Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Multiple "tnulqltoe.exe*32" processes running shown from Googl

tnulqltoe .exe malware virus

  • This topic is locked This topic is locked

#16
Skrily21

Skrily21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2015 01
Ran by nancy (administrator) on NANCY-HP on 17-01-2015 15:45:19
Running from C:\Users\nancy\Desktop
Loaded Profiles: nancy (Available profiles: nancy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English
(United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file
will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device
Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE
3.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client
Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files
(x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Windstream) C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Radialpoint SafeCare Inc.) C:\Program Files (x86)\Windstream\Service
Agent\ServicepointService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files
(x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Windstream) C:\Program Files (x86)\Windstream\Service Agent\Windstream Service
Agent.exe
(Windstream) C:\Program Files (x86)\Windstream\Diagnostic Tools\DiagnosticTools.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files
(x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE
3.0\avp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage
Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card
Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine
Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine
Components\UNS\UNS.exe
(Radialpoint SafeCare Inc.) C:\Program Files (x86)\Windstream\Service
Agent\Windstream Service AgentComHandler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to
default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2799912 2011-06-09] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896
2011-09-08] (IDT, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common
Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems
Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen
Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company,
L.P.)
HKLM-x32\...\Run: [Windstream Service Agent.exe] => C:\Program Files
(x86)\Windstream\Service Agent\Windstream Service Agent.exe [10204472
2011-10-13] (Windstream)
HKLM-x32\...\Run: [DiagnosticTools.exe] => C:\Program Files (x86)\Windstream\Diagnostic
Tools\DiagnosticTools.exe [2037048 2011-04-25] (Windstream)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP
Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development
Company, L.P.)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files
(x86)\Nuance\PDF Reader\Ereg\Ereg.exe [333088 2010-07-05] (Nuance
Communications, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple
Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Sendori Tray] => "C:\Program Files (x86)\Sendori\ST.exe"
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe
[157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe
[421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE
3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP
Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16]
(Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\...\Run: [ISUSPM] =>
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso
Corporation)
HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\...\RunOnce: [Adobe Speed
Launcher] => 1421527355
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5}
=> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll
(Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5}
=> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll
(Kaspersky Lab ZAO)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be
removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/?fr=befhp&type=iehp-3.10-1403
HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\Software\Microsoft\Internet
Explorer\Main,Start Page = http://www.windstream.net/
HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKU\S-1-5-21-3155342500-3548620123-1959441487-1000\Software\Microsoft\Internet
Explorer\Main,Old Start Page = http://www.windstreambusiness.net/
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM -> {F7C85DDA-5CEF-4D20-844E-F7A087668262} URL =
http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {F7C85DDA-5CEF-4D20-844E-F7A087668262} URL =
http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
URL =
SearchScopes: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 ->
{D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3155342500-3548620123-1959441487-1000 ->
{F7C85DDA-5CEF-4D20-844E-F7A087668262} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} ->
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
(Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} ->
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
(Kaspersky Lab ZAO)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} ->
C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
(Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program
Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
(Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program
Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
(Kaspersky Lab ZAO)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} ->
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
(Hewlett-Packard)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} ->
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
(Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} ->
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
(Kaspersky Lab ZAO)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} ->
C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6}
-> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} ->
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
(Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} ->
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
(Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} ->
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
(Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program
Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll
()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft
Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @radialpoint.com/SPA,version=1 -> C:\Program Files
(x86)\Windstream\Service Agent\nprpspa.dll (Windstream)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll
()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll
No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files
(x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files
(x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files
(x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files
(x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common
Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common
Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll No File
FF Plugin-x32: @radialpoint.com/SPA,version=1 -> C:\Program Files
(x86)\Windstream\Service Agent\nprpspa.dll (Windstream)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 ->
C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader
10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF
Reader\bin\nppdf.dll (Zeon Corporation)
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla
Firefox\extensions\[email protected] [2012-09-01]
FF Extension: Define Ext - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013-09-13]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program
Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky
Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2015-01-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] -
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky
PURE 3.0\FFExt\[email protected] [2015-01-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program
Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
FF Extension: Gevaarlijke websiteblokkering - C:\Program Files (x86)\Kaspersky
Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2015-01-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program
Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE
3.0\FFExt\[email protected] [2015-01-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program
Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE
3.0\FFExt\[email protected] [2015-01-15]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll
No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
(Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
(Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
(Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
(Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
(Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader
10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (BringMeSports Installer Plugin Stub) - C:\Program Files
(x86)\BringMeSports_1cEI\Installr\1.bin\NP1cEISB.dll No File
CHR Plugin: (Motive Plugin) - C:\Program Files (x86)\Common Files\Motive\npMotive.dll
(Alcatel-Lucent)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
No File
CHR Plugin: (DocuCom PDF Plus) - C:\Program Files (x86)\Nuance\PDF
Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files
(x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
CHR Plugin: (Windows Live\ Photo Gallery) - C:\Program Files (x86)\Windows
Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Windstream Service Agent) - C:\Program Files (x86)\Windstream\Service
Agent\nprpspa.dll (Windstream)
CHR Plugin: (iTunes Application Detector) - C:\Program Files
(x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll
No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft
Silverlight\4.0.50401.0\npctrl.dll No File
CHR Profile: C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Website Logon) - C:\Users\nancy\AppData\Local\Google\Chrome\User
Data\Default\Extensions\bfmogjcijkfeahcajecmmegieipfbdcc [2013-09-13]
CHR Extension: (Radialpoint SPD Extension) - C:\Users\nancy\AppData\Local\Google\Chrome\User
Data\Default\Extensions\lmmhpfbhngkongobaoibpmnijjokabmj [2013-09-13]
CHR Extension: (Google Wallet) - C:\Users\nancy\AppData\Local\Google\Chrome\User
Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-13]
CHR HKLM-x32\...\Chrome\Extension: [bfmogjcijkfeahcajecmmegieipfbdcc] -
C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-08-18]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] -
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx
[2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] -
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx
[2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] -
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx
[2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] -
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx
[2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [lmmhpfbhngkongobaoibpmnijjokabmj] -
C:\Program Files (x86)\Windstream\Service Agent\ChromeExtension.crx [2012-08-23]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] -
https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not
Found]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] -
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx
[2013-11-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the
registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128
2013-11-11] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
[818888 2013-09-25] (Infowatch)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company)
[File not signed]
R2 HsdService; C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe
[1393976 2011-04-25] (Windstream)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
[1871160 2014-11-21] (Malwarebytes Corporation)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
[319488 2010-05-13] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe
[517632 2010-05-13] (Alcatel-Lucent) [File not signed]
R2 ServicepointService; C:\Program Files (x86)\Windstream\Service
Agent\ServicepointService.exe [10315064 2011-10-13] (Radialpoint SafeCare Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27]
(Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the
registry. The file will not be moved unless listed separately.)

R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02]
(Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616
2011-06-02] (Infowatch)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2012-12-06] (EldoS
Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2015-01-15] (Kaspersky Lab
ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2015-01-15] (Kaspersky
Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628288 2015-01-15] (Kaspersky Lab
ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2015-01-15] (Kaspersky
Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11]
(Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11]
(Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky
Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-11-11] (Kaspersky
Lab ZAO)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752
2014-12-29] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248
2010-03-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096
2010-03-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13]
(Apple, Inc.) [File not signed]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry.
Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 15:45 - 2015-01-17 15:45 - 00000000 ____D () C:\Users\nancy\Desktop\FRST-OlderVersion
2015-01-16 17:49 - 2015-01-16 17:51 - 00000000 ____D () C:\AdwCleaner
2015-01-16 16:18 - 2015-01-16 16:18 - 02191360 _____ () C:\Users\nancy\Documents\AdwCleaner.exe
2015-01-16 14:17 - 2015-01-16 16:32 - 00000000 ____D () C:\Program Files
(x86)\VS Revo Group
2015-01-16 13:40 - 2015-01-16 13:41 - 00002847 _____ () C:\Users\nancy\Documents\fixlist.txt
2015-01-16 13:01 - 2015-01-16 13:03 - 00028374 _____ () C:\Users\nancy\Desktop\Addition.txt
2015-01-16 12:57 - 2015-01-17 15:45 - 00024084 _____ () C:\Users\nancy\Desktop\FRST.txt
2015-01-16 12:56 - 2015-01-17 15:45 - 00000000 ____D () C:\FRST
2015-01-16 12:54 - 2015-01-17 15:45 - 02125824 _____ (Farbar)
C:\Users\nancy\Desktop\FRST64.exe
2015-01-16 12:53 - 2015-01-16 12:55 - 02125312 _____ (Farbar)
C:\Users\nancy\Documents\FRST64.exe
2015-01-16 10:33 - 2015-01-16 10:33 - 00088390 _____ () C:\Users\nancy\Documents\Extras.Txt
2015-01-16 10:32 - 2015-01-16 10:32 - 00107830 _____ () C:\Users\nancy\Documents\OTL.Txt
2015-01-16 09:25 - 2015-01-16 09:25 - 00602112 _____ (OldTimer Tools)
C:\Users\nancy\Documents\OTL.exe
2015-01-15 19:52 - 2015-01-15 19:52 - 00002220 _____ () C:\Users\nancy\Desktop\Safe
Money.lnk
2015-01-15 19:23 - 2015-01-15 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Kaspersky PURE 3.0
2015-01-15 19:23 - 2015-01-15 19:20 - 00001078 _____ () C:\Users\Public\Desktop\Kaspersky
PURE 3.0.lnk
2015-01-15 19:20 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation)
C:\Windows\system32\ntoskrnl.exe
2015-01-15 19:20 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation)
C:\Windows\system32\srcore.dll
2015-01-15 19:20 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation)
C:\Windows\system32\rstrui.exe
2015-01-15 19:20 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation)
C:\Windows\system32\srclient.dll
2015-01-15 19:20 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation)
C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 19:20 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation)
C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 19:20 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation)
C:\Windows\SysWOW64\srclient.dll
2015-01-15 19:20 - 2013-11-11 22:18 - 00064856 _____ (Kaspersky Lab)
C:\Windows\system32\klfphc.dll
2015-01-15 19:16 - 2011-06-02 14:39 - 00084536 _____ (Infowatch)
C:\Windows\system32\Drivers\CSCrySec.sys
2015-01-15 19:16 - 2011-06-02 14:39 - 00066616 _____ (Infowatch)
C:\Windows\system32\Drivers\CSVirtualDiskDrv.sys
2015-01-15 19:15 - 2015-01-17 15:43 - 00000000 ____D () C:\ProgramData\Kaspersky
Lab
2015-01-15 19:15 - 2015-01-15 19:15 - 00000000 ____D () C:\Windows\ELAMBKUP
2015-01-15 19:15 - 2015-01-15 19:15 - 00000000 ____D () C:\Program Files
(x86)\Kaspersky Lab
2015-01-15 19:13 - 2015-01-15 21:07 - 00628288 _____ (Kaspersky Lab ZAO)
C:\Windows\system32\Drivers\klif.sys
2015-01-15 19:13 - 2015-01-15 21:07 - 00092768 _____ (Kaspersky Lab ZAO)
C:\Windows\system32\Drivers\klflt.sys
2015-01-13 21:00 - 2015-01-13 21:00 - 05013680 _____ (Adobe Systems
Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-13 19:33 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation)
C:\Windows\system32\profsvc.dll
2015-01-13 19:33 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation)
C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 19:33 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation)
C:\Windows\system32\TSWbPrxy.exe
2015-01-13 19:33 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation)
C:\Windows\system32\nlasvc.dll
2015-01-13 19:33 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation)
C:\Windows\SysWOW64\ncsi.dll
2015-01-13 19:33 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation)
C:\Windows\SysWOW64\nlaapi.dll
2015-01-03 21:25 - 2015-01-03 21:25 - 00001597 _____ () C:\Users\nancy\Desktop\Remanufacture
Aux Mod Service for 05 09 Chevy GMC Truck Radio Am FM CD Player  eBay.url
2014-12-19 21:50 - 2014-12-19 21:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\iCloud

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 15:41 - 2013-09-13 08:08 - 00038426 _____ () C:\Windows\setupact.log
2015-01-17 15:41 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-17 13:23 - 2011-12-12 03:31 - 01795711 _____ () C:\Windows\WindowsUpdate.log
2015-01-17 13:12 - 2012-08-23 16:53 - 00000000 ____D () C:\ProgramData\Radialpoint
2015-01-17 12:57 - 2012-09-01 09:05 - 00000830 _____ () C:\Windows\Tasks\Adobe
Flash Player Updater.job
2015-01-17 11:41 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-01-17 09:33 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-17 09:33 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 18:32 - 2014-08-17 19:10 - 00000000 ____D () C:\Users\nancy\AppData\Local\Adobe
2015-01-16 18:32 - 2012-09-01 09:05 - 00701616 _____ (Adobe Systems
Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-16 18:32 - 2012-09-01 09:05 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe
Flash Player Updater
2015-01-16 18:32 - 2011-10-29 22:21 - 00071344 _____ (Adobe Systems
Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-16 17:53 - 2013-09-13 08:08 - 00385300 _____ () C:\Windows\PFRO.log
2015-01-16 17:40 - 2012-08-23 16:53 - 00000000 ____D () C:\Users\nancy\AppData\Roaming\Radialpoint
2015-01-16 16:08 - 2013-02-14 20:35 - 00000000 ____D () C:\Users\nancy\AppData\Local\Apple
Computer
2015-01-16 14:02 - 2009-07-14 00:13 - 00799906 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-16 13:26 - 2012-08-28 18:56 - 00000000 ____D () C:\Users\nancy\AppData\Local\CrashDumps
2015-01-15 21:07 - 2013-11-11 22:18 - 00458336 _____ (Kaspersky Lab ZAO)
C:\Windows\system32\Drivers\kl1.sys
2015-01-15 21:07 - 2012-08-02 15:09 - 00029792 _____ (Kaspersky Lab ZAO)
C:\Windows\system32\Drivers\klim6.sys
2015-01-15 20:52 - 2013-09-13 08:47 - 00000000 ____D () C:\Program Files
(x86)\Google
2015-01-15 20:52 - 2012-08-23 16:27 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{16FF6453-22F6-44AA-8AC8-7BFC9C5A77C3}
2015-01-15 18:53 - 2012-08-26 09:29 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleFornancy
2015-01-15 18:53 - 2012-08-26 09:29 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleFornancy.job
2015-01-13 21:10 - 2013-08-14 17:20 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-13 21:02 - 2012-08-28 17:19 - 113365784 _____ (Microsoft Corporation)
C:\Windows\system32\MRT.exe
2015-01-12 18:09 - 2013-01-19 20:24 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-12 18:09 - 2012-08-25 21:31 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-01-06 04:36 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation)
C:\Windows\system32\MpSigStub.exe
2015-01-05 17:06 - 2013-02-03 19:08 - 00000000 ____D () C:\ProgramData\Spybot -
Search & Destroy
2015-01-05 17:06 - 2013-02-03 19:08 - 00000000 ____D () C:\Program Files
(x86)\Spybot - Search & Destroy
2015-01-04 17:43 - 2012-08-22 19:03 - 00000000 ____D () C:\Users\nancy
2015-01-04 17:40 - 2014-05-17 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Malwarebytes Anti-Malware
2015-01-04 17:40 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-01-01 13:24 - 2014-05-17 21:33 - 00000000 ____D () C:\Program Files
(x86)\Malwarebytes Anti-Malware
2015-01-01 13:24 - 2011-12-12 04:20 - 00000000 ___RD () C:\Users\Public\Recorded
TV
2014-12-29 19:29 - 2014-05-17 21:33 - 00129752 _____ (Malwarebytes Corporation)
C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-28 17:40 - 2012-08-25 14:09 - 00000000 ____D () C:\Users\nancy\AppData\Local\CyberLink

Some content of TEMP:
====================
C:\Users\nancy\AppData\Local\Temp\Extract.exe
C:\Users\nancy\AppData\Local\Temp\Quarantine.exe
C:\Users\nancy\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-17 11:25


  • 0

Advertisements


#17
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Magic :)

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix

delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#18
Skrily21

Skrily21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Thanks again for all the help!!!


  • 0

#19
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: tnulqltoe, .exe malware, virus

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP