Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unreachable dll's !! Cant remove them! (dds logs)


  • This topic is locked This topic is locked
27 replies to this topic

#1 hjones315

hjones315

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Detroit,MI
  • Local time:08:38 AM

Posted 02 April 2014 - 10:31 AM

I also just noticed that the Action Security Center keeps telling me I have no antivirus or firewall active when I do....i hope i do.... :-(

 

DDS

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16521
Run by Verner at 10:37:23 on 2014-04-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1788.562 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit = userinit.exe
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{27A7D5CD-4C65-48D1-8E12-722F5038518A} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{27A7D5CD-4C65-48D1-8E12-722F5038518A}\2375942554234393 : DHCPNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-1-15 73856]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-1-15 28800]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-1-15 55280]
R1 MOBKFilter;MOBKFilter;C:\Windows\System32\drivers\MOBK.sys [2014-3-19 66040]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-3-19 328928]
R2 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2014-1-27 311600]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2014-3-19 1025712]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2014-3-19 219752]
R2 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-12-5 783864]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2014-3-19 185792]
R2 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2014-1-27 344688]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-3-20 3921880]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-3-20 171416]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2014-1-27 70592]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-1-15 172704]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-1-15 76912]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2014-1-27 520696]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2014-1-21 422712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-3-20 1042272]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2014-3-19 197704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-28 111616]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-1 119512]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2014-1-21 96592]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-3-27 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-1-15 232480]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-27 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-3-21 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-1-15 98208]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-15 202752]
S4 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
S4 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-3-19 328928]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-3-19 328928]
S4 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2014-3-19 178528]
S4 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-3-19 328928]
S4 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-3-19 328928]
S4 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-3-19 328928]
S4 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
S4 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-1-15 689472]
.
=============== Created Last 30 ================
.
2014-04-02 12:11:22 -------- d-----w- C:\SUPERDelete
2014-04-02 03:08:58 -------- d-----w- C:\ProgramData\Samsung
2014-04-02 02:20:05 -------- d-----w- C:\Users\Verner\AppData\Roaming\Samsung
2014-04-02 02:19:59 144664 ----a-w- C:\Windows\SysWow64\secman.dll
2014-04-02 01:59:14 -------- d-----w- C:\Users\Verner\AppData\Roaming\SUPERAntiSpyware.com
2014-04-02 01:57:46 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-04-02 01:57:46 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2014-04-02 00:32:51 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-02 00:31:39 -------- d-----w- C:\ProgramData\Malwarebytes
2014-04-01 08:27:42 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{295981EE-41EC-4454-9594-64CAB42900A5}\mpengine.dll
2014-04-01 02:36:48 -------- d-----w- C:\Program Files (x86)\Samsung
2014-04-01 02:34:23 -------- d-----w- C:\Users\Verner\AppData\Local\Downloaded Installations
2014-04-01 01:36:14 -------- d-----w- C:\Program Files (x86)\ESET
2014-03-31 23:36:14 -------- d-----w- C:\Windows\ERUNT
2014-03-31 23:14:52 -------- d-----w- C:\AdwCleaner
2014-03-31 08:03:09 -------- d-----r- C:\Program Files (x86)\Skype
2014-03-31 05:05:10 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-03-30 23:55:33 -------- d-----w- C:\FRST
2014-03-30 00:35:46 -------- d-----w- C:\ProgramData\SecTaskMan
2014-03-30 00:35:14 -------- d-----w- C:\Program Files (x86)\Security Task Manager
2014-03-29 00:22:56 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-29 00:22:55 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-28 23:05:48 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2014-03-28 23:00:13 6574592 ----a-w- C:\Windows\System32\mstscax.dll
2014-03-28 23:00:13 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-03-28 15:05:20 -------- d-----w- C:\Users\Verner\AppData\Local\Diagnostics
2014-03-28 13:47:15 -------- d-----w- C:\Windows\pss
2014-03-28 02:10:42 -------- d-----w- C:\Users\Verner\AppData\Roaming\LavasoftStatistics
2014-03-28 01:23:58 -------- d-----w- C:\Windows\Migration
2014-03-28 01:13:10 -------- d-----w- C:\Users\Verner\AppData\Roaming\SecureSearch
2014-03-28 01:05:37 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2014-03-28 00:57:08 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2014-03-28 00:52:13 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-03-28 00:51:33 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2014-03-28 00:50:41 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2014-03-28 00:50:36 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2014-03-28 00:50:34 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2014-03-28 00:50:28 3174912 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-03-28 00:38:36 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-03-28 00:38:34 366592 ----a-w- C:\Windows\System32\qdvd.dll
2014-03-28 00:37:33 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-03-28 00:37:31 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-03-27 23:58:46 -------- d-----w- C:\ProgramData\WEBREG
2014-03-27 23:55:49 -------- d-----w- C:\Users\Verner\AppData\Local\HP
2014-03-27 23:48:21 -------- d-----w- C:\Program Files (x86)\Yahoo!
2014-03-27 23:39:22 -------- d-----w- C:\Windows\SysWow64\spool
2014-03-27 23:36:51 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
2014-03-27 23:36:11 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2014-03-27 23:30:57 -------- d-----w- C:\Program Files (x86)\HP
2014-03-27 23:26:59 -------- d-----w- C:\Program Files\HP
2014-03-27 23:25:27 642360 ----a-w- C:\Windows\System32\hpzids40.dll
2014-03-27 22:38:27 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2014-03-27 22:38:27 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2014-03-27 22:38:25 2871808 ----a-w- C:\Windows\explorer.exe
2014-03-27 22:38:24 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2014-03-27 22:38:21 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-03-27 22:38:21 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-03-27 22:38:20 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-03-27 22:38:20 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-03-27 22:36:05 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-27 22:36:04 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-27 22:35:12 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2014-03-27 22:35:11 67072 ----a-w- C:\Windows\splwow64.exe
2014-03-27 20:54:06 -------- d-----w- C:\Users\Verner\AppData\Local\ElevatedDiagnostics
2014-03-26 00:55:20 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-03-26 00:55:20 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-03-26 00:55:19 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-03-26 00:55:18 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-03-24 21:28:12 1192448 ----a-w- C:\Windows\System32\certutil.exe
2014-03-24 21:28:11 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2014-03-24 21:28:05 52224 ----a-w- C:\Windows\System32\certenc.dll
2014-03-24 21:28:05 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2014-03-24 21:26:31 335360 ----a-w- C:\Windows\System32\msieftp.dll
2014-03-24 21:26:30 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2014-03-24 21:26:28 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2014-03-24 21:26:28 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-03-24 21:26:17 633856 ----a-w- C:\Windows\System32\comctl32.dll
2014-03-24 21:26:15 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2014-03-24 21:25:04 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2014-03-24 21:25:02 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2014-03-24 21:25:02 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2014-03-24 21:25:02 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2014-03-24 21:24:11 224256 ----a-w- C:\Windows\System32\wintrust.dll
2014-03-24 21:24:11 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2014-03-24 21:22:31 111448 ----a-w- C:\Windows\System32\consent.exe
2014-03-24 21:22:29 70144 ----a-w- C:\Windows\System32\appinfo.dll
2014-03-24 21:20:25 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2014-03-24 21:20:24 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2014-03-24 21:20:23 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2014-03-24 21:20:22 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2014-03-24 21:20:21 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2014-03-24 21:20:19 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2014-03-24 21:20:00 484864 ----a-w- C:\Windows\System32\wer.dll
2014-03-24 21:20:00 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-03-24 21:19:58 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2014-03-24 21:19:58 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2014-03-24 21:19:00 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-03-24 21:19:00 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-03-24 21:18:01 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-03-24 21:18:00 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-03-24 21:18:00 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-03-24 21:18:00 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-03-24 21:16:16 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-03-24 21:16:14 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2014-03-24 21:16:14 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2014-03-24 21:16:12 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-03-24 21:16:10 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2014-03-24 21:16:00 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2014-03-24 21:15:58 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2014-03-24 21:15:57 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2014-03-24 21:15:56 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2014-03-24 21:15:54 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2014-03-24 21:15:53 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2014-03-24 21:15:52 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2014-03-24 21:15:16 1930752 ----a-w- C:\Windows\System32\authui.dll
2014-03-24 21:15:14 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2014-03-24 21:15:13 197120 ----a-w- C:\Windows\System32\credui.dll
2014-03-24 21:15:13 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2014-03-24 21:15:12 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2014-03-24 21:15:11 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2014-03-24 21:14:22 41472 ----a-w- C:\Windows\System32\lpk.dll
2014-03-24 21:14:22 368128 ----a-w- C:\Windows\System32\atmfd.dll
2014-03-24 21:14:22 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2014-03-24 21:14:22 14336 ----a-w- C:\Windows\System32\dciman32.dll
2014-03-24 21:14:21 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2014-03-24 21:14:21 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2014-03-24 21:14:21 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2014-03-24 21:14:21 100864 ----a-w- C:\Windows\System32\fontsub.dll
2014-03-24 21:14:19 46080 ----a-w- C:\Windows\System32\atmlib.dll
2014-03-24 21:14:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2014-03-24 21:12:53 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2014-03-24 21:11:59 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-03-24 21:11:59 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-03-24 21:11:58 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-03-24 21:11:57 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-03-24 21:11:57 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-03-24 21:11:57 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-03-24 21:11:56 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-03-24 21:11:44 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2014-03-24 21:11:44 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2014-03-24 21:09:24 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-03-24 21:09:23 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-03-24 21:08:21 185344 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2014-03-24 21:08:21 100864 ----a-w- C:\Windows\System32\drivers\usbcir.sys
2014-03-24 21:07:20 216576 ----a-w- C:\Windows\System32\ncsi.dll
2014-03-24 21:07:19 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2014-03-24 21:07:18 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2014-03-24 21:07:18 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2014-03-24 21:07:17 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2014-03-24 21:07:14 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2014-03-24 21:07:12 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2014-03-24 21:07:07 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2014-03-24 21:07:06 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2014-03-24 21:07:05 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2014-03-24 21:07:05 18944 ----a-w- C:\Windows\System32\netevent.dll
2014-03-24 21:05:49 76800 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2014-03-24 21:05:49 42496 ----a-w- C:\Windows\System32\drivers\usbscan.sys
2014-03-24 21:05:48 32896 ----a-w- C:\Windows\System32\drivers\hidparse.sys
2014-03-24 21:05:39 259584 ----a-w- C:\Windows\System32\WebClnt.dll
2014-03-24 21:05:38 81920 ----a-w- C:\Windows\SysWow64\davclnt.dll
2014-03-24 21:05:38 205824 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2014-03-24 21:05:38 102400 ----a-w- C:\Windows\System32\davclnt.dll
2014-03-24 21:05:37 140800 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2014-03-24 21:05:02 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2014-03-24 21:02:15 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2014-03-24 21:02:09 327168 ----a-w- C:\Windows\System32\mswsock.dll
2014-03-24 21:02:07 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2014-03-24 20:55:42 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-03-24 20:55:41 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-03-24 20:52:07 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-03-24 20:52:07 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-03-24 20:52:03 751104 ----a-w- C:\Windows\System32\win32spl.dll
2014-03-24 20:52:02 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2014-03-24 20:51:56 68608 ----a-w- C:\Windows\System32\taskhost.exe
2014-03-24 20:51:55 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-24 20:51:55 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-24 20:51:09 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2014-03-24 20:51:08 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2014-03-24 20:50:36 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2014-03-24 20:50:36 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2014-03-24 20:50:36 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-03-24 20:50:35 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-03-24 20:50:35 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2014-03-24 20:46:10 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2014-03-24 20:46:10 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2014-03-24 20:46:10 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2014-03-24 20:46:09 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2014-03-24 20:46:09 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2014-03-24 20:45:39 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2014-03-21 16:25:06 -------- d-----w- C:\Windows\System32\SPReview
2014-03-21 16:23:28 -------- d-----w- C:\Windows\System32\EventProviders
2014-03-21 16:10:17 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2014-03-21 15:50:20 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2014-03-21 15:50:20 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2014-03-21 15:48:59 263168 ----a-w- C:\Windows\System32\spwizui.dll
2014-03-21 15:47:59 1525248 ----a-w- C:\Program Files\Windows Media Player\wmpnetwk.exe
2014-03-21 15:46:57 481280 ----a-w- C:\Windows\System32\wmpps.dll
2014-03-21 15:45:59 263168 ----a-w- C:\Windows\System32\vpnike.dll
2014-03-21 15:44:59 228352 ----a-w- C:\Windows\SysWow64\stobject.dll
2014-03-21 15:43:59 611840 ----a-w- C:\Windows\System32\wpd_ci.dll
2014-03-21 15:42:59 233984 ----a-w- C:\Windows\System32\defaultlocationcpl.dll
2014-03-21 15:41:59 537600 ----a-w- C:\Windows\SysWow64\ActionCenterCPL.dll
2014-03-21 15:40:59 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
2014-03-21 15:39:59 94208 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadcf.dll
2014-03-21 15:38:59 7680 ----a-w- C:\Windows\SysWow64\kbdlk41a.dll
2014-03-21 15:37:52 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
2014-03-21 15:37:52 4608 ----a-w- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
2014-03-21 15:37:26 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll
2014-03-21 15:37:25 399872 ----a-w- C:\Windows\System32\dpx.dll
2014-03-21 15:36:36 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll
2014-03-21 15:34:01 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2014-03-21 15:34:01 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2014-03-21 15:34:01 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
2014-03-21 15:22:45 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2014-03-21 15:22:44 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2014-03-21 15:22:16 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2014-03-21 14:34:55 2565632 ----a-w- C:\Windows\System32\esent.dll
2014-03-21 14:34:52 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2014-03-21 14:34:49 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2014-03-21 14:34:47 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2014-03-21 14:34:46 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2014-03-21 14:34:43 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2014-03-21 14:34:42 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2014-03-21 14:34:41 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2014-03-21 14:34:37 96768 ----a-w- C:\Windows\System32\fsutil.exe
2014-03-21 14:34:36 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2014-03-21 13:34:33 -------- d-----w- C:\Windows\SysWow64\Wat
2014-03-21 13:34:33 -------- d-----w- C:\Windows\System32\Wat
2014-03-21 12:21:50 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2014-03-21 12:21:50 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2014-03-21 12:21:50 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-03-21 11:42:22 -------- d-----w- C:\Windows\System32\MRT
2014-03-21 11:39:09 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2014-03-21 11:39:09 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2014-03-21 11:39:08 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2014-03-21 11:39:08 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2014-03-21 11:39:06 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2014-03-21 11:39:06 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2014-03-21 11:39:06 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2014-03-21 11:28:42 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2014-03-21 11:28:36 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2014-03-21 11:28:32 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2014-03-21 11:28:28 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2014-03-21 10:26:43 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-21 10:26:36 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-21 10:26:36 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-21 10:21:02 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2014-03-21 10:21:02 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2014-03-21 10:21:00 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2014-03-21 10:21:00 1118720 ----a-w- C:\Windows\System32\sbe.dll
2014-03-21 10:20:59 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
2014-03-21 10:20:58 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2014-03-21 10:19:12 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2014-03-21 10:19:11 1572864 ----a-w- C:\Windows\System32\quartz.dll
2014-03-21 10:18:56 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2014-03-21 10:18:55 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2014-03-21 10:17:50 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2014-03-21 10:17:44 33792 ----a-w- C:\Windows\System32\profprov.dll
2014-03-21 10:17:44 209920 ----a-w- C:\Windows\System32\profsvc.dll
2014-03-21 10:17:39 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2014-03-21 10:17:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2014-03-21 10:17:37 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2014-03-21 10:12:35 478208 ----a-w- C:\Windows\System32\dpnet.dll
2014-03-21 10:12:35 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2014-03-21 10:12:34 3072 ----a-w- C:\Windows\System32\dpnaddr.dll
2014-03-21 10:12:34 2560 ----a-w- C:\Windows\SysWow64\dpnaddr.dll
2014-03-21 10:10:03 800768 ----a-w- C:\Windows\System32\usp10.dll
2014-03-21 10:10:02 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-03-21 10:07:17 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2014-03-21 10:07:17 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2014-03-21 10:07:16 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2014-03-21 10:07:15 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2014-03-21 10:07:15 288256 ----a-w- C:\Windows\System32\MSNP.ax
2014-03-21 10:07:14 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2014-03-21 10:07:13 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2014-03-21 10:07:12 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2014-03-21 10:07:11 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2014-03-21 10:07:10 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2014-03-21 10:06:52 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2014-03-21 10:06:47 723456 ----a-w- C:\Windows\System32\EncDec.dll
2014-03-21 10:06:46 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2014-03-21 10:06:19 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2014-03-21 10:03:34 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2014-03-21 10:03:28 715776 ----a-w- C:\Windows\System32\kerberos.dll
2014-03-21 10:03:28 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-03-21 10:03:19 3216384 ----a-w- C:\Windows\System32\msi.dll
2014-03-21 10:03:18 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2014-03-21 09:56:35 95744 ----a-w- C:\Windows\System32\synceng.dll
2014-03-21 09:56:35 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2014-03-21 09:56:17 605552 ----a-w- C:\Windows\System32\winload.exe
2014-03-21 09:56:15 642944 ----a-w- C:\Windows\System32\winload.efi
2014-03-21 09:56:13 518672 ----a-w- C:\Windows\System32\winresume.exe
2014-03-21 09:56:12 566208 ----a-w- C:\Windows\System32\winresume.efi
2014-03-21 09:56:10 20352 ----a-w- C:\Windows\System32\kdusb.dll
2014-03-21 09:56:10 19328 ----a-w- C:\Windows\System32\kd1394.dll
2014-03-21 09:56:09 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2014-03-21 09:56:09 17792 ----a-w- C:\Windows\System32\kdcom.dll
2014-03-21 09:53:48 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2014-03-21 09:53:48 207872 ----a-w- C:\Windows\System32\cfgmgr32.dll
2014-03-21 09:53:48 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2014-03-21 09:53:47 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2014-03-21 09:53:46 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2014-03-21 09:53:46 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2014-03-21 09:46:59 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2014-03-21 09:46:57 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2014-03-21 09:46:18 136704 ----a-w- C:\Windows\System32\browser.dll
2014-03-21 09:46:12 59392 ----a-w- C:\Windows\System32\browcli.dll
2014-03-21 09:46:06 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2014-03-21 09:45:17 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2014-03-21 09:45:17 31232 ----a-w- C:\Windows\System32\prevhost.exe
2014-03-21 09:45:08 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2014-03-21 09:45:02 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-03-21 09:45:01 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-03-21 09:45:01 296960 ----a-w- C:\Windows\System32\rstrui.exe
2014-03-21 09:44:54 974336 ----a-w- C:\Windows\System32\WFS.exe
2014-03-21 09:44:54 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2014-03-21 09:44:47 956928 ----a-w- C:\Windows\System32\localspl.dll
2014-03-21 09:44:46 39424 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\winprint.dll
2014-03-21 09:44:37 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2014-03-21 09:44:33 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2014-03-21 09:43:58 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-03-21 09:43:57 331776 ----a-w- C:\Windows\System32\oleacc.dll
2014-03-21 09:43:56 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2014-03-21 09:43:55 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-03-21 08:48:34 2164224 ----a-w- C:\Program Files\Windows Journal\Journal.exe
2014-03-21 08:15:08 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2014-03-21 08:15:07 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2014-03-21 08:15:06 126976 ----a-w- C:\Program Files\Common Files\System\Ole DB\msdaosp.dll
2014-03-21 08:15:05 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2014-03-21 08:15:04 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2014-03-21 08:15:03 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2014-03-21 08:15:02 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2014-03-21 08:15:01 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2014-03-21 08:15:00 94208 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\msdaosp.dll
2014-03-21 08:15:00 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2014-03-21 08:14:59 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2014-03-21 08:14:41 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2014-03-21 08:14:40 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2014-03-21 08:13:11 142336 ----a-w- C:\Windows\System32\poqexec.exe
2014-03-21 08:13:10 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2014-03-21 08:12:20 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2014-03-21 08:11:49 5120 ----a-w- C:\Windows\System32\wmi.dll
2014-03-21 08:11:48 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2014-03-21 05:54:13 2315776 ----a-w- C:\Windows\System32\tquery.dll
2014-03-21 05:54:09 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2014-03-21 05:54:04 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2014-03-21 05:54:03 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2014-03-21 05:54:00 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2014-03-21 05:51:41 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2014-03-21 05:51:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2014-03-21 05:51:39 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2014-03-21 05:51:32 395776 ----a-w- C:\Windows\System32\webio.dll
2014-03-21 05:51:31 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2014-03-21 05:47:55 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2014-03-21 05:47:34 515584 ----a-w- C:\Windows\System32\timedate.cpl
2014-03-21 05:47:32 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2014-03-21 05:40:12 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2014-03-21 05:40:12 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2014-03-21 05:40:12 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2014-03-21 05:40:08 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2014-03-21 03:38:05 77312 ----a-w- C:\Windows\System32\packager.dll
2014-03-21 03:38:04 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-03-20 05:38:51 -------- d-----w- C:\Program Files (x86)\Your Uninstaller! 7
2014-03-20 05:38:41 -------- d-----w- C:\Users\Verner\AppData\Roaming\URSoft
2014-03-20 05:00:43 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-03-20 05:00:35 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-03-20 05:00:20 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-20 04:59:53 -------- d-----w- C:\Users\Verner\AppData\Local\Programs
2014-03-20 04:57:19 -------- d-----w- C:\Program Files\CCleaner
2014-03-20 04:03:33 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-03-20 04:02:01 -------- d-----w- C:\Program Files (x86)\McAfeeMOBK
2014-03-20 04:01:48 66040 ----a-w- C:\Windows\System32\drivers\MOBK.sys
2014-03-20 04:01:48 197704 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
2014-03-20 04:01:40 -------- d-----w- C:\Program Files (x86)\McAfee Online Backup
2014-03-20 04:00:50 -------- d-----w- C:\Program Files (x86)\McAfee.com
2014-03-20 03:59:44 -------- d-----w- C:\Program Files\McAfee.com
2014-03-20 03:59:43 -------- d-----w- C:\Program Files\McAfee
2014-03-20 03:59:41 -------- d-----w- C:\Program Files (x86)\McAfee
2014-03-20 03:46:06 185792 ----a-w- C:\Windows\System32\mfevtps.exe
2014-03-20 03:46:01 -------- d-----w- C:\Program Files\Common Files\McAfee
2014-03-20 03:05:51 -------- d-----w- C:\Users\Verner\AppData\Local\Google
2014-03-20 03:05:30 -------- d-----w- C:\Users\Verner\AppData\Local\Apps
2014-03-20 03:05:29 -------- d-----w- C:\Users\Verner\AppData\Local\Deployment
2014-03-20 02:30:13 -------- d-----w- C:\Users\Verner\My Backup Files
2014-03-20 02:14:33 101376 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL
2014-03-20 02:13:32 -------- d-----w- C:\Users\Verner\AppData\Roaming\Dell
2014-03-20 02:13:11 -------- d-----w- C:\Users\Verner\AppData\Local\ATI
2014-03-20 02:12:07 -------- d-sh--w- C:\$RECYCLE.BIN
2014-03-20 02:11:55 -------- d-----w- C:\Users\Verner\AppData\Local\Stardock_Corporation
2014-03-20 02:11:49 -------- d-----w- C:\Users\Verner\AppData\Local\SoftThinks
2014-03-20 02:11:16 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2014-03-20 02:11:16 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2014-03-20 02:11:16 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2014-03-20 02:11:02 -------- d-----w- C:\Users\Verner\AppData\Local\VirtualStore
2014-03-20 02:06:16 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2014-03-20 02:06:07 99840 ----a-w- C:\Windows\System32\wudriver.dll
2014-03-20 02:05:38 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-03-20 02:05:38 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2014-03-20 02:03:50 -------- d-sh--we C:\Documents and Settings
2014-03-19 03:35:24 -------- d-----w- C:\Windows\SMINST
2014-03-11 20:07:42 4550656 ----a-w- C:\Windows\SysWow64\GPhotos.scr
.
==================== Find3M  ====================
.
2014-03-25 23:44:37 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-21 17:55:21 175616 ----a-w- C:\Windows\System32\msclmd.dll
2014-03-21 17:55:21 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-01-27 13:43:26 70592 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2014-01-27 13:37:32 344688 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2014-01-27 13:33:26 783864 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2014-01-27 13:31:34 520696 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2014-01-27 13:30:06 311600 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2014-01-27 13:29:22 180272 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2014-01-21 08:50:46 11336 ----a-w- C:\Windows\System32\drivers\mfeclnrk.sys
2014-01-21 08:50:24 96592 ----a-w- C:\Windows\System32\drivers\mfencrk.sys
2014-01-21 08:50:02 422712 ----a-w- C:\Windows\System32\drivers\mfencbdc.sys
.
============= FINISH: 10:39:31.24 ===============
 
 


BC AdBot (Login to Remove)

 


#2 hjones315

hjones315
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Detroit,MI
  • Local time:08:38 AM

Posted 02 April 2014 - 10:40 AM

sorry...my pc is really dragging, didnt mean to double post....you can delete the 2nd one, i couldnt find a way to....



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,774 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:38 AM

Posted 06 April 2014 - 01:20 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#4 hjones315

hjones315
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Detroit,MI
  • Local time:08:38 AM

Posted 07 April 2014 - 06:21 AM

ok ty...



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,774 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:38 AM

Posted 13 April 2014 - 09:59 AM

Are you still with me?

#6 hjones315

hjones315
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Detroit,MI
  • Local time:08:38 AM

Posted 13 April 2014 - 10:10 AM

yes I am!! been allowing my son to do/finish a school project will jump right on it after I get off work today, my apologies!

#7 hjones315

hjones315
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Detroit,MI
  • Local time:08:38 AM

Posted 13 April 2014 - 07:55 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/13/2014
Scan Time: 6:01:43 PM
Logfile: mbam scanlog.txt
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.04.13.08
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Verner
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 250356
Time Elapsed: 1 hr, 11 min, 27 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\TYPELIB\{363BB65D-1747-4826-B445-1DA6244E2037}, Quarantined, [ae2eae7b5922013529dd2a3fe9187789], 
PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{363BB65D-1747-4826-B445-1DA6244E2037}, Quarantined, [ae2eae7b5922013529dd2a3fe9187789], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 3
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[d20a7faa6714f244b037da4651b36a96]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-4222466195-2498842412-1836708999-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://feed.helperbar.com/?p=mKO_AwFzXIpYRbPPq_NcKDZkQXPy4TZR44LspvC9sb99JtP_8ppO11zBlE0vSwMO58K8TjDttiTWDDgGW13IfZ1O5PnZ2cTgBwiY1SZqU-bZllL2hRp1C7qd4eyIssPWEnnSuhfhxLpL3QgTnlgUUaOxo5eRSwaWyWsU9yw_mWJfr84BJI6Q8bxauaev&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRbPPq_NcKDZkQXPy4TZR44LspvC9sb99JtP_8ppO11zBlE0vSwMO58K8TjDttiTWDDgGW13IfZ1O5PnZ2cTgBwiY1SZqU-bZllL2hRp1C7qd4eyIssPWEnnSuhfhxLpL3QgTnlgUUaOxo5eRSwaWyWsU9yw_mWJfr84BJI6Q8bxauaev&q={searchTerms}),Replaced,[d00c0425b3c849ed8d76d74006fe50b0]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-4222466195-2498842412-1836708999-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://feed.helperbar.com/?p=mKO_AwFzXIpYRbPPq_NcKDZkQXPy4TZR44LspvC9sb99JtP_8ppO11zBlE0vSwMO58K8TjDttiTWDDgGW13IfZ1O5PnZ2cTgBwiY1SZqU-bZllL2hRp1C7qd4eyIssPWEnnSuhfhxLpL3QgTnlgUUaOxo5eRSwaWyWsU9yw_mWJfr84BJI6Q8bxauaev&q={searchTerms}, Good: (http://www.google.com), Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRbPPq_NcKDZkQXPy4TZR44LspvC9sb99JtP_8ppO11zBlE0vSwMO58K8TjDttiTWDDgGW13IfZ1O5PnZ2cTgBwiY1SZqU-bZllL2hRp1C7qd4eyIssPWEnnSuhfhxLpL3QgTnlgUUaOxo5eRSwaWyWsU9yw_mWJfr84BJI6Q8bxauaev&q={searchTerms}),Replaced,[7c60230699e266d02ec1b36dd62e09f7]
 
Folders: 0
(No malicious items detected)
 
Files: 3
PUP.Optional.Amonetize, C:\Users\Verner\AppData\Local\41\a18467.exe, Quarantined, [ae2eae7b5922013529dd2a3fe9187789], 
PUP.Optional.SmartBar, C:\WINDOWS\Installer\MSIC304.tmp-\Smartbar.Installer.CustomActions.dll, Quarantined, [9745ff2a354665d13ada0b23d62a6799], 
PUP.Optional.PCPerformer.A, C:\WINDOWS\System32\roboot64.exe, Quarantined, [fedef039f6857bbb9356c5acff03df21], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#8 hjones315

hjones315
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Detroit,MI
  • Local time:08:38 AM

Posted 13 April 2014 - 07:58 PM

# AdwCleaner v3.023 - Report created 13/04/2014 at 18:19:01
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Verner - VERNER-PC
# Running from : C:\Users\Verner\Desktop\adwcleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found C:\Users\Verner\AppData\Roaming\Oxy
Folder Found C:\Users\Verner\AppData\Roaming\Systweak
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\Software\systweak
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Google Chrome v34.0.1847.116
 
[ File : C:\Users\Verner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R2].txt - [768 octets] - [13/04/2014 18:19:01]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [827 octets] ##########
 
 
 


#9 hjones315

hjones315
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Detroit,MI
  • Local time:08:38 AM

Posted 13 April 2014 - 08:09 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2014
Ran by Verner (administrator) on VERNER-PC on 13-04-2014 18:30:11
Running from C:\Users\Verner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Dropbox, Inc.) C:\Users\Verner\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10810912 2010-05-20] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3202928 2010-04-02] (Dell Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_ultimateprotectionsuite.exe" -autorun
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2014-03-21] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Verner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Verner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-03-27]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Docs) - C:\Users\Verner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-06]
CHR Extension: (Google Drive) - C:\Users\Verner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-06]
CHR Extension: (YouTube) - C:\Users\Verner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-06]
CHR Extension: (Google Search) - C:\Users\Verner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-06]
CHR Extension: (Google Wallet) - C:\Users\Verner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-06]
CHR Extension: (Gmail) - C:\Users\Verner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-06]

==================== Services (Whitelisted) =================

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 HPSLPSVC; C:\Users\Verner\AppData\Local\Temp\7zS0A12\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)

Attached Files

  • Attached File  FRST.txt   250.54KB   1 downloads

Edited by nasdaq, 14 April 2014 - 07:44 AM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,774 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:38 AM

Posted 14 April 2014 - 07:53 AM

Nothing suspicious was found on your FRST log.

==

Let try this.

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Let me know if the problem persists and in which browser(s)
Chrome, Internet Explorer or Firefox,

#11 hjones315

hjones315
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Detroit,MI
  • Local time:08:38 AM

Posted 14 April 2014 - 08:09 AM

ok, on it now......

does it make a difference that i tried to get rid of viruses that i couldnt manually/easily get off by reinstalling windows back to manufacturers settings?



#12 hjones315

hjones315
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Detroit,MI
  • Local time:08:38 AM

Posted 14 April 2014 - 09:34 AM

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Verner [Admin rights]
Mode : Remove -- Date : 04/14/2014 09:24:22
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 8 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> [0x2] The system cannot find the file specified. 
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified. 
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS545025B9A300 SATA Disk Device +++++
--- User ---
[MBR] 5f63388dfa5ac8663c8dd9d07af149ca
[BSP] bf9427581940fadf4036a885aa73619b : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 223373 MB
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_04142014_092422.txt >>
RKreport[0]_S_04142014_092313.txt


#13 hjones315

hjones315
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Detroit,MI
  • Local time:08:38 AM

Posted 14 April 2014 - 09:35 AM

bigfile_zps210ef7f0.jpg

 

rundll_zps8e51709c.jpg

 

taskmngr_zps606f5c21.jpg



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,774 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:38 AM

Posted 14 April 2014 - 12:30 PM

does it make a difference that i tried to get rid of viruses that i couldnt manually/easily get off by reinstalling windows back to manufacturers settings?


Dis you reinstall the windows back to the Manufacturers' setting?
When did you do it?

If yes then how is the computer performing?

#15 hjones315

hjones315
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Detroit,MI
  • Local time:08:38 AM

Posted 14 April 2014 - 12:49 PM

yes, my son had so many spyware's and viruses on it, I was able to get off the majority of them but a couple of them wasn't budging. Search engines and dlls. So I figured if I reset it back to manfctr settings they would go away like they have before when I did it. Once I did it I still noticed the DLLs, my memory was low,my browser drags and my sound and videos play crappy and that's when I came here.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users