1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

moms computer loaded with viruses and other crap

Discussion in 'Virus & Other Malware Removal' started by Kevier, Mar 4, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. Kevier

    Kevier Thread Starter

    Joined:
    May 7, 2014
    Messages:
    240
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 8, 64 bit
    Processor: AMD E-300 APU with Radeon(tm) HD Graphics, AMD64 Family 20 Model 2 Stepping 0
    Processor Count: 2
    RAM: 3682 Mb
    Graphics Card: AMD Radeon HD 6310 Graphics, 384 Mb
    Hard Drives: C: Total - 452196 MB, Free - 381737 MB; D: Total - 23953 MB, Free - 2892 MB;
    Motherboard: Hewlett-Packard, 188B
    Antivirus: Windows Defender, Disabled

    My mom and dad gave me this computer to try and fix it because it was running really slow and has pop ups so i uses the should i remove it app and removed about 25 programs but i dont think they are all gone or that all the viruses are found i have used adwCleaner and Microsoft defender and the Norton removal tool but still running really slow.

    i am using my own laptop to type to you because hers is so slow

    i also think there could be registry problems or something the desktop task bar seems off it is a grey color
     
  2. Kevier

    Kevier Thread Starter

    Joined:
    May 7, 2014
    Messages:
    240
    results of the adwcleaner

    # AdwCleaner v4.111 - Logfile created 03/03/2015 at 16:57:44
    # Updated 18/02/2015 by Xplode
    # Database : 2015-02-18.3 [Local]
    # Operating system : Windows 8 (x64)
    # Username : chopper - KATHY
    # Running from : E:\New folder\adwcleaner_4.111.exe
    # Option : Cleaning

    ***** [ Services ] *****

    [#] Service Deleted : globalUpdate
    [#] Service Deleted : globalUpdatem
    Service Deleted : wpnfd_1_10_0_5
    Service Deleted : {62eca849-70b6-47ed-932e-18163afa5bee}Gw64

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\TVWizard
    Folder Deleted : C:\ProgramData\Browser
    Folder Deleted : C:\ProgramData\TVWizard
    Folder Deleted : C:\ProgramData\PicColor Utility
    Folder Deleted : C:\ProgramData\PicColorData
    Folder Deleted : C:\ProgramData\shopshop
    Folder Deleted : C:\ProgramData\CouponFactor
    Folder Deleted : C:\ProgramData\4f409866c2b7193a
    Folder Deleted : C:\ProgramData\5710731894626654522
    Folder Deleted : C:\ProgramData\eafade40000059f0
    Folder Deleted : C:\ProgramData\f89677c6198548a19325bf559bebffc5
    Folder Deleted : C:\Program Files (x86)\globalUpdate
    Folder Deleted : C:\Program Files (x86)\MyPC Backup
    Folder Deleted : C:\Program Files (x86)\predm
    Folder Deleted : C:\Program Files (x86)\Super Optimizer
    Folder Deleted : C:\Program Files (x86)\Consumer Input
    Folder Deleted : C:\Program Files (x86)\WSE_Vosteran
    Folder Deleted : C:\Program Files (x86)\Solution Real
    Folder Deleted : C:\Program Files (x86)\buuyfast
    Folder Deleted : C:\Program Files (x86)\buuyfuAst
    Folder Deleted : C:\Program Files (x86)\ddeal4eme
    Folder Deleted : C:\Program Files (x86)\freEdelIvery
    Folder Deleted : C:\Program Files (x86)\nnitrodeal
    Folder Deleted : C:\Program Files (x86)\rOcCketsale
    Folder Deleted : C:\Program Files (x86)\WEbsaVEr
    Folder Deleted : C:\Users\chopper\AppData\Local\Temp\Solution Real
    Folder Deleted : C:\Users\chopper\AppData\Local\globalUpdate
    Folder Deleted : C:\Users\chopper\AppData\Local\TVWizard
    Folder Deleted : C:\Users\chopper\AppData\Roaming\VOPackage
    Folder Deleted : C:\Users\chopper\AppData\Roaming\WSE_Vosteran
    Folder Deleted : C:\Users\chopper\AppData\Roaming\Taplika
    Folder Deleted : C:\Users\chopper\Documents\Optimizer Pro
    Folder Deleted : C:\Users\chopper\AppData\Roaming\Mozilla\Firefox\Profiles\0ej6bc8l.default\Extensions\[email protected]
    Folder Deleted : C:\Users\chopper\AppData\Roaming\Mozilla\Firefox\Profiles\0ej6bc8l.default\Extensions\[email protected]
    File Deleted : C:\END
    File Deleted : C:\Users\Public\Desktop\eBay.lnk
    File Deleted : C:\Windows\patsearch.bin
    File Deleted : C:\Windows\SysWOW64\ColorMediaOff.ini
    File Deleted : C:\Users\chopper\AppData\Local\Temp\Uninstall.exe
    File Deleted : C:\Windows\System32\drivers\cmwr.sys
    File Deleted : C:\Windows\System32\drivers\Msft_Kernel_webinstrNHKT_01009.Wdf
    File Deleted : C:\Windows\System32\ColorMediaOff.ini
    File Deleted : C:\Windows\System32\drivers\{62eca849-70b6-47ed-932e-18163afa5bee}Gw64.sys
    File Deleted : C:\Users\chopper\Documents\Uninstall.exe
    File Deleted : C:\Users\chopper\AppData\Roaming\Mozilla\Firefox\Profiles\0ej6bc8l.default\user.js
    File Deleted : C:\Users\chopper\AppData\Roaming\Mozilla\Firefox\Profiles\0ej6bc8l.default\searchplugins\Taplika.xml

    ***** [ Scheduled tasks ] *****

    Task Deleted : globalUpdateUpdateTaskMachineCore
    Task Deleted : globalUpdateUpdateTaskMachineUA

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
    Key Deleted : HKLM\SOFTWARE\Classes\P41999083_0ca9_48c4_9903_bd3426440723_.P41999083_0ca9_48c4_9903_bd3426440723_
    Key Deleted : HKLM\SOFTWARE\Classes\P41999083_0ca9_48c4_9903_bd3426440723_.P41999083_0ca9_48c4_9903_bd3426440723_.9
    Key Deleted : HKLM\SOFTWARE\Classes\P9c980b33_c33b_4e9a_b18a_b3ebddbcaa76_.P9c980b33_c33b_4e9a_b18a_b3ebddbcaa76_
    Key Deleted : HKLM\SOFTWARE\Classes\P9c980b33_c33b_4e9a_b18a_b3ebddbcaa76_.P9c980b33_c33b_4e9a_b18a_b3ebddbcaa76_.9
    Key Deleted : HKLM\SOFTWARE\Classes\Pb1d4c7bc_64dd_41ea_a96b_a960d1ec2cec_.Pb1d4c7bc_64dd_41ea_a96b_a960d1ec2cec_
    Key Deleted : HKLM\SOFTWARE\Classes\Pb1d4c7bc_64dd_41ea_a96b_a960d1ec2cec_.Pb1d4c7bc_64dd_41ea_a96b_a960d1ec2cec_.10
    Key Deleted : HKLM\SOFTWARE\Classes\Pf5427c85_f467_4ca0_a56a_91a0c492355a_.Pf5427c85_f467_4ca0_a56a_91a0c492355a_
    Key Deleted : HKLM\SOFTWARE\Classes\Pf5427c85_f467_4ca0_a56a_91a0c492355a_.Pf5427c85_f467_4ca0_a56a_91a0c492355a_.10
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{41999083-0ca9-48c4-9903-bd3426440723}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9c980b33-c33b-4e9a-b18a-b3ebddbcaa76}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{b1d4c7bc-64dd-41ea-a96b-a960d1ec2cec}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{f5427c85-f467-4ca0-a56a-91a0c492355a}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41999083-0ca9-48c4-9903-bd3426440723}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{41999083-0ca9-48c4-9903-bd3426440723}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9c980b33-c33b-4e9a-b18a-b3ebddbcaa76}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{b1d4c7bc-64dd-41ea-a96b-a960d1ec2cec}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f5427c85-f467-4ca0-a56a-91a0c492355a}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{41999083-0ca9-48c4-9903-bd3426440723}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9c980b33-c33b-4e9a-b18a-b3ebddbcaa76}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{b1d4c7bc-64dd-41ea-a96b-a960d1ec2cec}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{f5427c85-f467-4ca0-a56a-91a0c492355a}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41999083-0ca9-48c4-9903-bd3426440723}
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKCU\Software\Compete
    Key Deleted : HKCU\Software\GlobalUpdate
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\Microsoft\KanarCore
    Key Deleted : HKCU\Software\Optimizer Pro
    Key Deleted : HKCU\Software\TutoTag
    Key Deleted : HKCU\Software\StormWatchApp
    Key Deleted : HKCU\Software\GAMESDESKTOP
    Key Deleted : HKCU\Software\Solution Real
    Key Deleted : HKCU\Software\Super Optimizer
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
    Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\SOFTWARE\CompeteInc
    Key Deleted : HKLM\SOFTWARE\GlobalUpdate
    Key Deleted : HKLM\SOFTWARE\NpApp
    Key Deleted : HKLM\SOFTWARE\Tutorials
    Key Deleted : HKLM\SOFTWARE\PicColor Utility
    Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
    Key Deleted : HKLM\SOFTWARE\WordProser_1.10.0.5
    Key Deleted : HKLM\SOFTWARE\Solution Real
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TVWizard
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78B72F2B-0468-A7AC-ECEE-02C79EC3EF0B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{09854D8E-46B5-057B-5B6E-BFD2A04AD5AB}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{46DF3CE6-BACF-B984-6099-DC25E7054C21}
    Key Deleted : [x64] HKLM\SOFTWARE\PicColor Utility
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BubbleSound

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v10.0.9200.16537

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

    -\\ Mozilla Firefox v35.0.1 (x86 en-US)

    [0ej6bc8l.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Taplika");
    [0ej6bc8l.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "14ab75644e00772f14c6377591dfea06");

    *************************

    AdwCleaner[R0].txt - [16122 bytes] - [03/03/2015 16:53:59]
    AdwCleaner[S0].txt - [14988 bytes] - [03/03/2015 16:57:44]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15048 bytes] ##########
     
  3. Kevier

    Kevier Thread Starter

    Joined:
    May 7, 2014
    Messages:
    240
    i Ran adwcleaner again

    # AdwCleaner v4.111 - Logfile created 04/03/2015 at 16:59:18
    # Updated 18/02/2015 by Xplode
    # Database : 2015-03-02.3 [Server]
    # Operating system : Windows 8 (x64)
    # Username : chopper - KATHY
    # Running from : C:\Users\chopper\Desktop\Anti Spyware\adwcleaner_4.111.exe
    # Option : Cleaning

    ***** [ Services ] *****

    Service Deleted : 57e40902

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Browser
    Folder Deleted : C:\ProgramData\salesale
    Folder Deleted : C:\ProgramData\4f409866c2b7193a
    Folder Deleted : C:\ProgramData\5710731894626654522
    Folder Deleted : C:\Program Files (x86)\wincheck
    Folder Deleted : C:\Program Files (x86)\dailuyprizee
    Folder Deleted : C:\Program Files (x86)\offeRDieal
    Folder Deleted : C:\Program Files (x86)\roccketsaLe
    Folder Deleted : C:\Users\chopper\AppData\Local\TVWizard
    Folder Deleted : C:\Users\chopper\AppData\Roaming\Mozilla\Firefox\Profiles\0ej6bc8l.default\Extensions\[email protected]
    Folder Deleted : C:\Users\chopper\AppData\Roaming\Mozilla\Firefox\Profiles\0ej6bc8l.default\Extensions\[email protected]

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\Pd4ad9c5e_76fd_49e6_8ee1_8df5f76ed3ba_.Pd4ad9c5e_76fd_49e6_8ee1_8df5f76ed3ba_
    Key Deleted : HKLM\SOFTWARE\Classes\Pd4ad9c5e_76fd_49e6_8ee1_8df5f76ed3ba_.Pd4ad9c5e_76fd_49e6_8ee1_8df5f76ed3ba_.10
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{57e40902}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{d4ad9c5e-76fd-49e6-8ee1-8df5f76ed3ba}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d4ad9c5e-76fd-49e6-8ee1-8df5f76ed3ba}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d4ad9c5e-76fd-49e6-8ee1-8df5f76ed3ba}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{d4ad9c5e-76fd-49e6-8ee1-8df5f76ed3ba}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d4ad9c5e-76fd-49e6-8ee1-8df5f76ed3ba}
    Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
    Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v10.0.9200.16537


    -\\ Mozilla Firefox v35.0.1 (x86 en-US)


    *************************

    AdwCleaner[R0].txt - [16122 bytes] - [03/03/2015 16:53:59]
    AdwCleaner[R1].txt - [2639 bytes] - [04/03/2015 16:45:08]
    AdwCleaner[R2].txt - [3017 bytes] - [04/03/2015 16:51:19]
    AdwCleaner[S0].txt - [15221 bytes] - [03/03/2015 16:57:44]
    AdwCleaner[S1].txt - [2873 bytes] - [04/03/2015 16:59:18]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2932 bytes] ##########
     
  4. Kevier

    Kevier Thread Starter

    Joined:
    May 7, 2014
    Messages:
    240
    it's really starting to slow down now where programs wont respond for awhile now
     
  5. Kevier

    Kevier Thread Starter

    Joined:
    May 7, 2014
    Messages:
    240
    i ran FRST


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01
    Ran by chopper (administrator) on KATHY on 06-03-2015 20:08:46
    Running from C:\Users\chopper\Desktop
    Loaded Profiles: chopper (Available profiles: chopper)
    Platform: Windows 8 (X64) OS Language: English (United States)
    Internet Explorer Version 10 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (Ninja Soft Inc.) C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe
    (Ninja Soft Inc.) C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe
    (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Small Island Development) C:\ProgramData\UnTEMEcF\Lrstnb.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
    (Ninja Soft Inc.) C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
    (The Chromium Authors) C:\Users\chopper\AppData\Local\Ninja Loader\Chrome-bin\chrome.exe
    (The Chromium Authors) C:\Users\chopper\AppData\Local\Ninja Loader\Chrome-bin\chrome.exe
    (The Chromium Authors) C:\Users\chopper\AppData\Local\Ninja Loader\Chrome-bin\chrome.exe
    (The Chromium Authors) C:\Users\chopper\AppData\Local\Ninja Loader\Chrome-bin\chrome.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (The Chromium Authors) C:\Users\chopper\AppData\Local\Ninja Loader\Chrome-bin\chrome.exe
    (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17074_none_6233bc1f5106b696\TiWorker.exe
    (The Chromium Authors) C:\Users\chopper\AppData\Local\Ninja Loader\Chrome-bin\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
    HKLM-x32\...\Run: [gmsd_us_58] => [X]
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-04-08] (Hewlett-Packard)
    HKU\S-1-5-21-1548246300-823100809-1641666167-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
    AppInit_DLLs-x32: c:/progra~3/{d4df3~1/171~1.0/coro.dll => "c:\progra~3\{d4df3~1\171~1.0\coro.dll" File Not Found
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
    HKU\S-1-5-21-1548246300-823100809-1641666167-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
    HKU\S-1-5-21-1548246300-823100809-1641666167-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
    HKU\S-1-5-21-1548246300-823100809-1641666167-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?Lin...?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    SearchScopes: HKLM -> {93C58A49-D44C-4747-AF63-BDE2A3B57DBC} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM-x32 -> {93C58A49-D44C-4747-AF63-BDE2A3B57DBC} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1548246300-823100809-1641666167-1002 -> {93C58A49-D44C-4747-AF63-BDE2A3B57DBC} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-1548246300-823100809-1641666167-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\chopper\AppData\Roaming\Mozilla\Firefox\Profiles\0ej6bc8l.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF Extension: duplicatethistabmozillaorg - C:\Users\chopper\AppData\Roaming\Mozilla\Firefox\Profiles\0ej6bc8l.default\Extensions\[email protected] [2015-01-09]
    FF Extension: Zoom It - C:\Users\chopper\AppData\Roaming\Mozilla\Firefox\Profiles\0ej6bc8l.default\Extensions\{d61e796e-a16c-9aa9-15bc-69afedc38c12} [2015-03-04]
    StartMenuInternet: FIREFOX.EXE - firefox.exe

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    R2 Lrstnb; C:\ProgramData\UnTEMEcF\Lrstnb.exe [2726256 2015-01-04] (Small Island Development)
    R2 NinjaLoaderService; C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe [52736 2014-12-28] (Ninja Soft Inc.) [File not signed]
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-10-12] (Realtek Semiconductor)
    R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [126568 2015-01-26] (RaMMicHaeL)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
    R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
    S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
    S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
    R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-06 20:08 - 2015-03-06 20:11 - 00012384 _____ () C:\Users\chopper\Desktop\FRST.txt
    2015-03-06 20:08 - 2015-03-06 20:09 - 00000000 ____D () C:\FRST
    2015-03-06 20:06 - 2015-03-06 20:07 - 02092544 _____ (Farbar) C:\Users\chopper\Desktop\FRST64.exe
    2015-03-06 19:59 - 2015-03-06 19:59 - 00000000 ____D () C:\Users\chopper\AppData\Local\TVWizard
    2015-03-06 19:51 - 2015-03-06 20:01 - 00000000 ____D () C:\Windows\system32\AutoUpdateLicense
    2015-03-06 19:50 - 2015-03-06 19:50 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2015-03-06 19:50 - 2015-03-06 19:50 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-03-05 06:29 - 2015-03-03 08:17 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2015-03-04 15:25 - 2014-07-02 20:59 - 01824784 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-03-04 15:24 - 2014-07-11 23:41 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\KBDRUM.DLL
    2015-03-04 15:24 - 2014-07-11 23:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
    2015-03-04 15:24 - 2014-07-11 23:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
    2015-03-04 15:24 - 2014-07-11 23:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
    2015-03-04 15:24 - 2014-07-11 23:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
    2015-03-04 15:24 - 2014-07-11 23:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
    2015-03-04 15:24 - 2014-07-11 23:16 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRUM.DLL
    2015-03-04 15:24 - 2014-07-11 23:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
    2015-03-04 15:24 - 2014-07-11 23:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
    2015-03-04 15:24 - 2014-07-11 23:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
    2015-03-04 15:24 - 2014-07-11 23:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
    2015-03-04 15:24 - 2014-07-11 23:15 - 00006144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
    2015-03-04 15:24 - 2014-07-08 17:33 - 00181248 _____ (Microsoft Corp.) C:\Windows\system32\Defrag.exe
    2015-03-04 15:24 - 2014-07-08 17:32 - 01539584 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
    2015-03-04 15:24 - 2014-07-08 17:32 - 00340480 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
    2015-03-04 15:24 - 2014-07-08 17:30 - 01220608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
    2015-03-04 15:24 - 2014-07-07 00:52 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
    2015-03-04 15:24 - 2014-07-07 00:52 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
    2015-03-04 15:24 - 2014-07-04 05:52 - 00328000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
    2015-03-04 15:24 - 2014-07-02 19:30 - 01408952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-03-04 15:24 - 2014-06-28 02:01 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
    2015-03-04 15:24 - 2014-06-28 01:56 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
    2015-03-04 15:24 - 2014-06-17 18:27 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2015-03-04 15:24 - 2014-06-17 18:23 - 02238464 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2015-03-04 15:24 - 2014-06-11 09:47 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
    2015-03-04 15:24 - 2014-06-10 23:40 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
    2015-03-04 15:24 - 2014-06-10 17:44 - 01403896 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2015-03-04 15:24 - 2014-02-04 05:57 - 01271664 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2015-03-04 14:40 - 2015-03-04 14:40 - 00509440 _____ (Tech Support Guy System) C:\Users\chopper\Downloads\SysInfo.exe
    2015-03-04 03:49 - 2015-02-03 14:29 - 00714184 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-03-04 03:49 - 2015-02-03 14:29 - 00106440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-03-04 02:16 - 2015-03-04 02:18 - 00000000 ____D () C:\Program Files (x86)\offferapp
    2015-03-04 02:16 - 2015-03-04 02:18 - 00000000 ____D () C:\Program Files (x86)\Facebook Color Changer Enhancer
    2015-03-04 02:14 - 2015-03-06 15:43 - 00000000 ____D () C:\Program Files (x86)\roeCketdeal
    2015-03-03 22:18 - 2014-10-08 23:00 - 01519104 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
    2015-03-03 22:18 - 2014-10-08 23:00 - 01484288 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
    2015-03-03 22:18 - 2014-10-08 23:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll
    2015-03-03 22:18 - 2014-10-08 22:59 - 01195520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
    2015-03-03 22:18 - 2014-10-08 22:59 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll
    2015-03-03 21:17 - 2015-01-09 01:43 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
    2015-03-03 21:17 - 2015-01-09 00:03 - 00601088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
    2015-03-03 21:17 - 2015-01-08 18:52 - 00478296 _____ () C:\Windows\SysWOW64\locale.nls
    2015-03-03 21:17 - 2015-01-08 18:52 - 00478296 _____ () C:\Windows\system32\locale.nls
    2015-03-03 20:56 - 2014-07-15 17:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
    2015-03-03 20:43 - 2015-01-15 06:44 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
    2015-03-03 20:43 - 2015-01-15 06:44 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
    2015-03-03 20:43 - 2015-01-15 06:43 - 01282560 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-03-03 20:43 - 2015-01-15 05:00 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
    2015-03-03 20:43 - 2015-01-15 05:00 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
    2015-03-03 20:43 - 2015-01-15 04:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-03-03 20:43 - 2015-01-15 04:09 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-03-03 20:43 - 2015-01-14 23:08 - 00568656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-03-03 20:43 - 2015-01-08 23:33 - 04061696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-03-03 20:41 - 2014-11-21 03:36 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-03-03 20:41 - 2014-11-21 02:17 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-03-03 20:40 - 2015-01-12 01:48 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-03-03 20:40 - 2015-01-12 00:06 - 14373376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-03-03 20:40 - 2014-11-21 03:36 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-03-03 20:39 - 2015-01-12 01:49 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-03-03 20:39 - 2015-01-12 01:49 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-03-03 20:39 - 2015-01-12 01:49 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
    2015-03-03 20:39 - 2015-01-12 01:48 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-03-03 20:39 - 2015-01-12 01:47 - 15403008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-03-03 20:39 - 2015-01-12 01:47 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-03-03 20:39 - 2015-01-12 01:47 - 02655744 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-03-03 20:39 - 2015-01-12 01:47 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-03-03 20:39 - 2015-01-12 00:06 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-03-03 20:39 - 2015-01-12 00:06 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-03-03 20:39 - 2015-01-12 00:06 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-03-03 20:39 - 2014-11-21 03:37 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
    2015-03-03 20:39 - 2014-11-21 03:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-03-03 20:39 - 2014-11-21 02:16 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-03-03 20:39 - 2014-11-21 02:00 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-03-03 20:39 - 2014-11-21 01:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-03-03 20:38 - 2015-01-12 01:49 - 01627648 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-03-03 20:38 - 2015-01-12 01:49 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-03-03 20:38 - 2015-01-12 01:47 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-03-03 20:38 - 2015-01-12 01:46 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-03-03 20:38 - 2015-01-12 00:07 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-03-03 20:38 - 2015-01-12 00:07 - 01338880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-03-03 20:38 - 2015-01-12 00:07 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-03-03 20:38 - 2015-01-12 00:07 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-03-03 20:38 - 2015-01-12 00:06 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-03-03 20:38 - 2015-01-12 00:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-03-03 20:38 - 2015-01-12 00:06 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-03-03 20:38 - 2015-01-11 23:16 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-03-03 20:38 - 2015-01-11 22:46 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-03-03 20:38 - 2014-12-08 01:48 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2015-03-03 20:38 - 2014-12-08 00:04 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
    2015-03-03 20:38 - 2014-11-21 03:38 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-03-03 20:38 - 2014-11-21 03:36 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-03-03 20:38 - 2014-11-21 03:36 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-03-03 20:38 - 2014-11-21 03:36 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-03-03 20:38 - 2014-11-21 03:36 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2015-03-03 20:38 - 2014-11-21 03:36 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-03-03 20:38 - 2014-11-21 02:17 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-03-03 20:38 - 2014-11-21 02:17 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
    2015-03-03 20:38 - 2014-11-21 02:16 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-03-03 20:38 - 2014-11-21 02:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-03-03 20:38 - 2014-11-21 02:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-03-03 20:38 - 2014-11-21 02:16 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2015-03-03 20:38 - 2014-11-21 02:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-03-03 20:38 - 2014-11-21 02:16 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-03-03 20:38 - 2014-11-20 23:30 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
    2015-03-03 20:37 - 2015-01-29 03:30 - 00593408 _____ (Microsoft Corporation) C:\Windows\system32\AutoUpdate.exe
    2015-03-03 20:37 - 2015-01-29 03:30 - 00467952 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
    2015-03-03 20:37 - 2015-01-29 03:30 - 00011056 _____ () C:\Windows\system32\AutoconfigV2.cab
    2015-03-03 20:37 - 2015-01-29 03:05 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
    2015-03-03 20:37 - 2015-01-29 03:05 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2015-03-03 20:37 - 2015-01-29 01:19 - 00568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
    2015-03-03 20:37 - 2015-01-29 01:19 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2015-03-03 20:37 - 2014-12-18 03:51 - 00096576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
    2015-03-03 20:37 - 2014-12-18 01:52 - 00889344 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
    2015-03-03 20:37 - 2014-12-18 01:51 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
    2015-03-03 20:37 - 2014-12-18 01:50 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
    2015-03-03 20:37 - 2014-12-18 01:20 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
    2015-03-03 20:37 - 2014-10-21 20:01 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
    2015-03-03 20:37 - 2014-10-21 20:00 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2015-03-03 20:36 - 2015-02-04 04:54 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-03-03 20:36 - 2015-02-04 04:52 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-03-03 20:36 - 2015-02-04 04:52 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-03-03 20:36 - 2015-02-04 04:52 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-03-03 20:36 - 2015-02-04 04:52 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-03-03 20:36 - 2015-02-02 18:18 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-03-03 20:36 - 2015-01-15 16:45 - 06973248 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-03-03 20:36 - 2014-12-08 18:14 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
    2015-03-03 20:36 - 2014-12-02 20:48 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-03-03 20:36 - 2014-11-26 01:43 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-03-03 20:36 - 2014-11-25 23:50 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2015-03-03 19:21 - 2014-07-15 18:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2015-03-03 19:21 - 2014-07-11 21:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2015-03-03 19:20 - 2014-08-09 03:30 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
    2015-03-03 19:20 - 2014-08-09 03:29 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
    2015-03-03 19:17 - 2014-11-05 01:40 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
    2015-03-03 19:17 - 2014-11-05 01:39 - 01024512 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
    2015-03-03 19:17 - 2014-11-01 01:28 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
    2015-03-03 19:17 - 2014-10-29 09:21 - 00499008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
    2015-03-03 19:17 - 2014-08-28 01:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
    2015-03-03 19:16 - 2014-11-15 01:06 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-03-03 19:16 - 2014-11-15 00:13 - 03286016 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-03-03 19:16 - 2014-11-15 00:13 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-03-03 19:16 - 2014-11-15 00:13 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-03-03 19:16 - 2014-11-15 00:13 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
    2015-03-03 19:16 - 2014-11-15 00:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-03-03 19:16 - 2014-11-15 00:13 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-03-03 19:16 - 2014-11-15 00:13 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-03-03 19:16 - 2014-11-15 00:12 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
    2015-03-03 19:16 - 2014-11-14 22:54 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-03-03 19:16 - 2014-11-14 22:53 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-03-03 19:16 - 2014-11-14 22:53 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-03-03 19:16 - 2014-11-14 22:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-03-03 19:15 - 2014-10-11 02:44 - 19764736 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-03-03 19:15 - 2014-10-11 00:57 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2015-03-03 19:15 - 2014-10-08 22:59 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
    2015-03-03 19:15 - 2014-10-08 22:59 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
    2015-03-03 19:15 - 2014-10-08 22:58 - 00458240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
    2015-03-03 19:15 - 2014-09-22 00:38 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
    2015-03-03 19:15 - 2014-09-21 22:56 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
    2015-03-03 19:15 - 2014-07-23 22:33 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
    2015-03-03 19:15 - 2014-07-23 22:33 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
    2015-03-03 19:14 - 2014-06-04 20:12 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
    2015-03-03 19:14 - 2014-06-03 18:12 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
    2015-03-03 19:13 - 2014-09-13 01:24 - 02233152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2015-03-03 19:13 - 2014-09-02 21:48 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2015-03-03 19:13 - 2014-09-02 21:22 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2015-03-03 19:13 - 2014-08-28 23:17 - 02043392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
    2015-03-03 19:13 - 2014-08-28 23:17 - 00227328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
    2015-03-03 19:13 - 2014-08-28 23:04 - 02837504 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
    2015-03-03 19:13 - 2014-08-28 23:04 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
    2015-03-03 19:13 - 2014-08-28 01:04 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSCOMEX.dll
    2015-03-03 19:13 - 2014-08-28 01:04 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
    2015-03-03 19:13 - 2014-08-28 00:59 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\FXSTIFF.dll
    2015-03-03 19:13 - 2014-08-28 00:59 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\FXST30.dll
    2015-03-03 19:12 - 2014-12-19 01:48 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-03-03 19:12 - 2014-12-06 02:52 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
    2015-03-03 19:12 - 2014-12-06 02:52 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-03-03 19:12 - 2014-12-06 02:52 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
    2015-03-03 19:12 - 2014-12-06 01:09 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-03-03 19:12 - 2014-08-28 00:59 - 00616448 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
    2015-03-03 19:12 - 2014-08-28 00:59 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
    2015-03-03 19:12 - 2014-07-24 08:12 - 00328512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
    2015-03-03 19:12 - 2014-06-12 20:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2015-03-03 19:12 - 2014-06-12 20:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
    2015-03-03 19:12 - 2014-03-24 18:42 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
    2015-03-03 19:12 - 2014-03-24 17:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
    2015-03-03 19:11 - 2014-07-07 00:53 - 01125376 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
    2015-03-03 19:11 - 2014-07-07 00:52 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2015-03-03 19:11 - 2014-07-07 00:52 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
    2015-03-03 19:11 - 2014-07-07 00:51 - 05982208 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2015-03-03 19:11 - 2014-07-06 23:01 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2015-03-03 19:11 - 2014-07-06 23:01 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
    2015-03-03 19:11 - 2014-07-06 23:00 - 05095424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2015-03-03 19:11 - 2014-07-06 22:59 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2015-03-03 19:11 - 2014-06-17 18:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
    2015-03-03 19:11 - 2014-06-17 18:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
    2015-03-03 19:10 - 2014-07-31 18:40 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
    2015-03-03 19:10 - 2014-06-02 17:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
    2015-03-03 19:08 - 2014-10-11 00:57 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
    2015-03-03 19:08 - 2014-10-11 00:56 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2015-03-03 19:07 - 2014-10-11 02:45 - 10115072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
    2015-03-03 19:07 - 2014-10-11 02:44 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2015-03-03 19:07 - 2014-10-11 02:44 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2015-03-03 19:07 - 2014-10-11 02:43 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2015-03-03 19:07 - 2014-10-11 00:58 - 08858624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
    2015-03-03 19:07 - 2014-10-11 00:57 - 02416640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2015-03-03 19:06 - 2014-12-11 01:51 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-03-03 19:06 - 2014-09-22 00:53 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
    2015-03-03 19:06 - 2014-08-26 17:08 - 00270024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
    2015-03-03 19:05 - 2014-09-02 21:48 - 00510464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
    2015-03-03 19:05 - 2014-09-02 21:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
    2015-03-03 18:54 - 2015-03-04 17:00 - 00115528 _____ () C:\Windows\PFRO.log
    2015-03-03 18:35 - 2014-12-06 02:53 - 00458240 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
    2015-03-03 18:35 - 2014-12-06 02:53 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
    2015-03-03 18:35 - 2014-12-06 02:51 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
    2015-03-03 18:35 - 2014-12-06 02:51 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2015-03-03 18:35 - 2014-12-06 02:50 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2015-03-03 18:35 - 2014-12-06 01:10 - 00355840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
    2015-03-03 18:35 - 2014-12-06 01:10 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
    2015-03-03 18:35 - 2014-12-06 01:09 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
    2015-03-03 18:35 - 2014-10-02 20:21 - 00522728 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2015-03-03 18:35 - 2014-10-02 17:29 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
    2015-03-03 18:33 - 2014-12-18 23:35 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-03-03 18:24 - 2014-04-29 17:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
    2015-03-03 18:24 - 2014-04-29 17:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
    2015-03-03 18:23 - 2014-10-11 02:44 - 03248640 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2015-03-03 18:23 - 2014-10-11 00:41 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-03-03 18:23 - 2014-10-11 00:05 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-03-03 18:23 - 2014-09-24 18:29 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-03-03 18:23 - 2014-09-24 18:29 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
    2015-03-03 18:23 - 2014-09-24 18:01 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-03-03 18:23 - 2014-09-24 18:01 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
    2015-03-03 18:23 - 2014-05-02 22:34 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2015-03-03 18:22 - 2014-07-24 08:50 - 00447296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
    2015-03-03 18:22 - 2014-07-16 17:59 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
    2015-03-03 18:22 - 2014-07-12 01:45 - 01549824 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
    2015-03-03 18:22 - 2014-07-11 23:36 - 00674304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2015-03-03 18:22 - 2014-07-11 23:36 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2015-03-03 18:22 - 2014-07-11 23:34 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2015-03-03 18:22 - 2014-07-11 23:34 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2015-03-03 18:22 - 2014-06-28 01:57 - 01341952 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
    2015-03-03 18:22 - 2014-06-27 21:23 - 01126400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
    2015-03-03 18:22 - 2014-05-29 17:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2015-03-03 18:21 - 2014-07-16 18:28 - 00027648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
    2015-03-03 18:21 - 2014-07-16 17:59 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
    2015-03-03 18:21 - 2014-06-12 18:34 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
    2015-03-03 18:21 - 2014-06-12 18:29 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
    2015-03-03 18:21 - 2014-06-05 12:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2015-03-03 18:20 - 2014-11-08 06:22 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
    2015-03-03 18:20 - 2014-11-08 06:21 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-03-03 18:20 - 2014-11-08 01:57 - 00187904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
    2015-03-03 18:20 - 2014-11-08 01:56 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-03-03 18:20 - 2014-10-23 07:47 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2015-03-03 18:20 - 2014-10-23 06:04 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2015-03-03 18:20 - 2014-10-11 03:35 - 00171840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-03-03 18:20 - 2014-08-21 18:56 - 01418752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2015-03-03 18:20 - 2014-08-21 18:27 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2015-03-03 18:20 - 2014-06-19 18:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2015-03-03 18:20 - 2014-06-19 17:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2015-03-03 18:20 - 2014-06-06 09:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2015-03-03 18:20 - 2014-06-06 05:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2015-03-03 18:20 - 2014-05-29 18:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
    2015-03-03 18:19 - 2014-10-30 02:20 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-03-03 18:19 - 2014-10-30 00:22 - 01569792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2015-03-03 17:19 - 2014-05-28 23:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2015-03-03 17:07 - 2015-03-04 16:44 - 00000000 ____D () C:\Users\chopper\Desktop\Anti Spyware
    2015-03-03 17:05 - 2015-03-03 17:06 - 00000000 ____D () C:\Program Files\CCleaner
    2015-03-03 17:05 - 2015-03-03 17:05 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
    2015-03-03 17:05 - 2015-03-03 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2015-03-03 16:53 - 2015-03-05 05:28 - 00000000 ____D () C:\AdwCleaner
    2015-03-03 16:38 - 2015-03-03 16:38 - 00000000 ____D () C:\ProgramData\2355320829
    2015-03-03 16:34 - 2015-03-03 16:34 - 00001767 _____ () C:\ProgramData\tempimage.bmp
    2015-03-03 16:28 - 2015-03-03 16:28 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
    2015-03-03 16:28 - 2015-03-03 16:28 - 00000000 ____D () C:\Users\chopper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It
    2015-03-03 16:28 - 2015-03-03 16:28 - 00000000 ____D () C:\Program Files (x86)\Reason
    2015-02-27 13:38 - 2015-03-06 19:50 - 00000310 _____ () C:\Windows\Tasks\Taplika.job
    2015-02-27 13:38 - 2015-02-27 13:39 - 00000000 ____D () C:\Users\chopper\AppData\Local\918970
    2015-02-27 13:38 - 2015-02-27 13:38 - 00002648 _____ () C:\Windows\System32\Tasks\Taplika

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-06 20:07 - 2013-07-25 23:34 - 01534129 _____ () C:\Windows\WindowsUpdate.log
    2015-03-06 20:00 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru
    2015-03-06 19:56 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-03-06 19:54 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
    2015-03-06 19:51 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\WinStore
    2015-03-06 19:50 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AppCompat
    2015-03-06 19:27 - 2013-08-08 03:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-03-06 13:26 - 2012-07-26 02:59 - 00000000 ____D () C:\Windows\CbsTemp
    2015-03-04 17:35 - 2013-07-25 23:45 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1548246300-823100809-1641666167-1002
    2015-03-04 16:25 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent
    2015-03-04 04:13 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\rescache
    2015-03-04 03:51 - 2012-07-26 02:28 - 00006428 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-03-04 03:41 - 2012-07-26 03:12 - 00000000 ___RD () C:\Windows\ToastData
    2015-03-04 03:41 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-03-04 03:41 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-03-04 03:40 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-03-04 03:40 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-03-04 03:40 - 2012-07-26 03:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-03-04 03:40 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Windows Defender
    2015-03-04 03:40 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
    2015-03-04 03:40 - 2012-07-26 02:52 - 00000000 ____D () C:\Program Files\Windows Journal
    2015-03-03 21:13 - 2013-09-07 22:33 - 00000000 ____D () C:\Windows\system32\MRT
    2015-03-03 20:11 - 2015-01-26 20:12 - 00000000 ____D () C:\Program Files (x86)\Facebook for Chrome Plus
    2015-03-03 19:25 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
    2015-03-03 18:52 - 2013-04-24 18:25 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
    2015-03-03 18:52 - 2013-04-24 18:23 - 00000000 ____D () C:\ProgramData\Norton
    2015-03-03 18:15 - 2012-08-03 18:21 - 00000000 ____D () C:\Windows\Panther
    2015-03-03 17:48 - 2015-01-10 19:14 - 00000000 ____D () C:\Users\chopper\AppData\Local\Google
    2015-03-03 16:51 - 2015-01-04 16:43 - 00006272 _____ () C:\Windows\SysWOW64\ColorMedia.ini
    2015-03-03 16:25 - 2014-10-04 16:59 - 00000000 ____D () C:\Users\chopper\Desktop\New folder 1
    2015-02-27 13:40 - 2012-07-26 00:26 - 00000194 _____ () C:\Windows\win.ini
    2015-02-27 13:38 - 2013-08-06 23:48 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-02-09 17:04 - 2013-08-06 23:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-02-05 16:08 - 2015-01-23 23:03 - 00000000 ____D () C:\Users\chopper\AppData\Local\Popcorn-Time
    2015-02-05 15:21 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
    2015-02-05 15:21 - 2012-07-26 00:38 - 00000000 ____D () C:\Windows\system32\Sysprep
    2015-02-05 15:20 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\registration
    2015-02-05 14:27 - 2013-08-08 03:04 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

    ==================== Files in the root of some directories =======

    2015-01-04 16:43 - 2015-01-04 16:43 - 1549288 _____ (Enter) C:\Users\chopper\AppData\Roaming\KII.exe
    2013-08-26 20:36 - 2013-08-26 20:36 - 0000268 ___RH () C:\Users\chopper\AppData\Roaming\Planets
    2013-08-26 20:38 - 2013-08-26 20:38 - 0000268 ___RH () C:\Users\chopper\AppData\Roaming\Plants
    2013-08-26 20:36 - 2013-08-26 20:36 - 0000268 ___RH () C:\Users\chopper\AppData\Roaming\Plug-In Settings
    2013-08-26 20:29 - 2013-08-26 20:33 - 0000268 ___RH () C:\Users\chopper\AppData\Roaming\Profiles
    2015-01-04 16:43 - 2015-01-04 16:43 - 2047464 _____ (Enter) C:\Users\chopper\AppData\Roaming\YKHICJXT.exe
    2013-08-26 20:29 - 2013-08-26 20:35 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT
    2013-08-26 20:38 - 2013-10-25 17:15 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
    2013-08-26 20:36 - 2013-10-25 17:14 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
    2013-08-26 20:36 - 2013-08-26 20:36 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
    2013-08-26 20:36 - 2013-08-26 20:36 - 0000268 ___RH () C:\ProgramData\Plugins
    2013-08-26 20:38 - 2013-08-26 20:38 - 0000268 ___RH () C:\ProgramData\Podcasting
    2013-08-26 20:36 - 2013-08-26 20:36 - 0000268 ___RH () C:\ProgramData\Pop Flute
    2013-08-26 20:29 - 2013-08-26 20:36 - 0000012 ___RH () C:\ProgramData\Receipts
    2013-08-26 20:38 - 2013-08-26 20:38 - 0000012 ___RH () C:\ProgramData\Resources
    2013-08-26 20:36 - 2013-08-26 20:36 - 0000012 ___RH () C:\ProgramData\Robot
    2013-08-26 20:29 - 2013-08-26 20:33 - 0000012 ___RH () C:\ProgramData\Speech Enhancer
    2015-03-03 16:34 - 2015-03-03 16:34 - 0001767 _____ () C:\ProgramData\tempimage.bmp

    Some content of TEMP:
    ====================
    C:\Users\chopper\AppData\Local\Temp\mpam-96e1ff41.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-03-06 13:30

    ==================== End Of Log ============================


    AND THE ADDITION

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015 01
    Ran by chopper at 2015-03-06 20:23:16
    Running from C:\Users\chopper\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
    AMD Catalyst Install Manager (HKLM\...\{CB4C08E3-800F-65F6-9C00-06814A6B7CE7}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
    ArcSoft Panorama Maker 6 (HKLM-x32\...\{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}) (Version: 6.0.8.85 - ArcSoft)
    Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
    Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.6326 - CyberLink Corp.)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
    CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: - Steinberg Media Technologies GmbH)
    Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
    Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
    FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Flash Movie Player 1.5 (HKLM-x32\...\Flash Movie Player) (Version: 1.5 - Eolsoft)
    FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
    HP Documentation (HKLM-x32\...\{AE986BF5-B6E3-4F8D-B412-A3DD90DF5146}) (Version: 1.1.1.0 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
    HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
    HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company)
    HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
    HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
    HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
    Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
    Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.8.0 - Nikon)
    Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.13 - Nikon)
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6937 - Realtek Semiconductor Corp.)
    Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.29053 - Realtek Semiconductor Corp.)
    Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Should I Remove It (HKU\S-1-5-21-1548246300-823100809-1641666167-1002\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
    Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
    Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Unchecky v0.3.6 (HKLM-x32\...\Unchecky) (Version: 0.3.6 - RaMMicHaeL)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Vacation Quest&#8482; - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
    ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.8.0 - Nikon)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
    WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    03-03-2015 16:27:27 Installed Should I Remove It

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2012-07-26 00:26 - 2015-03-06 19:56 - 00001993 ____A C:\Windows\system32\Drivers\etc\hosts
    0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
    0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
    0.0.0.0 media.opencandy.com
    0.0.0.0 cdn.opencandy.com
    0.0.0.0 tracking.opencandy.com
    0.0.0.0 api.opencandy.com
    0.0.0.0 installer.betterinstaller.com
    0.0.0.0 installer.filebulldog.com
    0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
    0.0.0.0 inno.bisrv.com
    0.0.0.0 nsis.bisrv.com
    0.0.0.0 cdn.file2desktop.com
    0.0.0.0 cdn.goateastcach.us
    0.0.0.0 cdn.guttastatdk.us
    0.0.0.0 cdn.inskinmedia.com
    0.0.0.0 cdn.insta.oibundles2.com
    0.0.0.0 cdn.insta.playbryte.com
    0.0.0.0 cdn.llogetfastcach.us
    0.0.0.0 cdn.montiera.com
    0.0.0.0 cdn.msdwnld.com
    0.0.0.0 cdn.mypcbackup.com
    0.0.0.0 cdn.ppdownload.com
    0.0.0.0 cdn.riceateastcach.us
    0.0.0.0 cdn.shyapotato.us
    0.0.0.0 cdn.solimba.com
    0.0.0.0 cdn.tuto4pc.com
    0.0.0.0 cdn.appround.biz
    0.0.0.0 cdn.bigspeedpro.com
    0.0.0.0 cdn.bispd.com

    There are 4 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {1013121D-6823-4A20-A05C-56EF48AE90C8} - System32\Tasks\YBROUF => C:\ProgramData\f89677c6198548a19325bf559bebffc5\f89677c6198548a19325bf559bebffc5.exe
    Task: {14A90B34-79F7-4425-AA27-42614C5D6B33} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {18CFE147-1DBA-4A7D-846C-067F18D038BB} - System32\Tasks\BBQLeads => C:\Program Files (x86)\bbqleads\ScheduledTask.exe
    Task: {19699A45-37FA-40ED-86AF-EEB8DB2CA9DA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
    Task: {27DC98DE-34F5-42F8-9449-DBE4988F26D2} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\SymErr.exe
    Task: {5F748192-6316-47C6-94CA-6463ECC9032F} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
    Task: {642530C4-C7DE-4EC6-9266-15F55305EBBF} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2013-10-12] (Realtek Semiconductor)
    Task: {70B7E759-A3CC-4C30-8F4E-4EF61A41A913} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
    Task: {8DED3BAD-1BC4-4FEA-B39E-0F258D9206E9} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-16] (Synaptics Incorporated)
    Task: {8E3B484B-8AA8-4AF6-B188-5761750EC597} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\WSCStub.exe
    Task: {9D9DD7F2-6495-4E90-B3C1-32F3C121BFF0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
    Task: {AE62B520-3955-4C41-A7DF-0076B1633F82} - System32\Tasks\Taplika => C:\Users\chopper\AppData\Roaming\Taplika\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: {C00D48F2-B5BB-4746-9225-4980BBBF8F98} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
    Task: {CFCF0749-54F3-4B06-B015-6B2F0FDF3733} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
    Task: {CFFA42F2-FA95-46DB-81E5-027DE82159D5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {D7F5B190-D836-462E-A458-F41FF41A863A} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\SymErr.exe
    Task: {D8325E17-66FD-4547-9D46-0242B65B4FA5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {DD09E6E5-9C40-4387-AA57-194999F77049} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-29] (Microsoft Corporation)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\Taplika.job => C:\Users\chopper\AppData\Roaming\Taplika\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

    ==================== Loaded Modules (whitelisted) ==============

    2012-08-06 14:09 - 2012-08-06 14:09 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2012-08-06 14:08 - 2012-08-06 14:08 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
    2014-12-28 02:47 - 2014-12-28 02:47 - 00101888 _____ () C:\Program Files (x86)\Ninja Loader\Modules\Core.dll
    2014-12-28 02:47 - 2014-12-28 02:47 - 00039424 _____ () C:\Program Files (x86)\Ninja Loader\Modules\BdUdr.dll
    2014-12-28 02:47 - 2014-12-28 02:47 - 00036352 _____ () C:\Program Files (x86)\Ninja Loader\Modules\WInIn.dll
    2015-01-26 19:28 - 2015-01-26 19:28 - 00058880 _____ () C:\Program Files (x86)\Unchecky\bin\collector.dll
    2014-12-28 02:46 - 2014-12-28 02:46 - 00030720 _____ () C:\Program Files (x86)\Ninja Loader\Modules\ArSp.dll
    2014-12-28 02:46 - 2014-12-28 02:46 - 00092160 _____ () C:\Program Files (x86)\Ninja Loader\Modules\BrSp.dll
    2014-12-28 02:47 - 2014-12-28 02:47 - 00070656 _____ () C:\Program Files (x86)\Ninja Loader\Modules\CdPrc.dll
    2014-12-28 02:47 - 2014-12-28 02:47 - 00051200 _____ () C:\Program Files (x86)\Ninja Loader\Modules\WbSt.dll
    2014-12-28 02:47 - 2014-12-28 02:47 - 00050176 _____ () C:\Program Files (x86)\Ninja Loader\Modules\WdCtl.dll
    2013-10-12 12:59 - 2013-01-27 09:13 - 00806664 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
    2013-10-12 12:58 - 2012-09-25 03:32 - 01320048 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\ENU\P2GRC.dll
    2013-10-12 12:58 - 2013-01-27 09:13 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll
    2013-10-12 12:58 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
    2015-02-02 19:03 - 2015-02-02 19:04 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CMWFP => ""="Driver" <==== ATTENTION

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1548246300-823100809-1641666167-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\chopper\Desktop\WGI_0018.JPG
    DNS Servers: 192.168.2.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1548246300-823100809-1641666167-500 - Administrator - Disabled)
    chopper (S-1-5-21-1548246300-823100809-1641666167-1002 - Administrator - Enabled) => C:\Users\chopper
    Guest (S-1-5-21-1548246300-823100809-1641666167-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1548246300-823100809-1641666167-1004 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/06/2015 08:24:32 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: DlwleOlwJjz.exe, version: 1.0.0.0, time stamp: 0x547ebdbb
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc00000fd
    Fault offset: 0x777af9dd
    Faulting process id: 0xfa8
    Faulting application start time: 0xDlwleOlwJjz.exe0
    Faulting application path: DlwleOlwJjz.exe1
    Faulting module path: DlwleOlwJjz.exe2
    Report Id: DlwleOlwJjz.exe3
    Faulting package full name: DlwleOlwJjz.exe4
    Faulting package-relative application ID: DlwleOlwJjz.exe5

    Error: (03/06/2015 08:23:12 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: DlwleOlwJjz.exe, version: 1.0.0.0, time stamp: 0x547ebdbb
    Faulting module name: KERNELBASE.dll, version: 6.2.9200.16864, time stamp: 0x531d2be6
    Exception code: 0xc06d007e
    Fault offset: 0x00010f22
    Faulting process id: 0xfa8
    Faulting application start time: 0xDlwleOlwJjz.exe0
    Faulting application path: DlwleOlwJjz.exe1
    Faulting module path: DlwleOlwJjz.exe2
    Report Id: DlwleOlwJjz.exe3
    Faulting package full name: DlwleOlwJjz.exe4
    Faulting package-relative application ID: DlwleOlwJjz.exe5

    Error: (03/06/2015 08:16:19 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: DlwleOlwJjz.exe, version: 1.0.0.0, time stamp: 0x547ebdbb
    Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
    Exception code: 0xc0000005
    Fault offset: 0x00043542
    Faulting process id: 0x3c
    Faulting application start time: 0xDlwleOlwJjz.exe0
    Faulting application path: DlwleOlwJjz.exe1
    Faulting module path: DlwleOlwJjz.exe2
    Report Id: DlwleOlwJjz.exe3
    Faulting package full name: DlwleOlwJjz.exe4
    Faulting package-relative application ID: DlwleOlwJjz.exe5

    Error: (03/06/2015 08:15:00 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: DlwleOlwJjz.exe, version: 1.0.0.0, time stamp: 0x547ebdbb
    Faulting module name: KERNELBASE.dll, version: 6.2.9200.16864, time stamp: 0x531d2be6
    Exception code: 0xc06d007e
    Fault offset: 0x00010f22
    Faulting process id: 0x3c
    Faulting application start time: 0xDlwleOlwJjz.exe0
    Faulting application path: DlwleOlwJjz.exe1
    Faulting module path: DlwleOlwJjz.exe2
    Report Id: DlwleOlwJjz.exe3
    Faulting package full name: DlwleOlwJjz.exe4
    Faulting package-relative application ID: DlwleOlwJjz.exe5

    Error: (03/06/2015 08:05:48 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: DlwleOlwJjz.exe, version: 1.0.0.0, time stamp: 0x547ebdbb
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc00000fd
    Fault offset: 0x777af9a4
    Faulting process id: 0xa30
    Faulting application start time: 0xDlwleOlwJjz.exe0
    Faulting application path: DlwleOlwJjz.exe1
    Faulting module path: DlwleOlwJjz.exe2
    Report Id: DlwleOlwJjz.exe3
    Faulting package full name: DlwleOlwJjz.exe4
    Faulting package-relative application ID: DlwleOlwJjz.exe5

    Error: (03/06/2015 08:05:46 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: DlwleOlwJjz.exe, version: 1.0.0.0, time stamp: 0x547ebdbb
    Faulting module name: KERNELBASE.dll, version: 6.2.9200.16864, time stamp: 0x531d2be6
    Exception code: 0xc06d007e
    Fault offset: 0x00010f22
    Faulting process id: 0xa30
    Faulting application start time: 0xDlwleOlwJjz.exe0
    Faulting application path: DlwleOlwJjz.exe1
    Faulting module path: DlwleOlwJjz.exe2
    Report Id: DlwleOlwJjz.exe3
    Faulting package full name: DlwleOlwJjz.exe4
    Faulting package-relative application ID: DlwleOlwJjz.exe5

    Error: (03/06/2015 07:58:51 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: DlwleOlwJjz.exe, version: 1.0.0.0, time stamp: 0x547ebdbb
    Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
    Exception code: 0xc0000005
    Fault offset: 0x00043542
    Faulting process id: 0x5a4
    Faulting application start time: 0xDlwleOlwJjz.exe0
    Faulting application path: DlwleOlwJjz.exe1
    Faulting module path: DlwleOlwJjz.exe2
    Report Id: DlwleOlwJjz.exe3
    Faulting package full name: DlwleOlwJjz.exe4
    Faulting package-relative application ID: DlwleOlwJjz.exe5

    Error: (03/06/2015 07:58:40 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: DlwleOlwJjz.exe, version: 1.0.0.0, time stamp: 0x547ebdbb
    Faulting module name: KERNELBASE.dll, version: 6.2.9200.16864, time stamp: 0x531d2be6
    Exception code: 0xc06d007e
    Fault offset: 0x00010f22
    Faulting process id: 0x5a4
    Faulting application start time: 0xDlwleOlwJjz.exe0
    Faulting application path: DlwleOlwJjz.exe1
    Faulting module path: DlwleOlwJjz.exe2
    Report Id: DlwleOlwJjz.exe3
    Faulting package full name: DlwleOlwJjz.exe4
    Faulting package-relative application ID: DlwleOlwJjz.exe5

    Error: (03/06/2015 07:41:40 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: aCBFRSiA.exe, version: 1.0.0.0, time stamp: 0x547ebdbb
    Faulting module name: ntdll.dll, version: 6.2.9200.16912, time stamp: 0x53645e25
    Exception code: 0xc0000005
    Fault offset: 0x000435f2
    Faulting process id: 0x1258
    Faulting application start time: 0xaCBFRSiA.exe0
    Faulting application path: aCBFRSiA.exe1
    Faulting module path: aCBFRSiA.exe2
    Report Id: aCBFRSiA.exe3
    Faulting package full name: aCBFRSiA.exe4
    Faulting package-relative application ID: aCBFRSiA.exe5

    Error: (03/06/2015 07:41:39 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: aCBFRSiA.exe, version: 1.0.0.0, time stamp: 0x547ebdbb
    Faulting module name: KERNELBASE.dll, version: 6.2.9200.16864, time stamp: 0x531d2be6
    Exception code: 0xc06d007e
    Fault offset: 0x00010f22
    Faulting process id: 0x1258
    Faulting application start time: 0xaCBFRSiA.exe0
    Faulting application path: aCBFRSiA.exe1
    Faulting module path: aCBFRSiA.exe2
    Report Id: aCBFRSiA.exe3
    Faulting package full name: aCBFRSiA.exe4
    Faulting package-relative application ID: aCBFRSiA.exe5


    System errors:
    =============
    Error: (03/06/2015 07:54:43 PM) (Source: HTTP) (EventID: 15016) (User: )
    Description: \Device\Http\ReqQueueBasic

    Error: (03/06/2015 07:54:43 PM) (Source: HTTP) (EventID: 15016) (User: )
    Description: \Device\Http\ReqQueueNegotiate

    Error: (03/06/2015 07:54:43 PM) (Source: HTTP) (EventID: 15016) (User: )
    Description: \Device\Http\ReqQueueNTLM

    Error: (03/06/2015 07:54:43 PM) (Source: HTTP) (EventID: 15016) (User: )
    Description: \Device\Http\ReqQueueWDigest

    Error: (03/06/2015 07:49:55 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 7:25:14 PM on &#8206;3/&#8206;6/&#8206;2015 was unexpected.

    Error: (03/06/2015 02:48:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x800f0831: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2966827).

    Error: (03/05/2015 06:22:03 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2966827).

    Error: (03/04/2015 04:59:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (03/04/2015 04:59:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (03/04/2015 04:59:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Lrstnb service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


    Microsoft Office Sessions:
    =========================
    Error: (03/06/2015 08:24:32 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: DlwleOlwJjz.exe1.0.0.0547ebdbbunknown0.0.0.000000000c00000fd777af9ddfa801d0587546fe7d50C:\ProgramData\UnTEMEcF\dat\DlwleOlwJjz.exeunknownb49f43ad-c468-11e4-806f-2c59e5a45731

    Error: (03/06/2015 08:23:12 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: DlwleOlwJjz.exe1.0.0.0547ebdbbKERNELBASE.dll6.2.9200.16864531d2be6c06d007e00010f22fa801d0587546fe7d50C:\ProgramData\UnTEMEcF\dat\DlwleOlwJjz.exeC:\Windows\SYSTEM32\KERNELBASE.dll84e67523-c468-11e4-806f-2c59e5a45731

    Error: (03/06/2015 08:16:19 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: DlwleOlwJjz.exe1.0.0.0547ebdbbntdll.dll6.2.9200.1704653b485c4c0000005000435423c01d05874216c47d1C:\ProgramData\UnTEMEcF\dat\DlwleOlwJjz.exeC:\Windows\SYSTEM32\ntdll.dll8ed46d46-c467-11e4-806f-2c59e5a45731

    Error: (03/06/2015 08:15:00 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: DlwleOlwJjz.exe1.0.0.0547ebdbbKERNELBASE.dll6.2.9200.16864531d2be6c06d007e00010f223c01d05874216c47d1C:\ProgramData\UnTEMEcF\dat\DlwleOlwJjz.exeC:\Windows\SYSTEM32\KERNELBASE.dll5f7caf66-c467-11e4-806f-2c59e5a45731

    Error: (03/06/2015 08:05:48 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: DlwleOlwJjz.exe1.0.0.0547ebdbbunknown0.0.0.000000000c00000fd777af9a4a3001d05872d7aaf767C:\ProgramData\UnTEMEcF\dat\DlwleOlwJjz.exeunknown1698a7af-c466-11e4-806f-2c59e5a45731

    Error: (03/06/2015 08:05:46 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: DlwleOlwJjz.exe1.0.0.0547ebdbbKERNELBASE.dll6.2.9200.16864531d2be6c06d007e00010f22a3001d05872d7aaf767C:\ProgramData\UnTEMEcF\dat\DlwleOlwJjz.exeC:\Windows\SYSTEM32\KERNELBASE.dll158dbf18-c466-11e4-806f-2c59e5a45731

    Error: (03/06/2015 07:58:51 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: DlwleOlwJjz.exe1.0.0.0547ebdbbntdll.dll6.2.9200.1704653b485c4c0000005000435425a401d05871d8a9ee44C:\ProgramData\UnTEMEcF\dat\DlwleOlwJjz.exeC:\Windows\SYSTEM32\ntdll.dll1e39c64b-c465-11e4-806f-2cd05aead3ff

    Error: (03/06/2015 07:58:40 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: DlwleOlwJjz.exe1.0.0.0547ebdbbKERNELBASE.dll6.2.9200.16864531d2be6c06d007e00010f225a401d05871d8a9ee44C:\ProgramData\UnTEMEcF\dat\DlwleOlwJjz.exeC:\Windows\SYSTEM32\KERNELBASE.dll175c53ba-c465-11e4-806f-2cd05aead3ff

    Error: (03/06/2015 07:41:40 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: aCBFRSiA.exe1.0.0.0547ebdbbntdll.dll6.2.9200.1691253645e25c0000005000435f2125801d0586f79222a34C:\ProgramData\UnTEMEcF\dat\aCBFRSiA.exeC:\Windows\SYSTEM32\ntdll.dllb7624aec-c462-11e4-806d-2cd05aead3ff

    Error: (03/06/2015 07:41:39 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: aCBFRSiA.exe1.0.0.0547ebdbbKERNELBASE.dll6.2.9200.16864531d2be6c06d007e00010f22125801d0586f79222a34C:\ProgramData\UnTEMEcF\dat\aCBFRSiA.exeC:\Windows\SYSTEM32\KERNELBASE.dllb6eb45af-c462-11e4-806d-2cd05aead3ff


    CodeIntegrity Errors:
    ===================================
    Date: 2014-03-15 12:55:29.038
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-03-10 12:58:18.442
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-02-04 19:44:52.668
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-01-18 12:16:44.339
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-01-18 12:13:51.481
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-01-15 08:41:10.758
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-01-13 11:03:41.134
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-01-09 12:21:01.351
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-01-09 09:15:03.725
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-01-08 17:49:55.600
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: AMD E-300 APU with Radeon(tm) HD Graphics
    Percentage of memory in use: 69%
    Total physical RAM: 3682.26 MB
    Available physical RAM: 1116.48 MB
    Total Pagefile: 4322.26 MB
    Available Pagefile: 1474.11 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.78 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:441.6 GB) (Free:369.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (RECOVERY) (Fixed) (Total:23.39 GB) (Free:2.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive e: (Mar 03 2015) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 1E1F4777)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  6. Kevier

    Kevier Thread Starter

    Joined:
    May 7, 2014
    Messages:
    240
    bump
     
  7. Kevier

    Kevier Thread Starter

    Joined:
    May 7, 2014
    Messages:
    240
    bump
     
  8. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Hi Kevier, sorry you have been waiting for so long.

    There are a few items that need to be looked at, but nothing nasty showing in the logs.

    Please do another run with Adwcleaner and post the new log produced.

    There are a couple of files in the logs that I cannot identify so we need to find their location in order to check them out as possible infections, follow the instructions below and post back the result.

    Before you proceed any further I would highly recommend that you make back ups of all the important data on the system, this would include personal files, photo's, video's, etc.



    Please download SystemLook from the following link below and save it to your Desktop.



    • Double-click SystemLook.exe to run it.
    • Vista/Windows 7 users right-click and select Run As Administrator.
    • Copy and paste everything in the codebox below into the main textfield:

    Code:
    :filefind
    aCBFRSiA.exe
    DlwleOlwJjz.exe
    
    • Click the Look button to start the scan.
    • When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
    • Please copy and paste the contents of that log in your next reply.
     
  9. Kevier

    Kevier Thread Starter

    Joined:
    May 7, 2014
    Messages:
    240
    thank you for your quick reply

    working on that right now and every time i get on the internet with her computer i get unconfirmed crdownload's (each numbered) in my downloads folder any clue
     
  10. Kevier

    Kevier Thread Starter

    Joined:
    May 7, 2014
    Messages:
    240
    # AdwCleaner v4.112 - Logfile created 10/03/2015 at 10:59:35
    # Updated 09/03/2015 by Xplode
    # Database : 2015-03-05.1 [Server]
    # Operating system[​IMG] : Windows 8 (x64)
    # Username : chopper - KATHY
    # Running from : C:\Users\chopper\Desktop\Anti Spyware[​IMG]\adwcleaner_4.112.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Users\chopper\AppData\Local\TVWizard

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Web browsers ] *****

    -\\ Internet Explorer v10.0.9200.17183


    -\\ Mozilla Firefox v35.0.1 (x86 en-US)


    *************************

    AdwCleaner[R0].txt - [16122 bytes] - [03/03/2015 17:53:59]
    AdwCleaner[R1].txt - [2639 bytes] - [04/03/2015 17:45:08]
    AdwCleaner[R2].txt - [3017 bytes] - [04/03/2015 17:51:19]
    AdwCleaner[R3].txt - [1097 bytes] - [05/03/2015 06:13:29]
    AdwCleaner[R4].txt - [1159 bytes] - [05/03/2015 06:25:03]
    AdwCleaner[R5].txt - [1275 bytes] - [10/03/2015 10:50:22]
    AdwCleaner[S0].txt - [15221 bytes] - [03/03/2015 17:57:44]
    AdwCleaner[S1].txt - [3020 bytes] - [04/03/2015 17:59:18]
    AdwCleaner[S2].txt - [1166 bytes] - [05/03/2015 06:17:40]
    AdwCleaner[S3].txt - [1205 bytes] - [10/03/2015 10:59:35]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1264 bytes] ##########
     
  11. Kevier

    Kevier Thread Starter

    Joined:
    May 7, 2014
    Messages:
    240
    SystemLook 30.07.11 by jpshortstuff
    Log created at 12:07 on 10/03/2015 by chopper
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "aCBFRSiA.exe"
    No files found.

    Searching for "DlwleOlwJjz.exe"
    No files found.

    -= EOF =-
     
  12. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    With reference to post 9, that could be a nasty infection trying to get in, we will see, please run FRST again, when the window opens make sure there is a tick in the box next to Addition.txt before you click on the Scan button.

    Those two files you did the search for (after some research) appear to belong to TVWizard which Adwcleaner is still showing as present. Please run Adwcleaner again and post the new log, if it is still there we will need to take further action.
     
  13. Kevier

    Kevier Thread Starter

    Joined:
    May 7, 2014
    Messages:
    240
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
    Ran by chopper (administrator) on KATHY on 11-03-2015 18:44:46
    Running from C:\Users\chopper\Desktop\Anti Spyware
    Loaded Profiles: chopper (Available profiles: chopper)
    Platform: Windows 8 (X64) OS Language: English (United States)
    Internet Explorer Version 10 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (Ninja Soft Inc.) C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe
    (Ninja Soft Inc.) C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe
    (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Small Island Development) C:\ProgramData\UnTEMEcF\Lrstnb.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (The Chromium Authors) C:\Users\chopper\AppData\Local\Ninja Loader\Chrome-bin\chrome.exe
    (The Chromium Authors) C:\Users\chopper\AppData\Local\Ninja Loader\Chrome-bin\chrome.exe
    (The Chromium Authors) C:\Users\chopper\AppData\Local\Ninja Loader\Chrome-bin\chrome.exe
    (The Chromium Authors) C:\Users\chopper\AppData\Local\Ninja Loader\Chrome-bin\chrome.exe
    (The Chromium Authors) C:\Users\chopper\AppData\Local\Ninja Loader\Chrome-bin\chrome.exe
    (The Chromium Authors) C:\Users\chopper\AppData\Local\Ninja Loader\Chrome-bin\chrome.exe
    (The Chromium Authors) C:\Users\chopper\AppData\Local\Ninja Loader\Chrome-bin\chrome.exe
    (The Chromium Authors) C:\Users\chopper\AppData\Local\Ninja Loader\Chrome-bin\chrome.exe
    (The Chromium Authors) C:\Users\chopper\AppData\Local\Ninja Loader\Chrome-bin\chrome.exe
    (Ninja Soft Inc.) C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe
    () C:\ProgramData\Browser\prompt.exe
    () C:\ProgramData\Browser\prompt.exe
    (The Chromium Authors) C:\Users\chopper\AppData\Local\Ninja Loader\Chrome-bin\chrome.exe
    (The Chromium Authors) C:\Users\chopper\AppData\Local\Ninja Loader\Chrome-bin\chrome.exe
    (The Chromium Authors) C:\Users\chopper\AppData\Local\Ninja Loader\Chrome-bin\chrome.exe
    (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17074_none_6233bc1f5106b696\TiWorker.exe
    (The Chromium Authors) C:\Users\chopper\AppData\Local\Ninja Loader\Chrome-bin\chrome.exe
    (The Chromium Authors) C:\Users\chopper\AppData\Local\Ninja Loader\Chrome-bin\chrome.exe
    (The Chromium Authors) C:\Users\chopper\AppData\Local\Ninja Loader\Chrome-bin\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
    HKLM-x32\...\Run: [gmsd_us_58] => [X]
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-04-08] (Hewlett-Packard)
    HKU\S-1-5-21-1548246300-823100809-1641666167-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
    AppInit_DLLs-x32: c:/progra~3/{d4df3~1/171~1.0/coro.dll => "c:\progra~3\{d4df3~1\171~1.0\coro.dll" File Not Found
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
    HKU\S-1-5-21-1548246300-823100809-1641666167-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
    HKU\S-1-5-21-1548246300-823100809-1641666167-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
    HKU\S-1-5-21-1548246300-823100809-1641666167-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?Lin...?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    SearchScopes: HKLM -> {93C58A49-D44C-4747-AF63-BDE2A3B57DBC} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM-x32 -> {93C58A49-D44C-4747-AF63-BDE2A3B57DBC} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1548246300-823100809-1641666167-1002 -> {93C58A49-D44C-4747-AF63-BDE2A3B57DBC} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-1548246300-823100809-1641666167-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\chopper\AppData\Roaming\Mozilla\Firefox\Profiles\0ej6bc8l.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
    FF Extension: duplicatethistabmozillaorg - C:\Users\chopper\AppData\Roaming\Mozilla\Firefox\Profiles\0ej6bc8l.default\Extensions\[email protected] [2015-01-09]
    FF Extension: Zoom It - C:\Users\chopper\AppData\Roaming\Mozilla\Firefox\Profiles\0ej6bc8l.default\Extensions\{e7b249d2-6cf2-8707-05af-fb218fe47241} [2015-03-10]
    StartMenuInternet: FIREFOX.EXE - firefox.exe

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    R2 Lrstnb; C:\ProgramData\UnTEMEcF\Lrstnb.exe [2726256 2015-01-04] (Small Island Development)
    R2 NinjaLoaderService; C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe [52736 2014-12-28] (Ninja Soft Inc.) [File not signed]
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-10-12] (Realtek Semiconductor)
    R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [161744 2015-03-10] (RaMMicHaeL)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
    R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
    S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
    S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
    R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-10 20:06 - 2015-03-10 20:09 - 14395339 _____ (VideoLan ) C:\Users\chopper\Downloads\Unconfirmed 154070.crdownload
    2015-03-10 20:06 - 2015-03-10 20:06 - 00000000 ____D () C:\ProgramData\Browser
    2015-03-10 15:33 - 2015-03-10 15:33 - 00010407 _____ () C:\Users\chopper\Downloads\Unconfirmed 783179.crdownload
    2015-03-10 12:07 - 2015-03-10 12:16 - 00000536 _____ () C:\Users\chopper\Desktop\SystemLook.txt
    2015-03-10 12:02 - 2015-03-10 12:05 - 10410999 _____ (VideoLan ) C:\Users\chopper\Downloads\Unconfirmed 771151.crdownload
    2015-03-10 12:02 - 2015-03-10 12:02 - 00000000 ____D () C:\Users\chopper\AppData\Local\TVWizard
    2015-03-10 12:00 - 2015-03-10 12:00 - 00281624 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-03-10 10:56 - 2015-03-10 10:56 - 00000000 ___HD () C:\$Windows.~BT
    2015-03-10 10:54 - 2015-03-10 10:54 - 01482901 _____ () C:\Users\chopper\Downloads\Unconfirmed 651867.crdownload
    2015-03-10 10:53 - 2015-03-10 10:53 - 01482901 _____ () C:\Users\chopper\Downloads\Unconfirmed 53224.crdownload
    2015-03-10 10:53 - 2015-03-10 10:53 - 01482901 _____ () C:\Users\chopper\Downloads\Unconfirmed 477685.crdownload
    2015-03-10 10:53 - 2015-03-10 10:53 - 01482901 _____ () C:\Users\chopper\Downloads\Unconfirmed 42016.crdownload
    2015-03-10 10:53 - 2015-03-10 10:53 - 01482901 _____ () C:\Users\chopper\Downloads\Unconfirmed 108613.crdownload
    2015-03-10 10:51 - 2015-03-10 10:52 - 01482901 _____ () C:\Users\chopper\Downloads\Unconfirmed 145062.crdownload
    2015-03-10 10:50 - 2015-03-10 10:51 - 01482901 _____ () C:\Users\chopper\Downloads\Unconfirmed 134954.crdownload
    2015-03-10 10:45 - 2015-03-10 10:45 - 00165376 _____ () C:\Users\chopper\Desktop\SystemLook_x64.exe
    2015-03-09 11:05 - 2015-03-09 11:05 - 00000000 _____ () C:\Users\chopper\Downloads\75C1.tmp
    2015-03-06 23:21 - 2015-03-06 23:21 - 06553600 _____ () C:\Users\chopper\Downloads\101317736 (3).xls.crdownload
    2015-03-06 23:20 - 2015-03-06 23:21 - 10294272 _____ () C:\Users\chopper\Downloads\101317736 (2).xls
    2015-03-06 23:18 - 2015-03-06 23:20 - 10294272 _____ () C:\Users\chopper\Downloads\101317736 (1).xls
    2015-03-06 23:17 - 2015-03-06 23:18 - 10294272 _____ () C:\Users\chopper\Downloads\101317736.xls
    2015-03-06 22:40 - 2015-01-23 01:50 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-03-06 22:40 - 2015-01-23 00:27 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-03-06 21:08 - 2015-03-11 18:45 - 00000000 ____D () C:\FRST
    2015-03-06 20:51 - 2015-03-06 21:01 - 00000000 ____D () C:\Windows\system32\AutoUpdateLicense
    2015-03-06 20:50 - 2015-03-06 20:50 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2015-03-06 20:50 - 2015-03-06 20:50 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-03-05 07:29 - 2015-03-03 09:17 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2015-03-04 16:25 - 2014-07-02 21:59 - 01824784 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-03-04 16:24 - 2014-07-12 00:41 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\KBDRUM.DLL
    2015-03-04 16:24 - 2014-07-12 00:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
    2015-03-04 16:24 - 2014-07-12 00:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
    2015-03-04 16:24 - 2014-07-12 00:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
    2015-03-04 16:24 - 2014-07-12 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
    2015-03-04 16:24 - 2014-07-12 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
    2015-03-04 16:24 - 2014-07-12 00:16 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRUM.DLL
    2015-03-04 16:24 - 2014-07-12 00:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
    2015-03-04 16:24 - 2014-07-12 00:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
    2015-03-04 16:24 - 2014-07-12 00:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
    2015-03-04 16:24 - 2014-07-12 00:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
    2015-03-04 16:24 - 2014-07-12 00:15 - 00006144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
    2015-03-04 16:24 - 2014-07-08 18:33 - 00181248 _____ (Microsoft Corp.) C:\Windows\system32\Defrag.exe
    2015-03-04 16:24 - 2014-07-08 18:32 - 01539584 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
    2015-03-04 16:24 - 2014-07-08 18:32 - 00340480 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
    2015-03-04 16:24 - 2014-07-08 18:30 - 01220608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
    2015-03-04 16:24 - 2014-07-07 01:52 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
    2015-03-04 16:24 - 2014-07-07 01:52 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
    2015-03-04 16:24 - 2014-07-04 06:52 - 00328000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
    2015-03-04 16:24 - 2014-07-02 20:30 - 01408952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-03-04 16:24 - 2014-06-28 03:01 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
    2015-03-04 16:24 - 2014-06-28 02:56 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
    2015-03-04 16:24 - 2014-06-17 19:27 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2015-03-04 16:24 - 2014-06-17 19:23 - 02238464 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2015-03-04 16:24 - 2014-06-11 10:47 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
    2015-03-04 16:24 - 2014-06-11 00:40 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
    2015-03-04 16:24 - 2014-06-10 18:44 - 01403896 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2015-03-04 16:24 - 2014-02-04 06:57 - 01271664 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2015-03-04 15:40 - 2015-03-04 15:40 - 00509440 _____ (Tech Support Guy System) C:\Users\chopper\Downloads\SysInfo.exe
    2015-03-04 04:49 - 2015-02-03 15:29 - 00714184 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-03-04 04:49 - 2015-02-03 15:29 - 00106440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-03-04 03:16 - 2015-03-04 03:18 - 00000000 ____D () C:\Program Files (x86)\offferapp
    2015-03-04 03:16 - 2015-03-04 03:18 - 00000000 ____D () C:\Program Files (x86)\Facebook Color Changer Enhancer
    2015-03-04 03:14 - 2015-03-06 16:43 - 00000000 ____D () C:\Program Files (x86)\roeCketdeal
    2015-03-03 23:18 - 2014-10-09 00:00 - 01519104 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
    2015-03-03 23:18 - 2014-10-09 00:00 - 01484288 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
    2015-03-03 23:18 - 2014-10-09 00:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll
    2015-03-03 23:18 - 2014-10-08 23:59 - 01195520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
    2015-03-03 23:18 - 2014-10-08 23:59 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll
    2015-03-03 22:17 - 2015-01-09 02:43 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
    2015-03-03 22:17 - 2015-01-09 01:03 - 00601088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
    2015-03-03 22:17 - 2015-01-08 19:52 - 00478296 _____ () C:\Windows\SysWOW64\locale.nls
    2015-03-03 22:17 - 2015-01-08 19:52 - 00478296 _____ () C:\Windows\system32\locale.nls
    2015-03-03 21:56 - 2014-07-15 18:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
    2015-03-03 21:43 - 2015-01-15 07:44 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
    2015-03-03 21:43 - 2015-01-15 07:44 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
    2015-03-03 21:43 - 2015-01-15 07:43 - 01282560 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-03-03 21:43 - 2015-01-15 06:00 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
    2015-03-03 21:43 - 2015-01-15 06:00 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
    2015-03-03 21:43 - 2015-01-15 05:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-03-03 21:43 - 2015-01-15 05:09 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-03-03 21:43 - 2015-01-15 00:08 - 00568656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-03-03 21:43 - 2015-01-09 00:33 - 04061696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-03-03 21:41 - 2014-11-21 04:36 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-03-03 21:41 - 2014-11-21 03:17 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-03-03 21:40 - 2015-01-12 02:48 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-03-03 21:40 - 2015-01-12 01:06 - 14373376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-03-03 21:40 - 2014-11-21 04:36 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-03-03 21:39 - 2015-01-12 02:49 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-03-03 21:39 - 2015-01-12 02:49 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-03-03 21:39 - 2015-01-12 02:49 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
    2015-03-03 21:39 - 2015-01-12 02:48 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-03-03 21:39 - 2015-01-12 02:47 - 15403008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-03-03 21:39 - 2015-01-12 02:47 - 02655744 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-03-03 21:39 - 2015-01-12 02:47 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-03-03 21:39 - 2015-01-12 01:06 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-03-03 21:39 - 2015-01-12 01:06 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-03-03 21:39 - 2015-01-12 01:06 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-03-03 21:39 - 2014-11-21 04:37 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
    2015-03-03 21:39 - 2014-11-21 04:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-03-03 21:39 - 2014-11-21 03:16 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-03-03 21:39 - 2014-11-21 03:00 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-03-03 21:39 - 2014-11-21 02:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-03-03 21:38 - 2015-01-12 02:49 - 01627648 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-03-03 21:38 - 2015-01-12 02:49 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-03-03 21:38 - 2015-01-12 02:47 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-03-03 21:38 - 2015-01-12 02:46 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-03-03 21:38 - 2015-01-12 01:07 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-03-03 21:38 - 2015-01-12 01:07 - 01338880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-03-03 21:38 - 2015-01-12 01:07 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-03-03 21:38 - 2015-01-12 01:07 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-03-03 21:38 - 2015-01-12 01:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-03-03 21:38 - 2015-01-12 01:06 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-03-03 21:38 - 2015-01-12 00:16 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-03-03 21:38 - 2015-01-11 23:46 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-03-03 21:38 - 2014-12-08 02:48 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2015-03-03 21:38 - 2014-12-08 01:04 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
    2015-03-03 21:38 - 2014-11-21 04:38 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-03-03 21:38 - 2014-11-21 04:36 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-03-03 21:38 - 2014-11-21 04:36 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-03-03 21:38 - 2014-11-21 04:36 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-03-03 21:38 - 2014-11-21 04:36 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2015-03-03 21:38 - 2014-11-21 04:36 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-03-03 21:38 - 2014-11-21 03:17 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-03-03 21:38 - 2014-11-21 03:17 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
    2015-03-03 21:38 - 2014-11-21 03:16 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-03-03 21:38 - 2014-11-21 03:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-03-03 21:38 - 2014-11-21 03:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-03-03 21:38 - 2014-11-21 03:16 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2015-03-03 21:38 - 2014-11-21 03:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-03-03 21:38 - 2014-11-21 03:16 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-03-03 21:38 - 2014-11-21 00:30 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
    2015-03-03 21:37 - 2015-01-29 04:30 - 00593408 _____ (Microsoft Corporation) C:\Windows\system32\AutoUpdate.exe
    2015-03-03 21:37 - 2015-01-29 04:30 - 00467952 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
    2015-03-03 21:37 - 2015-01-29 04:30 - 00011056 _____ () C:\Windows\system32\AutoconfigV2.cab
    2015-03-03 21:37 - 2015-01-29 04:05 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
    2015-03-03 21:37 - 2015-01-29 04:05 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2015-03-03 21:37 - 2015-01-29 02:19 - 00568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
    2015-03-03 21:37 - 2015-01-29 02:19 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2015-03-03 21:37 - 2014-12-18 04:51 - 00096576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
    2015-03-03 21:37 - 2014-12-18 02:52 - 00889344 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
    2015-03-03 21:37 - 2014-12-18 02:51 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
    2015-03-03 21:37 - 2014-12-18 02:50 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
    2015-03-03 21:37 - 2014-12-18 02:20 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
    2015-03-03 21:37 - 2014-10-21 21:01 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
    2015-03-03 21:37 - 2014-10-21 21:00 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2015-03-03 21:36 - 2015-02-04 05:54 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-03-03 21:36 - 2015-02-04 05:52 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-03-03 21:36 - 2015-02-04 05:52 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-03-03 21:36 - 2015-02-04 05:52 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-03-03 21:36 - 2015-02-04 05:52 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-03-03 21:36 - 2015-02-02 19:18 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-03-03 21:36 - 2015-01-15 17:45 - 06973248 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-03-03 21:36 - 2014-12-08 19:14 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
    2015-03-03 21:36 - 2014-12-02 21:48 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-03-03 21:36 - 2014-11-26 02:43 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-03-03 21:36 - 2014-11-26 00:50 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2015-03-03 20:21 - 2014-07-15 19:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2015-03-03 20:21 - 2014-07-11 22:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2015-03-03 20:20 - 2014-08-09 04:30 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
    2015-03-03 20:20 - 2014-08-09 04:29 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
    2015-03-03 20:17 - 2014-11-05 02:40 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
    2015-03-03 20:17 - 2014-11-05 02:39 - 01024512 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
    2015-03-03 20:17 - 2014-11-01 02:28 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
    2015-03-03 20:17 - 2014-10-29 10:21 - 00499008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
    2015-03-03 20:17 - 2014-08-28 02:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
    2015-03-03 20:16 - 2014-11-15 02:06 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-03-03 20:16 - 2014-11-15 01:13 - 03286016 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-03-03 20:16 - 2014-11-15 01:13 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-03-03 20:16 - 2014-11-15 01:13 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-03-03 20:16 - 2014-11-15 01:13 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
    2015-03-03 20:16 - 2014-11-15 01:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-03-03 20:16 - 2014-11-15 01:13 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-03-03 20:16 - 2014-11-15 01:13 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-03-03 20:16 - 2014-11-15 01:12 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
    2015-03-03 20:16 - 2014-11-14 23:54 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-03-03 20:16 - 2014-11-14 23:53 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-03-03 20:16 - 2014-11-14 23:53 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-03-03 20:16 - 2014-11-14 23:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-03-03 20:15 - 2014-10-11 03:44 - 19764736 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-03-03 20:15 - 2014-10-11 01:57 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2015-03-03 20:15 - 2014-10-08 23:59 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
    2015-03-03 20:15 - 2014-10-08 23:59 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
    2015-03-03 20:15 - 2014-10-08 23:58 - 00458240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
    2015-03-03 20:15 - 2014-09-22 01:38 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
    2015-03-03 20:15 - 2014-09-21 23:56 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
    2015-03-03 20:15 - 2014-07-23 23:33 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
    2015-03-03 20:15 - 2014-07-23 23:33 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
    2015-03-03 20:14 - 2014-06-04 21:12 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
    2015-03-03 20:14 - 2014-06-03 19:12 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
    2015-03-03 20:13 - 2014-09-13 02:24 - 02233152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2015-03-03 20:13 - 2014-09-02 22:48 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2015-03-03 20:13 - 2014-09-02 22:22 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2015-03-03 20:13 - 2014-08-29 00:17 - 02043392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
    2015-03-03 20:13 - 2014-08-29 00:17 - 00227328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
    2015-03-03 20:13 - 2014-08-29 00:04 - 02837504 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
    2015-03-03 20:13 - 2014-08-29 00:04 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
    2015-03-03 20:13 - 2014-08-28 02:04 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSCOMEX.dll
    2015-03-03 20:13 - 2014-08-28 02:04 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
    2015-03-03 20:13 - 2014-08-28 01:59 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\FXSTIFF.dll
    2015-03-03 20:13 - 2014-08-28 01:59 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\FXST30.dll
    2015-03-03 20:12 - 2014-12-19 02:48 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-03-03 20:12 - 2014-12-06 03:52 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
    2015-03-03 20:12 - 2014-12-06 03:52 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-03-03 20:12 - 2014-12-06 03:52 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
    2015-03-03 20:12 - 2014-12-06 02:09 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-03-03 20:12 - 2014-08-28 01:59 - 00616448 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
    2015-03-03 20:12 - 2014-08-28 01:59 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
    2015-03-03 20:12 - 2014-07-24 09:12 - 00328512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
    2015-03-03 20:12 - 2014-06-12 21:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2015-03-03 20:12 - 2014-06-12 21:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
    2015-03-03 20:12 - 2014-03-24 19:42 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
    2015-03-03 20:12 - 2014-03-24 18:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
    2015-03-03 20:11 - 2014-07-07 01:53 - 01125376 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
    2015-03-03 20:11 - 2014-07-07 01:52 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2015-03-03 20:11 - 2014-07-07 01:52 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
    2015-03-03 20:11 - 2014-07-07 01:51 - 05982208 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2015-03-03 20:11 - 2014-07-07 00:01 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2015-03-03 20:11 - 2014-07-07 00:01 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
    2015-03-03 20:11 - 2014-07-07 00:00 - 05095424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2015-03-03 20:11 - 2014-07-06 23:59 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2015-03-03 20:11 - 2014-06-17 19:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
    2015-03-03 20:11 - 2014-06-17 19:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
    2015-03-03 20:10 - 2014-07-31 19:40 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
    2015-03-03 20:10 - 2014-06-02 18:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
    2015-03-03 20:08 - 2014-10-11 01:57 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
    2015-03-03 20:08 - 2014-10-11 01:56 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2015-03-03 20:07 - 2014-10-11 03:45 - 10115072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
    2015-03-03 20:07 - 2014-10-11 03:44 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2015-03-03 20:07 - 2014-10-11 03:44 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2015-03-03 20:07 - 2014-10-11 03:43 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2015-03-03 20:07 - 2014-10-11 01:58 - 08858624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
    2015-03-03 20:07 - 2014-10-11 01:57 - 02416640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2015-03-03 20:06 - 2014-12-11 02:51 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-03-03 20:06 - 2014-09-22 01:53 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
    2015-03-03 20:06 - 2014-08-26 18:08 - 00270024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
    2015-03-03 20:05 - 2014-09-02 22:48 - 00510464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
    2015-03-03 20:05 - 2014-09-02 22:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
    2015-03-03 19:54 - 2015-03-04 18:00 - 00115528 _____ () C:\Windows\PFRO.log
    2015-03-03 19:35 - 2014-12-06 03:53 - 00458240 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
    2015-03-03 19:35 - 2014-12-06 03:53 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
    2015-03-03 19:35 - 2014-12-06 03:51 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
    2015-03-03 19:35 - 2014-12-06 03:51 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2015-03-03 19:35 - 2014-12-06 03:50 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2015-03-03 19:35 - 2014-12-06 02:10 - 00355840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
    2015-03-03 19:35 - 2014-12-06 02:10 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
    2015-03-03 19:35 - 2014-12-06 02:09 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
    2015-03-03 19:35 - 2014-10-02 21:21 - 00522728 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2015-03-03 19:35 - 2014-10-02 18:29 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
    2015-03-03 19:33 - 2014-12-19 00:35 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-03-03 19:24 - 2014-04-29 18:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
    2015-03-03 19:24 - 2014-04-29 18:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
    2015-03-03 19:23 - 2014-10-11 03:44 - 03248640 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2015-03-03 19:23 - 2014-10-11 01:41 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-03-03 19:23 - 2014-10-11 01:05 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-03-03 19:23 - 2014-09-24 19:29 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-03-03 19:23 - 2014-09-24 19:29 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
    2015-03-03 19:23 - 2014-09-24 19:01 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-03-03 19:23 - 2014-09-24 19:01 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
    2015-03-03 19:23 - 2014-05-02 23:34 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2015-03-03 19:22 - 2014-07-24 09:50 - 00447296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
    2015-03-03 19:22 - 2014-07-16 18:59 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
    2015-03-03 19:22 - 2014-07-12 02:45 - 01549824 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
    2015-03-03 19:22 - 2014-07-12 00:36 - 00674304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2015-03-03 19:22 - 2014-07-12 00:36 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2015-03-03 19:22 - 2014-07-12 00:34 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2015-03-03 19:22 - 2014-07-12 00:34 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2015-03-03 19:22 - 2014-06-28 02:57 - 01341952 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
    2015-03-03 19:22 - 2014-06-27 22:23 - 01126400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
    2015-03-03 19:22 - 2014-05-29 18:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2015-03-03 19:21 - 2014-07-16 19:28 - 00027648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
    2015-03-03 19:21 - 2014-07-16 18:59 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
    2015-03-03 19:21 - 2014-06-12 19:34 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
    2015-03-03 19:21 - 2014-06-12 19:29 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
    2015-03-03 19:21 - 2014-06-05 13:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2015-03-03 19:20 - 2014-11-08 07:22 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
    2015-03-03 19:20 - 2014-11-08 07:21 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-03-03 19:20 - 2014-11-08 02:57 - 00187904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
    2015-03-03 19:20 - 2014-11-08 02:56 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-03-03 19:20 - 2014-10-23 08:47 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2015-03-03 19:20 - 2014-10-23 07:04 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2015-03-03 19:20 - 2014-10-11 04:35 - 00171840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-03-03 19:20 - 2014-08-21 19:56 - 01418752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2015-03-03 19:20 - 2014-08-21 19:27 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2015-03-03 19:20 - 2014-06-19 19:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2015-03-03 19:20 - 2014-06-19 18:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2015-03-03 19:20 - 2014-06-06 10:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2015-03-03 19:20 - 2014-06-06 06:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2015-03-03 19:20 - 2014-05-29 19:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
    2015-03-03 19:19 - 2014-10-30 03:20 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-03-03 19:19 - 2014-10-30 01:22 - 01569792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2015-03-03 18:19 - 2014-05-29 00:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2015-03-03 18:07 - 2015-03-11 18:44 - 00000000 ____D () C:\Users\chopper\Desktop\Anti Spyware
    2015-03-03 18:05 - 2015-03-03 18:06 - 00000000 ____D () C:\Program Files\CCleaner
    2015-03-03 18:05 - 2015-03-03 18:05 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
    2015-03-03 18:05 - 2015-03-03 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2015-03-03 17:53 - 2015-03-10 10:59 - 00000000 ____D () C:\AdwCleaner
    2015-03-03 17:38 - 2015-03-03 17:38 - 00000000 ____D () C:\ProgramData\2355320829
    2015-03-03 17:34 - 2015-03-03 17:34 - 00001767 _____ () C:\ProgramData\tempimage.bmp
    2015-03-03 17:28 - 2015-03-03 17:28 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
    2015-03-03 17:28 - 2015-03-03 17:28 - 00000000 ____D () C:\Users\chopper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It
    2015-03-03 17:28 - 2015-03-03 17:28 - 00000000 ____D () C:\Program Files (x86)\Reason
    2015-02-27 14:38 - 2015-03-11 01:38 - 00000310 _____ () C:\Windows\Tasks\Taplika.job
    2015-02-27 14:38 - 2015-02-27 14:39 - 00000000 ____D () C:\Users\chopper\AppData\Local\918970
    2015-02-27 14:38 - 2015-02-27 14:38 - 00002648 _____ () C:\Windows\System32\Tasks\Taplika

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-11 18:48 - 2013-07-26 00:34 - 01221292 _____ () C:\Windows\WindowsUpdate.log
    2015-03-11 18:43 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru
    2015-03-11 02:27 - 2013-08-08 04:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-03-10 13:21 - 2012-07-26 03:59 - 00000000 ____D () C:\Windows\CbsTemp
    2015-03-10 12:08 - 2012-07-26 03:28 - 00006428 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-03-10 12:00 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-03-10 10:57 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent
    2015-03-07 00:26 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\rescache
    2015-03-06 20:54 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
    2015-03-06 20:51 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\WinStore
    2015-03-06 20:50 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AppCompat
    2015-03-04 18:35 - 2013-07-26 00:45 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1548246300-823100809-1641666167-1002
    2015-03-04 04:41 - 2012-07-26 04:12 - 00000000 ___RD () C:\Windows\ToastData
    2015-03-04 04:41 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-03-04 04:41 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-03-04 04:40 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-03-04 04:40 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-03-04 04:40 - 2012-07-26 04:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-03-04 04:40 - 2012-07-26 04:12 - 00000000 ____D () C:\Program Files\Windows Defender
    2015-03-04 04:40 - 2012-07-26 04:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
    2015-03-04 04:40 - 2012-07-26 03:52 - 00000000 ____D () C:\Program Files\Windows Journal
    2015-03-03 22:13 - 2013-09-07 23:33 - 00000000 ____D () C:\Windows\system32\MRT
    2015-03-03 21:11 - 2015-01-26 21:12 - 00000000 ____D () C:\Program Files (x86)\Facebook for Chrome Plus
    2015-03-03 20:25 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
    2015-03-03 19:52 - 2013-04-24 19:25 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
    2015-03-03 19:52 - 2013-04-24 19:23 - 00000000 ____D () C:\ProgramData\Norton
    2015-03-03 19:15 - 2012-08-03 19:21 - 00000000 ____D () C:\Windows\Panther
    2015-03-03 18:48 - 2015-01-10 20:14 - 00000000 ____D () C:\Users\chopper\AppData\Local\Google
    2015-03-03 17:51 - 2015-01-04 17:43 - 00006272 _____ () C:\Windows\SysWOW64\ColorMedia.ini
    2015-03-03 17:25 - 2014-10-04 17:59 - 00000000 ____D () C:\Users\chopper\Desktop\New folder 1
    2015-02-27 14:40 - 2012-07-26 01:26 - 00000194 _____ () C:\Windows\win.ini
    2015-02-27 14:38 - 2013-08-07 00:48 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-02-09 18:04 - 2013-08-07 00:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

    ==================== Files in the root of some directories =======

    2015-01-04 17:43 - 2015-01-04 17:43 - 1549288 _____ (Enter) C:\Users\chopper\AppData\Roaming\KII.exe
    2013-08-26 21:36 - 2013-08-26 21:36 - 0000268 ___RH () C:\Users\chopper\AppData\Roaming\Planets
    2013-08-26 21:38 - 2013-08-26 21:38 - 0000268 ___RH () C:\Users\chopper\AppData\Roaming\Plants
    2013-08-26 21:36 - 2013-08-26 21:36 - 0000268 ___RH () C:\Users\chopper\AppData\Roaming\Plug-In Settings
    2013-08-26 21:29 - 2013-08-26 21:33 - 0000268 ___RH () C:\Users\chopper\AppData\Roaming\Profiles
    2015-01-04 17:43 - 2015-01-04 17:43 - 2047464 _____ (Enter) C:\Users\chopper\AppData\Roaming\YKHICJXT.exe
    2013-08-26 21:29 - 2013-08-26 21:35 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT
    2013-08-26 21:38 - 2013-10-25 18:15 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
    2013-08-26 21:36 - 2013-10-25 18:14 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
    2013-08-26 21:36 - 2013-08-26 21:36 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
    2013-08-26 21:36 - 2013-08-26 21:36 - 0000268 ___RH () C:\ProgramData\Plugins
    2013-08-26 21:38 - 2013-08-26 21:38 - 0000268 ___RH () C:\ProgramData\Podcasting
    2013-08-26 21:36 - 2013-08-26 21:36 - 0000268 ___RH () C:\ProgramData\Pop Flute
    2013-08-26 21:29 - 2013-08-26 21:36 - 0000012 ___RH () C:\ProgramData\Receipts
    2013-08-26 21:38 - 2013-08-26 21:38 - 0000012 ___RH () C:\ProgramData\Resources
    2013-08-26 21:36 - 2013-08-26 21:36 - 0000012 ___RH () C:\ProgramData\Robot
    2013-08-26 21:29 - 2013-08-26 21:33 - 0000012 ___RH () C:\ProgramData\Speech Enhancer
    2015-03-03 17:34 - 2015-03-03 17:34 - 0001767 _____ () C:\ProgramData\tempimage.bmp

    Some content of TEMP:
    ====================
    C:\Users\chopper\AppData\Local\Temp\mpam-96e1ff41.exe
    C:\Users\chopper\AppData\Local\Temp\Quarantine.exe
    C:\Users\chopper\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-03-06 14:30

    ==================== End Of Log ============================
     
  14. Kevier

    Kevier Thread Starter

    Joined:
    May 7, 2014
    Messages:
    240
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
    Ran by chopper at 2015-03-11 18:51:15
    Running from C:\Users\chopper\Desktop\Anti Spyware
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
    AMD Catalyst Install Manager (HKLM\...\{CB4C08E3-800F-65F6-9C00-06814A6B7CE7}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
    ArcSoft Panorama Maker 6 (HKLM-x32\...\{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}) (Version: 6.0.8.85 - ArcSoft)
    Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
    Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.6326 - CyberLink Corp.)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
    CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: - Steinberg Media Technologies GmbH)
    Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
    Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
    FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Flash Movie Player 1.5 (HKLM-x32\...\Flash Movie Player) (Version: 1.5 - Eolsoft)
    FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
    HP Documentation (HKLM-x32\...\{AE986BF5-B6E3-4F8D-B412-A3DD90DF5146}) (Version: 1.1.1.0 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
    HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
    HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company)
    HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
    HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
    HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
    Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
    Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.8.0 - Nikon)
    Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.13 - Nikon)
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6937 - Realtek Semiconductor Corp.)
    Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.29053 - Realtek Semiconductor Corp.)
    Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Should I Remove It (HKU\S-1-5-21-1548246300-823100809-1641666167-1002\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
    Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
    Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Unchecky v0.3.7 (HKLM-x32\...\Unchecky) (Version: 0.3.7 - RaMMicHaeL)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Vacation Quest&#8482; - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
    ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.8.0 - Nikon)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
    WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    08-03-2015 04:15:23 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2012-07-26 01:26 - 2015-03-10 12:01 - 00001993 ____A C:\Windows\system32\Drivers\etc\hosts
    0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
    0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
    0.0.0.0 media.opencandy.com
    0.0.0.0 cdn.opencandy.com
    0.0.0.0 tracking.opencandy.com
    0.0.0.0 api.opencandy.com
    0.0.0.0 installer.betterinstaller.com
    0.0.0.0 installer.filebulldog.com
    0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
    0.0.0.0 inno.bisrv.com
    0.0.0.0 nsis.bisrv.com
    0.0.0.0 cdn.file2desktop.com
    0.0.0.0 cdn.goateastcach.us
    0.0.0.0 cdn.guttastatdk.us
    0.0.0.0 cdn.inskinmedia.com
    0.0.0.0 cdn.insta.oibundles2.com
    0.0.0.0 cdn.insta.playbryte.com
    0.0.0.0 cdn.llogetfastcach.us
    0.0.0.0 cdn.montiera.com
    0.0.0.0 cdn.msdwnld.com
    0.0.0.0 cdn.mypcbackup.com
    0.0.0.0 cdn.ppdownload.com
    0.0.0.0 cdn.riceateastcach.us
    0.0.0.0 cdn.shyapotato.us
    0.0.0.0 cdn.solimba.com
    0.0.0.0 cdn.tuto4pc.com
    0.0.0.0 cdn.appround.biz
    0.0.0.0 cdn.bigspeedpro.com
    0.0.0.0 cdn.bispd.com

    There are 4 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {1013121D-6823-4A20-A05C-56EF48AE90C8} - System32\Tasks\YBROUF => C:\ProgramData\f89677c6198548a19325bf559bebffc5\f89677c6198548a19325bf559bebffc5.exe
    Task: {14A90B34-79F7-4425-AA27-42614C5D6B33} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {18CFE147-1DBA-4A7D-846C-067F18D038BB} - System32\Tasks\BBQLeads => C:\Program Files (x86)\bbqleads\ScheduledTask.exe
    Task: {19699A45-37FA-40ED-86AF-EEB8DB2CA9DA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
    Task: {27DC98DE-34F5-42F8-9449-DBE4988F26D2} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\SymErr.exe
    Task: {5F748192-6316-47C6-94CA-6463ECC9032F} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
    Task: {642530C4-C7DE-4EC6-9266-15F55305EBBF} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2013-10-12] (Realtek Semiconductor)
    Task: {70B7E759-A3CC-4C30-8F4E-4EF61A41A913} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
    Task: {8DED3BAD-1BC4-4FEA-B39E-0F258D9206E9} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-16] (Synaptics Incorporated)
    Task: {8E3B484B-8AA8-4AF6-B188-5761750EC597} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\WSCStub.exe
    Task: {9D9DD7F2-6495-4E90-B3C1-32F3C121BFF0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
    Task: {AE62B520-3955-4C41-A7DF-0076B1633F82} - System32\Tasks\Taplika => C:\Users\chopper\AppData\Roaming\Taplika\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: {C00D48F2-B5BB-4746-9225-4980BBBF8F98} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
    Task: {C4D1A770-3A72-4B99-B6A1-23C3BFE30493} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-29] (Microsoft Corporation)
    Task: {CFCF0749-54F3-4B06-B015-6B2F0FDF3733} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
    Task: {CFFA42F2-FA95-46DB-81E5-027DE82159D5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {D7F5B190-D836-462E-A458-F41FF41A863A} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\SymErr.exe
    Task: {D8325E17-66FD-4547-9D46-0242B65B4FA5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\Taplika.job => C:\Users\chopper\AppData\Roaming\Taplika\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

    ==================== Loaded Modules (whitelisted) ==============

    2012-08-06 15:09 - 2012-08-06 15:09 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2015-03-10 20:06 - 2015-03-11 00:06 - 00080648 _____ () C:\ProgramData\Browser\prompt.exe
    2014-12-28 03:47 - 2014-12-28 03:47 - 00101888 _____ () C:\Program Files (x86)\Ninja Loader\Modules\Core.dll
    2014-12-28 03:47 - 2014-12-28 03:47 - 00039424 _____ () C:\Program Files (x86)\Ninja Loader\Modules\BdUdr.dll
    2014-12-28 03:47 - 2014-12-28 03:47 - 00036352 _____ () C:\Program Files (x86)\Ninja Loader\Modules\WInIn.dll
    2013-10-12 13:58 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
    2013-10-12 13:59 - 2013-01-27 10:13 - 00806664 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
    2013-10-12 13:58 - 2012-09-25 04:32 - 01320048 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\ENU\P2GRC.dll
    2013-10-12 13:58 - 2013-01-27 10:13 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll
    2015-01-10 14:57 - 2014-07-21 05:38 - 00393728 _____ () C:\Users\chopper\AppData\Local\Ninja Loader\Chrome-bin\ppGoogleNaClPluginChrome.dll
    2015-01-10 14:57 - 2014-07-21 05:38 - 00788480 _____ () C:\Users\chopper\AppData\Local\Ninja Loader\Chrome-bin\ffmpegsumo.dll
    2015-01-10 14:57 - 2013-12-03 22:48 - 13586896 _____ () C:\Users\chopper\AppData\Local\Ninja Loader\Chrome-bin\PepperFlash\pepflashplayer.dll
    2014-12-28 03:46 - 2014-12-28 03:46 - 00030720 _____ () C:\Program Files (x86)\Ninja Loader\Modules\ArSp.dll
    2014-12-28 03:46 - 2014-12-28 03:46 - 00092160 _____ () C:\Program Files (x86)\Ninja Loader\Modules\BrSp.dll
    2014-12-28 03:47 - 2014-12-28 03:47 - 00070656 _____ () C:\Program Files (x86)\Ninja Loader\Modules\CdPrc.dll
    2014-12-28 03:47 - 2014-12-28 03:47 - 00051200 _____ () C:\Program Files (x86)\Ninja Loader\Modules\WbSt.dll
    2014-12-28 03:47 - 2014-12-28 03:47 - 00050176 _____ () C:\Program Files (x86)\Ninja Loader\Modules\WdCtl.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CMWFP => ""="Driver" <==== ATTENTION

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1548246300-823100809-1641666167-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\chopper\Desktop\WGI_0018.JPG
    DNS Servers: 192.168.2.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1548246300-823100809-1641666167-500 - Administrator - Disabled)
    chopper (S-1-5-21-1548246300-823100809-1641666167-1002 - Administrator - Enabled) => C:\Users\chopper
    Guest (S-1-5-21-1548246300-823100809-1641666167-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1548246300-823100809-1641666167-1004 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/11/2015 06:52:23 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: cxLyUmvy.exe, version: 1.0.0.0, time stamp: 0x547ebdbb
    Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
    Exception code: 0xc0000005
    Fault offset: 0x00043542
    Faulting process id: 0x1d9c
    Faulting application start time: 0xcxLyUmvy.exe0
    Faulting application path: cxLyUmvy.exe1
    Faulting module path: cxLyUmvy.exe2
    Report Id: cxLyUmvy.exe3
    Faulting package full name: cxLyUmvy.exe4
    Faulting package-relative application ID: cxLyUmvy.exe5

    Error: (03/11/2015 06:52:19 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: cxLyUmvy.exe, version: 1.0.0.0, time stamp: 0x547ebdbb
    Faulting module name: KERNELBASE.dll, version: 6.2.9200.16864, time stamp: 0x531d2be6
    Exception code: 0xc06d007e
    Fault offset: 0x00010f22
    Faulting process id: 0x1d9c
    Faulting application start time: 0xcxLyUmvy.exe0
    Faulting application path: cxLyUmvy.exe1
    Faulting module path: cxLyUmvy.exe2
    Report Id: cxLyUmvy.exe3
    Faulting package full name: cxLyUmvy.exe4
    Faulting package-relative application ID: cxLyUmvy.exe5

    Error: (03/11/2015 06:48:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program prompt.exe version 1.1.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 10ac

    Start Time: 01d05bb0bd08d91a

    Termination Time: 4294967295

    Application Path: C:\ProgramData\Browser\prompt.exe

    Report Id: baacc80c-c840-11e4-8070-2c59e5a45731

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (03/11/2015 06:44:10 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: cxLyUmvy.exe, version: 1.0.0.0, time stamp: 0x547ebdbb
    Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
    Exception code: 0xc0000005
    Fault offset: 0x00043542
    Faulting process id: 0x9f8
    Faulting application start time: 0xcxLyUmvy.exe0
    Faulting application path: cxLyUmvy.exe1
    Faulting module path: cxLyUmvy.exe2
    Report Id: cxLyUmvy.exe3
    Faulting package full name: cxLyUmvy.exe4
    Faulting package-relative application ID: cxLyUmvy.exe5

    Error: (03/11/2015 06:44:09 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: cxLyUmvy.exe, version: 1.0.0.0, time stamp: 0x547ebdbb
    Faulting module name: KERNELBASE.dll, version: 6.2.9200.16864, time stamp: 0x531d2be6
    Exception code: 0xc06d007e
    Fault offset: 0x00010f22
    Faulting process id: 0x9f8
    Faulting application start time: 0xcxLyUmvy.exe0
    Faulting application path: cxLyUmvy.exe1
    Faulting module path: cxLyUmvy.exe2
    Report Id: cxLyUmvy.exe3
    Faulting package full name: cxLyUmvy.exe4
    Faulting package-relative application ID: cxLyUmvy.exe5

    Error: (03/11/2015 02:11:48 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: cxLyUmvy.exe, version: 1.0.0.0, time stamp: 0x547ebdbb
    Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
    Exception code: 0xc0000005
    Fault offset: 0x00043542
    Faulting process id: 0x18f4
    Faulting application start time: 0xcxLyUmvy.exe0
    Faulting application path: cxLyUmvy.exe1
    Faulting module path: cxLyUmvy.exe2
    Report Id: cxLyUmvy.exe3
    Faulting package full name: cxLyUmvy.exe4
    Faulting package-relative application ID: cxLyUmvy.exe5

    Error: (03/11/2015 02:11:47 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: cxLyUmvy.exe, version: 1.0.0.0, time stamp: 0x547ebdbb
    Faulting module name: KERNELBASE.dll, version: 6.2.9200.16864, time stamp: 0x531d2be6
    Exception code: 0xc06d007e
    Fault offset: 0x00010f22
    Faulting process id: 0x18f4
    Faulting application start time: 0xcxLyUmvy.exe0
    Faulting application path: cxLyUmvy.exe1
    Faulting module path: cxLyUmvy.exe2
    Report Id: cxLyUmvy.exe3
    Faulting package full name: cxLyUmvy.exe4
    Faulting package-relative application ID: cxLyUmvy.exe5

    Error: (03/11/2015 02:04:38 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: cxLyUmvy.exe, version: 1.0.0.0, time stamp: 0x547ebdbb
    Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
    Exception code: 0xc0000005
    Fault offset: 0x00043542
    Faulting process id: 0xa20
    Faulting application start time: 0xcxLyUmvy.exe0
    Faulting application path: cxLyUmvy.exe1
    Faulting module path: cxLyUmvy.exe2
    Report Id: cxLyUmvy.exe3
    Faulting package full name: cxLyUmvy.exe4
    Faulting package-relative application ID: cxLyUmvy.exe5

    Error: (03/11/2015 02:04:37 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: cxLyUmvy.exe, version: 1.0.0.0, time stamp: 0x547ebdbb
    Faulting module name: KERNELBASE.dll, version: 6.2.9200.16864, time stamp: 0x531d2be6
    Exception code: 0xc06d007e
    Fault offset: 0x00010f22
    Faulting process id: 0xa20
    Faulting application start time: 0xcxLyUmvy.exe0
    Faulting application path: cxLyUmvy.exe1
    Faulting module path: cxLyUmvy.exe2
    Report Id: cxLyUmvy.exe3
    Faulting package full name: cxLyUmvy.exe4
    Faulting package-relative application ID: cxLyUmvy.exe5

    Error: (03/11/2015 01:56:27 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: cxLyUmvy.exe, version: 1.0.0.0, time stamp: 0x547ebdbb
    Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
    Exception code: 0xc0000005
    Fault offset: 0x00043542
    Faulting process id: 0x1b20
    Faulting application start time: 0xcxLyUmvy.exe0
    Faulting application path: cxLyUmvy.exe1
    Faulting module path: cxLyUmvy.exe2
    Report Id: cxLyUmvy.exe3
    Faulting package full name: cxLyUmvy.exe4
    Faulting package-relative application ID: cxLyUmvy.exe5


    System errors:
    =============
    Error: (03/10/2015 01:21:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2966827).

    Error: (03/10/2015 00:02:24 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

    Error: (03/10/2015 11:00:39 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
    Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

    Error: (03/09/2015 01:06:59 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x800f0831: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2966827).

    Error: (03/09/2015 11:16:52 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2966827).

    Error: (03/08/2015 04:29:32 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2966827).

    Error: (03/08/2015 01:40:41 AM) (Source: Tcpip) (EventID: 4199) (User: )
    Description: The system detected an address conflict for IP address 192.168.2.5 with the system
    having network hardware address 90-00-4E-BF-BF-4B. Network operations on this system may
    be disrupted as a result.

    Error: (03/06/2015 10:34:42 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

    Error: (03/06/2015 10:34:38 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

    Error: (03/06/2015 08:54:43 PM) (Source: HTTP) (EventID: 15016) (User: )
    Description: \Device\Http\ReqQueueBasic


    Microsoft Office Sessions:
    =========================
    Error: (03/11/2015 06:52:23 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: cxLyUmvy.exe1.0.0.0547ebdbbntdll.dll6.2.9200.1704653b485c4c0000005000435421d9c01d05c4e077b0b16C:\ProgramData\UnTEMEcF\dat\cxLyUmvy.exeC:\Windows\SYSTEM32\ntdll.dll4741485a-c841-11e4-8070-2c59e5a45731

    Error: (03/11/2015 06:52:19 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: cxLyUmvy.exe1.0.0.0547ebdbbKERNELBASE.dll6.2.9200.16864531d2be6c06d007e00010f221d9c01d05c4e077b0b16C:\ProgramData\UnTEMEcF\dat\cxLyUmvy.exeC:\Windows\SYSTEM32\KERNELBASE.dll454e8fc0-c841-11e4-8070-2c59e5a45731

    Error: (03/11/2015 06:48:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: prompt.exe1.1.0.010ac01d05bb0bd08d91a4294967295C:\ProgramData\Browser\prompt.exebaacc80c-c840-11e4-8070-2c59e5a45731

    Error: (03/11/2015 06:44:10 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: cxLyUmvy.exe1.0.0.0547ebdbbntdll.dll6.2.9200.1704653b485c4c0000005000435429f801d05c4ce310d11aC:\ProgramData\UnTEMEcF\dat\cxLyUmvy.exeC:\Windows\SYSTEM32\ntdll.dll21857a4d-c840-11e4-8070-2c59e5a45731

    Error: (03/11/2015 06:44:09 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: cxLyUmvy.exe1.0.0.0547ebdbbKERNELBASE.dll6.2.9200.16864531d2be6c06d007e00010f229f801d05c4ce310d11aC:\ProgramData\UnTEMEcF\dat\cxLyUmvy.exeC:\Windows\SYSTEM32\KERNELBASE.dll20dd50b7-c840-11e4-8070-2c59e5a45731

    Error: (03/11/2015 02:11:48 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: cxLyUmvy.exe1.0.0.0547ebdbbntdll.dll6.2.9200.1704653b485c4c00000050004354218f401d05bc241798334C:\ProgramData\UnTEMEcF\dat\cxLyUmvy.exeC:\Windows\SYSTEM32\ntdll.dll7fa760da-c7b5-11e4-8070-2c59e5a45731

    Error: (03/11/2015 02:11:47 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: cxLyUmvy.exe1.0.0.0547ebdbbKERNELBASE.dll6.2.9200.16864531d2be6c06d007e00010f2218f401d05bc241798334C:\ProgramData\UnTEMEcF\dat\cxLyUmvy.exeC:\Windows\SYSTEM32\KERNELBASE.dll7f420c0e-c7b5-11e4-8070-2c59e5a45731

    Error: (03/11/2015 02:04:38 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: cxLyUmvy.exe1.0.0.0547ebdbbntdll.dll6.2.9200.1704653b485c4c000000500043542a2001d05bc14116a51dC:\ProgramData\UnTEMEcF\dat\cxLyUmvy.exeC:\Windows\SYSTEM32\ntdll.dll7f47e004-c7b4-11e4-8070-2c59e5a45731

    Error: (03/11/2015 02:04:37 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: cxLyUmvy.exe1.0.0.0547ebdbbKERNELBASE.dll6.2.9200.16864531d2be6c06d007e00010f22a2001d05bc14116a51dC:\ProgramData\UnTEMEcF\dat\cxLyUmvy.exeC:\Windows\SYSTEM32\KERNELBASE.dll7ede9273-c7b4-11e4-8070-2c59e5a45731

    Error: (03/11/2015 01:56:27 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: cxLyUmvy.exe1.0.0.0547ebdbbntdll.dll6.2.9200.1704653b485c4c0000005000435421b2001d05bc01c6ba074C:\ProgramData\UnTEMEcF\dat\cxLyUmvy.exeC:\Windows\SYSTEM32\ntdll.dll5a97d1b1-c7b3-11e4-8070-2c59e5a45731


    CodeIntegrity Errors:
    ===================================
    Date: 2014-03-15 12:55:29.038
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-03-10 12:58:18.442
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-02-04 19:44:52.668
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-01-18 12:16:44.339
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-01-18 12:13:51.481
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-01-15 08:41:10.758
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-01-13 11:03:41.134
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-01-09 12:21:01.351
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-01-09 09:15:03.725
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-01-08 17:49:55.600
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: AMD E-300 APU with Radeon(tm) HD Graphics
    Percentage of memory in use: 40%
    Total physical RAM: 3682.26 MB
    Available physical RAM: 2201.13 MB
    Total Pagefile: 4610.26 MB
    Available Pagefile: 2348.5 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.85 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:441.6 GB) (Free:381.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (RECOVERY) (Fixed) (Total:23.39 GB) (Free:2.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive e: (Mar 03 2015) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 1E1F4777)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  15. Kevier

    Kevier Thread Starter

    Joined:
    May 7, 2014
    Messages:
    240
    # AdwCleaner v4.112 - Logfile created 11/03/2015 at 19:03:24
    # Updated 09/03/2015 by Xplode
    # Database : 2015-03-05.1 [Server]
    # Operating system : Windows 8 (x64)
    # Username : chopper - KATHY
    # Running from : C:\Users\chopper\Desktop\Anti Spyware\adwcleaner_4.112.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Browser
    Folder Deleted : C:\Users\chopper\AppData\Local\TVWizard

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Web browsers ] *****

    -\\ Internet Explorer v10.0.9200.17183


    -\\ Mozilla Firefox v35.0.1 (x86 en-US)


    *************************

    AdwCleaner[R0].txt - [16122 bytes] - [03/03/2015 17:53:59]
    AdwCleaner[R1].txt - [2639 bytes] - [04/03/2015 17:45:08]
    AdwCleaner[R2].txt - [3017 bytes] - [04/03/2015 17:51:19]
    AdwCleaner[R3].txt - [1097 bytes] - [05/03/2015 06:13:29]
    AdwCleaner[R4].txt - [1159 bytes] - [05/03/2015 06:25:03]
    AdwCleaner[R5].txt - [1275 bytes] - [10/03/2015 10:50:22]
    AdwCleaner[R6].txt - [1433 bytes] - [11/03/2015 18:57:50]
    AdwCleaner[S0].txt - [15221 bytes] - [03/03/2015 17:57:44]
    AdwCleaner[S1].txt - [3020 bytes] - [04/03/2015 17:59:18]
    AdwCleaner[S2].txt - [1166 bytes] - [05/03/2015 06:17:40]
    AdwCleaner[S3].txt - [1344 bytes] - [10/03/2015 10:59:35]
    AdwCleaner[S4].txt - [1364 bytes] - [11/03/2015 19:03:24]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1423 bytes] ##########
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1144176

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice