Author Topic: [resolved] new to me computer, tons of spyware  (Read 3047 times)

Offline mommyto3furballs

  • Bronze Member
  • Posts: 172
[resolved] new to me computer, tons of spyware
« on: November 13, 2015, 08:31:41 PM »
Hi guys. Been a long time. Purchased a used laptop today and boy was it a mess. Tons of spyware programs on it. Spent the afternoon cleaning it up. Was wondering if there was anything left behind. I tried running the dds scan as required here but won't work because this computer is running windows 8.1 and says something about compatibility mode. Attached is one of the Malware Scans I completed. I will check back in tommorow

Thanks!

« Last Edit: November 13, 2015, 09:09:07 PM by Hoov »



Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27043
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] new to me computer, tons of spyware
« Reply #1 on: November 13, 2015, 09:10:07 PM »
Howdy, it is Hoov again. If you do not mind, I have a trainee that I would like to help you. Platypuss will be along shortly with the first set of instructions.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline mommyto3furballs

  • Bronze Member
  • Posts: 172
Re: [In Progress] new to me computer, tons of spyware
« Reply #2 on: November 13, 2015, 09:36:15 PM »
not a problem hoov! i'll be back online tomorrow at some point.

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: [In Progress] new to me computer, tons of spyware
« Reply #3 on: November 14, 2015, 09:15:52 AM »


 

 
Hello mommyto3furballs. :)1

I am Platypuss & I will be helping you with your problem.
I am a SpywareHammer trainee, but Hoov(My Mentor) will be checking all my posts.
There may be a small delay in replies but it does mean that you will get
 the highest standard of service.

  My simple rules
1. Please tell me everything that you have done, if anything, to try and fix this problem.
2. Also tell me any other problems you are having, no matter how small or long you have been dealing with them.
3. Do not make any changes to your system, or run any tools other than those I provided.
4.Do not delete, fix, uninstall, or install anything unless I tell you to.
5  If you are unsure about anything or if you encounter any problems, please stop and advise me about it..
6. When we start this fix, I need you to stay with me until the end
7. Remember this, just because your computer is running better does not mean it is fixed or free of malware.
>>>>>>>>>>>>>>

Thanks for the MBAM log, as you say, the computer is heavily infected.
DDS will not run on Windows 8 so we need to run a similar scan to see what is on your machine, plus a little cleaning.
>>>>>>>>>>>>>>

STEP 1
Change Download to Desktop
How to change your download location to Desktop HERE
Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.
Choose Settings. at the bottom of the screen click the"Show advanced settings..." link.
 Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Mozilla Firefox
- Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.
Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
>>>>>>>>>>>>

STEP 2 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe).
  • Please also paste that along with the FRST.txt into your reply.

   STEP 3

Please download AdwCleaner  onto your Desktop.
 
Take care NOT to click on any ad, like from PC Optimizer Pro.The correct link is the button labeled "Download from Bleeping Computer".
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.
Close your browser and double click the AdwCleaner icon on your desktop.

   
  • Click on the Scan button, accept any prompts that appear, and allow it to run.It may take several minutes to complete.
       
  • When it is done, the Scan button will be dimmed down, and it will wait for you to make any exceptions to its suggested removals:-
       
  • Don't make any exceptions or uncheck anythingafter analysis of the log.
       
  • Click on the Cleaning button, accept any prompts that appear, and allow the system to Reboot.
       
  • You will then be presented with the report. Copy/Paste it into a reply here.
       
  • If you lose track of the log, it is saved in this folder C:\AdwCleaner\

    The filename will be adwcleaner[xx].txt, where [xx] will be S1, or S2, etc. whichever filename is newest.
AT THIS POINT, DO NOT ATTEMPT TO CLEAN ANYTHING THAT MAY BE FOUND

  STEP 4

Please download Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
>>>>>>>>>>>>>>>>>>>>>

 I need:- both FRST logs.
              AdwCleaner log
              Junkware Removal Tool log please

Platypuss
 
 





 

 

 [/list]

Offline mommyto3furballs

  • Bronze Member
  • Posts: 172
Re: [In Progress] new to me computer, tons of spyware
« Reply #4 on: November 14, 2015, 03:28:12 PM »
thanks platypus for the help. enclosed are the logs

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: [In Progress] new to me computer, tons of spyware
« Reply #5 on: November 15, 2015, 04:35:37 AM »

Hello mommyto3furballs,

Thank for the logs. Would you be kind enough to Copy/Paste the FRST log here please.
Attaching logs slows the interpretation process considerably  :)1
If you find the log too large it can be split up & entered in successive posts.
Thank you.

platypuss

Offline mommyto3furballs

  • Bronze Member
  • Posts: 172
Re: [In Progress] new to me computer, tons of spyware
« Reply #6 on: November 15, 2015, 06:26:49 AM »
sorry about that platypus. that was the reason why I attached the file. so large.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by loki (administrator) on CURT (14-11-2015 15:47:11)
Running from C:\Users\loki\Desktop
Loaded Profiles: loki (Available Profiles: loki)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(AMD) C:\Windows\System32\atieclxx.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.4.9926.17994_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2013-10-22] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2795248 2013-10-01] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-01] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-11-13] (AVAST Software)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-10-23] (SUPERAntiSpyware)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => No File
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-11-13] (AVAST Software)

Offline mommyto3furballs

  • Bronze Member
  • Posts: 172
Re: [In Progress] new to me computer, tons of spyware
« Reply #7 on: November 15, 2015, 06:28:07 AM »

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/4
HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/?gws_rd=ssl
HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/4
SearchScopes: HKLM -> {D7151D55-32B7-4C1B-B280-A19306B72E44} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D7151D55-32B7-4C1B-B280-A19306B72E44} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002 -> {D7151D55-32B7-4C1B-B280-A19306B72E44} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-13] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-13] (AVAST Software)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

FireFox:
========
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin HKU\S-1-5-21-2243256156-3552192332-2390129894-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\loki\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-24] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-13]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-09-25] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-11-13] (AVAST Software)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-10-18] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-10-18] (CyberLink)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-11-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-11-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-11-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-11-13] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [154256 2015-11-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-11-13] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-14] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2013-09-24] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2946264 2013-10-18] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-10-01] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-10-01] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35320 2014-09-21] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258368 2014-09-21] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
U3 McAPExe; no ImagePath
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mcpltsvc; no ImagePath
U3 McProxy; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath

Offline mommyto3furballs

  • Bronze Member
  • Posts: 172
Re: [In Progress] new to me computer, tons of spyware
« Reply #8 on: November 15, 2015, 06:29:56 AM »


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{66F0E050-AF70-4F07-8ABB-5CD49913D5AE}: [DhcpNameServer] 192.168.1.1


==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-14 15:47 - 2015-11-14 15:47 - 00014149 _____ C:\Users\loki\Desktop\FRST.txt
2015-11-14 15:46 - 2015-11-14 15:47 - 00000000 ____D C:\FRST
2015-11-14 15:35 - 2015-11-14 15:35 - 01732096 _____ C:\Users\loki\Desktop\AdwCleaner.exe
2015-11-14 15:34 - 2015-11-14 15:34 - 02198528 _____ (Farbar) C:\Users\loki\Desktop\FRST64.exe
2015-11-14 06:49 - 2015-11-14 06:54 - 00000000 ___SD C:\Windows\system32\GWX
2015-11-14 06:49 - 2015-11-14 06:49 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-11-13 22:33 - 2015-07-30 09:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-11-13 22:33 - 2015-07-30 08:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-11-13 22:20 - 2014-04-15 18:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-11-13 22:20 - 2014-04-15 18:34 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-11-13 21:50 - 2015-03-17 12:26 - 00467776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-11-13 21:48 - 2015-06-19 12:07 - 02819072 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-11-13 21:48 - 2015-04-24 21:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-11-13 21:48 - 2015-02-02 19:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2015-11-13 21:48 - 2015-02-02 19:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2015-11-13 21:48 - 2015-01-29 21:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-11-13 21:48 - 2015-01-29 21:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-11-13 21:48 - 2015-01-29 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-11-13 21:48 - 2015-01-29 20:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-11-13 21:48 - 2015-01-27 18:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-11-13 21:48 - 2015-01-27 18:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-11-13 21:25 - 2015-11-13 21:25 - 00001050 _____ C:\Users\loki\Desktop\malware scan #3.txt
2015-11-13 21:24 - 2015-11-13 21:24 - 00162248 _____ C:\Users\loki\Desktop\Malware Scan #1.txt
2015-11-13 21:24 - 2015-11-13 21:24 - 00001049 _____ C:\Users\loki\Desktop\malware scan #2.txt
2015-11-13 17:50 - 2015-11-13 17:51 - 00000000 ____D C:\ProgramData\Licenses
2015-11-13 17:50 - 2015-11-13 17:51 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-11-13 17:50 - 2015-11-13 17:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-11-13 17:50 - 2012-05-02 12:17 - 01070152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2015-11-13 17:50 - 2009-03-24 13:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2015-11-13 17:45 - 2015-11-14 06:53 - 00000464 _____ C:\Windows\setupact.log
2015-11-13 17:45 - 2015-11-13 17:45 - 00000000 _____ C:\Windows\setuperr.log
2015-11-13 17:12 - 2015-11-13 18:22 - 00000000 ____D C:\Users\loki\Desktop\Maintenance
2015-11-13 17:05 - 2015-11-13 17:05 - 00000000 ____D C:\Users\loki\AppData\Roaming\QuickScan
2015-11-13 17:02 - 2015-11-13 17:02 - 00000000 ____D C:\SUPERDelete
2015-11-13 17:01 - 2015-11-13 17:01 - 00000000 ____D C:\Users\loki\AppData\Roaming\SUPERAntiSpyware.com
2015-11-13 17:01 - 2015-11-13 17:01 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-11-13 17:01 - 2015-11-13 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-11-13 17:01 - 2015-11-13 17:01 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-11-13 16:56 - 2015-04-29 18:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-11-13 16:44 - 2015-06-28 00:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-13 16:44 - 2015-06-28 00:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-13 16:44 - 2015-06-28 00:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-13 16:44 - 2015-06-27 11:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-13 16:44 - 2015-03-08 21:02 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-11-13 16:44 - 2015-01-26 22:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-11-13 16:44 - 2015-01-23 20:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-11-13 16:44 - 2015-01-23 02:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-11-13 16:44 - 2015-01-23 00:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-11-13 16:44 - 2014-10-28 20:57 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\BthHFSrv.dll
2015-11-13 16:43 - 2015-10-30 18:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-13 16:43 - 2015-10-30 18:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-13 16:43 - 2015-10-30 18:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-13 16:43 - 2015-10-30 18:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-13 16:43 - 2015-10-30 18:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-13 16:43 - 2015-10-30 17:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-13 16:43 - 2015-10-30 17:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-13 16:43 - 2015-10-30 17:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-13 16:43 - 2015-10-30 17:39 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-11-13 16:43 - 2015-10-30 17:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-13 16:43 - 2015-10-30 17:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-13 16:43 - 2015-10-30 17:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-13 16:43 - 2015-10-30 17:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-13 16:43 - 2015-10-30 17:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-13 16:43 - 2015-10-30 17:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-13 16:43 - 2015-10-30 17:14 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-11-13 16:43 - 2015-10-30 17:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-13 16:43 - 2015-10-30 17:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-13 16:43 - 2015-10-30 17:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-13 16:43 - 2015-10-30 16:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-13 16:43 - 2015-10-30 16:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-13 16:43 - 2015-10-30 16:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-13 16:43 - 2015-10-30 16:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-13 16:43 - 2015-10-13 10:59 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-13 16:43 - 2015-10-13 10:59 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-13 16:43 - 2015-10-13 10:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-13 16:43 - 2015-10-13 10:59 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-13 16:43 - 2015-10-13 10:59 - 00106952 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2015-11-13 16:43 - 2015-10-13 10:59 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2015-11-13 16:43 - 2015-10-11 01:36 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-13 16:43 - 2015-10-11 01:36 - 00177496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-13 16:43 - 2015-10-10 13:40 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-13 16:43 - 2015-10-10 13:39 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-13 16:43 - 2015-10-10 13:07 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-11-13 16:43 - 2015-10-10 12:33 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-13 16:43 - 2015-10-10 12:27 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-13 16:43 - 2015-10-10 12:11 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-11-13 16:43 - 2015-10-10 11:45 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-13 16:43 - 2015-09-29 07:24 - 00155480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2015-11-13 16:43 - 2015-09-10 12:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-13 16:43 - 2015-09-10 12:06 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-13 16:43 - 2015-09-10 11:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-13 16:43 - 2015-09-10 11:37 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-13 16:43 - 2015-09-10 11:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-13 16:43 - 2015-09-10 11:35 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-13 16:43 - 2015-09-10 11:28 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-13 16:43 - 2015-09-10 11:21 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-13 16:43 - 2015-09-10 11:19 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-13 16:43 - 2015-09-10 11:17 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-13 16:43 - 2015-09-10 11:17 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-13 16:43 - 2015-09-10 11:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-13 16:43 - 2015-09-10 11:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-13 16:43 - 2015-09-10 10:57 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-13 16:43 - 2015-09-10 10:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-13 16:43 - 2015-09-10 10:55 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-13 16:43 - 2015-07-16 15:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-13 16:43 - 2015-07-16 14:53 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-11-13 16:43 - 2015-07-16 14:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-13 16:43 - 2015-07-16 14:14 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-11-13 16:43 - 2015-07-16 13:52 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-11-13 16:43 - 2015-06-26 22:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-13 16:43 - 2015-06-15 17:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-11-13 16:43 - 2015-06-15 16:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-13 16:43 - 2015-06-15 15:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-11-13 16:43 - 2015-06-15 15:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-13 16:43 - 2015-06-15 15:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-11-13 16:43 - 2015-05-22 22:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-13 16:43 - 2015-05-22 13:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-13 16:43 - 2015-04-21 11:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-11-13 16:42 - 2015-10-13 12:10 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-13 16:42 - 2015-10-13 12:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-13 16:42 - 2015-09-04 14:24 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2015-11-13 16:42 - 2015-08-28 17:20 - 00183368 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2015-11-13 16:42 - 2015-08-26 21:43 - 22372152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-11-13 16:42 - 2015-08-26 21:42 - 19795904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-11-13 16:42 - 2015-08-20 15:45 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-11-13 16:42 - 2015-08-20 12:48 - 01096704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-11-13 16:42 - 2015-08-06 11:47 - 04710400 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-11-13 16:42 - 2015-08-06 11:18 - 04068352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-11-13 16:42 - 2015-07-10 12:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-11-13 16:42 - 2015-06-15 17:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-11-13 16:42 - 2015-06-15 17:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-11-13 16:42 - 2015-06-15 16:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-11-13 16:42 - 2015-06-15 16:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-11-13 16:42 - 2015-06-15 15:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-11-13 16:42 - 2015-06-15 14:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-11-13 16:42 - 2015-05-07 12:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-11-13 16:42 - 2015-05-07 11:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-11-13 16:42 - 2015-03-19 20:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-11-13 16:42 - 2015-03-03 20:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-11-13 16:42 - 2015-03-03 20:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-11-13 16:42 - 2015-03-01 20:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-11-13 16:42 - 2015-03-01 20:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-11-13 16:42 - 2014-11-14 01:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2015-11-13 16:42 - 2014-11-04 20:41 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-11-13 16:42 - 2014-11-04 20:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2015-11-13 16:42 - 2014-10-28 23:03 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-11-13 16:42 - 2014-10-28 21:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys
2015-11-13 16:42 - 2014-10-28 21:44 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-11-13 16:42 - 2014-10-28 21:42 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\unimdmat.dll
2015-11-13 16:42 - 2014-10-28 21:34 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\uniplat.dll
2015-11-13 16:42 - 2014-10-28 21:22 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-11-13 16:42 - 2014-10-28 20:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unimdmat.dll
2015-11-13 16:42 - 2014-10-28 20:51 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uniplat.dll
2015-11-13 16:42 - 2014-10-28 20:42 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-11-13 16:42 - 2014-10-28 20:21 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\AuthHostProxy.dll
2015-11-13 16:42 - 2014-10-28 19:40 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\AuthBroker.dll
2015-11-13 16:42 - 2014-10-28 19:34 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthBroker.dll
2015-11-13 16:41 - 2015-10-15 11:08 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-13 16:41 - 2015-10-15 10:46 - 00803328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-13 16:41 - 2015-09-24 11:42 - 00348672 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2015-11-13 16:41 - 2015-09-24 11:40 - 00737280 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2015-11-13 16:41 - 2015-09-07 11:22 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-11-13 16:41 - 2015-09-07 10:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-11-13 16:41 - 2015-09-07 10:30 - 01091584 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-11-13 16:41 - 2015-08-07 16:40 - 01134752 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-13 16:41 - 2015-08-07 16:40 - 00686960 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-11-13 16:41 - 2015-08-07 16:40 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-11-13 16:41 - 2015-08-07 09:13 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-13 16:41 - 2015-08-06 12:05 - 00669184 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2015-11-13 16:41 - 2015-08-06 11:37 - 00536576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2015-11-13 16:41 - 2015-07-15 19:29 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-11-13 16:41 - 2015-07-14 16:59 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-13 16:41 - 2015-07-14 16:59 - 00487256 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2015-11-13 16:41 - 2015-07-14 16:59 - 00393560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2015-11-13 16:41 - 2015-07-13 22:22 - 02529880 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-11-13 16:41 - 2015-07-13 22:21 - 01901776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-11-13 16:41 - 2015-07-13 14:46 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-13 16:41 - 2015-07-13 14:45 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-11-13 16:41 - 2015-07-10 12:42 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-11-13 16:41 - 2015-07-01 17:19 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-11-13 16:41 - 2015-07-01 17:16 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-11-13 16:41 - 2015-07-01 16:37 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-11-13 16:41 - 2015-07-01 16:35 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-11-13 16:41 - 2015-06-12 12:03 - 18823680 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-11-13 16:41 - 2015-06-12 11:36 - 15159296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-11-13 16:41 - 2015-05-03 10:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-11-13 16:41 - 2015-05-03 09:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-11-13 16:41 - 2015-05-03 09:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-11-13 16:41 - 2015-05-03 09:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-11-13 16:41 - 2015-04-08 17:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-11-13 16:41 - 2015-04-02 19:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-11-13 16:41 - 2015-04-02 19:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-11-13 16:41 - 2015-04-01 17:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-11-13 16:41 - 2015-04-01 17:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-11-13 16:41 - 2015-03-31 22:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-11-13 16:41 - 2015-03-31 21:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-11-13 16:41 - 2015-03-19 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-11-13 16:41 - 2015-03-12 20:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-11-13 16:41 - 2015-03-12 19:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-11-13 16:41 - 2015-03-05 21:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-11-13 16:41 - 2015-02-17 18:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-11-13 16:41 - 2015-01-29 22:01 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-11-13 16:41 - 2015-01-29 20:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2015-11-13 16:41 - 2015-01-28 20:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-11-13 16:41 - 2014-10-28 21:43 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\printui.exe
2015-11-13 16:41 - 2014-10-28 21:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\hh.exe
2015-11-13 16:41 - 2014-10-28 21:34 - 00189440 _____ (Microsoft Corporation) C:\Windows\system32\rgb9rast.dll
2015-11-13 16:41 - 2014-10-28 21:19 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\hhsetup.dll
2015-11-13 16:41 - 2014-10-28 21:13 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\BdeUISrv.exe
2015-11-13 16:41 - 2014-10-28 21:04 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\findnetprinters.dll
2015-11-13 16:41 - 2014-10-28 20:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.exe
2015-11-13 16:41 - 2014-10-28 20:58 - 00015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hh.exe
2015-11-13 16:41 - 2014-10-28 20:52 - 00289280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\compstui.dll
2015-11-13 16:41 - 2014-10-28 20:45 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll
2015-11-13 16:41 - 2014-10-28 20:40 - 00045568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhsetup.dll
2015-11-13 16:41 - 2014-10-28 20:28 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\findnetprinters.dll
2015-11-13 16:41 - 2014-10-28 20:28 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\atlthunk.dll
2015-11-13 16:41 - 2014-10-28 20:26 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\BitLockerDeviceEncryption.exe
2015-11-13 16:41 - 2014-10-28 20:16 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2015-11-13 16:41 - 2014-10-28 20:15 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll
2015-11-13 16:41 - 2014-10-28 19:55 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2015-11-13 16:41 - 2014-10-28 19:44 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2015-11-13 16:41 - 2014-10-28 19:41 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2015-11-13 16:41 - 2014-10-28 19:35 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2015-11-13 16:40 - 2015-10-20 16:54 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-13 16:40 - 2015-10-20 09:53 - 03705856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-13 16:40 - 2015-10-20 09:36 - 02243072 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-13 16:40 - 2015-10-20 09:35 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-13 16:40 - 2015-10-20 09:34 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-11-13 16:40 - 2015-10-20 09:34 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-13 16:40 - 2015-10-20 09:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-13 16:40 - 2015-10-20 09:33 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-13 16:40 - 2015-10-20 09:14 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-13 16:40 - 2015-10-20 09:13 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-13 16:40 - 2015-10-20 09:13 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-13 16:40 - 2015-10-20 09:13 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-13 16:40 - 2015-10-17 09:19 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-13 16:40 - 2015-10-14 18:02 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-13 16:40 - 2015-10-14 18:02 - 01659560 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-11-13 16:40 - 2015-10-14 18:02 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-11-13 16:40 - 2015-10-14 18:02 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-11-13 16:40 - 2015-10-14 18:02 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-11-13 16:40 - 2015-09-18 22:18 - 00035384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-11-13 16:40 - 2015-09-18 08:42 - 01290752 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-11-13 16:40 - 2015-09-18 08:42 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-11-13 16:40 - 2015-09-18 08:42 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-11-13 16:40 - 2015-09-18 08:42 - 00699904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-11-13 16:40 - 2015-09-18 08:42 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-11-13 16:40 - 2015-09-18 08:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-11-13 16:40 - 2015-09-12 08:47 - 00414559 _____ C:\Windows\system32\ApnDatabase.xml
2015-11-13 16:40 - 2015-08-07 16:40 - 01736520 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-13 16:40 - 2015-08-07 16:40 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-13 16:40 - 2015-07-10 13:19 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-11-13 16:40 - 2015-07-10 12:14 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-11-13 16:40 - 2015-07-10 12:13 - 07032320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-11-13 16:40 - 2015-07-10 11:47 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-11-13 16:40 - 2015-07-10 11:31 - 06213120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-11-13 16:40 - 2015-07-09 13:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-13 16:40 - 2015-07-09 12:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-11-13 16:40 - 2015-07-09 12:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-11-13 16:40 - 2015-07-09 11:30 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-11-13 16:40 - 2015-06-26 22:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-13 16:40 - 2015-06-26 22:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-13 16:40 - 2015-06-26 21:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-13 16:40 - 2015-06-11 15:12 - 02476376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-11-13 16:40 - 2015-06-11 15:12 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-11-13 16:40 - 2015-05-21 08:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-11-13 16:40 - 2015-05-11 11:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-11-13 16:40 - 2015-05-07 11:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-13 16:40 - 2015-04-28 08:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-11-13 16:40 - 2015-04-28 08:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-11-13 16:40 - 2015-04-16 01:17 - 00325464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-11-13 16:40 - 2015-04-13 17:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-11-13 16:40 - 2015-04-13 17:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-11-13 16:40 - 2015-04-09 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-11-13 16:40 - 2015-04-09 19:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-11-13 16:40 - 2015-03-31 23:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-11-13 16:40 - 2015-03-31 23:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-11-13 16:40 - 2015-03-31 23:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-11-13 16:40 - 2015-03-31 23:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-11-13 16:40 - 2015-03-31 22:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-11-13 16:40 - 2015-03-31 22:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-11-13 16:40 - 2015-03-31 22:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-11-13 16:40 - 2015-03-31 21:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-11-13 16:40 - 2015-03-31 21:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-11-13 16:40 - 2015-03-31 21:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-11-13 16:40 - 2015-03-31 21:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-11-13 16:40 - 2015-03-31 21:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-11-13 16:40 - 2015-03-31 21:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-11-13 16:40 - 2015-03-12 23:03 - 00239424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-11-13 16:40 - 2015-03-12 23:03 - 00154432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-11-13 16:40 - 2015-03-10 20:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-13 16:40 - 2015-03-10 20:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-13 16:40 - 2014-10-28 21:45 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-13 16:40 - 2014-10-28 21:24 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2015-11-13 16:40 - 2014-10-28 21:24 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-11-13 16:40 - 2014-10-28 21:00 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-13 16:40 - 2014-10-28 21:00 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2015-11-13 16:40 - 2014-10-28 21:00 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-13 16:40 - 2014-10-28 20:43 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2015-11-13 16:40 - 2014-10-28 20:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-11-13 16:40 - 2014-10-28 20:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2015-11-13 16:40 - 2014-10-28 20:20 - 00238592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2015-11-13 16:40 - 2014-10-28 19:57 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2015-11-13 16:40 - 2014-10-28 19:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2015-11-13 16:40 - 2014-10-28 19:56 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2015-11-13 16:40 - 2014-10-28 19:46 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2015-11-13 16:40 - 2014-10-28 19:45 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2015-11-13 16:40 - 2014-10-28 19:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2015-11-13 16:40 - 2014-10-07 01:54 - 00189248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2015-11-13 16:37 - 2015-10-08 11:08 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-11-13 16:37 - 2015-08-10 13:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-11-13 16:37 - 2015-08-10 13:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-11-13 16:37 - 2015-08-10 12:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-11-13 16:37 - 2015-08-10 11:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-11-13 16:37 - 2015-08-10 11:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-11-13 16:37 - 2015-07-16 13:58 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\NcdAutoSetup.dll
2015-11-13 16:37 - 2015-05-12 08:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-11-13 16:37 - 2015-03-14 03:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-11-13 16:37 - 2015-03-14 03:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-11-13 16:37 - 2014-11-10 13:06 - 00136512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2015-11-13 16:37 - 2014-10-28 20:27 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\EventAggregation.dll
2015-11-13 16:37 - 2014-10-28 20:27 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\CSystemEventsBrokerClient.dll
2015-11-13 16:37 - 2014-10-28 20:12 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2015-11-13 16:36 - 2015-08-22 08:42 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-11-13 16:36 - 2015-08-22 08:42 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-11-13 16:36 - 2015-08-22 08:42 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-11-13 16:36 - 2015-08-22 08:42 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-11-13 16:36 - 2015-08-22 08:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-11-13 16:36 - 2015-08-22 08:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-11-13 16:36 - 2015-08-22 08:42 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-11-13 16:36 - 2015-08-22 08:42 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-11-13 16:36 - 2015-08-22 08:42 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-11-13 16:36 - 2015-08-22 08:42 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-11-13 16:36 - 2015-08-22 08:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-11-13 16:36 - 2015-08-22 08:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-11-13 16:36 - 2015-08-22 08:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-11-13 16:36 - 2015-08-22 08:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-11-13 16:36 - 2015-08-22 08:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-11-13 16:36 - 2015-08-22 08:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-11-13 16:36 - 2015-08-22 08:35 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-11-13 16:36 - 2015-08-22 08:35 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-11-13 16:36 - 2015-08-22 08:35 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-11-13 16:36 - 2015-08-22 08:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-11-13 16:36 - 2015-08-22 08:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-11-13 16:36 - 2015-08-22 08:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-11-13 16:36 - 2015-08-22 08:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-11-13 16:36 - 2015-08-22 08:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-11-13 16:36 - 2015-08-22 08:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-11-13 16:36 - 2015-08-22 08:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-11-13 16:36 - 2015-08-22 08:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-11-13 16:36 - 2015-08-22 08:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-11-13 16:36 - 2015-08-22 08:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-11-13 16:36 - 2015-08-22 08:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-11-13 16:36 - 2015-08-22 08:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-11-13 16:36 - 2015-08-22 08:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-11-13 16:34 - 2015-06-16 00:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-11-13 16:34 - 2015-06-16 00:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-11-13 16:33 - 2015-05-03 10:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-11-13 16:33 - 2015-05-03 09:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-11-13 16:32 - 2015-07-29 09:37 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-11-13 16:32 - 2015-07-29 09:30 - 01381888 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-11-13 16:32 - 2015-07-29 09:23 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-11-13 16:32 - 2015-07-24 13:57 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-11-13 16:32 - 2015-07-24 13:52 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-11-13 16:32 - 2015-07-24 12:27 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-11-13 16:32 - 2015-07-24 12:23 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-11-13 16:32 - 2015-04-08 17:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-11-13 16:30 - 2015-01-28 20:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-11-13 16:30 - 2015-01-28 20:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2015-11-13 16:29 - 2015-03-05 22:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-11-13 16:29 - 2015-03-05 21:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-11-13 16:29 - 2014-10-28 20:58 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\WPDShextAutoplay.exe
2015-11-13 16:29 - 2014-10-28 20:54 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
2015-11-13 16:29 - 2014-10-28 20:25 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDShextAutoplay.exe
2015-11-13 16:29 - 2014-10-28 20:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDShServiceObj.dll
2015-11-13 16:28 - 2015-04-23 10:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-11-13 16:28 - 2015-04-23 10:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-11-13 16:27 - 2015-01-27 21:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2015-11-13 16:27 - 2015-01-27 20:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
2015-11-13 16:27 - 2014-10-28 21:34 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WSCollect.exe
2015-11-13 16:27 - 2014-10-28 21:34 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2015-11-13 16:27 - 2014-10-28 20:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2015-11-13 16:27 - 2014-10-28 19:55 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2015-11-13 16:26 - 2015-01-19 13:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-11-13 16:26 - 2014-12-19 03:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-11-13 16:26 - 2014-12-19 03:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-11-13 16:04 - 2015-04-24 21:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-11-13 16:04 - 2015-04-24 21:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-11-13 16:00 - 2015-02-07 18:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-11-13 16:00 - 2015-02-07 18:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-11-13 16:00 - 2015-01-29 21:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-11-13 16:00 - 2015-01-29 20:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-11-13 16:00 - 2015-01-29 20:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-11-13 16:00 - 2015-01-29 20:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-11-13 16:00 - 2015-01-29 20:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-11-13 16:00 - 2015-01-29 20:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-11-13 16:00 - 2015-01-29 20:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-11-13 16:00 - 2015-01-29 20:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-11-13 16:00 - 2014-10-28 20:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\eappprxy.dll
2015-11-13 16:00 - 2014-10-28 19:59 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappprxy.dll
2015-11-13 15:13 - 2015-11-13 15:13 - 00000000 ____D C:\Program Files (x86)\ESET
2015-11-13 13:49 - 2015-11-13 13:44 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-11-13 13:49 - 2015-11-13 13:44 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswBCB6.tmp
2015-11-13 13:46 - 2015-11-13 13:46 - 00000000 ____D C:\Users\loki\AppData\Roaming\AVAST Software
2015-11-13 13:46 - 2015-11-13 13:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-11-13 13:45 - 2015-11-13 13:50 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-11-13 13:45 - 2015-11-13 13:44 - 01059656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-11-13 13:45 - 2015-11-13 13:44 - 00449992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-11-13 13:45 - 2015-11-13 13:44 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-11-13 13:45 - 2015-11-13 13:44 - 00154256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-11-13 13:45 - 2015-11-13 13:44 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-11-13 13:45 - 2015-11-13 13:44 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-11-13 13:45 - 2015-11-13 13:44 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-11-13 13:45 - 2015-11-13 13:44 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-11-13 13:44 - 2015-11-13 13:44 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-11-13 13:42 - 2015-11-14 15:46 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-13 13:41 - 2015-11-13 13:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-13 13:41 - 2015-11-13 13:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-13 13:41 - 2015-11-13 13:41 - 00000000 ____D C:\Program Files\AVAST Software
2015-11-13 13:41 - 2015-11-13 13:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-13 13:41 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-13 13:41 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-13 13:41 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-13 13:39 - 2015-11-13 13:39 - 00000000 ____D C:\ProgramData\AVAST Software
2015-11-13 13:27 - 2015-11-13 13:27 - 00003098 _____ C:\Windows\System32\Tasks\{B484EBB5-4DCD-4448-918A-F4AEC52FA1E1}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-14 15:40 - 2014-06-06 05:35 - 01477757 _____ C:\Windows\WindowsUpdate.log
2015-11-14 15:25 - 2014-06-06 05:43 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2243256156-3552192332-2390129894-1002
2015-11-14 15:22 - 2014-06-06 05:38 - 00003906 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DF453432-1F51-456F-AB4B-6649AA1E511A}
2015-11-14 15:21 - 2014-06-06 05:39 - 00000000 ____D C:\Users\loki\Documents\Youcam
2015-11-14 15:17 - 2014-02-20 07:36 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2015-11-14 15:17 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\sru
2015-11-14 07:14 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2015-11-14 06:57 - 2013-08-26 01:09 - 00006424 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-14 06:53 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-14 06:53 - 2013-08-22 09:44 - 00337920 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-14 06:52 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-11-14 06:49 - 2015-02-11 15:02 - 00000000 ____D C:\Windows\system32\appraiser
2015-11-14 06:49 - 2014-08-14 14:02 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-11-14 06:49 - 2013-08-22 10:36 - 00000000 ___RD C:\Windows\ToastData
2015-11-14 06:49 - 2013-08-22 10:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-11-14 06:49 - 2013-08-22 10:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-11-14 06:49 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\WinStore
2015-11-14 06:49 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-11-14 06:08 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-11-14 06:08 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-11-14 06:08 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2015-11-13 23:10 - 2015-02-18 14:10 - 00000000 __SHD C:\Users\loki\AppData\LocalLow\EmieBrowserModeList
2015-11-13 23:10 - 2015-02-18 14:10 - 00000000 __SHD C:\Users\loki\AppData\Local\EmieBrowserModeList
2015-11-13 23:10 - 2014-08-07 19:21 - 00000000 __SHD C:\Users\loki\AppData\LocalLow\EmieUserList
2015-11-13 23:10 - 2014-08-07 19:21 - 00000000 __SHD C:\Users\loki\AppData\LocalLow\EmieSiteList
2015-11-13 23:10 - 2014-06-30 07:24 - 00000000 __SHD C:\Users\loki\AppData\Local\EmieUserList
2015-11-13 23:10 - 2014-06-30 07:24 - 00000000 __SHD C:\Users\loki\AppData\Local\EmieSiteList
2015-11-13 23:02 - 2013-08-26 01:01 - 00347434 _____ C:\Windows\PFRO.log
2015-11-13 22:59 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-11-13 22:58 - 2014-06-10 20:27 - 00000000 ____D C:\Windows\system32\MRT
2015-11-13 19:57 - 2014-06-06 05:37 - 00000000 ____D C:\Users\loki\AppData\Local\Packages
2015-11-13 18:25 - 2014-10-20 13:05 - 00000000 ____D C:\Users\loki\AppData\Roaming\Developerts LLC USA
2015-11-13 18:24 - 2014-06-06 05:44 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2015-11-13 18:23 - 2014-02-20 07:46 - 00000000 ____D C:\ProgramData\Temp
2015-11-13 18:19 - 2013-08-22 10:36 - 00000000 __RSD C:\Windows\Media
2015-11-13 18:00 - 2013-11-06 19:59 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-11-13 18:00 - 2013-11-06 19:15 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-11-13 17:59 - 2013-11-06 20:13 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-11-13 17:56 - 2014-06-06 05:40 - 00000000 ____D C:\Users\loki\AppData\Roaming\hpqlog
2015-11-13 16:03 - 2015-06-27 09:19 - 00000000 ____D C:\Windows\Minidump
2015-11-13 16:03 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\LiveKernelReports
2015-11-13 13:33 - 2013-11-06 20:05 - 00001397 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-11-13 13:33 - 2013-11-06 20:05 - 00001328 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-11-13 13:29 - 2013-11-06 20:04 - 00000578 _____ C:\Windows\DirectX.log
2015-11-13 12:39 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\NDF
2015-11-13 11:38 - 2014-06-06 05:37 - 00000000 ____D C:\Users\loki
2015-11-02 19:23 - 2015-02-10 22:09 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-02 19:23 - 2015-02-10 22:09 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-27 18:43 - 2014-06-10 20:27 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-02 10:30

==================== End of FRST.txt ============================

Offline mommyto3furballs

  • Bronze Member
  • Posts: 172
Re: [In Progress] new to me computer, tons of spyware
« Reply #9 on: November 15, 2015, 06:30:50 AM »
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by loki (2015-11-14 15:49:17)
Running from C:\Users\loki\Desktop
Windows 8.1 (X64) (2014-06-06 10:37:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2243256156-3552192332-2390129894-500 - Administrator - Disabled)
Guest (S-1-5-21-2243256156-3552192332-2390129894-501 - Limited - Disabled)
loki (S-1-5-21-2243256156-3552192332-2390129894-1002 - Administrator - Enabled) => C:\Users\loki

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{19C397A1-9C70-119F-E3BF-752C432FD217}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2241 - AVAST Software)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3303 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3418 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{D82B396E-A647-4C81-9DA4-C61F7BB620EC}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{1D7EB7E7-0B5D-4A23-A383-7EF133090026}) (Version: 2.3.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.29071 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1208 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.16.1 - Synaptics Incorporated)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Unity Web Player (HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\UnityWebPlayer) (Version: 4.6.4f1 - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

Check "winmgmt" service or repair WMI.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3C6E9D52-9E2C-4E38-990F-F49F86CAB9C7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-10-27] (Microsoft Corporation)
Task: {3D0458A6-7893-4CA9-BDCD-C7318D734B84} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-10-01] (Synaptics Incorporated)
Task: {84BCC7D8-9759-43E5-9129-2E8D66655379} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {8C5B5CA5-936C-4140-BB11-E0FD6B5E6B48} - System32\Tasks\Secure Fast PC Autorun => C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Secure Fast PC.exe <==== ATTENTION
Task: {98598193-C9D7-4F4C-A926-AC95CE8B34D6} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {D234D3D7-7889-41BE-A2DC-19EFF46B03A5} - System32\Tasks\{B484EBB5-4DCD-4448-918A-F4AEC52FA1E1} => pcalua.exe -a "C:\Program Files (x86)\Windows Live\Installer\wlarp.exe"
Task: {ECD5365D-B191-4095-8083-7A01B6D8D407} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-11-13] (AVAST Software)
Task: {F47033AD-8888-4D17-8FDC-EA426806957D} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {FD5CDE39-E80A-4693-A245-7948B99E62F2} - \bvxvdxvx -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (Whitelisted) ==============

2013-10-14 14:23 - 2013-10-14 14:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-10-14 14:24 - 2013-10-14 14:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-14 14:25 - 2013-10-14 14:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 14:22 - 2013-10-14 14:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-10-14 14:22 - 2013-10-14 14:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 14:22 - 2013-10-14 14:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 14:35 - 2013-10-14 14:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 14:35 - 2013-10-14 14:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-09-25 09:49 - 2013-09-25 09:49 - 00099328 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2013-09-25 09:48 - 2013-09-25 09:48 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-10-14 14:30 - 2013-10-14 14:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-11-13 13:44 - 2015-11-13 13:44 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-11-13 13:44 - 2015-11-13 13:44 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-11-13 13:49 - 2015-11-13 13:49 - 02991104 _____ () C:\Program Files\AVAST Software\Avast\defs\15111302\algo.dll
2015-11-13 13:44 - 2015-11-13 13:44 - 00466448 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-11-14 06:54 - 2015-11-14 06:54 - 02991104 _____ () C:\Program Files\AVAST Software\Avast\defs\15111400\algo.dll
2014-02-20 07:55 - 2013-08-05 02:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 18:48 - 2013-08-05 18:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-11-13 13:44 - 2015-11-13 13:44 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\StartupApproved\Run: => "uTorrent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2A3CDDAF-0638-4A99-982C-492F631323D3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{937E63E9-DA03-41C8-90FA-86076BB6A93E}] => (Allow) LPort=2869
FirewallRules: [{82C14759-36A0-4DCB-8A3D-0997273D9544}] => (Allow) LPort=1900
FirewallRules: [{E4AC1317-A968-440D-9C69-786D64D79CD7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B8FD0168-7EF4-443B-AF64-D3C8D72F152D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F4843430-0F4E-4BF2-8181-FD40825150A2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AE0D876B-AF02-4C69-9E08-240D738D8E3F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{069E8E83-82C4-4A36-8A3B-B837FA5ED274}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{EFE31366-7201-4E05-8DF6-07CE04629CE0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{34E220B0-C43A-49CA-B353-99BC0F348518}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{90E87E67-B9F9-4754-AD56-55917B84700E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{E24927E4-0536-4C5A-BB5D-05940E992CD3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{68A8CBDD-4899-4409-AAAA-C3A19F67327C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{9644F668-A9D9-4CEA-9A7A-291EA19467E3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{6E997B24-DA78-43DC-94B1-08A5D66796F6}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{BA9E2A44-BA93-4A43-99D6-DA2EA9F14154}] => (Allow) C:\Users\loki\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7CD74EA0-5FC4-4FF4-9E2D-514C5C09501C}] => (Allow) C:\Users\loki\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{39F4D68D-64E5-48C8-8578-F371790D4021}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{062EFC2F-7F76-4325-AAA6-67F9D44BF683}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/14/2015 03:39:01 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (11/14/2015 03:20:58 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceCreationEvent WITHIN 5 WHERE TargetInstance ISA 'Win32_Process'" could not be reactivated in namespace "//./ROOT/cimv2" because of error 0x80041010. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/14/2015 03:20:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPMSGSVC.exe, version: 1.0.10.0, time stamp: 0x52537ee1
Faulting module name: HPMSGSVC.exe, version: 1.0.10.0, time stamp: 0x52537ee1
Exception code: 0xc0000005
Fault offset: 0x000023e9
Faulting process id: 0x13fc
Faulting application start time: 0xHPMSGSVC.exe0
Faulting application path: HPMSGSVC.exe1
Faulting module path: HPMSGSVC.exe2
Report Id: HPMSGSVC.exe3
Faulting package full name: HPMSGSVC.exe4
Faulting package-relative application ID: HPMSGSVC.exe5

Error: (11/14/2015 06:57:45 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/14/2015 06:57:45 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (11/14/2015 05:57:21 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Windows (C:) was not optimized because an error was encountered: This element already exists in the table. All entries in the table must be unique. (0x89000014)

Error: (11/14/2015 05:49:14 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceCreationEvent WITHIN 5 WHERE TargetInstance ISA 'Win32_Process'" could not be reactivated in namespace "//./ROOT/CIMV2" because of error 0x80041010. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/14/2015 05:49:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPMSGSVC.exe, version: 1.0.10.0, time stamp: 0x52537ee1
Faulting module name: HPMSGSVC.exe, version: 1.0.10.0, time stamp: 0x52537ee1
Exception code: 0xc0000005
Fault offset: 0x000023e9
Faulting process id: 0x788
Faulting application start time: 0xHPMSGSVC.exe0
Faulting application path: HPMSGSVC.exe1
Faulting module path: HPMSGSVC.exe2
Report Id: HPMSGSVC.exe3
Faulting package full name: HPMSGSVC.exe4
Faulting package-relative application ID: HPMSGSVC.exe5

Error: (11/13/2015 11:09:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/13/2015 11:09:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


System errors:
=============
Error: (11/14/2015 03:18:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

Error: (11/14/2015 07:21:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/13/2015 11:13:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/13/2015 10:58:43 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Security Update for Windows 8.1 for x64-based Systems (KB3097966).

Error: (11/13/2015 10:58:43 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Update for Windows 8.1 for x64-based Systems (KB3053863).

Error: (11/13/2015 10:58:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Update for Windows 8.1 for x64-based Systems (KB3024755).

Error: (11/13/2015 10:58:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Update for Windows 8.1 for x64-based Systems (KB3047255).

Error: (11/13/2015 10:58:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Update for Windows 8.1 for x64-based Systems (KB3012702).

Error: (11/13/2015 10:58:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Security Update for Windows 8.1 for x64-based Systems (KB3067505).

Error: (11/13/2015 10:58:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Update for Windows 8.1 for x64-based Systems (KB3047254).


==================== Memory info ===========================

Processor: AMD E2-3800 APU with Radeon(TM) HD Graphics
Percentage of memory in use: 43%
Total physical RAM: 3537.01 MB
Available physical RAM: 2010.93 MB
Total Virtual: 4497.01 MB
Available Virtual: 2775.7 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:446.59 GB) (Free:403.8 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:18.4 GB) (Free:1.85 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 87E9C7AD)

Partition: GPT.

==================== End of Addition.txt ============================

Offline mommyto3furballs

  • Bronze Member
  • Posts: 172
Re: [In Progress] new to me computer, tons of spyware
« Reply #10 on: November 15, 2015, 06:33:05 AM »
# AdwCleaner v5.021 - Logfile created 14/11/2015 at 15:56:32
# Updated 14/11/2015 by Xplode
# Database : 2015-11-13.3 [Server]
# Operating system : Windows 8.1  (x64)
# Username : loki - CURT
# Running from : C:\Users\loki\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\loki\AppData\Roaming\Developerts LLC USA
[-] Folder Deleted : C:\Users\loki\Documents\PC Health Kit

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : LaunchSignup
[-] Task Deleted : Secure Fast PC Autorun

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\IM
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1077 bytes] ##########

Offline mommyto3furballs

  • Bronze Member
  • Posts: 172
Re: [In Progress] new to me computer, tons of spyware
« Reply #11 on: November 15, 2015, 06:34:45 AM »
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 8.1 x64
Ran by loki on 2015-11-14 at 16:07:24.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D7151D55-32B7-4C1B-B280-A19306B72E44}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{D7151D55-32B7-4C1B-B280-A19306B72E44}



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015-11-14 at 16:19:55.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Offline mommyto3furballs

  • Bronze Member
  • Posts: 172
Re: [In Progress] new to me computer, tons of spyware
« Reply #12 on: November 15, 2015, 06:49:43 AM »
utorrent shows up in the log i noticed. it was on this system when we bought it on friday. it was also the first thing to go before i put on an antivirus and malwarebytes. thanks

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: [In Progress] new to me computer, tons of spyware
« Reply #13 on: November 16, 2015, 02:24:43 PM »
Hello mommyto3furballs,
Thank you for the posted log, much easier to read & analyse.

Download fixlist file below and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Fixlist
 
Code: [Select]
start
close processes:
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => No File
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => No
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
earchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword{searchTerms}
Task: {8C5B5CA5-936C-4140-BB11-E0FD6B5E6B48} - System32\Tasks\Secure Fast PC Autorun => C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Secure Fast PC.exe <==== ATTENTION
Task: {F47033AD-8888-4D17-8FDC-EA426806957D} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {FD5CDE39-E80A-4693-A245-7948B99E62F2} - \bvxvdxvx -> No File <==== ATTENTION
SearchScopes: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms)
u3 McAPExe; no ImagePath
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mcpltsvc; no ImagePath
U3 McProxy; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\1001movie.com -> 1001movie.com
HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\StartupApproved\Run: => "uTorrent"
FirewallRules: [{BA9E2A44-BA93-4A43-99D6-DA2EA9F14154}] => (Allow) C:\Users\loki\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7CD74EA0-5FC4-4FF4-9E2D-514C5C09501C}] => (Allow) C:\Users\loki\AppData\Roaming\uTorrent\uTorrent.exe
Empty temp:
end

>>>>>>>>>>>>>>>>>>>>>

   
Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Windows 8 & 8.1
users may face another warning from the Windows SmartScreen Protection - please click More information and Run.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you may need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

Disable your security programs.

    Click the blue Run ESET Online Scanner box
    Tick the box next to YES, I accept the Terms of Use
     then click on: Start
    You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow/install to install. If your firewall asks whether you want to allow installation, say yes. If asked, click yes to allow the program to run on your computer.
    Check "Enable detection of potentially unwanted applications"
    Click on Start and say yes to allow the program to proceed.
    The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    When completed the Online Scan will begin automatically. The scan may take several hours.
    Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    When completed click "List of found threats" and click again on Copy to clipboard. Open notepad and past in the clipboard list. Save it as ESET log on your Desktop .
    After that click the button "Back"
    Select and check Uninstall application on close and Delete quarantined files.
    Then click on: Finish
    Copy and paste the ESET log back here and tell me how your machine is now.
>>>>>>>>>>>>>>>>>>>



Quote
utorrent shows up in the log i noticed. it was on this system when we bought it on friday. it was also the first thing to go before i put on an antivirus and malwarebytes. thanks

Don`t worry about it, I had realised your circumstances, no problems & appreciate it thank you.

Platypuss

Offline mommyto3furballs

  • Bronze Member
  • Posts: 172
Re: [In Progress] new to me computer, tons of spyware
« Reply #14 on: November 16, 2015, 04:20:11 PM »
HELP!  i'm sorry but i'm in need of clarification. how do I download it? to notepad or? because I didn't see anything to download except the code which I copied and pasted the whole thing to notepad on the computer. the frst program didn't generate a log at all. the frst program is saved just on my desktop. eagerly waiting your response.