Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Highly Infected Computer - Helping Elderly Neighbors [Solved]


  • This topic is locked This topic is locked

#1
writertiff

writertiff

    Member

  • Member
  • PipPipPip
  • 129 posts

Hi everyone! My sweet neighbors are having all sorts of computer issues and are elderly. They had no protection that I know of, and were using Internet Explorer. I told them I'd bring it home and come here to try to help them get it cleaned up (and then protected). It took 20 mins to open Chrome but it finally did. Then I ran the OTL. Log below:

 

OTL logfile created on: 12/7/2014 3:00:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Glynnda\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.61 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 40.03% Memory free
7.23 Gb Paging File | 3.87 Gb Available in Paging File | 53.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.77 Gb Total Space | 377.69 Gb Free Space | 84.16% Space Free | Partition Type: NTFS
Drive D: | 16.89 Gb Total Space | 2.11 Gb Free Space | 12.50% Space Free | Partition Type: NTFS
 
Computer Name: GLYNNDA-HP | User Name: Glynnda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/12/07 14:58:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Glynnda\Downloads\OTL.exe
PRC - [2014/11/25 00:39:27 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/10/17 01:24:42 | 001,009,752 | ---- | M] (Support.com, Inc.) -- C:\Program Files (x86)\Office Depot PC Support Agent\esService.exe
PRC - [2013/12/18 12:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/16 12:32:47 | 000,284,347 | ---- | M] (Anubisel Corporatu) -- C:\Users\Glynnda\AppData\Roaming\Azcaoh\xyheepe.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/17 19:17:46 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\YouCam\YCMMirage.exe
PRC - [2011/08/16 16:03:24 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2011/08/16 16:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/11/25 00:39:24 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
MOD - [2014/11/25 00:39:20 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
MOD - [2014/11/25 00:39:18 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
MOD - [2014/11/25 00:39:17 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
MOD - [2014/10/16 10:23:28 | 002,997,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\92a3b88ac6300af062edd6503bc5903c\System.IdentityModel.ni.dll
MOD - [2014/10/16 10:23:21 | 019,696,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\316b149dbb031d0e35c9d57bb2fc4b6e\System.ServiceModel.ni.dll
MOD - [2014/10/16 10:21:42 | 002,868,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\b8e72b75a31229c5ae9d34289305c52b\ReachFramework.ni.dll
MOD - [2014/10/16 00:32:03 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\006d28e7c86f3e70db90ce06ea2f33fb\PresentationCore.ni.dll
MOD - [2014/10/16 00:31:44 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\94bbd298ec8575f3c6151a59538a109c\WindowsBase.ni.dll
MOD - [2014/10/16 00:31:30 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014/10/16 00:31:12 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014/10/16 00:31:10 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\046058f81b039ab6fd839e03e67595f8\SMDiagnostics.ni.dll
MOD - [2014/10/16 00:31:09 | 002,822,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f9f13cd8fe1cefaad78579a7c3a41464\System.Runtime.Serialization.ni.dll
MOD - [2014/10/16 00:31:09 | 000,794,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\35d3a1b878542de59cb4fc0593992404\System.ServiceModel.Internals.ni.dll
MOD - [2014/10/16 00:30:57 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
MOD - [2014/10/16 00:30:57 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014/10/16 00:30:55 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014/10/16 00:30:44 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/02/27 11:30:06 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe /McCoreSvc -- (mcpltsvc)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\McAfee\MSC\McAPExe.exe -- (McAPExe)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe /McCoreSvc -- (HomeNetSvc)
SRV:64bit: - [2014/11/05 21:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/09/15 18:13:38 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2014/09/15 16:03:18 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 20:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/10/17 01:24:42 | 001,009,752 | ---- | M] (Support.com, Inc.) [Auto | Running] -- C:\Program Files (x86)\Office Depot PC Support Agent\esService.exe -- (Office Depot PC Support Agent)
SRV - [2014/03/20 16:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/18 12:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/04 17:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/16 16:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/09/15 16:26:58 | 016,750,080 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2014/09/15 15:59:06 | 000,576,000 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2014/08/20 08:06:14 | 000,096,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2014/08/20 08:05:28 | 000,445,512 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2013/09/23 12:49:22 | 000,197,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/16 21:32:45 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/11/16 21:32:45 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/08/23 23:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/11 13:19:50 | 001,582,144 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2011/05/04 18:44:00 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/03/14 23:11:10 | 000,010,112 | ---- | M] (support.com, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssmirrdr.sys -- (ssmirrdr)
DRV:64bit: - [2011/03/04 16:46:20 | 000,078,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/03/04 16:46:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/12/16 11:36:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/07/28 11:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/06/21 20:51:14 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/09 00:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{3852876A-41D6-47DC-91DE-3FD9D00D2DBE}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{3852876A-41D6-47DC-91DE-3FD9D00D2DBE}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {68D57DE6-8621-4987-8787-D7C6E874935F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKCU\..\SearchScopes\{3852876A-41D6-47DC-91DE-3FD9D00D2DBE}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{68D57DE6-8621-4987-8787-D7C6E874935F}: "URL" = http://www.bing.com/...q={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Glynnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Glynnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.65.135.1_0\
CHR - Extension: No name found = C:\Users\Glynnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2014/11/25 15:48:28 | 000,001,509 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 185.53.9.209 www.google-analytics.com.
O1 - Hosts: 185.53.9.209 google-analytics.com.
O1 - Hosts: 185.53.9.209 connect.facebook.net.
O1 - Hosts: 195.162.69.252 www.google-analytics.com.
O1 - Hosts: 195.162.69.252 google-analytics.com.
O1 - Hosts: 195.162.69.252 connect.facebook.net.
O1 - Hosts: 212.47.195.215 www.google-analytics.com.
O1 - Hosts: 212.47.195.215 google-analytics.com.
O1 - Hosts: 212.47.195.215 connect.facebook.net.
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [Emzuunok] C:\Users\Glynnda\AppData\Roaming\Azcaoh\xyheepe.exe (Anubisel Corporatu)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe File not found
O4 - HKLM..\Run: [Emzuunok] C:\Users\Glynnda\AppData\Roaming\Azcaoh\xyheepe.exe (Anubisel Corporatu)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Emzuunok] C:\Users\Glynnda\AppData\Roaming\Azcaoh\xyheepe.exe (Anubisel Corporatu)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.10.216.1 71.10.216.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21C27A73-102E-4675-A881-104356039D20}: DhcpNameServer = 71.10.216.1 71.10.216.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21C27A73-102E-4675-A881-104356039D20}: NameServer = 8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4A3B9A4-17FF-4F63-B3B7-78293B1420E5}: DhcpNameServer = 198.6.1.1 204.117.214.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4A3B9A4-17FF-4F63-B3B7-78293B1420E5}: NameServer = 8.8.8.8,8.8.8.8
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL File not found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\oxnmkag: DllName - (C:\Users\Glynnda\AppData\Local\oxnmkag.dll) - C:\Users\Glynnda\AppData\Local\oxnmkag.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/30 09:41:17 | 000,000,000 | ---D | C] -- C:\Users\Glynnda\AppData\Local\Windows Live
[2014/11/30 09:40:38 | 000,000,000 | ---D | C] -- C:\Users\Glynnda\AppData\Local\{AD135674-8893-46A9-89DE-D377D48D249C}
[2014/11/27 19:49:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LOCALAPPDATA%
[2014/11/26 08:38:57 | 000,000,000 | ---D | C] -- C:\Users\Glynnda\AppData\Local\AMD
[2014/11/26 08:38:22 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2014/11/26 08:01:08 | 000,000,000 | ---D | C] -- C:\ProgramData\YowaCuxa
[2014/11/26 08:00:40 | 000,000,000 | ---D | C] -- C:\ProgramData\WuyoJuwz
[2014/11/25 17:19:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2014/11/25 17:18:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2014/11/25 17:08:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[2014/11/25 16:58:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2014/11/25 16:28:38 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2014/11/25 16:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/11/25 15:57:13 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2014/11/25 15:49:01 | 000,000,000 | ---D | C] -- C:\Users\Glynnda\AppData\Roaming\Daikequ
[2014/11/25 15:48:47 | 000,000,000 | ---D | C] -- C:\Users\Glynnda\AppData\Roaming\Ukseusv
[2014/11/25 15:48:36 | 000,000,000 | ---D | C] -- C:\Users\Glynnda\AppData\Roaming\Cugyluwy
[2014/11/25 15:48:26 | 000,000,000 | ---D | C] -- C:\Users\Glynnda\AppData\Roaming\Arulgyi
[2014/11/25 15:48:17 | 000,000,000 | ---D | C] -- C:\Users\Glynnda\AppData\Roaming\Nuvimefo
[2014/11/25 15:48:08 | 000,000,000 | ---D | C] -- C:\Users\Glynnda\AppData\Roaming\Dikiudaz
[2014/11/25 15:47:56 | 000,000,000 | ---D | C] -- C:\Users\Glynnda\AppData\Roaming\Ovuzso
[2014/11/25 15:47:48 | 000,000,000 | ---D | C] -- C:\Users\Glynnda\AppData\Roaming\Wyxylo
[2014/11/25 15:47:34 | 000,000,000 | ---D | C] -- C:\Users\Glynnda\AppData\Roaming\Voveif
[2014/11/25 15:47:28 | 000,000,000 | ---D | C] -- C:\AMD
[2014/11/25 15:43:52 | 000,000,000 | ---D | C] -- C:\ProgramData\ZufguQwalu
[2014/11/25 15:43:36 | 000,000,000 | ---D | C] -- C:\ProgramData\JeniJpidg
[2014/11/25 00:27:37 | 000,000,000 | ---D | C] -- C:\Users\Glynnda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ShopAtHome.com Helper
[2014/11/24 22:58:13 | 000,000,000 | ---D | C] -- C:\Users\Glynnda\AppData\Roaming\Abizehd
[2014/11/24 22:58:00 | 000,000,000 | ---D | C] -- C:\Users\Glynnda\AppData\Roaming\Sukamo
[2014/11/24 22:57:49 | 000,000,000 | ---D | C] -- C:\Users\Glynnda\AppData\Roaming\Toepexy
[2014/11/24 22:57:42 | 000,000,000 | ---D | C] -- C:\Users\Glynnda\AppData\Roaming\Ichateg
[2014/11/24 22:56:46 | 000,000,000 | ---D | C] -- C:\Users\Glynnda\AppData\Roaming\Azcaoh
[2014/11/24 22:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PupjiRucve
[2014/11/24 22:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\BabyUrmin
[2014/11/24 22:44:58 | 000,000,000 | ---D | C] -- C:\ProgramData\CosePpogl
[2014/11/24 22:44:45 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2014/11/24 14:56:06 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2014/11/24 14:45:19 | 000,000,000 | ---D | C] -- C:\Users\Glynnda\AppData\Roaming\Malwarebytes
[2014/11/24 14:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/11/24 14:45:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/11/24 14:45:07 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/11/24 14:45:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/11/24 14:42:56 | 000,000,000 | ---D | C] -- C:\Users\Glynnda\AppData\Local\Programs
[2014/11/24 12:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools
[2014/11/22 20:38:35 | 000,000,000 | ---D | C] -- C:\Users\Glynnda\AppData\Roaming\Ogoxytp
[2014/11/22 20:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\DocohOmpof
[2014/11/22 15:59:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Office Depot PC Support Agent
[2014/11/21 15:39:08 | 000,000,000 | ---D | C] -- C:\Users\Glynnda\AppData\Local\{ECEAA633-13D5-4D92-9B9C-93779D60BC4C}
[2014/11/20 16:51:22 | 000,000,000 | ---D | C] -- C:\Users\Glynnda\AppData\Roaming\Yrybmig
[2014/11/20 16:46:51 | 000,000,000 | ---D | C] -- C:\ProgramData\WuvuBucfi
[2014/11/20 16:24:23 | 000,000,000 | ---D | C] -- C:\Users\Glynnda\AppData\Roaming\FrameworkUpdate
[2014/11/19 17:46:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
[2014/11/15 18:19:20 | 000,000,000 | ---D | C] -- C:\Users\Glynnda\AppData\Roaming\Devuta
[2014/11/14 16:17:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014/11/12 15:11:00 | 000,000,000 | -HSD | C] -- C:\Users\Glynnda\AppData\Local\EmieBrowserModeList
[2014/11/11 15:25:46 | 000,000,000 | ---D | C] -- C:\Users\Glynnda\AppData\Roaming\FrameworkUpdate7
[2014/11/10 15:56:17 | 000,000,000 | ---D | C] -- C:\ProgramData\GoktIwohe
[2014/11/10 15:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\JigwUdop
[2014/11/09 21:26:10 | 000,000,000 | ---D | C] -- C:\Users\Glynnda\AppData\Local\YvvvPack
[2014/11/09 21:25:37 | 000,000,000 | ---D | C] -- C:\Users\Glynnda\AppData\Local\Erftion
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/07 14:49:10 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cfff61ac267ea.job
[2014/12/07 14:49:10 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cfee62e1a80a0.job
[2014/12/07 14:43:39 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf244ee1223503.job
[2014/12/07 14:40:31 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/07 14:40:31 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/07 14:31:52 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/07 14:31:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/07 14:31:38 | 2910,302,208 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/30 09:26:10 | 000,021,527 | ---- | M] () -- C:\Users\Glynnda\Desktop\Office Depot Work Order 0059611525985 Ticket 27916097 Receipt.mht
[2014/11/28 18:52:37 | 000,000,812 | ---- | M] () -- C:\Windows\tasks\Security Center Update - 713791217.job
[2014/11/28 18:52:37 | 000,000,808 | ---- | M] () -- C:\Windows\tasks\Security Center Update - 859257726.job
[2014/11/28 18:52:35 | 000,000,816 | ---- | M] () -- C:\Windows\tasks\Security Center Update - 605811440.job
[2014/11/28 18:52:35 | 000,000,816 | ---- | M] () -- C:\Windows\tasks\Security Center Update - 399393453.job
[2014/11/28 18:52:35 | 000,000,812 | ---- | M] () -- C:\Windows\tasks\Security Center Update - 3166402688.job
[2014/11/28 18:52:35 | 000,000,808 | ---- | M] () -- C:\Windows\tasks\Security Center Update - 2593297739.job
[2014/11/28 18:52:32 | 000,000,816 | ---- | M] () -- C:\Windows\tasks\Security Center Update - 193677934.job
[2014/11/28 18:52:32 | 000,000,816 | ---- | M] () -- C:\Windows\tasks\Security Center Update - 1331730204.job
[2014/11/28 18:52:32 | 000,000,812 | ---- | M] () -- C:\Windows\tasks\Security Center Update - 1697682034.job
[2014/11/28 18:52:32 | 000,000,812 | ---- | M] () -- C:\Windows\tasks\Security Center Update - 1468541840.job
[2014/11/28 18:52:32 | 000,000,808 | ---- | M] () -- C:\Windows\tasks\Security Center Update - 1571542829.job
[2014/11/28 18:52:32 | 000,000,808 | ---- | M] () -- C:\Windows\tasks\Security Center Update - 148162692.job
[2014/11/28 18:52:31 | 000,000,814 | ---- | M] () -- C:\Windows\tasks\Security Center Update - 1079130923.job
[2014/11/27 19:45:32 | 000,000,026 | ---- | M] () -- C:\Windows\Zone.Identifier
[2014/11/26 19:10:11 | 000,000,820 | ---- | M] () -- C:\Windows\tasks\Security Center Update - 2418676004.job
[2014/11/26 18:11:10 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGlynnda.job
[2014/11/26 17:51:38 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/11/25 15:48:28 | 000,001,509 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/11/25 15:43:29 | 000,023,552 | ---- | M] () -- C:\Users\Glynnda\AppData\Local\oxnlwag.dll
[2014/11/24 22:44:36 | 000,023,552 | ---- | M] () -- C:\Users\Glynnda\AppData\Local\oxnmkag.dll
[2014/11/24 14:45:10 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/11/22 16:00:34 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Office Depot PC Support Agent.lnk
[2014/11/20 16:25:43 | 000,000,256 | -H-- | M] () -- C:\ProgramData\@system3.att
[2014/11/20 16:25:27 | 000,000,520 | ---- | M] () -- C:\ProgramData\@system.temp
[2014/11/20 16:24:26 | 000,000,284 | ---- | M] () -- C:\ProgramData\DECRYPT_INSTRUCTION.URL
[2014/11/20 12:08:01 | 000,885,712 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/20 12:08:01 | 000,197,794 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/20 12:08:01 | 000,006,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/12 17:20:38 | 000,000,272 | ---- | M] () -- C:\Users\Glynnda\DECRYPT_INSTRUCTION.URL
[2014/11/12 17:20:16 | 000,000,272 | ---- | M] () -- C:\Users\Glynnda\AppData\Local\DECRYPT_INSTRUCTION.URL
[2014/11/12 11:38:56 | 000,267,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/11/11 12:20:36 | 000,000,268 | ---- | M] () -- C:\Users\Glynnda\Documents\DECRYPT_INSTRUCTION.URL
[2014/11/11 12:20:30 | 000,000,268 | ---- | M] () -- C:\Users\Glynnda\AppData\Roaming\DECRYPT_INSTRUCTION.URL
 
========== Files Created - No Company Name ==========
 
[2014/11/30 09:26:10 | 000,021,527 | ---- | C] () -- C:\Users\Glynnda\Desktop\Office Depot Work Order 0059611525985 Ticket 27916097 Receipt.mht
[2014/11/27 19:45:32 | 000,000,026 | ---- | C] () -- C:\Windows\Zone.Identifier
[2014/11/25 15:49:03 | 000,000,812 | ---- | C] () -- C:\Windows\tasks\Security Center Update - 1697682034.job
[2014/11/25 15:48:48 | 000,000,812 | ---- | C] () -- C:\Windows\tasks\Security Center Update - 1468541840.job
[2014/11/25 15:48:38 | 000,000,816 | ---- | C] () -- C:\Windows\tasks\Security Center Update - 1331730204.job
[2014/11/25 15:48:29 | 000,000,814 | ---- | C] () -- C:\Windows\tasks\Security Center Update - 1079130923.job
[2014/11/25 15:48:17 | 000,000,816 | ---- | C] () -- C:\Windows\tasks\Security Center Update - 605811440.job
[2014/11/25 15:48:09 | 000,000,820 | ---- | C] () -- C:\Windows\tasks\Security Center Update - 2418676004.job
[2014/11/25 15:48:00 | 000,000,808 | ---- | C] () -- C:\Windows\tasks\Security Center Update - 148162692.job
[2014/11/25 15:47:48 | 000,000,808 | ---- | C] () -- C:\Windows\tasks\Security Center Update - 859257726.job
[2014/11/25 15:47:38 | 000,000,808 | ---- | C] () -- C:\Windows\tasks\Security Center Update - 1571542829.job
[2014/11/25 15:43:26 | 000,023,552 | ---- | C] () -- C:\Users\Glynnda\AppData\Local\oxnlwag.dll
[2014/11/24 22:58:15 | 000,000,812 | ---- | C] () -- C:\Windows\tasks\Security Center Update - 713791217.job
[2014/11/24 22:58:01 | 000,000,808 | ---- | C] () -- C:\Windows\tasks\Security Center Update - 2593297739.job
[2014/11/24 22:57:52 | 000,000,816 | ---- | C] () -- C:\Windows\tasks\Security Center Update - 399393453.job
[2014/11/24 22:57:42 | 000,000,816 | ---- | C] () -- C:\Windows\tasks\Security Center Update - 193677934.job
[2014/11/24 22:56:48 | 000,000,812 | ---- | C] () -- C:\Windows\tasks\Security Center Update - 3166402688.job
[2014/11/24 22:44:36 | 000,023,552 | ---- | C] () -- C:\Users\Glynnda\AppData\Local\oxnmkag.dll
[2014/11/24 14:45:10 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/11/22 16:00:34 | 000,002,226 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Office Depot PC Support Agent.lnk
[2014/11/22 16:00:34 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Office Depot PC Support Agent.lnk
[2014/11/13 10:44:07 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cfff61ac267ea.job
[2014/11/11 15:26:32 | 000,000,256 | -H-- | C] () -- C:\ProgramData\@system3.att
[2014/11/11 15:26:14 | 000,000,520 | ---- | C] () -- C:\ProgramData\@system.temp
[2014/11/11 12:21:31 | 000,000,272 | ---- | C] () -- C:\Users\Glynnda\DECRYPT_INSTRUCTION.URL
[2014/11/11 12:20:36 | 000,000,268 | ---- | C] () -- C:\Users\Glynnda\Documents\DECRYPT_INSTRUCTION.URL
[2014/11/11 12:20:30 | 000,000,268 | ---- | C] () -- C:\Users\Glynnda\AppData\Roaming\DECRYPT_INSTRUCTION.URL
[2014/11/11 12:19:48 | 000,000,272 | ---- | C] () -- C:\Users\Glynnda\AppData\Local\DECRYPT_INSTRUCTION.URL
[2014/11/11 12:18:56 | 000,000,284 | ---- | C] () -- C:\ProgramData\DECRYPT_INSTRUCTION.URL
[2014/09/15 18:19:58 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2014/09/15 16:18:02 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2014/09/15 16:18:02 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2014/09/15 16:06:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2014/09/15 16:06:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2014/09/11 12:40:30 | 000,000,017 | ---- | C] () -- C:\Users\Glynnda\AppData\Local\resmon.resmoncfg
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 20:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 19:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/11/24 22:58:13 | 000,000,000 | ---D | M] -- C:\Users\Glynnda\AppData\Roaming\Abizehd
[2014/11/25 15:48:26 | 000,000,000 | ---D | M] -- C:\Users\Glynnda\AppData\Roaming\Arulgyi
[2014/11/24 22:56:46 | 000,000,000 | ---D | M] -- C:\Users\Glynnda\AppData\Roaming\Azcaoh
[2014/11/24 15:06:27 | 000,000,000 | -HSD | M] -- C:\Users\Glynnda\AppData\Roaming\bhurraus
[2014/11/25 15:48:36 | 000,000,000 | ---D | M] -- C:\Users\Glynnda\AppData\Roaming\Cugyluwy
[2014/11/25 15:49:01 | 000,000,000 | ---D | M] -- C:\Users\Glynnda\AppData\Roaming\Daikequ
[2014/11/15 18:20:39 | 000,000,000 | ---D | M] -- C:\Users\Glynnda\AppData\Roaming\Devuta
[2014/11/25 15:48:08 | 000,000,000 | ---D | M] -- C:\Users\Glynnda\AppData\Roaming\Dikiudaz
[2014/11/24 15:06:27 | 000,000,000 | ---D | M] -- C:\Users\Glynnda\AppData\Roaming\FrameworkUpdate
[2014/11/24 15:06:27 | 000,000,000 | ---D | M] -- C:\Users\Glynnda\AppData\Roaming\FrameworkUpdate7
[2014/11/24 22:57:42 | 000,000,000 | ---D | M] -- C:\Users\Glynnda\AppData\Roaming\Ichateg
[2013/06/03 10:48:02 | 000,000,000 | ---D | M] -- C:\Users\Glynnda\AppData\Roaming\Medstrat
[2012/05/25 18:56:34 | 000,000,000 | ---D | M] -- C:\Users\Glynnda\AppData\Roaming\NewspaperDirect
[2014/11/25 15:48:17 | 000,000,000 | ---D | M] -- C:\Users\Glynnda\AppData\Roaming\Nuvimefo
[2014/11/24 15:06:27 | 000,000,000 | ---D | M] -- C:\Users\Glynnda\AppData\Roaming\Ogoxytp
[2014/11/26 14:20:33 | 000,000,000 | ---D | M] -- C:\Users\Glynnda\AppData\Roaming\OpswatLogs
[2014/11/25 15:47:56 | 000,000,000 | ---D | M] -- C:\Users\Glynnda\AppData\Roaming\Ovuzso
[2014/11/11 12:20:28 | 000,000,000 | ---D | M] -- C:\Users\Glynnda\AppData\Roaming\QuickScan
[2014/09/09 17:06:05 | 000,000,000 | ---D | M] -- C:\Users\Glynnda\AppData\Roaming\Ryas
[2014/11/11 12:20:30 | 000,000,000 | ---D | M] -- C:\Users\Glynnda\AppData\Roaming\ShopAtHome
[2014/11/30 10:58:36 | 000,000,000 | ---D | M] -- C:\Users\Glynnda\AppData\Roaming\SoftGrid Client
[2014/11/24 22:58:00 | 000,000,000 | ---D | M] -- C:\Users\Glynnda\AppData\Roaming\Sukamo
[2012/05/25 18:29:39 | 000,000,000 | ---D | M] -- C:\Users\Glynnda\AppData\Roaming\supportdotcom
[2014/11/24 22:57:49 | 000,000,000 | ---D | M] -- C:\Users\Glynnda\AppData\Roaming\Toepexy
[2013/03/24 12:28:32 | 000,000,000 | ---D | M] -- C:\Users\Glynnda\AppData\Roaming\TP
[2014/11/25 15:48:47 | 000,000,000 | ---D | M] -- C:\Users\Glynnda\AppData\Roaming\Ukseusv
[2014/11/24 15:06:27 | 000,000,000 | ---D | M] -- C:\Users\Glynnda\AppData\Roaming\Umci
[2014/11/25 15:47:34 | 000,000,000 | ---D | M] -- C:\Users\Glynnda\AppData\Roaming\Voveif
[2012/06/02 18:25:06 | 000,000,000 | ---D | M] -- C:\Users\Glynnda\AppData\Roaming\WinBatch
[2014/11/25 15:47:48 | 000,000,000 | ---D | M] -- C:\Users\Glynnda\AppData\Roaming\Wyxylo
[2014/11/20 18:13:37 | 000,000,000 | ---D | M] -- C:\Users\Glynnda\AppData\Roaming\Yrybmig
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2014/11/11 15:25:45 | 000,000,448 | -H-- | M] ()(C:\Users\Glynnda\AppData\Roaming\????) -- C:\Users\Glynnda\AppData\Roaming\麽鎒駓覜
[2014/11/11 15:25:45 | 000,000,448 | -H-- | C] ()(C:\Users\Glynnda\AppData\Roaming\????) -- C:\Users\Glynnda\AppData\Roaming\麽鎒駓覜
 
< End of report >
 

  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Hello writertiff,

Please download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.


  • 0

#3
writertiff

writertiff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts

Thank you! Here are both logs:

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 02
Ran by Glynnda (administrator) on GLYNNDA-HP on 07-12-2014 20:16:51
Running from C:\Users\Glynnda\Desktop
Loaded Profile: Glynnda (Available profiles: Glynnda)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Support.com, Inc.) C:\Program Files (x86)\Office Depot PC Support Agent\esService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(CyberLink) C:\Program Files (x86)\Cyberlink\YouCam\YCMMirage.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7461480 2011-09-08] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
HKLM\...\Run: [Emzuunok] => C:\Users\Glynnda\AppData\Roaming\Azcaoh\xyheepe.exe [284347 2013-08-16] (Anubisel Corporatu)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Emzuunok] => C:\Users\Glynnda\AppData\Roaming\Azcaoh\xyheepe.exe [284347 2013-08-16] (Anubisel Corporatu)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
HKLM\...\RunOnce: [NCPluginUpdater] => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\Symantec Shared <====== ATTENTION
Winlogon\Notify\oxnmkag-x32: C:\Users\Glynnda\AppData\Local\oxnmkag.dll ()
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3098917091-2276340468-633939820-1000\...\Run: [Emzuunok] => C:\Users\Glynnda\AppData\Roaming\Azcaoh\xyheepe.exe [284347 2013-08-16] (Anubisel Corporatu)
HKU\S-1-5-21-3098917091-2276340468-633939820-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3098917091-2276340468-633939820-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKLM -> {3852876A-41D6-47DC-91DE-3FD9D00D2DBE} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {3852876A-41D6-47DC-91DE-3FD9D00D2DBE} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKU\S-1-5-21-3098917091-2276340468-633939820-1000 -> DefaultScope {68D57DE6-8621-4987-8787-D7C6E874935F} URL = http://www.bing.com/...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3098917091-2276340468-633939820-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-3098917091-2276340468-633939820-1000 -> {3852876A-41D6-47DC-91DE-3FD9D00D2DBE} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKU\S-1-5-21-3098917091-2276340468-633939820-1000 -> {68D57DE6-8621-4987-8787-D7C6E874935F} URL = http://www.bing.com/...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3098917091-2276340468-633939820-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-3098917091-2276340468-633939820-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKU\S-1-5-21-3098917091-2276340468-633939820-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3098917091-2276340468-633939820-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{21C27A73-102E-4675-A881-104356039D20}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{A4A3B9A4-17FF-4F63-B3B7-78293B1420E5}: [NameServer] 8.8.8.8,8.8.8.8
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSearchURL: Default -> https://search.yahoo...p={searchTerms}
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Glynnda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Glynnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-28]
CHR Extension: (SiteAdvisor) - C:\Users\Glynnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-08-28]
CHR Extension: (Google Wallet) - C:\Users\Glynnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-28]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 Office Depot PC Support Agent; C:\Program Files (x86)\Office Depot PC Support Agent\esService.exe [1009752 2014-10-17] (Support.com, Inc.)
S2 HomeNetSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
S2 mcpltsvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-03-14] (support.com, Inc)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-07 20:16 - 2014-12-07 20:21 - 00017912 _____ () C:\Users\Glynnda\Desktop\FRST.txt
2014-12-07 20:16 - 2014-12-07 20:17 - 00000000 ____D () C:\FRST
2014-12-07 20:14 - 2014-12-07 20:14 - 02119680 _____ (Farbar) C:\Users\Glynnda\Desktop\FRST64.exe
2014-12-07 17:18 - 2014-12-07 17:18 - 00067530 _____ () C:\Users\Glynnda\Downloads\Extras.Txt
2014-12-07 16:10 - 2014-12-07 16:10 - 00102122 _____ () C:\Users\Glynnda\Downloads\OTL.Txt
2014-12-07 15:33 - 2014-12-07 15:33 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForGlynnda
2014-12-07 15:33 - 2014-12-07 15:33 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForGlynnda.job
2014-12-07 14:58 - 2014-12-07 14:58 - 00602112 _____ (OldTimer Tools) C:\Users\Glynnda\Downloads\OTL.exe
2014-12-02 20:59 - 2014-12-02 21:00 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Glynnda\Downloads\mbam-setup-2.0.4.1028.exe
2014-11-30 09:41 - 2014-11-30 09:41 - 00000000 ____D () C:\Users\Glynnda\AppData\Local\Windows Live
2014-11-30 09:40 - 2014-11-30 09:41 - 00000000 ____D () C:\Users\Glynnda\AppData\Local\{AD135674-8893-46A9-89DE-D377D48D249C}
2014-11-30 09:26 - 2014-11-30 09:26 - 00021527 _____ () C:\Users\Glynnda\Desktop\Office Depot Work Order 0059611525985 Ticket 27916097 Receipt.mht
2014-11-27 19:51 - 2014-11-27 19:51 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2014-11-27 19:51 - 2014-11-27 19:51 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2014-11-27 19:49 - 2014-11-27 19:49 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2014-11-27 19:45 - 2014-11-27 19:45 - 00000026 _____ () C:\Windows\Zone.Identifier
2014-11-26 12:38 - 2014-11-26 12:38 - 01960688 _____ () C:\Users\Glynnda\Downloads\Nexus (3).com
2014-11-26 12:37 - 2014-11-26 12:37 - 01960688 _____ () C:\Users\Glynnda\Downloads\Nexus (2).com
2014-11-26 08:38 - 2014-11-26 08:38 - 00000000 ____D () C:\Users\Glynnda\AppData\Local\AMD
2014-11-26 08:38 - 2014-11-26 08:38 - 00000000 ____D () C:\ProgramData\ATI
2014-11-26 08:01 - 2014-11-26 08:01 - 00000000 ____D () C:\ProgramData\YowaCuxa
2014-11-26 08:00 - 2014-11-26 08:00 - 00000000 ____D () C:\ProgramData\WuyoJuwz
2014-11-25 17:19 - 2014-11-25 17:19 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-11-25 17:18 - 2014-11-25 17:18 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-11-25 17:17 - 2014-11-25 17:17 - 00061880 _____ () C:\Windows\SysWOW64\CCCInstall_201411251717104556.log
2014-11-25 17:08 - 2014-11-25 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-11-25 16:58 - 2014-11-25 17:20 - 00000000 ____D () C:\ProgramData\AMD
2014-11-25 16:28 - 2014-11-25 17:18 - 00000000 ____D () C:\Program Files\AMD
2014-11-25 16:05 - 2014-11-25 16:19 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-25 15:57 - 2014-11-25 17:06 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-11-25 15:49 - 2014-11-28 18:52 - 00000812 _____ () C:\Windows\Tasks\Security Center Update - 1697682034.job
2014-11-25 15:49 - 2014-11-26 19:04 - 00003826 _____ () C:\Windows\System32\Tasks\Security Center Update - 1697682034
2014-11-25 15:49 - 2014-11-25 15:49 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-11-25 15:49 - 2014-11-25 15:49 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Daikequ
2014-11-25 15:48 - 2014-11-28 18:52 - 00000816 _____ () C:\Windows\Tasks\Security Center Update - 605811440.job
2014-11-25 15:48 - 2014-11-28 18:52 - 00000816 _____ () C:\Windows\Tasks\Security Center Update - 1331730204.job
2014-11-25 15:48 - 2014-11-28 18:52 - 00000814 _____ () C:\Windows\Tasks\Security Center Update - 1079130923.job
2014-11-25 15:48 - 2014-11-28 18:52 - 00000812 _____ () C:\Windows\Tasks\Security Center Update - 1468541840.job
2014-11-25 15:48 - 2014-11-28 18:52 - 00000808 _____ () C:\Windows\Tasks\Security Center Update - 148162692.job
2014-11-25 15:48 - 2014-11-26 19:10 - 00000820 _____ () C:\Windows\Tasks\Security Center Update - 2418676004.job
2014-11-25 15:48 - 2014-11-26 19:04 - 00003834 _____ () C:\Windows\System32\Tasks\Security Center Update - 2418676004
2014-11-25 15:48 - 2014-11-26 19:04 - 00003830 _____ () C:\Windows\System32\Tasks\Security Center Update - 605811440
2014-11-25 15:48 - 2014-11-26 19:03 - 00003830 _____ () C:\Windows\System32\Tasks\Security Center Update - 1331730204
2014-11-25 15:48 - 2014-11-26 19:03 - 00003828 _____ () C:\Windows\System32\Tasks\Security Center Update - 1079130923
2014-11-25 15:48 - 2014-11-26 19:03 - 00003826 _____ () C:\Windows\System32\Tasks\Security Center Update - 1468541840
2014-11-25 15:48 - 2014-11-26 19:03 - 00003822 _____ () C:\Windows\System32\Tasks\Security Center Update - 148162692
2014-11-25 15:48 - 2014-11-25 15:48 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Ukseusv
2014-11-25 15:48 - 2014-11-25 15:48 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Nuvimefo
2014-11-25 15:48 - 2014-11-25 15:48 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Dikiudaz
2014-11-25 15:48 - 2014-11-25 15:48 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Cugyluwy
2014-11-25 15:48 - 2014-11-25 15:48 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Arulgyi
2014-11-25 15:47 - 2014-11-28 18:52 - 00000808 _____ () C:\Windows\Tasks\Security Center Update - 859257726.job
2014-11-25 15:47 - 2014-11-28 18:52 - 00000808 _____ () C:\Windows\Tasks\Security Center Update - 1571542829.job
2014-11-25 15:47 - 2014-11-26 19:04 - 00003822 _____ () C:\Windows\System32\Tasks\Security Center Update - 859257726
2014-11-25 15:47 - 2014-11-26 19:03 - 00003822 _____ () C:\Windows\System32\Tasks\Security Center Update - 1571542829
2014-11-25 15:47 - 2014-11-25 15:47 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Wyxylo
2014-11-25 15:47 - 2014-11-25 15:47 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Voveif
2014-11-25 15:47 - 2014-11-25 15:47 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Ovuzso
2014-11-25 15:47 - 2014-11-25 15:47 - 00000000 ____D () C:\AMD
2014-11-25 15:43 - 2014-11-25 15:43 - 00023552 _____ () C:\Users\Glynnda\AppData\Local\oxnlwag.dll
2014-11-25 15:43 - 2014-11-25 15:43 - 00000000 ____D () C:\ProgramData\ZufguQwalu
2014-11-25 15:43 - 2014-11-25 15:43 - 00000000 ____D () C:\ProgramData\JeniJpidg
2014-11-25 00:27 - 2014-11-25 00:27 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ShopAtHome.com Helper
2014-11-24 22:58 - 2014-11-28 18:52 - 00000812 _____ () C:\Windows\Tasks\Security Center Update - 713791217.job
2014-11-24 22:58 - 2014-11-28 18:52 - 00000808 _____ () C:\Windows\Tasks\Security Center Update - 2593297739.job
2014-11-24 22:58 - 2014-11-26 19:04 - 00003826 _____ () C:\Windows\System32\Tasks\Security Center Update - 713791217
2014-11-24 22:58 - 2014-11-26 19:04 - 00003822 _____ () C:\Windows\System32\Tasks\Security Center Update - 2593297739
2014-11-24 22:58 - 2014-11-24 22:58 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Sukamo
2014-11-24 22:58 - 2014-11-24 22:58 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Abizehd
2014-11-24 22:57 - 2014-11-28 18:52 - 00000816 _____ () C:\Windows\Tasks\Security Center Update - 399393453.job
2014-11-24 22:57 - 2014-11-28 18:52 - 00000816 _____ () C:\Windows\Tasks\Security Center Update - 193677934.job
2014-11-24 22:57 - 2014-11-26 19:04 - 00003830 _____ () C:\Windows\System32\Tasks\Security Center Update - 399393453
2014-11-24 22:57 - 2014-11-26 19:04 - 00003830 _____ () C:\Windows\System32\Tasks\Security Center Update - 193677934
2014-11-24 22:57 - 2014-11-24 22:57 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Toepexy
2014-11-24 22:57 - 2014-11-24 22:57 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Ichateg
2014-11-24 22:56 - 2014-11-28 18:52 - 00000812 _____ () C:\Windows\Tasks\Security Center Update - 3166402688.job
2014-11-24 22:56 - 2014-11-26 19:04 - 00003826 _____ () C:\Windows\System32\Tasks\Security Center Update - 3166402688
2014-11-24 22:56 - 2014-11-24 22:56 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Azcaoh
2014-11-24 22:52 - 2014-11-24 22:52 - 00000000 ____D () C:\ProgramData\PupjiRucve
2014-11-24 22:45 - 2014-11-24 22:45 - 00000000 ____D () C:\ProgramData\BabyUrmin
2014-11-24 22:44 - 2014-11-24 22:44 - 00023552 _____ () C:\Users\Glynnda\AppData\Local\oxnmkag.dll
2014-11-24 22:44 - 2014-11-24 22:44 - 00000000 __SHD () C:\Windows\system32\%APPDATA%
2014-11-24 22:44 - 2014-11-24 22:44 - 00000000 ____D () C:\ProgramData\CosePpogl
2014-11-24 14:45 - 2014-11-24 14:45 - 00001071 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-24 14:45 - 2014-11-24 14:45 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Malwarebytes
2014-11-24 14:45 - 2014-11-24 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-11-24 14:45 - 2014-11-24 14:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-24 14:45 - 2014-11-24 14:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-11-24 14:45 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-24 12:10 - 2014-11-24 12:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools
2014-11-24 11:09 - 2014-11-24 11:09 - 01960688 _____ () C:\Users\Glynnda\Downloads\Nexus (1).com
2014-11-24 11:08 - 2014-11-24 11:08 - 01960688 _____ () C:\Users\Glynnda\Downloads\Nexus.com
2014-11-22 20:38 - 2014-11-24 15:06 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Ogoxytp
2014-11-22 20:38 - 2014-11-22 20:38 - 00003828 _____ () C:\Windows\System32\Tasks\Security Center Update - 1752710425
2014-11-22 20:33 - 2014-11-22 20:33 - 00000000 ____D () C:\ProgramData\DocohOmpof
2014-11-22 16:00 - 2014-11-22 16:00 - 00002226 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Office Depot PC Support Agent.lnk
2014-11-22 16:00 - 2014-11-22 16:00 - 00002214 _____ () C:\Users\Public\Desktop\Office Depot PC Support Agent.lnk
2014-11-22 15:59 - 2014-11-22 18:05 - 00000000 ____D () C:\Program Files (x86)\Office Depot PC Support Agent
2014-11-22 15:58 - 2014-11-22 15:58 - 08041120 _____ () C:\Users\Glynnda\Downloads\Office_Depot_PC_SupportAgent.exe
2014-11-21 15:39 - 2014-11-21 16:12 - 00000000 ____D () C:\Users\Glynnda\AppData\Local\{ECEAA633-13D5-4D92-9B9C-93779D60BC4C}
2014-11-20 16:51 - 2014-11-20 18:13 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Yrybmig
2014-11-20 16:51 - 2014-11-20 16:51 - 00003824 _____ () C:\Windows\System32\Tasks\Security Center Update - 3161201767
2014-11-20 16:46 - 2014-11-20 16:46 - 00000000 ____D () C:\ProgramData\WuvuBucfi
2014-11-20 16:24 - 2014-11-24 15:06 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\FrameworkUpdate
2014-11-19 17:46 - 2014-11-20 18:00 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-11-15 18:19 - 2014-11-15 18:20 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Devuta
2014-11-14 16:17 - 2014-11-25 14:51 - 00000000 ____D () C:\Windows\Minidump
2014-11-13 10:44 - 2014-12-07 19:49 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfff61ac267ea.job
2014-11-13 10:44 - 2014-11-13 10:44 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cfff61ac267ea
2014-11-12 17:20 - 2014-11-12 17:20 - 00004214 _____ () C:\Users\Glynnda\DECRYPT_INSTRUCTION.TXT
2014-11-12 17:20 - 2014-11-12 17:20 - 00004214 _____ () C:\Users\Glynnda\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-11-12 17:20 - 2014-11-12 17:20 - 00004214 _____ () C:\Users\Glynnda\AppData\DECRYPT_INSTRUCTION.TXT
2014-11-12 15:11 - 2014-11-12 15:11 - 00000000 __SHD () C:\Users\Glynnda\AppData\Local\EmieBrowserModeList
2014-11-12 10:10 - 2014-11-07 13:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 10:10 - 2014-11-07 13:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 10:10 - 2014-11-05 22:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 10:10 - 2014-11-05 22:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 10:10 - 2014-11-05 22:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 10:10 - 2014-11-05 21:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 10:10 - 2014-11-05 21:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 10:10 - 2014-11-05 21:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 10:10 - 2014-11-05 21:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 10:10 - 2014-11-05 21:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 10:10 - 2014-11-05 21:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 10:10 - 2014-11-05 21:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 10:10 - 2014-11-05 21:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 10:10 - 2014-11-05 21:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 10:10 - 2014-11-05 21:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 10:10 - 2014-11-05 21:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 10:10 - 2014-11-05 21:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 10:10 - 2014-11-05 21:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 10:10 - 2014-11-05 21:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 10:10 - 2014-11-05 21:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 10:10 - 2014-11-05 21:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 10:10 - 2014-11-05 21:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 10:10 - 2014-11-05 21:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 10:10 - 2014-11-05 21:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 10:10 - 2014-11-05 21:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 10:10 - 2014-11-05 21:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 10:10 - 2014-11-05 21:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 10:10 - 2014-11-05 21:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 10:10 - 2014-11-05 21:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 10:10 - 2014-11-05 21:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 10:10 - 2014-11-05 21:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 10:10 - 2014-11-05 21:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 10:10 - 2014-11-05 20:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 10:10 - 2014-11-05 20:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 10:10 - 2014-11-05 20:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 10:10 - 2014-11-05 20:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 10:10 - 2014-11-05 20:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 10:10 - 2014-11-05 20:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 10:10 - 2014-11-05 20:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 10:10 - 2014-11-05 20:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 10:10 - 2014-11-05 20:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 10:10 - 2014-11-05 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 10:10 - 2014-11-05 20:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 10:10 - 2014-11-05 20:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 10:10 - 2014-11-05 20:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 10:10 - 2014-11-05 20:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 10:10 - 2014-11-05 20:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 10:10 - 2014-11-05 20:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 10:10 - 2014-11-05 20:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 10:10 - 2014-11-05 20:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 10:10 - 2014-11-05 20:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 10:10 - 2014-11-05 20:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 10:10 - 2014-11-05 19:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 10:10 - 2014-11-05 19:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 10:10 - 2014-11-05 19:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 10:10 - 2014-11-05 19:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 10:10 - 2014-11-05 11:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 10:10 - 2014-11-05 11:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 10:10 - 2014-11-05 11:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 10:10 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 10:10 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 10:10 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 10:10 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 10:10 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 10:10 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 10:10 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 10:10 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 10:10 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 10:09 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 10:09 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 10:09 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 10:09 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 10:09 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 10:09 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 10:09 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 10:09 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 10:09 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 10:09 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 10:09 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 10:09 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 10:09 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 10:09 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 10:09 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 10:09 - 2014-09-19 03:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-12 10:09 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 10:09 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 10:09 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 10:09 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 10:09 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 10:09 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 10:09 - 2014-09-19 03:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-12 10:09 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 10:09 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 10:09 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 10:09 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 10:09 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 10:09 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 10:09 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 10:09 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 10:09 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 10:09 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 10:09 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 10:09 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 15:26 - 2014-11-20 16:25 - 00000520 _____ () C:\ProgramData\@system.temp
2014-11-11 15:26 - 2014-11-20 16:25 - 00000256 ____H () C:\ProgramData\@system3.att
2014-11-11 15:25 - 2014-11-24 15:06 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\FrameworkUpdate7
2014-11-11 15:25 - 2014-11-11 15:25 - 00000448 ____H () C:\Users\Glynnda\AppData\Roaming\麽鎒駓覜
2014-11-11 12:21 - 2014-11-12 17:20 - 00000272 _____ () C:\Users\Glynnda\DECRYPT_INSTRUCTION.URL
2014-11-11 12:21 - 2014-11-11 12:21 - 00000268 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.URL
2014-11-11 12:20 - 2014-11-12 17:20 - 00000272 _____ () C:\Users\Glynnda\AppData\DECRYPT_INSTRUCTION.URL
2014-11-11 12:20 - 2014-11-11 12:20 - 00000268 _____ () C:\Users\Glynnda\Downloads\DECRYPT_INSTRUCTION.URL
2014-11-11 12:20 - 2014-11-11 12:20 - 00000268 _____ () C:\Users\Glynnda\Documents\DECRYPT_INSTRUCTION.URL
2014-11-11 12:20 - 2014-11-11 12:20 - 00000268 _____ () C:\Users\Glynnda\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-11-11 12:19 - 2014-11-12 17:20 - 00000272 _____ () C:\Users\Glynnda\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-11-11 12:18 - 2014-11-20 16:24 - 00000284 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-11-10 15:56 - 2014-11-24 15:06 - 00000000 ____D () C:\ProgramData\GoktIwohe
2014-11-10 15:55 - 2014-11-24 15:06 - 00000000 ____D () C:\ProgramData\JigwUdop
2014-11-09 21:26 - 2014-11-11 12:19 - 00000000 ____D () C:\Users\Glynnda\AppData\Local\YvvvPack
2014-11-09 21:25 - 2014-11-11 12:19 - 00000000 ____D () C:\Users\Glynnda\AppData\Local\Erftion
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-07 19:49 - 2014-10-22 19:38 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfee62e1a80a0.job
2014-12-07 19:44 - 2014-02-07 15:52 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf244ee1223503.job
2014-12-07 15:15 - 2012-06-10 00:56 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-12-07 15:15 - 2012-06-02 18:02 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-12-07 14:40 - 2012-05-25 18:23 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A9AB2FB7-477C-476B-9744-F26A55163B37}
2014-12-07 14:40 - 2009-07-13 22:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-07 14:40 - 2009-07-13 22:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-07 14:32 - 2009-07-13 22:51 - 00131596 _____ () C:\Windows\setupact.log
2014-12-07 14:31 - 2012-08-19 09:58 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-07 14:31 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-02 20:35 - 2012-08-24 21:48 - 00000000 ____D () C:\Users\Glynnda\AppData\Local\CrashDumps
2014-11-30 11:42 - 2010-11-20 21:47 - 01054980 _____ () C:\Windows\PFRO.log
2014-11-30 10:58 - 2013-03-24 12:28 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\SoftGrid Client
2014-11-30 09:52 - 2014-09-08 14:57 - 00000000 ____D () C:\Users\Glynnda\AppData\Local\LogMeIn Rescue Applet
2014-11-27 22:00 - 2012-05-25 18:31 - 00000000 ____D () C:\ProgramData\support.com
2014-11-26 17:51 - 2012-08-19 09:58 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-26 08:00 - 2014-09-03 10:11 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-11-25 16:52 - 2011-11-16 21:45 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-11-25 16:18 - 2012-05-25 18:17 - 01797405 _____ () C:\Windows\WindowsUpdate.log
2014-11-25 14:51 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-35006-01.dmp
2014-11-25 14:32 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-34554-01.dmp
2014-11-25 13:16 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-31325-01.dmp
2014-11-25 12:59 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-35412-01.dmp
2014-11-25 12:48 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-33883-01.dmp
2014-11-25 12:30 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-26722-01.dmp
2014-11-25 12:16 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-36878-01.dmp
2014-11-25 12:03 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-21200-01.dmp
2014-11-25 12:00 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-31403-01.dmp
2014-11-25 11:47 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-30763-01.dmp
2014-11-25 11:31 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-23493-01.dmp
2014-11-25 11:16 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-34445-01.dmp
2014-11-25 10:57 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-25740-01.dmp
2014-11-25 10:42 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-30310-01.dmp
2014-11-25 10:26 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-32058-01.dmp
2014-11-25 10:15 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-36145-01.dmp
2014-11-25 10:01 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-31434-01.dmp
2014-11-25 09:46 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-35147-01.dmp
2014-11-25 09:27 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-29780-01.dmp
2014-11-25 09:13 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-47018-01.dmp
2014-11-25 08:56 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-29000-01.dmp
2014-11-25 08:04 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-25006-01.dmp
2014-11-25 07:54 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-30872-02.dmp
2014-11-25 07:39 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-37253-01.dmp
2014-11-25 07:23 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-33228-01.dmp
2014-11-25 07:09 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-33665-01.dmp
2014-11-25 06:54 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-29187-01.dmp
2014-11-25 06:31 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-35505-01.dmp
2014-11-25 06:07 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-36972-01.dmp
2014-11-25 05:51 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-35583-01.dmp
2014-11-25 05:37 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-35895-01.dmp
2014-11-25 05:19 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-30825-01.dmp
2014-11-25 05:03 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-36582-01.dmp
2014-11-25 04:43 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-25818-01.dmp
2014-11-25 04:28 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-35303-01.dmp
2014-11-25 04:10 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-23337-01.dmp
2014-11-25 03:56 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-34382-01.dmp
2014-11-25 03:42 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-38875-01.dmp
2014-11-25 03:21 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-38313-01.dmp
2014-11-25 03:16 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-47205-01.dmp
2014-11-25 02:57 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-36348-01.dmp
2014-11-25 02:43 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-35427-01.dmp
2014-11-25 02:31 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-25958-01.dmp
2014-11-25 02:15 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-18096-01.dmp
2014-11-25 02:12 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-29764-01.dmp
2014-11-25 01:52 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-32635-01.dmp
2014-11-25 01:44 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-36192-01.dmp
2014-11-25 01:30 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-45115-01.dmp
2014-11-25 01:11 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-55739-01.dmp
2014-11-25 01:03 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-47798-01.dmp
2014-11-25 00:37 - 2012-05-25 18:59 - 00000000 ____D () C:\McAfeePromo
2014-11-24 15:10 - 2012-05-25 18:59 - 00000000 ____D () C:\ProgramData\McAfee
2014-11-24 15:06 - 2014-09-05 08:34 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Umci
2014-11-24 15:06 - 2013-10-10 14:20 - 00000000 __SHD () C:\Users\Glynnda\AppData\Roaming\bhurraus
2014-11-24 11:31 - 2012-05-28 15:43 - 00000000 ____D () C:\Users\Glynnda\AppData\Local\Microsoft Games
2014-11-24 11:29 - 2012-05-25 18:19 - 00000000 ____D () C:\Users\Glynnda
2014-11-24 11:26 - 2012-05-25 18:20 - 00000000 ____D () C:\Users\Glynnda\AppData\Local\VirtualStore
2014-11-20 12:08 - 2009-07-13 23:13 - 00006506 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-15 18:07 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 09:53 - 2009-07-13 23:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-13 10:44 - 2014-10-22 19:38 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cfee62e1a80a0
2014-11-13 10:44 - 2012-08-19 09:58 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 16:13 - 2012-08-19 09:58 - 00000000 ____D () C:\Users\Glynnda\AppData\Local\Google
2014-11-12 11:38 - 2009-07-13 22:45 - 00267672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 11:37 - 2014-05-05 20:29 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 11:24 - 2013-08-14 08:20 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 11:20 - 2012-11-07 09:58 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 13:08 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-11 12:21 - 2013-06-03 10:47 - 00000000 ____D () C:\Users\Public\Data
2014-11-11 12:20 - 2014-04-28 13:02 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\ShopAtHome
2014-11-11 12:20 - 2012-05-29 15:01 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\QuickScan
2014-11-11 12:20 - 2012-05-25 19:07 - 00000000 ____D () C:\Users\Glynnda\Documents\STK
2014-11-11 12:20 - 2012-05-25 18:24 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Adobe
2014-11-11 12:18 - 2011-11-16 22:07 - 00000000 ____D () C:\ProgramData\TouchSmartData
2014-11-11 12:18 - 2011-11-16 21:52 - 00000000 ____D () C:\ProgramData\Sonic
2014-11-11 12:18 - 2011-11-16 21:42 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-11-11 12:16 - 2013-05-17 11:00 - 00000000 ____D () C:\ProgramData\Etiam
 
Some content of TEMP:
====================
C:\Users\Glynnda\AppData\Local\Temp\amd-catalyst-14-9-win7-win8.1-64bit-dd-ccc-whql.exe
C:\Users\Glynnda\AppData\Local\Temp\min_Support.com_SOP_Toolkit.exe
C:\Users\Glynnda\AppData\Local\Temp\OfficeDepot_SolutionsToolkit.exe
C:\Users\Glynnda\AppData\Local\Temp\procexp64.exe
C:\Users\Glynnda\AppData\Local\Temp\SE7D65.tmp.dll
C:\Users\Glynnda\AppData\Local\Temp\SEA1A9.tmp.dll
C:\Users\Glynnda\AppData\Local\Temp\temp364895725.exe
C:\Users\Glynnda\AppData\Local\Temp\UpdateFlashPlayer_07a17db1.exe
C:\Users\Glynnda\AppData\Local\Temp\UpdateFlashPlayer_19bb43db.exe
C:\Users\Glynnda\AppData\Local\Temp\UpdateFlashPlayer_368dac06.exe
C:\Users\Glynnda\AppData\Local\Temp\UpdateFlashPlayer_38d0d8b0.exe
C:\Users\Glynnda\AppData\Local\Temp\UpdateFlashPlayer_6d7b2921.exe
C:\Users\Glynnda\AppData\Local\Temp\UpdateFlashPlayer_6fa3d6dc.exe
C:\Users\Glynnda\AppData\Local\Temp\UpdateFlashPlayer_70c11fca.exe
C:\Users\Glynnda\AppData\Local\Temp\UpdateFlashPlayer_77a89ba9.exe
C:\Users\Glynnda\AppData\Local\Temp\UpdateFlashPlayer_80816c5b.exe
C:\Users\Glynnda\AppData\Local\Temp\UpdateFlashPlayer_8ce12509.exe
C:\Users\Glynnda\AppData\Local\Temp\UpdateFlashPlayer_8e19d694.exe
C:\Users\Glynnda\AppData\Local\Temp\UpdateFlashPlayer_998d164f.exe
C:\Users\Glynnda\AppData\Local\Temp\UpdateFlashPlayer_b3f30894.exe
C:\Users\Glynnda\AppData\Local\Temp\UpdateFlashPlayer_b5966f14.exe
C:\Users\Glynnda\AppData\Local\Temp\UpdateFlashPlayer_c70a591b.exe
C:\Users\Glynnda\AppData\Local\Temp\UpdateFlashPlayer_d23fc077.exe
C:\Users\Glynnda\AppData\Local\Temp\UpdateFlashPlayer_e5723010.exe
C:\Users\Glynnda\AppData\Local\Temp\UpdateFlashPlayer_ed038b48.exe
C:\Users\Glynnda\AppData\Local\Temp\UpdateFlashPlayer_f39a9589.exe
C:\Users\Glynnda\AppData\Local\Temp\UpdateFlashPlayer_f9162bc0.exe
C:\Users\Glynnda\AppData\Local\Temp\UpdateFlashPlayer_fb3f19b3.exe
C:\Users\Glynnda\AppData\Local\Temp\UpdateFlashPlayer_fcd79a95.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-15 18:01
 
==================== End Of Log ============================
 
Addition one:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2014 02
Ran by Glynnda at 2014-12-07 20:36:35
Running from C:\Users\Glynnda\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.02.03.0 - Ralink)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.3.300.257 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4417 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard)
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{8364E531-493B-4B05-8041-09D5CE38B975}) (Version: 5.1.4295.16450 - Hewlett-Packard)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Office Depot PC Support Agent (HKLM-x32\...\Office Depot PC Support Agent) (Version: 70.0.17.1 - Support.com, Inc.)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5705 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5705 - CyberLink Corp.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6456 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
ShopAtHome.com Helper (HKU\S-1-5-21-3098917091-2276340468-633939820-1000\...\ShopAtHome.com Helper) (Version: 7.10.0.6 - ShopAtHome.com) <==== ATTENTION
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
smartmontools (HKLM-x32\...\smartmontools) (Version: 5.42 2011-10-20 r3458 (sf-win32-5.42-1) - )
Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3098917091-2276340468-633939820-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
 
==================== Restore Points  =========================
 
08-11-2014 18:27:54 Scheduled Checkpoint
12-11-2014 17:17:35 Windows Update
25-11-2014 21:59:29 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
25-11-2014 22:18:20 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2014-11-25 15:48 - 00001509 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
185.53.9.209 www.google-analytics.com.
185.53.9.209 google-analytics.com.
185.53.9.209 connect.facebook.net.
195.162.69.252 www.google-analytics.com.
195.162.69.252 google-analytics.com.
195.162.69.252 connect.facebook.net.
212.47.195.215 www.google-analytics.com.
212.47.195.215 google-analytics.com.
212.47.195.215 connect.facebook.net.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {010F28A6-A0ED-4BE8-804E-B3D7E48074C6} - System32\Tasks\GoogleUpdateTaskMachineUA1cfff61ac267ea => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {02064DF4-7BA8-4179-8DB7-2080D5CF41C6} - System32\Tasks\Security Center Update - 1697682034 => C:\Users\Glynnda\AppData\Roaming\Daikequ\eptiy.exe [2013-05-14] (Anubisel Corporatu) <==== ATTENTION
Task: {1073C297-F11D-4F2A-BDE7-4C541D765D32} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {24A8BF72-036C-4995-AF87-BD95D930133A} - System32\Tasks\Security Center Update - 2593297739 => C:\Users\Glynnda\AppData\Roaming\Sukamo\nekii.exe [2014-03-21] (Anubisel Corporatu) <==== ATTENTION
Task: {2510B774-8BB2-4E75-B90C-255C76C24630} - System32\Tasks\Security Center Update - 1752710425 => C:\Users\Glynnda\AppData\Roaming\Ogoxytp\roqeowk.exe <==== ATTENTION
Task: {2A9D3700-9667-4648-B05D-F82908AD017A} - System32\Tasks\Security Center Update - 3161201767 => C:\Users\Glynnda\AppData\Roaming\Yrybmig\leunu.exe <==== ATTENTION
Task: {2DAD91F5-7F38-4985-8462-F1A67FDF2C79} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {307B48C3-873B-4B29-A53A-DF02D3D3129E} - System32\Tasks\GoogleUpdateTaskMachineUA1cf244ee1223503 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {348914EB-2E1C-45F1-A0C9-1213673372B0} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink)
Task: {396DAAAA-2116-41EF-B37D-CE97A14B191B} - System32\Tasks\Security Center Update - 1079130923 => C:\Users\Glynnda\AppData\Roaming\Arulgyi\ygluil.exe [2013-04-07] (Anubisel Corporatu) <==== ATTENTION
Task: {40B45342-549B-4B2E-BDDE-59C041283C5C} - System32\Tasks\Security Center Update - 713791217 => C:\Users\Glynnda\AppData\Roaming\Abizehd\umepx.exe [2013-11-30] (Anubisel Corporatu) <==== ATTENTION
Task: {47396FA2-5B67-453A-AD7F-82BBCD2126E5} - System32\Tasks\Security Center Update - 1331730204 => C:\Users\Glynnda\AppData\Roaming\Cugyluwy\kupee.exe [2013-06-22] (Anubisel Corporatu) <==== ATTENTION
Task: {473B0D75-0D02-4515-B3F8-CE5679CE2127} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-08-23] (CyberLink)
Task: {533A1B29-86D8-4642-87EB-36A0A2BB6B42} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {5FDE8316-1FC4-48DD-A276-8C6858873357} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {6C429B2F-7201-45ED-89AF-0FF8BC9B061A} - System32\Tasks\Security Center Update - 1468541840 => C:\Users\Glynnda\AppData\Roaming\Ukseusv\ywzuc.exe [2014-03-29] (Anubisel Corporatu) <==== ATTENTION
Task: {715FF314-4C2D-4249-AD5B-9DF85EEE8B46} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {8194F5FF-89C7-402C-A44A-D417F4DE6E54} - System32\Tasks\Security Center Update - 399393453 => C:\Users\Glynnda\AppData\Roaming\Toepexy\ufibxei.exe [2013-09-11] (Anubisel Corporatu) <==== ATTENTION
Task: {8C1488A6-67B5-4298-9E18-0E2EAA76EF2F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {8FA49C20-7919-4078-ACEC-5DC86F237230} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {90FBD851-DFD3-4836-904B-3BC4CAF57949} - System32\Tasks\Security Center Update - 193677934 => C:\Users\Glynnda\AppData\Roaming\Ichateg\ixirebz.exe [2013-07-08] (Anubisel Corporatu) <==== ATTENTION
Task: {9506329E-177F-4242-AE6C-1ED28847B6A0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {988574F6-2B76-4099-9022-90E1BA37CA65} - System32\Tasks\Security Center Update - 1571542829 => C:\Users\Glynnda\AppData\Roaming\Voveif\onlak.exe [2014-06-15] (Anubisel Corporatu) <==== ATTENTION
Task: {B80A5ED7-31A3-427E-948F-BC0D7AA66E13} - System32\Tasks\Security Center Update - 605811440 => C:\Users\Glynnda\AppData\Roaming\Nuvimefo\irtoo.exe [2014-11-10] (Anubisel Corporatu) <==== ATTENTION
Task: {BB23D367-70B4-46BD-AEED-222C7EF5205E} - System32\Tasks\Security Center Update - 859257726 => C:\Users\Glynnda\AppData\Roaming\Wyxylo\ortoy.exe [2012-09-19] (Anubisel Corporatu) <==== ATTENTION
Task: {BF3A2414-0666-47A4-810D-5CC91F1FAA39} - System32\Tasks\HPCeeScheduleForGlynnda => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {C2D8D1F2-9516-4180-A9F4-6390800B5CA6} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2011-09-28] ()
Task: {D31E51F3-3430-455C-B08E-DA6D6965C575} - System32\Tasks\Security Center Update - 148162692 => C:\Users\Glynnda\AppData\Roaming\Ovuzso\anama.exe [2013-05-15] (Anubisel Corporatu) <==== ATTENTION
Task: {D87C9382-6581-4AE6-9980-80B93E2CD4E8} - System32\Tasks\GoogleUpdateTaskMachineUA1cfee62e1a80a0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {DFED804B-EB5B-4C6F-8940-9A4E2D4FF70A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {E162E145-AE81-43FB-B557-B3E980B84C5F} - System32\Tasks\Security Center Update - 3166402688 => C:\Users\Glynnda\AppData\Roaming\Azcaoh\xyheepe.exe [2013-08-16] (Anubisel Corporatu) <==== ATTENTION
Task: {FA6ED641-47C2-42FF-B907-683F751B7F76} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3098917091-2276340468-633939820-1000
Task: {FF7BF758-52BA-4298-8C7B-429934F3F8E2} - System32\Tasks\Security Center Update - 2418676004 => C:\Users\Glynnda\AppData\Roaming\Dikiudaz\ycumbya.exe [2012-08-20] (Anubisel Corporatu) <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf244ee1223503.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfee62e1a80a0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfff61ac267ea.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForGlynnda.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Security Center Update - 1079130923.job => C:\Users\Glynnda\AppData\Roaming\Arulgyi\ygluil.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 1331730204.job => C:\Users\Glynnda\AppData\Roaming\Cugyluwy\kupee.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 1468541840.job => C:\Users\Glynnda\AppData\Roaming\Ukseusv\ywzuc.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 148162692.job => C:\Users\Glynnda\AppData\Roaming\Ovuzso\anama.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 1571542829.job => C:\Users\Glynnda\AppData\Roaming\Voveif\onlak.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 1697682034.job => C:\Users\Glynnda\AppData\Roaming\Daikequ\eptiy.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 193677934.job => C:\Users\Glynnda\AppData\Roaming\Ichateg\ixirebz.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 2418676004.job => C:\Users\Glynnda\AppData\Roaming\Dikiudaz\ycumbya.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 2593297739.job => C:\Users\Glynnda\AppData\Roaming\Sukamo\nekii.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 3166402688.job => C:\Users\Glynnda\AppData\Roaming\Azcaoh\xyheepe.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 399393453.job => C:\Users\Glynnda\AppData\Roaming\Toepexy\ufibxei.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 605811440.job => C:\Users\Glynnda\AppData\Roaming\Nuvimefo\irtoo.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 713791217.job => C:\Users\Glynnda\AppData\Roaming\Abizehd\umepx.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 859257726.job => C:\Users\Glynnda\AppData\Roaming\Wyxylo\ortoy.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2014-09-15 18:13 - 2014-09-15 18:13 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-09-15 18:13 - 2014-09-15 18:13 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-10-17 01:24 - 2014-10-17 01:24 - 00044032 _____ () C:\Program Files (x86)\Office Depot PC Support Agent\ESResources.dll
2014-11-26 17:51 - 2014-11-25 00:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-26 17:51 - 2014-11-25 00:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-26 17:51 - 2014-11-25 00:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-26 17:51 - 2014-11-25 00:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3098917091-2276340468-633939820-500 - Administrator - Disabled)
Glynnda (S-1-5-21-3098917091-2276340468-633939820-1000 - Administrator - Enabled) => C:\Users\Glynnda
Guest (S-1-5-21-3098917091-2276340468-633939820-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/07/2014 02:42:05 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (12/02/2014 08:54:39 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (12/02/2014 08:36:05 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (12/02/2014 08:26:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCC.exe, version: 4.5.0.0, time stamp: 0x53ad0dcc
Faulting module name: amdmantle64.dll_unloaded, version: 0.0.0.0, time stamp: 0x5417637b
Exception code: 0xc0000005
Fault offset: 0x000007fee689dee0
Faulting process id: 0xe08
Faulting application start time: 0xCCC.exe0
Faulting application path: CCC.exe1
Faulting module path: CCC.exe2
Report Id: CCC.exe3
 
Error: (12/02/2014 08:26:19 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: CCC.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 000007FEE689DEE0
 
Error: (11/30/2014 07:25:01 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (11/30/2014 01:20:21 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (11/30/2014 09:35:34 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (11/27/2014 07:49:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc000070a
Fault offset: 0x000000000005cf99
Faulting process id: 0x174
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (11/27/2014 07:47:46 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 
 
 
System errors:
=============
Error: (12/07/2014 02:35:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error: 
%%2
 
Error: (12/07/2014 02:34:31 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Home Network service depends the following service: MfeFire. This service might not be installed.
 
Error: (12/07/2014 02:33:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (12/07/2014 02:31:50 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Anti-Malware Core service depends the following service: mfevtp. This service might not be installed.
 
Error: (12/07/2014 02:31:50 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee AP Service service depends the following service: mfevtp. This service might not be installed.
 
Error: (12/02/2014 08:51:03 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.
 
Error: (12/02/2014 08:47:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error: 
%%2
 
Error: (12/02/2014 08:47:14 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Home Network service depends the following service: MfeFire. This service might not be installed.
 
Error: (12/02/2014 08:46:31 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (12/02/2014 08:44:15 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Anti-Malware Core service depends the following service: mfevtp. This service might not be installed.
 
 
Microsoft Office Sessions:
=========================
Error: (12/07/2014 02:42:05 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (12/02/2014 08:54:39 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (12/02/2014 08:36:05 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (12/02/2014 08:26:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccamdmantle64.dll_unloaded0.0.0.05417637bc0000005000007fee689dee0e0801d00ea07c8a0fa9C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeamdmantle64.dllc3df7f89-7a93-11e4-a2e3-047d7b5dd3c6
 
Error: (12/02/2014 08:26:19 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: CCC.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 000007FEE689DEE0
 
Error: (11/30/2014 07:25:01 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (11/30/2014 01:20:21 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (11/30/2014 09:35:34 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (11/27/2014 07:49:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c000070a000000000005cf9917401d00aabb76e69beC:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dllcaf42e1e-76a0-11e4-a193-047d7b5dd3c6
 
Error: (11/27/2014 07:47:46 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 
 
 
==================== Memory info =========================== 
 
Processor: AMD E-450 APU with Radeon™ HD Graphics
Percentage of memory in use: 68%
Total physical RAM: 3700.64 MB
Available physical RAM: 1180.94 MB
Total Pagefile: 7401.29 MB
Available Pagefile: 3255.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:448.77 GB) (Free:376.44 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:16.89 GB) (Free:2.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F5400BBB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.9 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Hello writertiff,

First

Please uninstall the following adware program:

ShopAtHome.com Helper

Next

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Please download ESET Poweliks Cleaner and save the file to your desktop.

  • Right-click on ESETOnline.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • If the tool will find Poweliks, you will be prompted Win32/Poweliks found in your system.
  • Press Y to continue the removal.
  • You should be noted that the tool succesfully removed the threat from your system.
  • The tool will also produce a logfile on your desktop, named ESETPoweliksCleaner_Date.Time.
  • Please copy and paste the log into the thread back here and tell me whether the tool indicated that Poweliks had successfully been removed.

So when you return please post

  • Fixlog.txt
  • ESETPoweliksCleaner log

  • 0

#5
writertiff

writertiff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts

Here is that log and now I will finish the other instructions:

 


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-12-2014 02
Ran by Glynnda at 2014-12-08 06:14:55 Run:1
Running from C:\Users\Glynnda\Desktop
Loaded Profile: Glynnda (Available profiles: Glynnda)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Hello writertiff,
 
First
 
Please uninstall the followind adware program:
 
ShopAtHome.com Helper
 
Next
 
Please open notepad. 
 
Please copy the contents of the code box below. 
 
To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it to the Desktop as fixlist.txt.
 
Alternatively type the contents of the box into notepad and save it to your desktop as fixlist.txt.
 
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
 
HKLM\...\Run: [Emzuunok] => C:\Users\Glynnda\AppData\Roaming\Azcaoh\xyheepe.exe [284347 2013-08-16] (Anubisel Corporatu)
C:\Users\Glynnda\AppData\Roaming\Azcaoh\xyheepe.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Emzuunok] => C:\Users\Glynnda\AppData\Roaming\Azcaoh\xyheepe.exe [284347 2013-08-16] (Anubisel Corporatu)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\Symantec Shared <====== ATTENTION
Winlogon\Notify\oxnmkag-x32: C:\Users\Glynnda\AppData\Local\oxnmkag.dll ()
HKU\S-1-5-21-3098917091-2276340468-633939820-1000\...\Run: [Emzuunok] => C:\Users\Glynnda\AppData\Roaming\Azcaoh\xyheepe.exe [284347 2013-08-16] (Anubisel Corporatu)
HKU\S-1-5-21-3098917091-2276340468-633939820-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-3098917091-2276340468-633939820-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
Toolbar: HKU\S-1-5-21-3098917091-2276340468-633939820-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
2014-11-26 08:01 - 2014-11-26 08:01 - 00000000 ____D () C:\ProgramData\YowaCuxa
2014-11-26 08:00 - 2014-11-26 08:00 - 00000000 ____D () C:\ProgramData\WuyoJuwz
2014-11-25 15:48 - 2014-11-28 18:52 - 00000816 _____ () C:\Windows\Tasks\Security Center Update - 605811440.job
2014-11-25 15:48 - 2014-11-28 18:52 - 00000816 _____ () C:\Windows\Tasks\Security Center Update - 1331730204.job
2014-11-25 15:48 - 2014-11-28 18:52 - 00000814 _____ () C:\Windows\Tasks\Security Center Update - 1079130923.job
2014-11-25 15:48 - 2014-11-28 18:52 - 00000812 _____ () C:\Windows\Tasks\Security Center Update - 1468541840.job
2014-11-25 15:48 - 2014-11-28 18:52 - 00000808 _____ () C:\Windows\Tasks\Security Center Update - 148162692.job
2014-11-25 15:48 - 2014-11-26 19:10 - 00000820 _____ () C:\Windows\Tasks\Security Center Update - 2418676004.job
2014-11-25 15:48 - 2014-11-26 19:04 - 00003834 _____ () C:\Windows\System32\Tasks\Security Center Update - 2418676004
2014-11-25 15:48 - 2014-11-26 19:04 - 00003830 _____ () C:\Windows\System32\Tasks\Security Center Update - 605811440
2014-11-25 15:48 - 2014-11-26 19:03 - 00003830 _____ () C:\Windows\System32\Tasks\Security Center Update - 1331730204
2014-11-25 15:48 - 2014-11-26 19:03 - 00003828 _____ () C:\Windows\System32\Tasks\Security Center Update - 1079130923
2014-11-25 15:48 - 2014-11-26 19:03 - 00003826 _____ () C:\Windows\System32\Tasks\Security Center Update - 1468541840
2014-11-25 15:48 - 2014-11-26 19:03 - 00003822 _____ () C:\Windows\System32\Tasks\Security Center Update - 148162692
2014-11-25 15:48 - 2014-11-25 15:48 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Ukseusv
2014-11-25 15:48 - 2014-11-25 15:48 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Nuvimefo
2014-11-25 15:48 - 2014-11-25 15:48 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Dikiudaz
2014-11-25 15:48 - 2014-11-25 15:48 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Cugyluwy
2014-11-25 15:48 - 2014-11-25 15:48 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Arulgyi
2014-11-25 15:47 - 2014-11-28 18:52 - 00000808 _____ () C:\Windows\Tasks\Security Center Update - 859257726.job
2014-11-25 15:47 - 2014-11-28 18:52 - 00000808 _____ () C:\Windows\Tasks\Security Center Update - 1571542829.job
2014-11-25 15:47 - 2014-11-26 19:04 - 00003822 _____ () C:\Windows\System32\Tasks\Security Center Update - 859257726
2014-11-25 15:47 - 2014-11-26 19:03 - 00003822 _____ () C:\Windows\System32\Tasks\Security Center Update - 1571542829
2014-11-25 15:47 - 2014-11-25 15:47 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Wyxylo
2014-11-25 15:47 - 2014-11-25 15:47 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Voveif
2014-11-25 15:47 - 2014-11-25 15:47 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Ovuzso
2014-11-25 15:47 - 2014-11-25 15:47 - 00000000 ____D () C:\AMD
2014-11-25 15:43 - 2014-11-25 15:43 - 00023552 _____ () C:\Users\Glynnda\AppData\Local\oxnlwag.dll
2014-11-25 15:43 - 2014-11-25 15:43 - 00000000 ____D () C:\ProgramData\ZufguQwalu
2014-11-25 15:43 - 2014-11-25 15:43 - 00000000 ____D () C:\ProgramData\JeniJpidg
2014-11-25 00:27 - 2014-11-25 00:27 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ShopAtHome.com Helper
2014-11-24 22:58 - 2014-11-28 18:52 - 00000812 _____ () C:\Windows\Tasks\Security Center Update - 713791217.job
2014-11-24 22:58 - 2014-11-28 18:52 - 00000808 _____ () C:\Windows\Tasks\Security Center Update - 2593297739.job
2014-11-24 22:58 - 2014-11-26 19:04 - 00003826 _____ () C:\Windows\System32\Tasks\Security Center Update - 713791217
2014-11-24 22:58 - 2014-11-26 19:04 - 00003822 _____ () C:\Windows\System32\Tasks\Security Center Update - 2593297739
2014-11-24 22:58 - 2014-11-24 22:58 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Sukamo
2014-11-24 22:58 - 2014-11-24 22:58 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Abizehd
2014-11-24 22:57 - 2014-11-28 18:52 - 00000816 _____ () C:\Windows\Tasks\Security Center Update - 399393453.job
2014-11-24 22:57 - 2014-11-28 18:52 - 00000816 _____ () C:\Windows\Tasks\Security Center Update - 193677934.job
2014-11-24 22:57 - 2014-11-26 19:04 - 00003830 _____ () C:\Windows\System32\Tasks\Security Center Update - 399393453
2014-11-24 22:57 - 2014-11-26 19:04 - 00003830 _____ () C:\Windows\System32\Tasks\Security Center Update - 193677934
2014-11-24 22:57 - 2014-11-24 22:57 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Toepexy
2014-11-24 22:57 - 2014-11-24 22:57 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Ichateg
2014-11-24 22:56 - 2014-11-28 18:52 - 00000812 _____ () C:\Windows\Tasks\Security Center Update - 3166402688.job
2014-11-24 22:56 - 2014-11-26 19:04 - 00003826 _____ () C:\Windows\System32\Tasks\Security Center Update - 3166402688
2014-11-24 22:56 - 2014-11-24 22:56 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Azcaoh
2014-11-24 22:52 - 2014-11-24 22:52 - 00000000 ____D () C:\ProgramData\PupjiRucve
2014-11-24 22:45 - 2014-11-24 22:45 - 00000000 ____D () C:\ProgramData\BabyUrmin
2014-11-24 22:44 - 2014-11-24 22:44 - 00023552 _____ () C:\Users\Glynnda\AppData\Local\oxnmkag.dll
2014-11-24 22:44 - 2014-11-24 22:44 - 00000000 __SHD () C:\Windows\system32\%APPDATA%
2014-11-24 22:44 - 2014-11-24 22:44 - 00000000 ____D () C:\ProgramData\CosePpogl
2014-11-22 20:38 - 2014-11-24 15:06 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Ogoxytp
2014-11-22 20:38 - 2014-11-22 20:38 - 00003828 _____ () C:\Windows\System32\Tasks\Security Center Update - 1752710425
2014-11-22 20:33 - 2014-11-22 20:33 - 00000000 ____D () C:\ProgramData\DocohOmpof
2014-11-20 16:51 - 2014-11-20 18:13 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Yrybmig
2014-11-21 15:39 - 2014-11-21 16:12 - 00000000 ____D () C:\Users\Glynnda\AppData\Local\{ECEAA633-13D5-4D92-9B9C-93779D60BC4C}
2014-11-20 16:46 - 2014-11-20 16:46 - 00000000 ____D () C:\ProgramData\WuvuBucfi
2014-11-20 16:24 - 2014-11-24 15:06 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\FrameworkUpdate
2014-11-19 17:46 - 2014-11-20 18:00 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-11-15 18:19 - 2014-11-15 18:20 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Devuta
2014-11-12 17:20 - 2014-11-12 17:20 - 00004214 _____ () C:\Users\Glynnda\DECRYPT_INSTRUCTION.TXT
2014-11-12 17:20 - 2014-11-12 17:20 - 00004214 _____ () C:\Users\Glynnda\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-11-12 17:20 - 2014-11-12 17:20 - 00004214 _____ () C:\Users\Glynnda\AppData\DECRYPT_INSTRUCTION.TXT
Folder: C:\Users\Glynnda\AppData\Local\EmieBrowserModeList
2014-11-11 15:26 - 2014-11-20 16:25 - 00000520 _____ () C:\ProgramData\@system.temp
2014-11-11 15:26 - 2014-11-20 16:25 - 00000256 ____H () C:\ProgramData\@system3.att
2014-11-11 15:25 - 2014-11-24 15:06 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\FrameworkUpdate7
2014-11-11 15:25 - 2014-11-11 15:25 - 00000448 ____H () C:\Users\Glynnda\AppData\Roaming\麽鎒駓覜
2014-11-11 12:21 - 2014-11-12 17:20 - 00000272 _____ () C:\Users\Glynnda\DECRYPT_INSTRUCTION.URL
2014-11-11 12:21 - 2014-11-11 12:21 - 00000268 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.URL
2014-11-11 12:20 - 2014-11-12 17:20 - 00000272 _____ () C:\Users\Glynnda\AppData\DECRYPT_INSTRUCTION.URL
2014-11-11 12:20 - 2014-11-11 12:20 - 00000268 _____ () C:\Users\Glynnda\Downloads\DECRYPT_INSTRUCTION.URL
2014-11-11 12:20 - 2014-11-11 12:20 - 00000268 _____ () C:\Users\Glynnda\Documents\DECRYPT_INSTRUCTION.URL
2014-11-11 12:20 - 2014-11-11 12:20 - 00000268 _____ () C:\Users\Glynnda\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-11-11 12:19 - 2014-11-12 17:20 - 00000272 _____ () C:\Users\Glynnda\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-11-11 12:18 - 2014-11-20 16:24 - 00000284 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-11-10 15:56 - 2014-11-24 15:06 - 00000000 ____D () C:\ProgramData\GoktIwohe
2014-11-10 15:55 - 2014-11-24 15:06 - 00000000 ____D () C:\ProgramData\JigwUdop
2014-11-09 21:26 - 2014-11-11 12:19 - 00000000 ____D () C:\Users\Glynnda\AppData\Local\YvvvPack
2014-11-09 21:25 - 2014-11-11 12:19 - 00000000 ____D () C:\Users\Glynnda\AppData\Local\Erftion
CustomCLSID: HKU\S-1-5-21-3098917091-2276340468-633939820-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
Task: {02064DF4-7BA8-4179-8DB7-2080D5CF41C6} - System32\Tasks\Security Center Update - 1697682034 => C:\Users\Glynnda\AppData\Roaming\Daikequ\eptiy.exe [2013-05-14] (Anubisel Corporatu) <==== ATTENTION
Task: {24A8BF72-036C-4995-AF87-BD95D930133A} - System32\Tasks\Security Center Update - 2593297739 => C:\Users\Glynnda\AppData\Roaming\Sukamo\nekii.exe [2014-03-21] (Anubisel Corporatu) <==== ATTENTION
Task: {2510B774-8BB2-4E75-B90C-255C76C24630} - System32\Tasks\Security Center Update - 1752710425 => C:\Users\Glynnda\AppData\Roaming\Ogoxytp\roqeowk.exe <==== ATTENTION
Task: {2A9D3700-9667-4648-B05D-F82908AD017A} - System32\Tasks\Security Center Update - 3161201767 => C:\Users\Glynnda\AppData\Roaming\Yrybmig\leunu.exe <==== ATTENTION
Task: {396DAAAA-2116-41EF-B37D-CE97A14B191B} - System32\Tasks\Security Center Update - 1079130923 => C:\Users\Glynnda\AppData\Roaming\Arulgyi\ygluil.exe [2013-04-07] (Anubisel Corporatu) <==== ATTENTION
Task: {40B45342-549B-4B2E-BDDE-59C041283C5C} - System32\Tasks\Security Center Update - 713791217 => C:\Users\Glynnda\AppData\Roaming\Abizehd\umepx.exe [2013-11-30] (Anubisel Corporatu) <==== ATTENTION
Task: {47396FA2-5B67-453A-AD7F-82BBCD2126E5} - System32\Tasks\Security Center Update - 1331730204 => C:\Users\Glynnda\AppData\Roaming\Cugyluwy\kupee.exe [2013-06-22] (Anubisel Corporatu) <==== ATTENTION
Task: {6C429B2F-7201-45ED-89AF-0FF8BC9B061A} - System32\Tasks\Security Center Update - 1468541840 => C:\Users\Glynnda\AppData\Roaming\Ukseusv\ywzuc.exe [2014-03-29] (Anubisel Corporatu) <==== ATTENTION
Task: {8194F5FF-89C7-402C-A44A-D417F4DE6E54} - System32\Tasks\Security Center Update - 399393453 => C:\Users\Glynnda\AppData\Roaming\Toepexy\ufibxei.exe [2013-09-11] (Anubisel Corporatu) <==== ATTENTION
Task: {90FBD851-DFD3-4836-904B-3BC4CAF57949} - System32\Tasks\Security Center Update - 193677934 => C:\Users\Glynnda\AppData\Roaming\Ichateg\ixirebz.exe [2013-07-08] (Anubisel Corporatu) <==== ATTENTION
Task: {988574F6-2B76-4099-9022-90E1BA37CA65} - System32\Tasks\Security Center Update - 1571542829 => C:\Users\Glynnda\AppData\Roaming\Voveif\onlak.exe [2014-06-15] (Anubisel Corporatu) <==== ATTENTION
Task: {B80A5ED7-31A3-427E-948F-BC0D7AA66E13} - System32\Tasks\Security Center Update - 605811440 => C:\Users\Glynnda\AppData\Roaming\Nuvimefo\irtoo.exe [2014-11-10] (Anubisel Corporatu) <==== ATTENTION
Task: {BB23D367-70B4-46BD-AEED-222C7EF5205E} - System32\Tasks\Security Center Update - 859257726 => C:\Users\Glynnda\AppData\Roaming\Wyxylo\ortoy.exe [2012-09-19] (Anubisel Corporatu) <==== ATTENTION
Task: {D31E51F3-3430-455C-B08E-DA6D6965C575} - System32\Tasks\Security Center Update - 148162692 => C:\Users\Glynnda\AppData\Roaming\Ovuzso\anama.exe [2013-05-15] (Anubisel Corporatu) <==== ATTENTION
Task: {E162E145-AE81-43FB-B557-B3E980B84C5F} - System32\Tasks\Security Center Update - 3166402688 => C:\Users\Glynnda\AppData\Roaming\Azcaoh\xyheepe.exe [2013-08-16] (Anubisel Corporatu) <==== ATTENTION
Task: {FA6ED641-47C2-42FF-B907-683F751B7F76} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3098917091-2276340468-633939820-1000
Task: {FF7BF758-52BA-4298-8C7B-429934F3F8E2} - System32\Tasks\Security Center Update - 2418676004 => C:\Users\Glynnda\AppData\Roaming\Dikiudaz\ycumbya.exe [2012-08-20] (Anubisel Corporatu) <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 1079130923.job => C:\Users\Glynnda\AppData\Roaming\Arulgyi\ygluil.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 1331730204.job => C:\Users\Glynnda\AppData\Roaming\Cugyluwy\kupee.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 1468541840.job => C:\Users\Glynnda\AppData\Roaming\Ukseusv\ywzuc.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 148162692.job => C:\Users\Glynnda\AppData\Roaming\Ovuzso\anama.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 1571542829.job => C:\Users\Glynnda\AppData\Roaming\Voveif\onlak.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 1697682034.job => C:\Users\Glynnda\AppData\Roaming\Daikequ\eptiy.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 193677934.job => C:\Users\Glynnda\AppData\Roaming\Ichateg\ixirebz.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 2418676004.job => C:\Users\Glynnda\AppData\Roaming\Dikiudaz\ycumbya.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 2593297739.job => C:\Users\Glynnda\AppData\Roaming\Sukamo\nekii.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 3166402688.job => C:\Users\Glynnda\AppData\Roaming\Azcaoh\xyheepe.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 399393453.job => C:\Users\Glynnda\AppData\Roaming\Toepexy\ufibxei.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 605811440.job => C:\Users\Glynnda\AppData\Roaming\Nuvimefo\irtoo.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 713791217.job => C:\Users\Glynnda\AppData\Roaming\Abizehd\umepx.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 859257726.job => C:\Users\Glynnda\AppData\Roaming\Wyxylo\ortoy.exe <==== ATTENTION
Hosts:
CMD: ipconfig /flushdns
EmptyTemp:
 
This script is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.
 
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
*****************
 
Hello writertiff, => Error: No automatic fix found for this entry.
First => Error: No automatic fix found for this entry.
Please uninstall the followind adware program: => Error: No automatic fix found for this entry.
ShopAtHome.com Helper => Error: No automatic fix found for this entry.
Next => Error: No automatic fix found for this entry.
Please open notepad. => Error: No automatic fix found for this entry.
Please copy the contents of the code box below. => Error: No automatic fix found for this entry.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it to the Desktop as fixlist.txt. => Error: No automatic fix found for this entry.
Alternatively type the contents of the box into notepad and save it to your desktop as fixlist.txt. => Error: No automatic fix found for this entry.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. => Error: No automatic fix found for this entry.
=> Error: No automatic fix found for this entry.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Emzuunok => value deleted successfully.
C:\Users\Glynnda\AppData\Roaming\Azcaoh\xyheepe.exe => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Emzuunok => value deleted successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\oxnmkag" => Key deleted successfully.
HKU\S-1-5-21-3098917091-2276340468-633939820-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Emzuunok => value deleted successfully.
"HKU\S-1-5-21-3098917091-2276340468-633939820-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-3098917091-2276340468-633939820-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
"HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
"HKU\S-1-5-21-3098917091-2276340468-633939820-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
"HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
HKU\S-1-5-21-3098917091-2276340468-633939820-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
C:\ProgramData\YowaCuxa => Moved successfully.
C:\ProgramData\WuyoJuwz => Moved successfully.
C:\Windows\Tasks\Security Center Update - 605811440.job => Moved successfully.
C:\Windows\Tasks\Security Center Update - 1331730204.job => Moved successfully.
C:\Windows\Tasks\Security Center Update - 1079130923.job => Moved successfully.
C:\Windows\Tasks\Security Center Update - 1468541840.job => Moved successfully.
C:\Windows\Tasks\Security Center Update - 148162692.job => Moved successfully.
C:\Windows\Tasks\Security Center Update - 2418676004.job => Moved successfully.
C:\Windows\System32\Tasks\Security Center Update - 2418676004 => Moved successfully.
C:\Windows\System32\Tasks\Security Center Update - 605811440 => Moved successfully.
C:\Windows\System32\Tasks\Security Center Update - 1331730204 => Moved successfully.
C:\Windows\System32\Tasks\Security Center Update - 1079130923 => Moved successfully.
C:\Windows\System32\Tasks\Security Center Update - 1468541840 => Moved successfully.
C:\Windows\System32\Tasks\Security Center Update - 148162692 => Moved successfully.
C:\Users\Glynnda\AppData\Roaming\Ukseusv => Moved successfully.
C:\Users\Glynnda\AppData\Roaming\Nuvimefo => Moved successfully.
C:\Users\Glynnda\AppData\Roaming\Dikiudaz => Moved successfully.
C:\Users\Glynnda\AppData\Roaming\Cugyluwy => Moved successfully.
C:\Users\Glynnda\AppData\Roaming\Arulgyi => Moved successfully.
C:\Windows\Tasks\Security Center Update - 859257726.job => Moved successfully.
C:\Windows\Tasks\Security Center Update - 1571542829.job => Moved successfully.
C:\Windows\System32\Tasks\Security Center Update - 859257726 => Moved successfully.
C:\Windows\System32\Tasks\Security Center Update - 1571542829 => Moved successfully.
C:\Users\Glynnda\AppData\Roaming\Wyxylo => Moved successfully.
C:\Users\Glynnda\AppData\Roaming\Voveif => Moved successfully.
C:\Users\Glynnda\AppData\Roaming\Ovuzso => Moved successfully.
C:\AMD => Moved successfully.
C:\Users\Glynnda\AppData\Local\oxnlwag.dll => Moved successfully.
C:\ProgramData\ZufguQwalu => Moved successfully.
C:\ProgramData\JeniJpidg => Moved successfully.
"C:\Users\Glynnda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ShopAtHome.com Helper" => File/Directory not found.
C:\Windows\Tasks\Security Center Update - 713791217.job => Moved successfully.
C:\Windows\Tasks\Security Center Update - 2593297739.job => Moved successfully.
C:\Windows\System32\Tasks\Security Center Update - 713791217 => Moved successfully.
C:\Windows\System32\Tasks\Security Center Update - 2593297739 => Moved successfully.
C:\Users\Glynnda\AppData\Roaming\Sukamo => Moved successfully.
C:\Users\Glynnda\AppData\Roaming\Abizehd => Moved successfully.
C:\Windows\Tasks\Security Center Update - 399393453.job => Moved successfully.
C:\Windows\Tasks\Security Center Update - 193677934.job => Moved successfully.
C:\Windows\System32\Tasks\Security Center Update - 399393453 => Moved successfully.
C:\Windows\System32\Tasks\Security Center Update - 193677934 => Moved successfully.
C:\Users\Glynnda\AppData\Roaming\Toepexy => Moved successfully.
C:\Users\Glynnda\AppData\Roaming\Ichateg => Moved successfully.
C:\Windows\Tasks\Security Center Update - 3166402688.job => Moved successfully.
C:\Windows\System32\Tasks\Security Center Update - 3166402688 => Moved successfully.
C:\Users\Glynnda\AppData\Roaming\Azcaoh => Moved successfully.
C:\ProgramData\PupjiRucve => Moved successfully.
C:\ProgramData\BabyUrmin => Moved successfully.
C:\Users\Glynnda\AppData\Local\oxnmkag.dll => Moved successfully.
C:\Windows\system32\%APPDATA% => Moved successfully.
C:\ProgramData\CosePpogl => Moved successfully.
C:\Users\Glynnda\AppData\Roaming\Ogoxytp => Moved successfully.
C:\Windows\System32\Tasks\Security Center Update - 1752710425 => Moved successfully.
C:\ProgramData\DocohOmpof => Moved successfully.
C:\Users\Glynnda\AppData\Roaming\Yrybmig => Moved successfully.
C:\Users\Glynnda\AppData\Local\{ECEAA633-13D5-4D92-9B9C-93779D60BC4C} => Moved successfully.
C:\ProgramData\WuvuBucfi => Moved successfully.
C:\Users\Glynnda\AppData\Roaming\FrameworkUpdate => Moved successfully.
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} => Moved successfully.
C:\Users\Glynnda\AppData\Roaming\Devuta => Moved successfully.
C:\Users\Glynnda\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Glynnda\AppData\Local\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Glynnda\AppData\DECRYPT_INSTRUCTION.TXT => Moved successfully.
 
========================= Folder: C:\Users\Glynnda\AppData\Local\EmieBrowserModeList ========================
 
2014-11-12 15:11 - 2014-11-12 15:11 - 0000000 ___SH () C:\Users\Glynnda\AppData\Local\EmieBrowserModeList\container.dat
 
====== End of Folder: ======
 
C:\ProgramData\@system.temp => Moved successfully.
C:\ProgramData\@system3.att => Moved successfully.
C:\Users\Glynnda\AppData\Roaming\FrameworkUpdate7 => Moved successfully.
C:\Users\Glynnda\AppData\Roaming\麽鎒駓覜 => Moved successfully.
C:\Users\Glynnda\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Public\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Glynnda\AppData\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Glynnda\Downloads\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Glynnda\Documents\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Glynnda\AppData\Roaming\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Glynnda\AppData\Local\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\ProgramData\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\ProgramData\GoktIwohe => Moved successfully.
C:\ProgramData\JigwUdop => Moved successfully.
C:\Users\Glynnda\AppData\Local\YvvvPack => Moved successfully.
C:\Users\Glynnda\AppData\Local\Erftion => Moved successfully.
"HKU\S-1-5-21-3098917091-2276340468-633939820-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02064DF4-7BA8-4179-8DB7-2080D5CF41C6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02064DF4-7BA8-4179-8DB7-2080D5CF41C6}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1697682034 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1697682034" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{24A8BF72-036C-4995-AF87-BD95D930133A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24A8BF72-036C-4995-AF87-BD95D930133A}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 2593297739 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2593297739" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2510B774-8BB2-4E75-B90C-255C76C24630}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2510B774-8BB2-4E75-B90C-255C76C24630}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1752710425 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1752710425" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A9D3700-9667-4648-B05D-F82908AD017A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A9D3700-9667-4648-B05D-F82908AD017A}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 3161201767 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3161201767" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{396DAAAA-2116-41EF-B37D-CE97A14B191B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{396DAAAA-2116-41EF-B37D-CE97A14B191B}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1079130923 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1079130923" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40B45342-549B-4B2E-BDDE-59C041283C5C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40B45342-549B-4B2E-BDDE-59C041283C5C}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 713791217 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 713791217" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47396FA2-5B67-453A-AD7F-82BBCD2126E5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47396FA2-5B67-453A-AD7F-82BBCD2126E5}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1331730204 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1331730204" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C429B2F-7201-45ED-89AF-0FF8BC9B061A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C429B2F-7201-45ED-89AF-0FF8BC9B061A}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1468541840 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1468541840" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8194F5FF-89C7-402C-A44A-D417F4DE6E54}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8194F5FF-89C7-402C-A44A-D417F4DE6E54}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 399393453 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 399393453" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90FBD851-DFD3-4836-904B-3BC4CAF57949}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90FBD851-DFD3-4836-904B-3BC4CAF57949}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 193677934 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 193677934" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{988574F6-2B76-4099-9022-90E1BA37CA65}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{988574F6-2B76-4099-9022-90E1BA37CA65}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1571542829 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1571542829" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B80A5ED7-31A3-427E-948F-BC0D7AA66E13}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B80A5ED7-31A3-427E-948F-BC0D7AA66E13}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 605811440 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 605811440" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB23D367-70B4-46BD-AEED-222C7EF5205E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB23D367-70B4-46BD-AEED-222C7EF5205E}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 859257726 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 859257726" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D31E51F3-3430-455C-B08E-DA6D6965C575}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D31E51F3-3430-455C-B08E-DA6D6965C575}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 148162692 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 148162692" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E162E145-AE81-43FB-B557-B3E980B84C5F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E162E145-AE81-43FB-B557-B3E980B84C5F}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 3166402688 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3166402688" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FA6ED641-47C2-42FF-B907-683F751B7F76}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA6ED641-47C2-42FF-B907-683F751B7F76}" => Key deleted successfully.
C:\Windows\System32\Tasks\Games\UpdateCheck_S-1-5-21-3098917091-2276340468-633939820-1000 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Games\UpdateCheck_S-1-5-21-3098917091-2276340468-633939820-1000" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF7BF758-52BA-4298-8C7B-429934F3F8E2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF7BF758-52BA-4298-8C7B-429934F3F8E2}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 2418676004 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2418676004" => Key deleted successfully.
C:\Windows\Tasks\Security Center Update - 1079130923.job not found.
C:\Windows\Tasks\Security Center Update - 1331730204.job not found.
C:\Windows\Tasks\Security Center Update - 1468541840.job not found.
C:\Windows\Tasks\Security Center Update - 148162692.job not found.
C:\Windows\Tasks\Security Center Update - 1571542829.job not found.
C:\Windows\Tasks\Security Center Update - 1697682034.job => Moved successfully.
C:\Windows\Tasks\Security Center Update - 193677934.job not found.
C:\Windows\Tasks\Security Center Update - 2418676004.job not found.
C:\Windows\Tasks\Security Center Update - 2593297739.job not found.
C:\Windows\Tasks\Security Center Update - 3166402688.job not found.
C:\Windows\Tasks\Security Center Update - 399393453.job not found.
C:\Windows\Tasks\Security Center Update - 605811440.job not found.
C:\Windows\Tasks\Security Center Update - 713791217.job not found.
C:\Windows\Tasks\Security Center Update - 859257726.job not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
=> Error: No automatic fix found for this entry.
This script is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable. => Error: No automatic fix found for this entry.
Run FRST/FRST64 and press the Fix button just once and wait. => Error: No automatic fix found for this entry.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply. => Error: No automatic fix found for this entry.
EmptyTemp: => Removed 18.1 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

Edited by writertiff, 08 December 2014 - 11:54 AM.

  • 0

#6
writertiff

writertiff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts

Here is the other log. It said Threat Not Found.

 

[2014.12.08 08:21:11.909] - Begin
[2014.12.08 08:21:11.910] - 
[2014.12.08 08:21:11.927] -     ....................................
[2014.12.08 08:21:11.928] -   ..::::::::::::::::::....................
[2014.12.08 08:21:11.933] -   .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT..    Win32/Poweliks
[2014.12.08 08:21:11.936] -  .::EE::::EE:SS:::::::.EE....EE....TT......   Version: 1.0.0.1
[2014.12.08 08:21:11.940] -  .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT......   Built: Oct 15 2014
[2014.12.08 08:21:11.952] -  .::EE:::::::::::::SS:.EE..........TT......
[2014.12.08 08:21:11.954] -   .::EEEEEE:::SSSSSS::..EEEEEE.....TT.....    Copyright © ESET, spol. s r.o.
[2014.12.08 08:21:11.956] -   ..::::::::::::::::::....................    1992-2013. All rights reserved.
[2014.12.08 08:21:11.956] -     ....................................
[2014.12.08 08:21:11.956] - 
[2014.12.08 08:21:11.957] - --------------------------------------------------------------------------------
[2014.12.08 08:21:11.957] - 
[2014.12.08 08:21:11.958] - INFO: OS: 6.1.7601 SP1
[2014.12.08 08:21:11.963] - INFO: Product Type: Workstation
[2014.12.08 08:21:11.964] - INFO: WoW64: True
[2014.12.08 08:21:11.965] - INFO: Machine guid: 883571C2-28F7-4EE4-90B8-434017766DB1 
[2014.12.08 08:21:11.966] - 
[2014.12.08 08:21:16.681] - INFO: Scanning for system infection...
[2014.12.08 08:21:16.682] - --------------------------------------------------------------------------------
[2014.12.08 08:21:16.682] - 
[2014.12.08 08:21:16.682] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.12.08 08:21:16.683] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.12.08 08:21:16.683] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.12.08 08:21:16.684] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.12.08 08:21:16.684] - INFO: Processing classes...
[2014.12.08 08:21:16.684] - INFO: Processing clsid [\Registry\User\S-1-5-21-3098917091-2276340468-633939820-1000\SOFTWARE\Classes\CLSID\{062D6B05-B83A-46DE-81AD-1750FB7C8DE5}]
[2014.12.08 08:21:16.685] - INFO: Processing clsid [\Registry\User\S-1-5-21-3098917091-2276340468-633939820-1000\SOFTWARE\Classes\CLSID\{08613A51-6E3E-43CC-9ECF-DD58B5837341}]
[2014.12.08 08:21:16.685] - INFO: Processing clsid [\Registry\User\S-1-5-21-3098917091-2276340468-633939820-1000\SOFTWARE\Classes\CLSID\{153EDC41-A2CC-4BEB-9EC8-008242389E50}]
[2014.12.08 08:21:16.685] - INFO: Processing clsid [\Registry\User\S-1-5-21-3098917091-2276340468-633939820-1000\SOFTWARE\Classes\CLSID\{188028B8-D91D-4BE2-BABA-68E32BDE4420}]
[2014.12.08 08:21:16.685] - INFO: Processing clsid [\Registry\User\S-1-5-21-3098917091-2276340468-633939820-1000\SOFTWARE\Classes\CLSID\{28E74F15-18C2-465E-B545-6CC738121C68}]
[2014.12.08 08:21:16.685] - INFO: Processing clsid [\Registry\User\S-1-5-21-3098917091-2276340468-633939820-1000\SOFTWARE\Classes\CLSID\{2BF6042B-B9B1-46D9-A3F8-9C987FADD4C6}]
[2014.12.08 08:21:16.685] - INFO: Processing clsid [\Registry\User\S-1-5-21-3098917091-2276340468-633939820-1000\SOFTWARE\Classes\CLSID\{40A222E2-93B1-45F9-9B07-0D1160A31A6C}]
[2014.12.08 08:21:16.685] - INFO: Processing clsid [\Registry\User\S-1-5-21-3098917091-2276340468-633939820-1000\SOFTWARE\Classes\CLSID\{6325A84C-E746-4007-A9C5-E4C1A50ED61F}]
[2014.12.08 08:21:16.685] - INFO: Processing clsid [\Registry\User\S-1-5-21-3098917091-2276340468-633939820-1000\SOFTWARE\Classes\CLSID\{92B0265C-B929-4D42-BA54-75AA39C99198}]
[2014.12.08 08:21:16.686] - INFO: Processing clsid [\Registry\User\S-1-5-21-3098917091-2276340468-633939820-1000\SOFTWARE\Classes\CLSID\{9BCA87A0-5B8F-4500-A5AF-EA1279714FDF}]
[2014.12.08 08:21:16.686] - INFO: Processing clsid [\Registry\User\S-1-5-21-3098917091-2276340468-633939820-1000\SOFTWARE\Classes\CLSID\{BB17DE65-B548-48C2-AC73-1FD1996C7261}]
[2014.12.08 08:21:16.686] - INFO: Processing clsid [\Registry\User\S-1-5-21-3098917091-2276340468-633939820-1000\SOFTWARE\Classes\CLSID\{C77D3EEF-FDCA-4D37-B0D2-5FF650E07825}]
[2014.12.08 08:21:16.686] - INFO: Processing clsid [\Registry\User\S-1-5-21-3098917091-2276340468-633939820-1000\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}]
[2014.12.08 08:21:16.686] - INFO: Processing clsid [\Registry\User\S-1-5-21-3098917091-2276340468-633939820-1000\SOFTWARE\Classes\CLSID\{EA70EB31-CBAD-4862-AFDA-DCFCC32722ED}]
[2014.12.08 08:21:16.686] - INFO: Processing clsid [\Registry\User\S-1-5-21-3098917091-2276340468-633939820-1000\SOFTWARE\Classes\CLSID\{EC9100F8-5918-4F1B-9CC1-4D34A64E0FE0}]
[2014.12.08 08:21:16.686] - INFO: Processing clsid [\Registry\User\S-1-5-21-3098917091-2276340468-633939820-1000\SOFTWARE\Classes\CLSID\{F1A1ABE3-F454-4DD9-B520-01F2EEC5F0DD}]
[2014.12.08 08:21:16.686] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.12.08 08:21:16.729] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.12.08 08:21:16.736] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.12.08 08:21:16.736] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.12.08 08:21:16.737] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.12.08 08:21:16.737] - INFO: Processing value [ServerExecutable] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.12.08 08:21:16.737] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.12.08 08:21:16.737] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.12.08 08:21:16.737] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.12.08 08:21:16.737] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2014.12.08 08:21:16.759] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.12.08 08:21:16.774] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.12.08 08:21:16.774] - INFO: Win32/Poweliks not found

  • 0

#7
writertiff

writertiff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts

By the way, I did uninstall that shop file - but after the last instructions, it said system needed to be rebooted. It shut down but never came back up. 

Later that day I had to unplug the computer and plug it back in to get it to come on again.


  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Hmm... not sure what happened there. It appears the instructions somehow got included in fixlist and your Fixlog looks like is got cut off.

 

Let's have another look.

 

Please run another FRST scan with the Addition.txt box ticked and post back the two logs generated - FRST.txt and Addition.txt.


  • 0

#9
writertiff

writertiff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts

Okay here is the addition log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2014 02
Ran by Glynnda at 2014-12-08 13:19:41
Running from C:\Users\Glynnda\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.02.03.0 - Ralink)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.3.300.257 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4417 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard)
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{8364E531-493B-4B05-8041-09D5CE38B975}) (Version: 5.1.4295.16450 - Hewlett-Packard)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Office Depot PC Support Agent (HKLM-x32\...\Office Depot PC Support Agent) (Version: 70.0.17.1 - Support.com, Inc.)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5705 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5705 - CyberLink Corp.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6456 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
smartmontools (HKLM-x32\...\smartmontools) (Version: 5.42 2011-10-20 r3458 (sf-win32-5.42-1) - )
Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
08-11-2014 18:27:54 Scheduled Checkpoint
12-11-2014 17:17:35 Windows Update
25-11-2014 21:59:29 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
25-11-2014 22:18:20 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2014-12-08 06:24 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {010F28A6-A0ED-4BE8-804E-B3D7E48074C6} - System32\Tasks\GoogleUpdateTaskMachineUA1cfff61ac267ea => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {1073C297-F11D-4F2A-BDE7-4C541D765D32} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {2DAD91F5-7F38-4985-8462-F1A67FDF2C79} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {307B48C3-873B-4B29-A53A-DF02D3D3129E} - System32\Tasks\GoogleUpdateTaskMachineUA1cf244ee1223503 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {348914EB-2E1C-45F1-A0C9-1213673372B0} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink)
Task: {473B0D75-0D02-4515-B3F8-CE5679CE2127} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-08-23] (CyberLink)
Task: {533A1B29-86D8-4642-87EB-36A0A2BB6B42} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {5FDE8316-1FC4-48DD-A276-8C6858873357} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {715FF314-4C2D-4249-AD5B-9DF85EEE8B46} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {8C1488A6-67B5-4298-9E18-0E2EAA76EF2F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {8FA49C20-7919-4078-ACEC-5DC86F237230} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {9506329E-177F-4242-AE6C-1ED28847B6A0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {BF3A2414-0666-47A4-810D-5CC91F1FAA39} - System32\Tasks\HPCeeScheduleForGlynnda => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {C2D8D1F2-9516-4180-A9F4-6390800B5CA6} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2011-09-28] ()
Task: {D87C9382-6581-4AE6-9980-80B93E2CD4E8} - System32\Tasks\GoogleUpdateTaskMachineUA1cfee62e1a80a0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {DFED804B-EB5B-4C6F-8940-9A4E2D4FF70A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf244ee1223503.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfee62e1a80a0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfff61ac267ea.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForGlynnda.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-09-15 18:13 - 2014-09-15 18:13 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-09-15 18:13 - 2014-09-15 18:13 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-10-17 01:24 - 2014-10-17 01:24 - 00044032 _____ () C:\Program Files (x86)\Office Depot PC Support Agent\ESResources.dll
2014-11-26 17:51 - 2014-11-25 00:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-26 17:51 - 2014-11-25 00:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-26 17:51 - 2014-11-25 00:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-26 17:51 - 2014-11-25 00:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3098917091-2276340468-633939820-500 - Administrator - Disabled)
Glynnda (S-1-5-21-3098917091-2276340468-633939820-1000 - Administrator - Enabled) => C:\Users\Glynnda
Guest (S-1-5-21-3098917091-2276340468-633939820-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/08/2014 00:00:45 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (12/08/2014 09:53:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: Flash64_11_3_300_257.ocx, version: 11.3.300.257, time stamp: 0x4fc81d71
Exception code: 0xc0000005
Fault offset: 0x0000000000262287
Faulting process id: 0x378
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
 
Error: (12/07/2014 02:42:05 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (12/02/2014 08:54:39 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (12/02/2014 08:36:05 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (12/02/2014 08:26:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCC.exe, version: 4.5.0.0, time stamp: 0x53ad0dcc
Faulting module name: amdmantle64.dll_unloaded, version: 0.0.0.0, time stamp: 0x5417637b
Exception code: 0xc0000005
Fault offset: 0x000007fee689dee0
Faulting process id: 0xe08
Faulting application start time: 0xCCC.exe0
Faulting application path: CCC.exe1
Faulting module path: CCC.exe2
Report Id: CCC.exe3
 
Error: (12/02/2014 08:26:19 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: CCC.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 000007FEE689DEE0
 
Error: (11/30/2014 07:25:01 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (11/30/2014 01:20:21 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (11/30/2014 09:35:34 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
 
System errors:
=============
Error: (12/08/2014 11:53:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error: 
%%2
 
Error: (12/08/2014 11:53:06 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Home Network service depends the following service: MfeFire. This service might not be installed.
 
Error: (12/08/2014 11:50:34 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Anti-Malware Core service depends the following service: mfevtp. This service might not be installed.
 
Error: (12/08/2014 11:50:34 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee AP Service service depends the following service: mfevtp. This service might not be installed.
 
Error: (12/08/2014 10:33:46 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (12/08/2014 10:12:48 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (12/08/2014 08:39:18 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.
 
Error: (12/08/2014 08:39:17 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.
 
Error: (12/08/2014 08:16:25 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.
 
Error: (12/08/2014 08:16:22 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.
 
 
Microsoft Office Sessions:
=========================
Error: (12/08/2014 00:00:45 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (12/08/2014 09:53:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.1.7601.175674d672ee4Flash64_11_3_300_257.ocx11.3.300.2574fc81d71c0000005000000000026228737801d012fdceba165aC:\Windows\explorer.exeC:\Windows\system32\Macromed\Flash\Flash64_11_3_300_257.ocx6b2068db-7ef2-11e4-b15a-047d7b5dd3c6
 
Error: (12/07/2014 02:42:05 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (12/02/2014 08:54:39 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (12/02/2014 08:36:05 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (12/02/2014 08:26:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccamdmantle64.dll_unloaded0.0.0.05417637bc0000005000007fee689dee0e0801d00ea07c8a0fa9C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeamdmantle64.dllc3df7f89-7a93-11e4-a2e3-047d7b5dd3c6
 
Error: (12/02/2014 08:26:19 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: CCC.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 000007FEE689DEE0
 
Error: (11/30/2014 07:25:01 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (11/30/2014 01:20:21 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (11/30/2014 09:35:34 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
 
==================== Memory info =========================== 
 
Processor: AMD E-450 APU with Radeon™ HD Graphics
Percentage of memory in use: 53%
Total physical RAM: 3700.64 MB
Available physical RAM: 1725.74 MB
Total Pagefile: 7401.29 MB
Available Pagefile: 4306.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:448.77 GB) (Free:394.02 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:16.89 GB) (Free:2.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F5400BBB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.9 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Here is the FRST log:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 02
Ran by Glynnda (administrator) on GLYNNDA-HP on 08-12-2014 13:06:46
Running from C:\Users\Glynnda\Desktop
Loaded Profile: Glynnda (Available profiles: Glynnda)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Support.com, Inc.) C:\Program Files (x86)\Office Depot PC Support Agent\esService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\Cyberlink\YouCam\YCMMirage.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7461480 2011-09-08] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3098917091-2276340468-633939820-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {3852876A-41D6-47DC-91DE-3FD9D00D2DBE} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {3852876A-41D6-47DC-91DE-3FD9D00D2DBE} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKU\S-1-5-21-3098917091-2276340468-633939820-1000 -> DefaultScope {68D57DE6-8621-4987-8787-D7C6E874935F} URL = http://www.bing.com/...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3098917091-2276340468-633939820-1000 -> {3852876A-41D6-47DC-91DE-3FD9D00D2DBE} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKU\S-1-5-21-3098917091-2276340468-633939820-1000 -> {68D57DE6-8621-4987-8787-D7C6E874935F} URL = http://www.bing.com/...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3098917091-2276340468-633939820-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-3098917091-2276340468-633939820-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKU\S-1-5-21-3098917091-2276340468-633939820-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{21C27A73-102E-4675-A881-104356039D20}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{A4A3B9A4-17FF-4F63-B3B7-78293B1420E5}: [NameServer] 8.8.8.8,8.8.8.8
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSearchURL: Default -> https://search.yahoo...p={searchTerms}
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Glynnda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Glynnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-28]
CHR Extension: (SiteAdvisor) - C:\Users\Glynnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-08-28]
CHR Extension: (Google Wallet) - C:\Users\Glynnda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-28]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 Office Depot PC Support Agent; C:\Program Files (x86)\Office Depot PC Support Agent\esService.exe [1009752 2014-10-17] (Support.com, Inc.)
S2 HomeNetSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
S2 mcpltsvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-03-14] (support.com, Inc)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-08 11:54 - 2014-12-08 11:55 - 00012744 _____ () C:\Users\Glynnda\Desktop\ESETPoweliksCleaner.exe_20141208.115457.4404.log
2014-12-08 08:21 - 2014-12-08 08:21 - 00012678 _____ () C:\Users\Glynnda\Desktop\ESETPoweliksCleaner.exe_20141208.082111.6196.log
2014-12-08 08:20 - 2014-12-08 08:20 - 00186568 _____ (ESET) C:\Users\Glynnda\Desktop\ESETPoweliksCleaner.exe
2014-12-07 20:36 - 2014-12-07 21:01 - 00030625 _____ () C:\Users\Glynnda\Desktop\Addition.txt
2014-12-07 20:16 - 2014-12-08 13:09 - 00015682 _____ () C:\Users\Glynnda\Desktop\FRST.txt
2014-12-07 20:16 - 2014-12-08 13:07 - 00000000 ____D () C:\FRST
2014-12-07 20:14 - 2014-12-07 20:14 - 02119680 _____ (Farbar) C:\Users\Glynnda\Desktop\FRST64.exe
2014-12-07 17:18 - 2014-12-07 17:18 - 00067530 _____ () C:\Users\Glynnda\Downloads\Extras.Txt
2014-12-07 16:10 - 2014-12-07 16:10 - 00102122 _____ () C:\Users\Glynnda\Downloads\OTL.Txt
2014-12-07 15:33 - 2014-12-08 11:50 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForGlynnda.job
2014-12-07 15:33 - 2014-12-07 15:33 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForGlynnda
2014-12-07 14:58 - 2014-12-07 14:58 - 00602112 _____ (OldTimer Tools) C:\Users\Glynnda\Downloads\OTL.exe
2014-12-02 20:59 - 2014-12-02 21:00 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Glynnda\Downloads\mbam-setup-2.0.4.1028.exe
2014-11-30 09:41 - 2014-11-30 09:41 - 00000000 ____D () C:\Users\Glynnda\AppData\Local\Windows Live
2014-11-30 09:40 - 2014-11-30 09:41 - 00000000 ____D () C:\Users\Glynnda\AppData\Local\{AD135674-8893-46A9-89DE-D377D48D249C}
2014-11-30 09:26 - 2014-11-30 09:26 - 00021527 _____ () C:\Users\Glynnda\Desktop\Office Depot Work Order 0059611525985 Ticket 27916097 Receipt.mht
2014-11-27 19:51 - 2014-11-27 19:51 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2014-11-27 19:51 - 2014-11-27 19:51 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2014-11-27 19:49 - 2014-11-27 19:49 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2014-11-27 19:45 - 2014-11-27 19:45 - 00000026 _____ () C:\Windows\Zone.Identifier
2014-11-26 12:38 - 2014-11-26 12:38 - 01960688 _____ () C:\Users\Glynnda\Downloads\Nexus (3).com
2014-11-26 12:37 - 2014-11-26 12:37 - 01960688 _____ () C:\Users\Glynnda\Downloads\Nexus (2).com
2014-11-26 08:38 - 2014-11-26 08:38 - 00000000 ____D () C:\Users\Glynnda\AppData\Local\AMD
2014-11-26 08:38 - 2014-11-26 08:38 - 00000000 ____D () C:\ProgramData\ATI
2014-11-25 17:19 - 2014-11-25 17:19 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-11-25 17:18 - 2014-11-25 17:18 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-11-25 17:17 - 2014-11-25 17:17 - 00061880 _____ () C:\Windows\SysWOW64\CCCInstall_201411251717104556.log
2014-11-25 17:08 - 2014-11-25 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-11-25 16:58 - 2014-11-25 17:20 - 00000000 ____D () C:\ProgramData\AMD
2014-11-25 16:28 - 2014-11-25 17:18 - 00000000 ____D () C:\Program Files\AMD
2014-11-25 16:05 - 2014-11-25 16:19 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-25 15:57 - 2014-11-25 17:06 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-11-25 15:49 - 2014-11-25 15:49 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-11-25 15:49 - 2014-11-25 15:49 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Daikequ
2014-11-24 14:45 - 2014-11-24 14:45 - 00001071 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-24 14:45 - 2014-11-24 14:45 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Malwarebytes
2014-11-24 14:45 - 2014-11-24 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-11-24 14:45 - 2014-11-24 14:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-24 14:45 - 2014-11-24 14:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-11-24 14:45 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-24 12:10 - 2014-11-24 12:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools
2014-11-24 11:09 - 2014-11-24 11:09 - 01960688 _____ () C:\Users\Glynnda\Downloads\Nexus (1).com
2014-11-24 11:08 - 2014-11-24 11:08 - 01960688 _____ () C:\Users\Glynnda\Downloads\Nexus.com
2014-11-22 16:00 - 2014-11-22 16:00 - 00002226 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Office Depot PC Support Agent.lnk
2014-11-22 16:00 - 2014-11-22 16:00 - 00002214 _____ () C:\Users\Public\Desktop\Office Depot PC Support Agent.lnk
2014-11-22 15:59 - 2014-11-22 18:05 - 00000000 ____D () C:\Program Files (x86)\Office Depot PC Support Agent
2014-11-22 15:58 - 2014-11-22 15:58 - 08041120 _____ () C:\Users\Glynnda\Downloads\Office_Depot_PC_SupportAgent.exe
2014-11-14 16:17 - 2014-11-25 14:51 - 00000000 ____D () C:\Windows\Minidump
2014-11-13 10:44 - 2014-12-08 12:49 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfff61ac267ea.job
2014-11-13 10:44 - 2014-11-13 10:44 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cfff61ac267ea
2014-11-12 15:11 - 2014-11-12 15:11 - 00000000 __SHD () C:\Users\Glynnda\AppData\Local\EmieBrowserModeList
2014-11-12 10:10 - 2014-11-07 13:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 10:10 - 2014-11-07 13:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 10:10 - 2014-11-05 22:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 10:10 - 2014-11-05 22:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 10:10 - 2014-11-05 22:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 10:10 - 2014-11-05 21:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 10:10 - 2014-11-05 21:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 10:10 - 2014-11-05 21:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 10:10 - 2014-11-05 21:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 10:10 - 2014-11-05 21:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 10:10 - 2014-11-05 21:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 10:10 - 2014-11-05 21:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 10:10 - 2014-11-05 21:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 10:10 - 2014-11-05 21:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 10:10 - 2014-11-05 21:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 10:10 - 2014-11-05 21:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 10:10 - 2014-11-05 21:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 10:10 - 2014-11-05 21:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 10:10 - 2014-11-05 21:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 10:10 - 2014-11-05 21:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 10:10 - 2014-11-05 21:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 10:10 - 2014-11-05 21:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 10:10 - 2014-11-05 21:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 10:10 - 2014-11-05 21:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 10:10 - 2014-11-05 21:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 10:10 - 2014-11-05 21:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 10:10 - 2014-11-05 21:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 10:10 - 2014-11-05 21:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 10:10 - 2014-11-05 21:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 10:10 - 2014-11-05 21:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 10:10 - 2014-11-05 21:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 10:10 - 2014-11-05 21:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 10:10 - 2014-11-05 20:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 10:10 - 2014-11-05 20:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 10:10 - 2014-11-05 20:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 10:10 - 2014-11-05 20:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 10:10 - 2014-11-05 20:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 10:10 - 2014-11-05 20:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 10:10 - 2014-11-05 20:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 10:10 - 2014-11-05 20:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 10:10 - 2014-11-05 20:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 10:10 - 2014-11-05 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 10:10 - 2014-11-05 20:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 10:10 - 2014-11-05 20:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 10:10 - 2014-11-05 20:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 10:10 - 2014-11-05 20:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 10:10 - 2014-11-05 20:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 10:10 - 2014-11-05 20:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 10:10 - 2014-11-05 20:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 10:10 - 2014-11-05 20:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 10:10 - 2014-11-05 20:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 10:10 - 2014-11-05 20:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 10:10 - 2014-11-05 19:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 10:10 - 2014-11-05 19:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 10:10 - 2014-11-05 19:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 10:10 - 2014-11-05 19:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 10:10 - 2014-11-05 11:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 10:10 - 2014-11-05 11:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 10:10 - 2014-11-05 11:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 10:10 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 10:10 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 10:10 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 10:10 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 10:10 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 10:10 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 10:10 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 10:10 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 10:10 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 10:09 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 10:09 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 10:09 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 10:09 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 10:09 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 10:09 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 10:09 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 10:09 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 10:09 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 10:09 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 10:09 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 10:09 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 10:09 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 10:09 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 10:09 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 10:09 - 2014-09-19 03:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-12 10:09 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 10:09 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 10:09 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 10:09 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 10:09 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 10:09 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 10:09 - 2014-09-19 03:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-12 10:09 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 10:09 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 10:09 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 10:09 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 10:09 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 10:09 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 10:09 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 10:09 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 10:09 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 10:09 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 10:09 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 10:09 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-08 12:49 - 2014-10-22 19:38 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfee62e1a80a0.job
2014-12-08 12:43 - 2014-02-07 15:52 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf244ee1223503.job
2014-12-08 12:00 - 2009-07-13 22:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-08 12:00 - 2009-07-13 22:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-08 11:50 - 2012-08-19 09:58 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-08 11:50 - 2010-11-20 21:47 - 01089564 _____ () C:\Windows\PFRO.log
2014-12-08 11:50 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-08 11:50 - 2009-07-13 22:51 - 00131652 _____ () C:\Windows\setupact.log
2014-12-08 09:54 - 2012-08-24 21:48 - 00000000 ____D () C:\Users\Glynnda\AppData\Local\CrashDumps
2014-12-08 06:24 - 2012-06-02 17:20 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-12-08 06:24 - 2012-05-25 18:19 - 00000000 ____D () C:\Users\Glynnda
2014-12-07 15:15 - 2012-06-10 00:56 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-12-07 15:15 - 2012-06-02 18:02 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-12-07 14:40 - 2012-05-25 18:23 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A9AB2FB7-477C-476B-9744-F26A55163B37}
2014-11-30 10:58 - 2013-03-24 12:28 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\SoftGrid Client
2014-11-30 09:52 - 2014-09-08 14:57 - 00000000 ____D () C:\Users\Glynnda\AppData\Local\LogMeIn Rescue Applet
2014-11-27 22:00 - 2012-05-25 18:31 - 00000000 ____D () C:\ProgramData\support.com
2014-11-26 17:51 - 2012-08-19 09:58 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-26 08:00 - 2014-09-03 10:11 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-11-25 16:52 - 2011-11-16 21:45 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-11-25 16:18 - 2012-05-25 18:17 - 01797405 _____ () C:\Windows\WindowsUpdate.log
2014-11-25 14:51 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-35006-01.dmp
2014-11-25 14:32 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-34554-01.dmp
2014-11-25 13:16 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-31325-01.dmp
2014-11-25 12:59 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-35412-01.dmp
2014-11-25 12:48 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-33883-01.dmp
2014-11-25 12:30 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-26722-01.dmp
2014-11-25 12:16 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-36878-01.dmp
2014-11-25 12:03 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-21200-01.dmp
2014-11-25 12:00 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-31403-01.dmp
2014-11-25 11:47 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-30763-01.dmp
2014-11-25 11:31 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-23493-01.dmp
2014-11-25 11:16 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-34445-01.dmp
2014-11-25 10:57 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-25740-01.dmp
2014-11-25 10:42 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-30310-01.dmp
2014-11-25 10:26 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-32058-01.dmp
2014-11-25 10:15 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-36145-01.dmp
2014-11-25 10:01 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-31434-01.dmp
2014-11-25 09:46 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-35147-01.dmp
2014-11-25 09:27 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-29780-01.dmp
2014-11-25 09:13 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-47018-01.dmp
2014-11-25 08:56 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-29000-01.dmp
2014-11-25 08:04 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-25006-01.dmp
2014-11-25 07:54 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-30872-02.dmp
2014-11-25 07:39 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-37253-01.dmp
2014-11-25 07:23 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-33228-01.dmp
2014-11-25 07:09 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-33665-01.dmp
2014-11-25 06:54 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-29187-01.dmp
2014-11-25 06:31 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-35505-01.dmp
2014-11-25 06:07 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-36972-01.dmp
2014-11-25 05:51 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-35583-01.dmp
2014-11-25 05:37 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-35895-01.dmp
2014-11-25 05:19 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-30825-01.dmp
2014-11-25 05:03 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-36582-01.dmp
2014-11-25 04:43 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-25818-01.dmp
2014-11-25 04:28 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-35303-01.dmp
2014-11-25 04:10 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-23337-01.dmp
2014-11-25 03:56 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-34382-01.dmp
2014-11-25 03:42 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-38875-01.dmp
2014-11-25 03:21 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-38313-01.dmp
2014-11-25 03:16 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-47205-01.dmp
2014-11-25 02:57 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-36348-01.dmp
2014-11-25 02:43 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-35427-01.dmp
2014-11-25 02:31 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-25958-01.dmp
2014-11-25 02:15 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-18096-01.dmp
2014-11-25 02:12 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-29764-01.dmp
2014-11-25 01:52 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-32635-01.dmp
2014-11-25 01:44 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-36192-01.dmp
2014-11-25 01:30 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-45115-01.dmp
2014-11-25 01:11 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-55739-01.dmp
2014-11-25 01:03 - 2011-11-17 00:27 - 00336564 _____ () C:\Windows\Minidump\112514-47798-01.dmp
2014-11-25 00:37 - 2012-05-25 18:59 - 00000000 ____D () C:\McAfeePromo
2014-11-24 15:10 - 2012-05-25 18:59 - 00000000 ____D () C:\ProgramData\McAfee
2014-11-24 15:06 - 2014-09-05 08:34 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Umci
2014-11-24 15:06 - 2013-10-10 14:20 - 00000000 __SHD () C:\Users\Glynnda\AppData\Roaming\bhurraus
2014-11-24 11:31 - 2012-05-28 15:43 - 00000000 ____D () C:\Users\Glynnda\AppData\Local\Microsoft Games
2014-11-24 11:26 - 2012-05-25 18:20 - 00000000 ____D () C:\Users\Glynnda\AppData\Local\VirtualStore
2014-11-20 12:08 - 2009-07-13 23:13 - 00006506 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-15 18:07 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 09:53 - 2009-07-13 23:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-13 10:44 - 2014-10-22 19:38 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cfee62e1a80a0
2014-11-13 10:44 - 2012-08-19 09:58 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 16:13 - 2012-08-19 09:58 - 00000000 ____D () C:\Users\Glynnda\AppData\Local\Google
2014-11-12 11:38 - 2009-07-13 22:45 - 00267672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 11:37 - 2014-05-05 20:29 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 11:24 - 2013-08-14 08:20 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 11:20 - 2012-11-07 09:58 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 13:08 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-11 12:21 - 2013-06-03 10:47 - 00000000 ____D () C:\Users\Public\Data
2014-11-11 12:20 - 2012-05-29 15:01 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\QuickScan
2014-11-11 12:20 - 2012-05-25 19:07 - 00000000 ____D () C:\Users\Glynnda\Documents\STK
2014-11-11 12:20 - 2012-05-25 18:24 - 00000000 ____D () C:\Users\Glynnda\AppData\Roaming\Adobe
2014-11-11 12:18 - 2011-11-16 22:07 - 00000000 ____D () C:\ProgramData\TouchSmartData
2014-11-11 12:18 - 2011-11-16 21:52 - 00000000 ____D () C:\ProgramData\Sonic
2014-11-11 12:18 - 2011-11-16 21:42 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-11-11 12:16 - 2013-05-17 11:00 - 00000000 ____D () C:\ProgramData\Etiam
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-15 18:01
 
==================== End Of Log ============================

  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Hello again writertiff,

 

Please download : ADWCleaner to your desktop  (use the Download Now @ BleepingComputer button)..

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon. AdwCleaner will update itself and then open.

AdwCleaner.jpg

Click on Scan  and follow the prompts. It may appear not to be doing anything, please be patient and let it run unhindered. When the "Please uncheck elements you don't want to remove" appears just go ahead and click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

A copy of the report is also saved in the C:\AdwCleaner folder.

 

After that

 

Please download Junkware Removal Tool to your desktop.
 

  • Shut down your protection software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

When you return please post

AdwCleaner log

JRT.txt


  • 0

Advertisements


#11
writertiff

writertiff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts

Here's the first log - going to do junkware now... also, their computer doesn't reboot - it just shuts down. I have to manually turn it back on, if that matters.

 

# AdwCleaner v4.104 - Report created 08/12/2014 at 13:49:47
# Updated 05/12/2014 by Xplode
# Database : 2014-12-08.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Glynnda - GLYNNDA-HP
# Running from : C:\Users\Glynnda\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17420
 
 
-\\ Google Chrome v39.0.2171.71
 
[C:\Users\Glynnda\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Glynnda\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [1624 octets] - [08/12/2014 13:41:46]
AdwCleaner[S0].txt - [1545 octets] - [08/12/2014 13:49:47]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1605 octets] ##########

  • 0

#12
writertiff

writertiff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts

On running the JRTot sure if this is normal but it first opened a black screen with text saying it couldn't find the file, then gave a jrt message and said press any key. I did that and it quickly showed two items so fast I couldn't see much but it was creating a backup? 

 

So I'm not sure if that's it or what. I see no log. 


  • 0

#13
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Hmm... let's do this.

 

Please download Farbar Service Scanner and run.
 

  • Make sure the following options are checked:

     
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other Services
  • Press Scan
  • A log (FSS.txt) will be created in the same directory the tool is run.
  • Copy and paste the log back here.

 


  • 0

#14
writertiff

writertiff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts

Here it is:

 

Farbar Service Scanner Version: 21-07-2014
Ran by Glynnda (administrator) on 08-12-2014 at 14:43:44
Running from "C:\Users\Glynnda\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Disabled. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

  • 0

#15
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

The FSS scan looks fine.

 

Now

 

I see Malwarebytes is on that machine. Please update and run a scan.

  • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
    MBAM9_zps1f87702b.png
  • Choose the latest Scan Log, and click on the View button:
    MBAM10_zps5a48f689.png
  • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
    MBAM8_zpsad402941.png
  • Copy & Paste the entire contents of the report log in your next reply.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP