewel Match 3
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/1/2013 5:32:48 PM | Computer Name = nancy-HP | Source = WinMgmt | ID = 10
Description =
 
Error - 10/1/2013 6:09:31 PM | Computer Name = nancy-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 10/1/2013 9:25:09 PM | Computer Name = nancy-HP | Source = WinMgmt | ID = 10
Description =
 
Error - 10/2/2013 9:31:55 PM | Computer Name = nancy-HP | Source = WinMgmt | ID = 10
Description =
 
Error - 10/3/2013 5:51:29 AM | Computer Name = nancy-HP | Source = WinMgmt | ID = 10
Description =
 
Error - 10/3/2013 6:18:41 PM | Computer Name = nancy-HP | Source = WinMgmt | ID = 10
Description =
 
Error - 10/3/2013 6:38:26 PM | Computer Name = nancy-HP | Source = WinMgmt | ID = 10
Description =
 
Error - 10/5/2013 3:33:15 PM | Computer Name = nancy-HP | Source = WinMgmt | ID = 10
Description =
 
Error - 10/5/2013 4:04:21 PM | Computer Name = nancy-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 10/6/2013 10:12:00 AM | Computer Name = nancy-HP | Source = WinMgmt | ID = 10
Description =
 
[ Hewlett-Packard Events ]
Error - 10/28/2012 8:34:32 AM | Computer Name = nancy-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 4043  Ram Utilization: 40  TargetSite: Void UpdateAndDetect() 
 
Error - 11/3/2012 8:06:20 PM | Computer Name = nancy-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 4043  Ram Utilization: 40  TargetSite: Void UpdateAndDetect() 
 
Error - 11/10/2012 8:53:31 PM | Computer Name = nancy-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 4043  Ram Utilization:   TargetSite: Void UpdateAndDetect() 
 
Error - 11/17/2012 8:39:03 PM | Computer Name = nancy-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 4043  Ram Utilization: 50  TargetSite: Void UpdateAndDetect() 
 
Error - 11/24/2012 8:27:21 PM | Computer Name = nancy-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 4043  Ram Utilization:   TargetSite: Void UpdateAndDetect() 
 
Error - 12/1/2012 9:20:32 PM | Computer Name = nancy-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 4043  Ram Utilization:   TargetSite: Void UpdateAndDetect() 
 
Error - 12/9/2012 1:23:48 PM | Computer Name = nancy-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 4043  Ram Utilization: 40  TargetSite: Void UpdateAndDetect() 
 
Error - 12/15/2012 9:39:41 PM | Computer Name = nancy-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 4043  Ram Utilization: 30  TargetSite: Void UpdateAndDetect() 
 
Error - 12/22/2012 8:20:47 PM | Computer Name = nancy-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 4043  Ram Utilization: 40  TargetSite: Void UpdateAndDetect() 
 
Error - 12/29/2012 8:33:42 PM | Computer Name = nancy-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 4043  Ram Utilization: 40  TargetSite: Void UpdateAndDetect() 
 
[ HP Software Framework Events ]
Error - 10/29/2011 11:44:21 PM | Computer Name = P9S6R57RK3VDI | Source = CaslWmi | ID = 5
Description = 2011/10/29 20:44:20.995|00000B5C|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Not supported '
 
Error - 10/29/2011 11:44:21 PM | Computer Name = P9S6R57RK3VDI | Source = CaslWmi | ID = 5
Description = 2011/10/29 20:44:21.463|00000B5C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 8/22/2012 8:05:02 PM | Computer Name = nancy-HP | Source = CaslWmi | ID = 5
Description = 2012/08/22 20:05:02.371|00000A38|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 8/22/2012 8:05:02 PM | Computer Name = nancy-HP | Source = CaslSmBios | ID = 5
Description = 2012/08/22 20:05:02.917|00000A38|Error      |[CaslWmi]CommandDiags::A{hpCasl.enReturnCode(System.DateTime&)}|Error
 attempting to parse year 0, month 0, day 0: Year, Month, and Day parameters describe
 an un-representable DateTime.
 
Error - 8/22/2012 8:05:04 PM | Computer Name = nancy-HP | Source = CaslWmi | ID = 5
Description = 2012/08/22 20:05:04.649|00000C68|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 8/24/2012 4:54:51 PM | Computer Name = nancy-HP | Source = CaslWmi | ID = 5
Description = 2012/08/24 16:54:51.629|000009D0|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 8/25/2012 10:29:27 PM | Computer Name = nancy-HP | Source = CaslWmi | ID = 5
Description = 2012/08/25 22:29:27.482|000006D4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 8/25/2012 10:31:42 PM | Computer Name = nancy-HP | Source = CaslWmi | ID = 5
Description = 2012/08/25 22:31:42.443|000014BC|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 8/25/2012 10:31:46 PM | Computer Name = nancy-HP | Source = CaslWmi | ID = 5
Description = 2012/08/25 22:31:46.348|00000A54|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
[ iolo Applications Events ]
Error - 3/24/2013 7:46:51 AM | Computer Name = nancy-HP | Source = System Shield | ID = 12
Description =
 
Error - 3/24/2013 9:16:14 AM | Computer Name = nancy-HP | Source = System Shield | ID = 12
Description =
 
Error - 3/24/2013 4:00:07 PM | Computer Name = nancy-HP | Source = System Shield | ID = 12
Description =
 
Error - 3/25/2013 3:25:57 PM | Computer Name = nancy-HP | Source = System Shield | ID = 12
Description =
 
Error - 3/25/2013 6:01:01 PM | Computer Name = nancy-HP | Source = System Shield | ID = 12
Description =
 
Error - 3/26/2013 12:37:18 PM | Computer Name = nancy-HP | Source = System Shield | ID = 12
Description =
 
Error - 3/27/2013 7:20:24 PM | Computer Name = nancy-HP | Source = System Shield | ID = 12
Description =
 
Error - 3/29/2013 8:31:36 PM | Computer Name = nancy-HP | Source = System Shield | ID = 12
Description =
 
Error - 3/29/2013 8:48:54 PM | Computer Name = nancy-HP | Source = System Shield | ID = 12
Description =
 
Error - 3/29/2013 8:59:22 PM | Computer Name = nancy-HP | Source = System Shield | ID = 12
Description =
 
[ SendoriLogs Events ]
Error - 8/11/2014 6:54:23 PM | Computer Name = nancy-HP | Source = SendoriLog | ID = 99
Description = on service stopRetrieving the COM class factory for component with
 CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error:
 80070424 The specified service does not exist as an installed service. (Exception
 from HRESULT: 0x80070424).
 
Error - 8/11/2014 6:57:28 PM | Computer Name = nancy-HP | Source = SendoriLog | ID = 99
Description = on service stopRetrieving the COM class factory for component with
 CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error:
 80070424 The specified service does not exist as an installed service. (Exception
 from HRESULT: 0x80070424).
 
Error - 10/10/2014 9:46:14 PM | Computer Name = nancy-HP | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.
 
Error - 10/10/2014 9:51:14 PM | Computer Name = nancy-HP | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.
 
Error - 10/10/2014 9:56:16 PM | Computer Name = nancy-HP | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.
 
Error - 10/10/2014 10:01:12 PM | Computer Name = nancy-HP | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.
 
Error - 10/10/2014 10:06:12 PM | Computer Name = nancy-HP | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.
 
Error - 10/10/2014 10:11:12 PM | Computer Name = nancy-HP | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.
 
Error - 10/10/2014 10:29:32 PM | Computer Name = nancy-HP | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.
 
Error - 10/11/2014 11:02:08 PM | Computer Name = nancy-HP | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.
 
[ System Events ]
Error - 1/16/2015 2:52:04 AM | Computer Name = nancy-HP | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler
 service to connect.
 
Error - 1/16/2015 2:52:04 AM | Computer Name = nancy-HP | Source = Service Control Manager | ID = 7000
Description = The MBAMScheduler service failed to start due to the following error:
   %%1053
 
Error - 1/16/2015 2:54:19 AM | Computer Name = nancy-HP | Source = DCOM | ID = 10010
Description =
 
Error - 1/16/2015 3:22:20 AM | Computer Name = nancy-HP | Source = DCOM | ID = 10010
Description =
 
Error - 1/16/2015 3:22:59 AM | Computer Name = nancy-HP | Source = Service Control Manager | ID = 7043
Description = The Group Policy Client service did not shut down properly after receiving
 a preshutdown control.
 
Error - 1/16/2015 3:24:35 AM | Computer Name = nancy-HP | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler
 service to connect.
 
Error - 1/16/2015 3:24:35 AM | Computer Name = nancy-HP | Source = Service Control Manager | ID = 7000
Description = The MBAMScheduler service failed to start due to the following error:
   %%1053
 
Error - 1/16/2015 9:04:29 AM | Computer Name = nancy-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the HPWMISVC service.
 
Error - 1/16/2015 9:05:49 AM | Computer Name = nancy-HP | Source = Service Control Manager | ID = 7034
Description = The Intel® Rapid Storage Technology service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 1/16/2015 9:31:35 AM | Computer Name = nancy-HP | Source = DCOM | ID = 10010
Description =
 
 
< End of report >


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi did you see the post I made between your first and second ones
  • 0

#5
Skrily21

Skrily21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Ok here are the results from the scan using Farbar:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by nancy (administrator) on NANCY-HP on 16-01-2015 12:57:21
Running from C:\Users\nancy\Desktop
Loaded Profiles: nancy (Available profiles: nancy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Windstream) C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Radialpoint SafeCare Inc.) C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe
(Sendori) C:\Program Files (x86)\Sendori\sndappv2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriUp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Windstream) C:\Program Files (x86)\Windstream\Service Agent\Windstream Service Agent.exe
(Windstream) C:\Program Files (x86)\Windstream\Diagnostic Tools\DiagnosticTools.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\ST.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\Tnulqltoe.exe
(Google Inc.) C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\Tnulqltoe.exe
(Google Inc.) C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\Tnulqltoe.exe
(Google Inc.) C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\Tnulqltoe.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\Tnulqltoe.exe
(Google Inc.) C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\Tnulqltoe.exe
(Google Inc.) C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\Tnulqltoe.exe
(Google Inc.) C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\Tnulqltoe.exe
(Google Inc.) C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\Tnulqltoe.exe
(Google Inc.) C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\Tnulqltoe.exe
(Google Inc.) C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\Tnulqltoe.exe
(Google Inc.) C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\Tnulqltoe.exe
(sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_257_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Radialpoint SafeCare Inc.) C:\Program Files (x86)\Windstream\Service Agent\Windstream Service AgentComHandler.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\Tnulqltoe.exe
(Google Inc.) C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\Tnulqltoe.exe
(Google Inc.) C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\Tnulqltoe.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Windstream Service Agent.exe] => C:\Program Files (x86)\Windstream\Service Agent\Windstream Service Agent.exe [10204472 2011-10-13] (Windstream)
HKLM-x32\...\Run: [DiagnosticTools.exe] => C:\Program Files (x86)\Windstream\Diagnostic Tools\DiagnosticTools.exe [2037048 2011-04-25] (Windstream)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [333088 2010-07-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Sendori Tray] => C:\Program Files (x86)\Sendori\ST.exe [83176 2014-11-24] (Sendori, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\...\Run: [Otgpuozkwdji] => regsvr32.exe /s "C:\Users\nancy\AppData\Local\Apple Computer\Otgpuozkwdji.dll" <===== ATTENTION
HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\...\RunOnce: [Adobe Speed Launcher] => 1421393103
HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll (Kaspersky Lab ZAO)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com...=iehp-3.10-1403
HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.net/
HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\Software\Microsoft\Internet Explorer\Main,Old Start Page = http://www.windstreambusiness.net/
URLSearchHook: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 - Default Value = {f122b94e-0c50-13c4-c9d3-893faefad90b}
URLSearchHook: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 - (No Name) - {22dfbf5b-a7cd-4b25-9471-3dc68c71855f} - No File
URLSearchHook: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...kw={searchTerms}
SearchScopes: HKLM -> {F7C85DDA-5CEF-4D20-844E-F7A087668262} URL = http://www.amazon.co...ds={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {09695C53-76E8-44A0-8DA5-1C781E20568B} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {8c9ef753-beb6-4582-b653-93ac59274437} URL = http://search.mywebs...or={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...kw={searchTerms}
SearchScopes: HKLM-x32 -> {F7C85DDA-5CEF-4D20-844E-F7A087668262} URL = http://www.amazon.co...ds={searchTerms}
SearchScopes: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 -> DefaultScope {09695C53-76E8-44A0-8DA5-1C781E20568B} URL = http://search.condui...4491960330&UM=2
SearchScopes: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 -> {09695C53-76E8-44A0-8DA5-1C781E20568B} URL = http://search.condui...4491960330&UM=2
SearchScopes: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 -> {8c9ef753-beb6-4582-b653-93ac59274437} URL = http://search.mywebs...or={searchTerms}
SearchScopes: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....=ieds-3.10-1403
SearchScopes: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 -> {BC364A5B-3538-42A8-80F8-0AD2A51E7D56} URL = http://search.condui...&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...kw={searchTerms}
SearchScopes: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 -> {F7C85DDA-5CEF-4D20-844E-F7A087668262} URL = http://www.amazon.co...ds={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 -> No Name - {22DFBF5B-A7CD-4B25-9471-3DC68C71855F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\SysWOW64\Sendori.dll [335080] (Sendori)
Winsock: Catalog9 02 C:\Windows\SysWOW64\Sendori.dll [335080] (Sendori)
Winsock: Catalog9 03 C:\Windows\SysWOW64\Sendori.dll [335080] (Sendori)
Winsock: Catalog9 04 C:\Windows\SysWOW64\Sendori.dll [335080] (Sendori)
Winsock: Catalog9 15 C:\Windows\SysWOW64\Sendori.dll [335080] (Sendori)
Winsock: Catalog9-x64 01 C:\Windows\system32\Sendori64.dll [405224] (Sendori)
Winsock: Catalog9-x64 02 C:\Windows\system32\Sendori64.dll [405224] (Sendori)
Winsock: Catalog9-x64 03 C:\Windows\system32\Sendori64.dll [405224] (Sendori)
Winsock: Catalog9-x64 04 C:\Windows\system32\Sendori64.dll [405224] (Sendori)
Winsock: Catalog9-x64 15 C:\Windows\system32\Sendori64.dll [405224] (Sendori)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Windstream\Service Agent\nprpspa.dll (Windstream)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @ei.BringMeSports_1c.com/Plugin -> C:\Program Files (x86)\BringMeSports_1cEI\Installr\1.bin\NP1cEISB.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll No File
FF Plugin-x32: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Windstream\Service Agent\nprpspa.dll (Windstream)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2012-09-01]
FF Extension: Define Ext - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2013-09-13]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2015-01-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2015-01-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
FF Extension: Gevaarlijke websiteblokkering - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2015-01-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2015-01-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2015-01-15]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3292715&SearchSource=48&CUI=UN27550994621375392&UM=2"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (BringMeSports Installer Plugin Stub) - C:\Program Files (x86)\BringMeSports_1cEI\Installr\1.bin\NP1cEISB.dll No File
CHR Plugin: (Motive Plugin) - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (DocuCom PDF Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
CHR Plugin: (Windows Live\ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Windstream Service Agent) - C:\Program Files (x86)\Windstream\Service Agent\nprpspa.dll (Windstream)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Profile: C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Website Logon) - C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfmogjcijkfeahcajecmmegieipfbdcc [2013-09-13]
CHR Extension: (SearchFlyBar2) - C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgiifhjbblnglipdbpdgagphlcbililb [2013-11-08]
CHR Extension: (Radialpoint SPD Extension) - C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmmhpfbhngkongobaoibpmnijjokabmj [2013-09-13]
CHR Extension: (Google Wallet) - C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-13]
CHR HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\...\Chrome\Extension: [hgiifhjbblnglipdbpdgagphlcbililb] - C:\Users\nancy\AppData\Local\CRE\hgiifhjbblnglipdbpdgagphlcbililb.crx [2013-10-30]
CHR HKLM-x32\...\Chrome\Extension: [bfmogjcijkfeahcajecmmegieipfbdcc] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-08-18]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hgiifhjbblnglipdbpdgagphlcbililb] - C:\Users\nancy\AppData\Local\CRE\hgiifhjbblnglipdbpdgagphlcbililb.crx [2013-10-30]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [lmmhpfbhngkongobaoibpmnijjokabmj] - C:\Program Files (x86)\Windstream\Service Agent\ChromeExtension.crx [2012-08-23]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.googl...dnajaicnklhfplh [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [120040 2014-11-24] (Sendori, Inc.) <==== ATTENTION
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HsdService; C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe [1393976 2011-04-25] (Windstream)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-05-13] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-05-13] (Alcatel-Lucent) [File not signed]
R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22760 2014-11-24] (sendori)
R2 ServicepointService; C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe [10315064 2011-10-13] (Radialpoint SafeCare Inc.)
R2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3875048 2014-11-24] (Sendori) <==== ATTENTION
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2012-12-06] (EldoS Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2015-01-15] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2015-01-15] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628288 2015-01-15] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2015-01-15] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-11-11] (Kaspersky Lab ZAO)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-29] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-03-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-03-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 12:57 - 2015-01-16 12:57 - 00032349 _____ () C:\Users\nancy\Desktop\FRST.txt
2015-01-16 12:56 - 2015-01-16 12:57 - 00000000 ____D () C:\FRST
2015-01-16 12:54 - 2015-01-16 12:53 - 02125312 _____ (Farbar) C:\Users\nancy\Desktop\FRST64.exe
2015-01-16 12:53 - 2015-01-16 12:55 - 02125312 _____ (Farbar) C:\Users\nancy\Documents\FRST64.exe
2015-01-16 10:33 - 2015-01-16 10:33 - 00088390 _____ () C:\Users\nancy\Documents\Extras.Txt
2015-01-16 10:32 - 2015-01-16 10:32 - 00107830 _____ () C:\Users\nancy\Documents\OTL.Txt
2015-01-16 09:25 - 2015-01-16 09:25 - 00602112 _____ (OldTimer Tools) C:\Users\nancy\Documents\OTL.exe
2015-01-15 19:52 - 2015-01-15 19:52 - 00002220 _____ () C:\Users\nancy\Desktop\Safe Money.lnk
2015-01-15 19:23 - 2015-01-15 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0
2015-01-15 19:23 - 2015-01-15 19:20 - 00001078 _____ () C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2015-01-15 19:20 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 19:20 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 19:20 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 19:20 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 19:20 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 19:20 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 19:20 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-15 19:20 - 2013-11-11 22:18 - 00064856 _____ (Kaspersky Lab) C:\Windows\system32\klfphc.dll
2015-01-15 19:16 - 2011-06-02 14:39 - 00084536 _____ (Infowatch) C:\Windows\system32\Drivers\CSCrySec.sys
2015-01-15 19:16 - 2011-06-02 14:39 - 00066616 _____ (Infowatch) C:\Windows\system32\Drivers\CSVirtualDiskDrv.sys
2015-01-15 19:15 - 2015-01-16 11:46 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-15 19:15 - 2015-01-15 19:15 - 00000000 ____D () C:\Windows\ELAMBKUP
2015-01-15 19:15 - 2015-01-15 19:15 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-01-15 19:13 - 2015-01-15 21:07 - 00628288 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-01-15 19:13 - 2015-01-15 21:07 - 00092768 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-01-14 21:24 - 2015-01-16 02:24 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-01-14 21:24 - 2015-01-14 21:24 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2015-01-13 21:00 - 2015-01-13 21:00 - 05013680 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-13 19:33 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 19:33 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 19:33 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 19:33 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 19:33 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 19:33 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-03 21:25 - 2015-01-03 21:25 - 00001597 _____ () C:\Users\nancy\Desktop\Remanufacture Aux Mod Service for 05 09 Chevy GMC Truck Radio Am FM CD Player  eBay.url
2014-12-19 21:50 - 2014-12-19 21:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-12-17 19:14 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 19:14 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 12:58 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 12:58 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 12:57 - 2012-09-01 09:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-16 12:54 - 2012-08-28 18:56 - 00000000 ____D () C:\Users\nancy\AppData\Local\CrashDumps
2015-01-16 12:47 - 2012-08-23 16:53 - 00000000 ____D () C:\ProgramData\Radialpoint
2015-01-16 12:19 - 2011-12-12 03:31 - 01669107 _____ () C:\Windows\WindowsUpdate.log
2015-01-16 09:12 - 2012-08-23 16:53 - 00000000 ____D () C:\Users\nancy\AppData\Roaming\Radialpoint
2015-01-16 08:08 - 2009-07-14 00:13 - 00799906 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-16 02:24 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-16 02:23 - 2013-09-13 08:08 - 00038146 _____ () C:\Windows\setupact.log
2015-01-15 21:07 - 2013-11-11 22:18 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2015-01-15 21:07 - 2012-08-02 15:09 - 00029792 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys
2015-01-15 20:52 - 2013-09-13 08:47 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-15 20:52 - 2012-08-23 16:27 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{16FF6453-22F6-44AA-8AC8-7BFC9C5A77C3}
2015-01-15 18:53 - 2012-08-26 09:29 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleFornancy
2015-01-15 18:53 - 2012-08-26 09:29 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleFornancy.job
2015-01-13 21:10 - 2013-08-14 17:20 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-13 21:02 - 2012-08-28 17:19 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 21:01 - 2012-09-01 09:05 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-13 21:01 - 2012-09-01 09:05 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 21:01 - 2011-10-29 22:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-12 18:09 - 2013-01-19 20:24 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-12 18:09 - 2012-08-25 21:31 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-01-06 04:36 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 19:03 - 2013-02-14 20:35 - 00000000 ____D () C:\Users\nancy\AppData\Local\Apple Computer
2015-01-05 17:06 - 2013-02-03 19:08 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-05 17:06 - 2013-02-03 19:08 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2015-01-04 17:43 - 2012-08-22 19:03 - 00000000 ____D () C:\Users\nancy
2015-01-04 17:41 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-01-04 17:40 - 2014-05-17 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-04 17:40 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-01-01 13:24 - 2014-05-17 21:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-01 13:24 - 2011-12-12 04:20 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-29 19:29 - 2014-05-17 21:33 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-29 18:04 - 2013-09-13 08:08 - 00381916 _____ () C:\Windows\PFRO.log
2014-12-28 17:40 - 2012-08-25 14:09 - 00000000 ____D () C:\Users\nancy\AppData\Local\CyberLink

Some content of TEMP:
====================
C:\Users\nancy\AppData\Local\Temp\Extract.exe
C:\Users\nancy\AppData\Local\Temp\ledwbba.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-04 16:00

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015 01
Ran by nancy at 2015-01-16 13:01:13
Running from C:\Users\nancy\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky PURE 3.0 (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky PURE 3.0 (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec TrueAPI (Version: 1.3.0.139 - AuthenTec, Inc.) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4528 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{BC6CB499-9F29-4B41-8B8B-FA7248525256}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}) (Version: 1.0.12 - Hewlett-Packard Company)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{562608FE-2051-4488-BF22-8CE4C03046AC}) (Version: 1.0.12 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP SimplePass PE 2011 (HKLM-x32\...\{4741965C-AFD0-4D00-81D1-1039F96D4DC3}) (Version: 5.3.0.264 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky PURE 3.0 (HKLM-x32\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)
Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nuance PDF Reader (HKLM-x32\...\{5F6C549F-78DA-4E0E-AE70-0BD981936D99}) (Version: 7.00.0000 - Nuance Communications, Inc.)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Radialpoint Security Advisor 2.5.15 (x32 Version: 2.5.15 - Radialpoint SafeCare Inc.) Hidden
Radialpoint Servicepoint Dashboard Extensions version 14.11.5.45116 (HKLM-x32\...\RadialpointServicepointDashboardExtensions_is1) (Version: 14.11.5.45116 - )
Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.2.13.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.85 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Sendori (HKLM-x32\...\Sendori) (Version: 2.0.19 - Sendori, Inc.) <==== ATTENTION
Shop To Win (HKLM-x32\...\{0C1DD35C-59F6-4292-9E61-823286BF31E1}_is1) (Version: 1.2.0.0 - Shop To Win, LLC)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VIP Access SDK (1.0.1.2)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.2 - Symantec Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windstream Diagnostic Tools 3.0.21 (x32 Version: 3.0.21 - Windstream) Hidden
Windstream Service Agent 4.1.15 (HKLM-x32\...\RadialpointClientGateway_is1) (Version: 4.1.15 - Windstream)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?

==================== Restore Points  =========================

23-12-2014 15:19:20 Windows Update
30-12-2014 16:43:04 Windows Update
01-01-2015 13:17:49 Restore Operation
01-01-2015 13:51:44 Windows Update
04-01-2015 17:28:59 Restore Operation
04-01-2015 17:49:44 Windows Update
09-01-2015 19:36:26 Windows Update
13-01-2015 19:22:24 Windows Update
13-01-2015 21:01:05 Windows Update
16-01-2015 01:46:38 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2013-02-03 19:20 - 00445399 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0454ABD3-81A7-4809-AE91-BD980C8CC156} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {1D061044-33B3-49FD-95C6-DF95C5FB3210} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {28D4E16C-43C5-4B80-A5FD-E2D12D67D66B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {32062900-C06B-45DE-A35B-68FC3DE91799} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2011-09-28] ()
Task: {3A41B550-67A3-42F2-A77A-2E3C77992BF2} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-09-28] (CyberLink)
Task: {4092A166-30E9-4F0B-A403-86353416F502} - System32\Tasks\HPCeeScheduleFornancy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {5390BEBE-4363-4BBD-8FFF-B4A8949161E7} - System32\Tasks\Omiga Plus RunAsStdUser => C:\Program Files (x86)\Omiga Plus\omigaplus.exe <==== ATTENTION
Task: {7164679D-1954-4881-8F1B-DE2D3339C2F4} - System32\Tasks\{250DC7E9-2050-4AF2-92EC-945ED040CC79} => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe
Task: {9890D0E2-4973-40D2-AB85-F780B3869023} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: {AED1C1F8-62AE-4A85-B326-344C975A961E} - System32\Tasks\{C698852D-982A-4BF1-BE70-18AAF05BA0C6} => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe
Task: {B681B2F4-0E42-480C-B21B-5AF1F1B3E0AC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BB24615C-3D2E-4756-A281-FE28B332A15E} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {C0398EF8-955D-456C-980A-02CDC31E8FA2} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {C08D5DC3-E5A6-486E-A93E-B65B4F5507CF} - System32\Tasks\{27F0AA4B-5121-433F-AE28-6EC32EF5F60F} => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe
Task: {D103113E-20DE-49D1-AB27-5F06CB71DCF8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {DF760048-0106-4057-BE39-94327ECC33C3} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {E1BB00FA-0AE2-4AFD-A069-78EE0FD629D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {E8B31055-41C9-44E0-A57B-536A7086FC61} - System32\Tasks\{8CCFADF4-63E7-4F4B-B3C2-7710316815E5} => pcalua.exe -a "C:\Program Files (x86)\Desk 365\eUninstall.exe"
Task: {EA2F7090-9EFD-4A93-9951-825714898095} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleFornancy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2011-08-26 14:53 - 2011-08-26 14:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 00479752 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 01310728 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll
2015-01-05 19:03 - 2015-01-05 19:03 - 00247808 _____ () C:\Users\nancy\AppData\Local\Apple Computer\Otgpuozkwdji.dll
2014-12-21 08:48 - 2014-12-21 08:48 - 00718152 _____ () C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\libglesv2.dll
2014-12-21 08:48 - 2014-12-21 08:48 - 00126280 _____ () C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\libegl.dll
2014-12-21 08:48 - 2014-12-21 08:48 - 08537928 _____ () C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\pdf.dll
2014-12-21 08:48 - 2014-12-21 08:48 - 00353096 _____ () C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-12-21 08:48 - 2014-12-21 08:48 - 01732936 _____ () C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
AlternateDataStreams: C:\ProgramData\Temp:F2721624

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\54828223.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\54828223.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HsdService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ServicepointService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: BFHP => C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFHP.exe
MSCONFIG\startupreg: HPQuickWebProxy => "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-3155342500-3548620123-1959441487-500 - Administrator - Disabled)
Guest (S-1-5-21-3155342500-3548620123-1959441487-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3155342500-3548620123-1959441487-1002 - Limited - Enabled)
nancy (S-1-5-21-3155342500-3548620123-1959441487-1000 - Administrator - Enabled) => C:\Users\nancy

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/16/2015 00:28:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Tnulqltoe.exe, version: 36.0.1985.143, time stamp: 0x53e2e515
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc000070a
Fault offset: 0x0009c7fd
Faulting process id: 0x98c
Faulting application start time: 0xTnulqltoe.exe0
Faulting application path: Tnulqltoe.exe1
Faulting module path: Tnulqltoe.exe2
Report Id: Tnulqltoe.exe3

Error: (01/16/2015 10:51:26 AM) (Source: Kamodia) (EventID: 99) (User: )
Description: Process with an Id of 2828 is not running.

Error: (01/16/2015 10:51:26 AM) (Source: Kamodia) (EventID: 99) (User: )
Description: Process with an Id of 2828 is not running.

Error: (01/16/2015 10:51:26 AM) (Source: Kamodia) (EventID: 99) (User: )
Description: Process with an Id of 2828 is not running.

Error: (01/16/2015 10:51:26 AM) (Source: Kamodia) (EventID: 99) (User: )
Description: Process with an Id of 2828 is not running.

Error: (01/16/2015 10:51:26 AM) (Source: Kamodia) (EventID: 99) (User: )
Description: Process has exited, so the requested information is not available.

Error: (01/16/2015 10:51:26 AM) (Source: Kamodia) (EventID: 99) (User: )
Description: Process has exited, so the requested information is not available.

Error: (01/16/2015 10:51:26 AM) (Source: Kamodia) (EventID: 99) (User: )
Description: Process has exited, so the requested information is not available.

Error: (01/16/2015 10:51:26 AM) (Source: Kamodia) (EventID: 99) (User: )
Description: Process has exited, so the requested information is not available.

Error: (01/16/2015 10:51:26 AM) (Source: Kamodia) (EventID: 99) (User: )
Description: Process has exited, so the requested information is not available.

System errors:
=============
Error: (01/16/2015 00:08:19 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Service Sendori service, but this action failed with the following error:
%%1056

Error: (01/16/2015 00:07:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/16/2015 08:31:35 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/16/2015 08:05:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/16/2015 08:04:29 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

Error: (01/16/2015 02:24:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
%%1053

Error: (01/16/2015 02:24:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.

Error: (01/16/2015 02:22:59 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.

Error: (01/16/2015 02:22:20 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (01/16/2015 01:54:19 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Microsoft Office Sessions:
=========================
Error: (01/16/2015 00:28:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Tnulqltoe.exe36.0.1985.14353e2e515ntdll.dll6.1.7601.18247521ea8e7c000070a0009c7fd98c01d031b1c90d6d64C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\Tnulqltoe.exeC:\Windows\SysWOW64\ntdll.dll0e1dec81-9da5-11e4-8021-80c16e51662b

Error: (01/16/2015 10:51:26 AM) (Source: Kamodia) (EventID: 99) (User: )
Description: Process with an Id of 2828 is not running.

Error: (01/16/2015 10:51:26 AM) (Source: Kamodia) (EventID: 99) (User: )
Description: Process with an Id of 2828 is not running.

Error: (01/16/2015 10:51:26 AM) (Source: Kamodia) (EventID: 99) (User: )
Description: Process with an Id of 2828 is not running.

Error: (01/16/2015 10:51:26 AM) (Source: Kamodia) (EventID: 99) (User: )
Description: Process with an Id of 2828 is not running.

Error: (01/16/2015 10:51:26 AM) (Source: Kamodia) (EventID: 99) (User: )
Description: Process has exited, so the requested information is not available.

Error: (01/16/2015 10:51:26 AM) (Source: Kamodia) (EventID: 99) (User: )
Description: Process has exited, so the requested information is not available.

Error: (01/16/2015 10:51:26 AM) (Source: Kamodia) (EventID: 99) (User: )
Description: Process has exited, so the requested information is not available.

Error: (01/16/2015 10:51:26 AM) (Source: Kamodia) (EventID: 99) (User: )
Description: Process has exited, so the requested information is not available.

Error: (01/16/2015 10:51:26 AM) (Source: Kamodia) (EventID: 99) (User: )
Description: Process has exited, so the requested information is not available.

==================== Memory info ===========================

Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 82%
Total physical RAM: 4043.86 MB
Available physical RAM: 714.83 MB
Total Pagefile: 8247.67 MB
Available Pagefile: 3614.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:441.63 GB) (Free:380.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:19.97 GB) (Free:2.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E861ED1B)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=441.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yup I can see it now :)

First thing to do is to uninstall the following programme :

Sendori

Once done

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\...\Run: [Otgpuozkwdji] => regsvr32.exe /s "C:\Users\nancy\AppData\Local\Apple Computer\Otgpuozkwdji.dll" <===== ATTENTION
HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
URLSearchHook: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 - Default Value = {f122b94e-0c50-13c4-c9d3-893faefad90b}
URLSearchHook: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 - (No Name) - {22dfbf5b-a7cd-4b25-9471-3dc68c71855f} - No File
URLSearchHook: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - No File
SearchScopes: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 -> DefaultScope {09695C53-76E8-44A0-8DA5-1C781E20568B} URL = http://search.condui...4491960330&UM=2
SearchScopes: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 -> {09695C53-76E8-44A0-8DA5-1C781E20568B} URL = http://search.condui...4491960330&UM=2
SearchScopes: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 -> {BC364A5B-3538-42A8-80F8-0AD2A51E7D56} URL = http://search.condui...q={searchTerms}
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
Toolbar: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 -> No Name - {22DFBF5B-A7CD-4B25-9471-3DC68C71855F} - No File
FF Plugin-x32: @ei.BringMeSports_1c.com/Plugin -> C:\Program Files (x86)\BringMeSports_1cEI\Installr\1.bin\NP1cEISB.dll No File
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3292715&SearchSource=48&CUI=UN27550994621375392&UM=2"
2015-01-14 21:24 - 2015-01-16 02:24 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-01-14 21:24 - 2015-01-14 21:24 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
CustomCLSID: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
Task: {9890D0E2-4973-40D2-AB85-F780B3869023} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: {BB24615C-3D2E-4756-A281-FE28B332A15E} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
C:\Users\nancy\AppData\Local\Apple Computer\Otgpuozkwdji.dll
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#7
Skrily21

Skrily21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

it is taking forever for Sendori to uninstall, so bear with me please.


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem, as if it is not uninstalled you may loose internet connection
  • 0

#9
Skrily21

Skrily21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2015 01
Ran by nancy at 2015-01-16 16:06:15 Run:1
Running from C:\Users\nancy\Documents
Loaded Profiles: nancy (Available profiles: nancy)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\...\Run: [Otgpuozkwdji] => regsvr32.exe /s "C:\Users\nancy\AppData\Local\Apple Computer\Otgpuozkwdji.dll" <===== ATTENTION
HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
URLSearchHook: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 - Default Value = {f122b94e-0c50-13c4-c9d3-893faefad90b}
URLSearchHook: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 - (No Name) - {22dfbf5b-a7cd-4b25-9471-3dc68c71855f} - No File
URLSearchHook: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - No File
SearchScopes: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 -> DefaultScope {09695C53-76E8-44A0-8DA5-1C781E20568B} URL = http://search.condui...4491960330&UM=2
SearchScopes: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 -> {09695C53-76E8-44A0-8DA5-1C781E20568B} URL = http://search.condui...4491960330&UM=2
SearchScopes: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 -> {BC364A5B-3538-42A8-80F8-0AD2A51E7D56} URL = http://search.condui...q={searchTerms}
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
Toolbar: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 -> No Name - {22DFBF5B-A7CD-4B25-9471-3DC68C71855F} - No File
FF Plugin-x32: @ei.BringMeSports_1c.com/Plugin -> C:\Program Files (x86)\BringMeSports_1cEI\Installr\1.bin\NP1cEISB.dll No File
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3292715&SearchSource=48&CUI=UN27550994621375392&UM=2"
2015-01-14 21:24 - 2015-01-16 02:24 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-01-14 21:24 - 2015-01-14 21:24 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
CustomCLSID: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
Task: {9890D0E2-4973-40D2-AB85-F780B3869023} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: {BB24615C-3D2E-4756-A281-FE28B332A15E} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
C:\Users\nancy\AppData\Local\Apple Computer\Otgpuozkwdji.dll
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList
EmptyTemp:
CMD: bitsadmin /reset /allusers

*****************

Restore point was successfully created.
HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Otgpuozkwdji => value deleted successfully.
"HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key deleted successfully.
"HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{22dfbf5b-a7cd-4b25-9471-3dc68c71855f} => value deleted successfully.
HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} => value deleted successfully.
HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09695C53-76E8-44A0-8DA5-1C781E20568B}" => Key deleted successfully.
HKCR\CLSID\{09695C53-76E8-44A0-8DA5-1C781E20568B} => Key not found.
"HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" => Key deleted successfully.
HKCR\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} => Key not found.
"HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BC364A5B-3538-42A8-80F8-0AD2A51E7D56}" => Key deleted successfully.
HKCR\CLSID\{BC364A5B-3538-42A8-80F8-0AD2A51E7D56} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{22DFBF5B-A7CD-4B25-9471-3DC68C71855F} => value deleted successfully.
HKCR\CLSID\{22DFBF5B-A7CD-4B25-9471-3DC68C71855F} => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@ei.BringMeSports_1c.com/Plugin" => Key deleted successfully.
Chrome StartupUrls deleted successfully.

"C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}" directory move:

Could not move "C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\8afc49b02429a" => Scheduled to move on reboot.
Could not move "C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\hid.dll" => Scheduled to move on reboot.
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\kukg.tmp => Moved successfully.
Could not move "C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\sss.tmp" => Scheduled to move on reboot.
Could not move "C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}" directory. => Scheduled to move on reboot.

C:\ProgramData\Windows Genuine Advantage => Moved successfully.
HKU\S-1-5-21-3155342500-3548620123-1959441487-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9890D0E2-4973-40D2-AB85-F780B3869023}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9890D0E2-4973-40D2-AB85-F780B3869023}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BB24615C-3D2E-4756-A281-FE28B332A15E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB24615C-3D2E-4756-A281-FE28B332A15E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task" => Key deleted successfully.
C:\Users\nancy\AppData\Local\Apple Computer\Otgpuozkwdji.dll => Moved successfully.

"C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList" directory move:

C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\container.dat => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Dhdkrott => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\dwhufcut => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\dyhstulhs => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\efbjepmlrmh => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Oorbpumjz => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\tkfsvjii => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\debug.log => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\rundll32.exe => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\Tnulqltoe.exe => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\VisualElementsManifest.xml => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\36.0.1985.143.manifest => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\chrome.dll => Moved successfully.
Could not move "C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\chrome_100_percent.pak" => Scheduled to move on reboot.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\chrome_200_percent.pak => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\chrome_child.dll => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\chrome_elf.dll => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\d3dcompiler_43.dll => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\d3dcompiler_46.dll => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\delegate_execute.exe => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\ffmpegsumo.dll => Moved successfully.
Could not move "C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\icudtl.dat" => Scheduled to move on reboot.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\libegl.dll => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\libexif.dll => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\libglesv2.dll => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\libpeerconnection.dll => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\metro_driver.dll => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\mksnapshot.ia32.exe.assert.manifest => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\nacl64.exe => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\nacl_irt_x86_32.nexe => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\nacl_irt_x86_64.nexe => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\pdf.dll => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\ppgooglenaclpluginchrome.dll => Moved successfully.
Could not move "C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\resources.pak" => Scheduled to move on reboot.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\secondarytile.png => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\widevinecdmadapter.dll => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\xinput1_3.dll => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\VisualElements\logo.png => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\VisualElements\smalllogo.png => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\VisualElements\splash-620x300.png => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\PepperFlash\manifest.json => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\PepperFlash\pepflashplayer.dll => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\Locales\en-GB.pak => Moved successfully.
Could not move "C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\Locales\en-US.pak" => Scheduled to move on reboot.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\Extensions\external_extensions.json => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\default_apps\docs.crx => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\default_apps\drive.crx => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\default_apps\external_extensions.json => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\default_apps\gmail.crx => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\default_apps\search.crx => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\default_apps\youtube.crx => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\elkyiuwkfnoi\Epeegwjdzc.js => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\elkyiuwkfnoi\manifest.json => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Dmgbqnyjfay\manifest.json => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Dmgbqnyjfay\qbdkvdmhitzy.js => Moved successfully.
Could not move "C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList" directory. => Scheduled to move on reboot.

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {57EA589A-29AC-4F64-9408-AA46CD0E0E2F}.
{479417A4-4013-452B-875D-91DC52811C67} canceled.
{7B430C38-3023-4D61-A9B5-53A6BBDC0E9D} canceled.
{4AFBA999-3B86-478C-B3D6-70CDC98FCD7E} canceled.
{8D3FC229-FDFA-401D-A91F-AED761D13B78} canceled.
{81A11110-A24B-4CE6-8330-A58B450FA777} canceled.
{1365C781-C56D-4FD2-BAB9-04AC8E7C09C3} canceled.
{E1F420BD-D8CB-4C63-9B6D-E4A338830C77} canceled.
{25495EC7-446D-4B21-BD3F-8E3DFA115BBC} canceled.
8 out of 9 jobs canceled.

========= End of CMD: =========


  • 0

#10
Skrily21

Skrily21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

sorry that may not be complete... the fixlog popped up before it was finished fixing and I didn't realize it.


  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem as the last part it was doing was emptying the temp files. All the files/folders I wanted to kill are gone or will be when it reboots :)

The multiple files should no longer appear
  • 0

#12
Skrily21

Skrily21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Here is the fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2015 01
Ran by nancy at 2015-01-16 16:06:15 Run:1
Running from C:\Users\nancy\Documents
Loaded Profiles: nancy (Available profiles: nancy)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\...\Run: [Otgpuozkwdji] => regsvr32.exe /s "C:\Users\nancy\AppData\Local\Apple Computer\Otgpuozkwdji.dll" <===== ATTENTION
HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
URLSearchHook: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 - Default Value = {f122b94e-0c50-13c4-c9d3-893faefad90b}
URLSearchHook: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 - (No Name) - {22dfbf5b-a7cd-4b25-9471-3dc68c71855f} - No File
URLSearchHook: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - No File
SearchScopes: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 -> DefaultScope {09695C53-76E8-44A0-8DA5-1C781E20568B} URL = http://search.condui...4491960330&UM=2
SearchScopes: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 -> {09695C53-76E8-44A0-8DA5-1C781E20568B} URL = http://search.condui...4491960330&UM=2
SearchScopes: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 -> {BC364A5B-3538-42A8-80F8-0AD2A51E7D56} URL = http://search.condui...q={searchTerms}
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
Toolbar: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 -> No Name - {22DFBF5B-A7CD-4B25-9471-3DC68C71855F} - No File
FF Plugin-x32: @ei.BringMeSports_1c.com/Plugin -> C:\Program Files (x86)\BringMeSports_1cEI\Installr\1.bin\NP1cEISB.dll No File
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3292715&SearchSource=48&CUI=UN27550994621375392&UM=2"
2015-01-14 21:24 - 2015-01-16 02:24 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-01-14 21:24 - 2015-01-14 21:24 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
CustomCLSID: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
Task: {9890D0E2-4973-40D2-AB85-F780B3869023} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: {BB24615C-3D2E-4756-A281-FE28B332A15E} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
C:\Users\nancy\AppData\Local\Apple Computer\Otgpuozkwdji.dll
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList
EmptyTemp:
CMD: bitsadmin /reset /allusers

*****************

Restore point was successfully created.
HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Otgpuozkwdji => value deleted successfully.
"HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key deleted successfully.
"HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{22dfbf5b-a7cd-4b25-9471-3dc68c71855f} => value deleted successfully.
HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} => value deleted successfully.
HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09695C53-76E8-44A0-8DA5-1C781E20568B}" => Key deleted successfully.
HKCR\CLSID\{09695C53-76E8-44A0-8DA5-1C781E20568B} => Key not found.
"HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" => Key deleted successfully.
HKCR\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} => Key not found.
"HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BC364A5B-3538-42A8-80F8-0AD2A51E7D56}" => Key deleted successfully.
HKCR\CLSID\{BC364A5B-3538-42A8-80F8-0AD2A51E7D56} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{22DFBF5B-A7CD-4B25-9471-3DC68C71855F} => value deleted successfully.
HKCR\CLSID\{22DFBF5B-A7CD-4B25-9471-3DC68C71855F} => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@ei.BringMeSports_1c.com/Plugin" => Key deleted successfully.
Chrome StartupUrls deleted successfully.

"C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}" directory move:

Could not move "C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\8afc49b02429a" => Scheduled to move on reboot.
Could not move "C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\hid.dll" => Scheduled to move on reboot.
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\kukg.tmp => Moved successfully.
Could not move "C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\sss.tmp" => Scheduled to move on reboot.
Could not move "C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}" directory. => Scheduled to move on reboot.

C:\ProgramData\Windows Genuine Advantage => Moved successfully.
HKU\S-1-5-21-3155342500-3548620123-1959441487-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9890D0E2-4973-40D2-AB85-F780B3869023}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9890D0E2-4973-40D2-AB85-F780B3869023}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BB24615C-3D2E-4756-A281-FE28B332A15E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB24615C-3D2E-4756-A281-FE28B332A15E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task" => Key deleted successfully.
C:\Users\nancy\AppData\Local\Apple Computer\Otgpuozkwdji.dll => Moved successfully.

"C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList" directory move:

C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\container.dat => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Dhdkrott => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\dwhufcut => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\dyhstulhs => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\efbjepmlrmh => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Oorbpumjz => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\tkfsvjii => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\debug.log => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\rundll32.exe => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\Tnulqltoe.exe => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\VisualElementsManifest.xml => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\36.0.1985.143.manifest => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\chrome.dll => Moved successfully.
Could not move "C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\chrome_100_percent.pak" => Scheduled to move on reboot.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\chrome_200_percent.pak => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\chrome_child.dll => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\chrome_elf.dll => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\d3dcompiler_43.dll => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\d3dcompiler_46.dll => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\delegate_execute.exe => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\ffmpegsumo.dll => Moved successfully.
Could not move "C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\icudtl.dat" => Scheduled to move on reboot.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\libegl.dll => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\libexif.dll => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\libglesv2.dll => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\libpeerconnection.dll => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\metro_driver.dll => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\mksnapshot.ia32.exe.assert.manifest => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\nacl64.exe => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\nacl_irt_x86_32.nexe => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\nacl_irt_x86_64.nexe => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\pdf.dll => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\ppgooglenaclpluginchrome.dll => Moved successfully.
Could not move "C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\resources.pak" => Scheduled to move on reboot.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\secondarytile.png => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\widevinecdmadapter.dll => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\xinput1_3.dll => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\VisualElements\logo.png => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\VisualElements\smalllogo.png => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\VisualElements\splash-620x300.png => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\PepperFlash\manifest.json => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\PepperFlash\pepflashplayer.dll => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\Locales\en-GB.pak => Moved successfully.
Could not move "C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\Locales\en-US.pak" => Scheduled to move on reboot.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\Extensions\external_extensions.json => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\default_apps\docs.crx => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\default_apps\drive.crx => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\default_apps\external_extensions.json => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\default_apps\gmail.crx => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\default_apps\search.crx => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\default_apps\youtube.crx => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\elkyiuwkfnoi\Epeegwjdzc.js => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\elkyiuwkfnoi\manifest.json => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Dmgbqnyjfay\manifest.json => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Dmgbqnyjfay\qbdkvdmhitzy.js => Moved successfully.
Could not move "C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList" directory. => Scheduled to move on reboot.

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {57EA589A-29AC-4F64-9408-AA46CD0E0E2F}.
{479417A4-4013-452B-875D-91DC52811C67} canceled.
{7B430C38-3023-4D61-A9B5-53A6BBDC0E9D} canceled.
{4AFBA999-3B86-478C-B3D6-70CDC98FCD7E} canceled.
{8D3FC229-FDFA-401D-A91F-AED761D13B78} canceled.
{81A11110-A24B-4CE6-8330-A58B450FA777} canceled.
{1365C781-C56D-4FD2-BAB9-04AC8E7C09C3} canceled.
{E1F420BD-D8CB-4C63-9B6D-E4A338830C77} canceled.
{25495EC7-446D-4B21-BD3F-8E3DFA115BBC} canceled.
8 out of 9 jobs canceled.

========= End of CMD: =========

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-16 17:40:05)<=

==> ATTENTION: System is not rebooted.
"C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\8afc49b02429a" => File could not move.
"C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\hid.dll" => File could not move.
"C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\sss.tmp" => File could not move.
"C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}" => Directory could not move.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\chrome_100_percent.pak => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\icudtl.dat => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\resources.pak => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList\Ptiepmgjdo\Siawesfwt\36.0.1985.143\Locales\en-US.pak => Moved successfully.
C:\Users\nancy\AppData\LocalLow\EmieBrowserModeList => Moved successfully.

==== End of Fixlog 17:40:10 ====


  • 0

#13
Skrily21

Skrily21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Here is the log from AdwCleaner:

 

# AdwCleaner v4.107 - Report created 16/01/2015 at 17:51:47
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : nancy - NANCY-HP
# Running from : C:\Users\nancy\Documents\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\ProgramData\Sendori
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\SaltarSmart
Folder Deleted : C:\Program Files (x86)\Common Files\337
Folder Deleted : C:\Users\nancy\AppData\Local\Conduit
Folder Deleted : C:\Users\nancy\AppData\Local\DefineExt
Folder Deleted : C:\Users\nancy\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\nancy\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\nancy\AppData\Roaming\337 Wallpaper
Folder Deleted : C:\Users\nancy\AppData\Roaming\337
Folder Deleted : C:\Users\nancy\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\nancy\AppData\Roaming\Systweak
Folder Deleted : C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgiifhjbblnglipdbpdgagphlcbililb
File Deleted : C:\END

***** [ Scheduled Tasks ] *****

Task Deleted : Omiga Plus RunAsStdUser
Task Deleted : IHUninstallTrackingTASK

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\hgiifhjbblnglipdbpdgagphlcbililb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hgiifhjbblnglipdbpdgagphlcbililb
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\omigaplussvc
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100565.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100565.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3018509
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3282134
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3294791
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82C7004A-078E-468C-9C0F-2243618FF7CB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3436BC13-C898-4775-B1EA-BA224587010D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{89B7AE32-9C52-41D6-A64D-14D7BDEC9C58}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E7F49ED-8C94-4AAA-A407-3010D099B11A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9DFFAA5F-44C6-4FF2-80EE-76368D0A2E75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B34A6A15-1F6F-4A19-A9DD-8B44C874A20B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B8445FED-900C-4137-AD15-DDD2F6306B62}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BB27DF2F-6F05-4A42-9FFD-14696D795750}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C00F4B2B-A33C-40FC-8E47-4D18DCD4B01E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C242AC08-2AE7-46A5-A62D-E7F1B9BE489C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F3EC3AFF-8FD8-4253-ABA2-F2ABE0A5524A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F85503FF-ED21-4493-9A4A-B6765EB45D94}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FEEAF56C-C91B-4D1C-9FC8-BAFD85F5F2B3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7007FA4C-E372-4485-ADFA-213B9E38D87F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AE769DF-F151-4541-B820-031726E76E06}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{844C2331-94DF-431E-9A67-426ED861D27F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8684A596-308C-4872-ACA7-FF6093BBEEF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{934063FB-A81D-4849-B02C-478446DF3219}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{93A55DA3-83ED-4090-91B6-904C44647639}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{966430CC-2097-45CA-8626-2C3F454C3297}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{993161E3-CF87-46CF-A702-3FD05D3DEDDD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9989BC14-9B5B-4B3B-8040-478FD1685E34}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0510789C-5E5D-4FA3-A3EF-2D56FDE5090A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1E34EA93-600B-4CBC-9858-59BE04C1A581}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32CC4D2E-999C-4853-9D3E-5DE4C02D57C6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{42CB7963-EFE0-4737-A927-CE076FAA3BA0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4B8E39FD-ED07-4A41-9681-3D78DAFCEE66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5A06A37E-F036-42EC-9D51-E738FACBFEB5}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8c9ef753-beb6-4582-b653-93ac59274437}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8c9ef753-beb6-4582-b653-93ac59274437}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Define Ext
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Desksvc
Key Deleted : HKLM\SOFTWARE\hdcode
Key Deleted : HKLM\SOFTWARE\omigaplusSvc
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\V9
Key Deleted : HKLM\SOFTWARE\winzipersvc
Key Deleted : HKLM\SOFTWARE\Define Ext

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Google Chrome v

[C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN27550994621375392&ctid=CT3292715&UM=2
[C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN27550994621375392&ctid=CT3292715&UM=2
[C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [10865 octets] - [16/01/2015 17:49:51]
AdwCleaner[S0].txt - [10023 octets] - [16/01/2015 17:51:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10084 octets] ##########


  • 0

#14
Skrily21

Skrily21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

The computer seems to be running like new!


  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
As a final check could I now have a fresh FRST scan please :)
  • 0






Similar Topics


Also tagged with one or more of these keywords: tnulqltoe, .exe malware, virus

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP