Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware specifially Cosstminn ads


  • This topic is locked This topic is locked
9 replies to this topic

#1 CannuckBrit

CannuckBrit

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 02 August 2014 - 01:00 PM

I would like help to remove these very annoying ads that keep appearing on all the internet pages that I open.  There is a highlighted word with a green icon above it and if I move my cursor over this it opens up a box with all kinds of ads in it from Cosstminn.

I have downloaded malwarebytes and run several scans which has removed various files etc. but cannot seem to get rid of Cosstminn.

I downloaded the Farbar Recovery Tool and my scan logs are attached.

I am using windows 8.1.

I would be very grateful if you help with this.

Thanks!

Attached Files


Edited by CannuckBrit, 02 August 2014 - 01:17 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 07 August 2014 - 01:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/543113 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 CannuckBrit

CannuckBrit
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 07 August 2014 - 05:59 PM

I am using windows 8.1 on a laptop and it came already with windows installed, I do not have a DVD. I have tried downloading from the DDS.com link but when I click run it returns an error message "DDS is not meant to run in 'compatibility mode' the program shall now exit". The download link shows that it is for windows xp/vista, could this be my problem?

Thanks


Edited by CannuckBrit, 07 August 2014 - 06:05 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:47 AM

Posted 08 August 2014 - 07:45 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#5 CannuckBrit

CannuckBrit
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 08 August 2014 - 05:54 PM

Here are the logs from the scans I carried out:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2014-08-08
Scan Time: 5:32:24 PM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.08.05
Rootkit Database: v2014.08.04.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Janet Wilkins

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 326061
Time Elapsed: 23 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
PUP.Optional.Superfish.A, C:\Users\Janet Wilkins\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Delete-on-Reboot, [d4c4a12115665ed8b5f8feedb9497789],
PUP.Optional.Superfish.A, C:\Users\Janet Wilkins\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Delete-on-Reboot, [0593863c92e90e283c71797228dac43c],
PUP.Optional.Conduit.A, C:\Users\Janet Wilkins\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://search.conduit.com/?CUI=UN32967797655513976&ctid=CT3282134&SearchSource=48&UP=SP0B7FA3FC-CF76-4038-BB32-F4DDC946B00C&SSPV=",), Replaced,[35630fb3700b76c019cb48b0bc48b54b]

Physical Sectors: 0
(No malicious items detected)


(end)

# AdwCleaner v3.304 - Report created 08/08/2014 at 19:15:58
# Updated 08/08/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : Janet Wilkins - JANET
# Running from : C:\Users\Janet Wilkins\Downloads\adwcleaner_3.304.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\ProgramData\couponnpeaak
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Janet Wilkins\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Janet Wilkins\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Janet Wilkins\AppData\Local\Pokki
Folder Deleted : C:\Users\Janet Wilkins\AppData\Local\torch
Folder Deleted : C:\Users\Janet Wilkins\AppData\Roaming\Activeris
Folder Deleted : C:\Users\Janet Wilkins\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Janet Wilkins\Documents\Optimizer Pro
Folder Deleted : C:\Users\Public\Pokki
File Deleted : C:\END
File Deleted : C:\Users\Janet Wilkins\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Janet Wilkins\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : ASP

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\pokki
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\Software\GlobalUpdate
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Tutorials
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\Janet Wilkins\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Homepage] : hxxp://search.conduit.com/?CUI=UN32967797655513976&ctid=CT3282134&SearchSource=48&UP=SP0B7FA3FC-CF76-4038-BB32-F4DDC946B00C&SSPV=
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [4951 octets] - [08/08/2014 19:09:29]
AdwCleaner[S0].txt - [4573 octets] - [08/08/2014 19:15:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4633 octets] ##########



Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-08-2014
Ran by Janet Wilkins (administrator) on JANET on 08-08-2014 19:39:16
Running from C:\Users\Janet Wilkins\Downloads
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Janet Wilkins\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-10-01] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13657304 2013-10-18] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [51456 2014-07-22] (Acer Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-2163079962-4274105740-2544478712-1001\...\Run: [AcerCloud] => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [18247424 2014-02-13] (Acer Incorporated)
HKU\S-1-5-21-2163079962-4274105740-2544478712-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2163079962-4274105740-2544478712-1001\...\RunOnce: [Application Restart #1] => C:\Users\Janet Wilkins\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-clie (the data entry has 556 more characters).
HKU\S-1-5-21-2163079962-4274105740-2544478712-1001\...\MountPoints2: {87d20828-d5cf-11e3-825b-28e3470e7301} - "D:\iStudio.exe"
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM - {CEFA20CA-5B05-44BC-908B-ACD5E13AEA8C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJB
SearchScopes: HKLM-x32 - {CEFA20CA-5B05-44BC-908B-ACD5E13AEA8C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJB
SearchScopes: HKCU - {1F2AEA32-6D4F-42D9-970B-9A81232916C5} URL = http://ca.search.yahoo.com/search?fr=mcafee&type=A011CA662&p={SearchTerms}
SearchScopes: HKCU - {CEFA20CA-5B05-44BC-908B-ACD5E13AEA8C} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\PROGRA~2\mcafee\siteadvisor\x64\mcieplg.dll No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\PROGRA~2\mcafee\siteadvisor\mcieplg.dll No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\siteadvisor\x64\mcieplg.dll No File
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\siteadvisor\mcieplg.dll No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\siteadvisor\x64\mcieplg.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\siteadvisor\x64\mcieplg.dll No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\siteadvisor\mcieplg.dll No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\siteadvisor\mcieplg.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Windows\SysWOW64\wlidNSP.dll [49664] (Microsoft Corporation)
Winsock: Catalog5 08 C:\Windows\SysWOW64\wlidNSP.dll [49664] (Microsoft Corporation)
Winsock: Catalog5-x64 07 C:\Windows\system32\wlidnsp.dll [73216] (Microsoft Corporation)
Winsock: Catalog5-x64 08 C:\Windows\system32\wlidnsp.dll [73216] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?CUI=UN32967797655513976&ctid=CT3282134&SearchSource=48&UP=SP0B7FA3FC-CF76-4038-BB32-F4DDC946B00C&SSPV=
CHR DefaultNewTabURL:
CHR Extension: (Google Drive) - C:\Users\Janet Wilkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-19]
CHR Extension: (YOUZEEK Free Music) - C:\Users\Janet Wilkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcgpdkighmjfjlplcighhgamlhkimce [2014-07-27]
CHR Extension: (YouTube) - C:\Users\Janet Wilkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-19]
CHR Extension: (Google Search) - C:\Users\Janet Wilkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-19]
CHR Extension: (cosstminn) - C:\Users\Janet Wilkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejmdbpkoifecioaiggnfcomnadicejdh [2014-07-31]
CHR Extension: (Hola Better Internet) - C:\Users\Janet Wilkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-04-19]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\Janet Wilkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2014-04-19]
CHR Extension: (CPDD-Blossom) - C:\Users\Janet Wilkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlialpgnoagkdecfaggejocpfdbommon [2014-04-19]
CHR Extension: (Google Wallet) - C:\Users\Janet Wilkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-19]
CHR Extension: (Gmail) - C:\Users\Janet Wilkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-19]
CHR Extension: (cosstminn) - C:\Users\Janet Wilkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejmdbpkoifecioaiggnfcomnadicejdh\2.0 [2014-07-31]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 0093271406840291mcinstcleanup; C:\Users\Janet Wilkins\AppData\Local\Temp\0093271406840291mcinst.exe [834664 2013-07-12] (McAfee, Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows ® Win 7 DDK provider)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [3058944 2014-07-22] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356912 2014-07-19] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-10-01] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel® Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-02] (Symantec Corporation)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457768 2013-08-02] (Acer Incorporate)
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [448040 2013-08-02] (Acer Incorporate)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-02] (Intel Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-08 19:38 - 2014-08-08 19:38 - 02094080 _____ (Farbar) C:\Users\Janet Wilkins\Downloads\FRST64 (2).exe
2014-08-08 19:31 - 2014-08-08 19:33 - 00000254 _____ () C:\Users\Janet Wilkins\Downloads\Search.txt
2014-08-08 19:23 - 2014-08-08 19:23 - 02094080 _____ (Farbar) C:\Users\Janet Wilkins\Downloads\FRST64 (1).exe
2014-08-08 19:10 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-08 19:09 - 2014-08-08 19:18 - 00000000 ____D () C:\AdwCleaner
2014-08-08 18:10 - 2014-08-08 18:10 - 01366203 _____ () C:\Users\Janet Wilkins\Downloads\adwcleaner_3.304.exe
2014-08-08 18:09 - 2014-08-08 18:09 - 00001753 _____ () C:\Users\Janet Wilkins\Desktop\MBAM.txt
2014-08-08 17:28 - 2014-08-08 17:28 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-08 17:24 - 2014-08-08 17:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Janet Wilkins\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-07 23:29 - 2014-08-07 23:29 - 00688992 _____ (Swearware) C:\Users\Janet Wilkins\Downloads\dds.com
2014-08-02 22:27 - 2014-08-02 22:28 - 08292476 _____ () C:\Users\Janet Wilkins\Downloads\HotAirBalloons (1).themepack
2014-08-02 22:08 - 2014-08-02 22:08 - 08292476 _____ () C:\Users\Janet Wilkins\Downloads\HotAirBalloons.themepack
2014-08-02 22:06 - 2014-08-02 22:07 - 11617413 _____ () C:\Users\Janet Wilkins\Downloads\ColorSplash.themepack
2014-08-02 22:04 - 2014-08-02 22:04 - 14790110 _____ () C:\Users\Janet Wilkins\Downloads\LondonArchitectureImranMirza.themepack
2014-08-02 15:01 - 2014-08-02 15:01 - 00036221 _____ () C:\Users\Janet Wilkins\Downloads\Addition (1).txt
2014-08-02 14:34 - 2014-08-02 14:35 - 00036221 _____ () C:\Users\Janet Wilkins\Downloads\Addition.txt
2014-08-02 14:33 - 2014-08-08 19:39 - 00020186 _____ () C:\Users\Janet Wilkins\Downloads\FRST.txt
2014-08-02 14:30 - 2014-08-08 19:39 - 00000000 ____D () C:\FRST
2014-08-02 14:26 - 2014-08-02 14:27 - 02094080 _____ (Farbar) C:\Users\Janet Wilkins\Downloads\FRST64.exe
2014-08-01 21:03 - 2014-08-08 19:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 21:03 - 2014-08-08 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-01 21:03 - 2014-08-08 17:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-01 21:03 - 2014-08-01 21:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 21:03 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-01 21:03 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-01 21:03 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-01 21:01 - 2014-08-01 21:02 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Janet Wilkins\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-31 19:20 - 2014-07-31 19:21 - 00002096 _____ () C:\install.log
2014-07-31 19:19 - 2014-07-31 19:19 - 00000045 _____ () C:\user.js
2014-07-31 19:15 - 2014-07-31 19:15 - 00000000 ____D () C:\Users\Janet Wilkins\AppData\Local\com
2014-07-31 19:12 - 2014-07-31 20:04 - 00000000 ____D () C:\ProgramData\8f08eb1026db07cd
2014-07-31 19:12 - 2014-07-31 19:12 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-31 19:11 - 2014-07-31 19:11 - 00000000 ____D () C:\Users\Janet Wilkins\AppData\Local\Comodo
2014-07-31 19:11 - 2014-07-31 19:11 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-31 19:11 - 2014-07-31 19:11 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-31 19:11 - 2014-07-31 19:11 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-07-31 19:11 - 2014-07-31 19:11 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-07-31 19:11 - 2014-07-31 19:11 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-07-31 19:11 - 2014-07-31 19:11 - 00000000 ____D () C:\Users\Guest
2014-07-31 19:11 - 2014-07-31 19:11 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-31 19:11 - 2014-07-31 19:11 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-31 19:11 - 2014-07-31 19:11 - 00000000 ____D () C:\Users\Administrator
2014-07-31 18:13 - 2014-07-31 18:13 - 00000000 ___HD () C:\kleaner.tmp
2014-07-31 17:54 - 2014-07-31 17:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-07-31 17:43 - 2014-07-31 17:53 - 169730368 _____ (Kaspersky Lab) C:\Users\Janet Wilkins\Downloads\kis15.0.0.463EN_6013.exe
2014-07-24 22:19 - 2014-07-24 22:20 - 00053988 _____ () C:\Users\Janet Wilkins\Downloads\Schedule 2014.xlsx
2014-07-22 21:59 - 2014-07-22 21:59 - 00000000 ____D () C:\Users\Janet Wilkins\AppData\Roaming\Atheros
2014-07-22 21:59 - 2014-07-22 21:59 - 00000000 ____D () C:\ProgramData\Atheros
2014-07-22 21:58 - 2014-06-26 17:55 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-22 21:58 - 2014-06-26 17:55 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-22 21:53 - 2014-07-22 21:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-22 21:46 - 2014-04-14 00:29 - 01018880 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-07-19 22:37 - 2014-06-30 19:45 - 00688128 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-19 22:37 - 2014-06-28 04:48 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-19 22:37 - 2014-06-28 04:07 - 00385536 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-07-19 20:12 - 2014-07-19 20:16 - 00000000 ____D () C:\Program Files\Common Files\QCA_Bluetooth
2014-07-19 20:03 - 2013-08-07 20:41 - 03915264 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athw8x.sys
2014-07-19 13:48 - 2014-06-18 22:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-19 13:48 - 2014-06-18 21:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-19 13:48 - 2014-06-18 20:46 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-19 13:48 - 2014-06-18 19:57 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-19 13:48 - 2014-06-16 19:26 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-19 13:48 - 2014-06-16 19:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-19 13:48 - 2014-06-06 11:20 - 04190720 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-19 13:48 - 2014-05-30 00:03 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-19 13:48 - 2014-05-29 09:02 - 00565576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-07-19 13:48 - 2014-05-29 04:55 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-07-19 13:48 - 2014-05-29 03:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-07-19 13:48 - 2014-05-29 03:37 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-07-19 13:48 - 2014-05-29 02:34 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-07-19 13:48 - 2014-05-29 02:27 - 01417216 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-19 13:47 - 2014-06-18 21:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-19 13:47 - 2014-06-18 21:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-19 13:47 - 2014-06-18 20:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-19 13:47 - 2014-06-18 20:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-19 13:47 - 2014-06-18 20:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-19 13:47 - 2014-06-18 20:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-19 13:47 - 2014-06-18 20:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-19 13:47 - 2014-06-18 20:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-19 13:47 - 2014-06-18 20:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-19 13:47 - 2014-06-18 20:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-19 13:47 - 2014-06-18 19:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-19 13:47 - 2014-06-18 19:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-19 13:47 - 2014-06-18 19:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-19 13:47 - 2014-06-18 19:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-19 13:47 - 2014-06-18 19:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-19 13:47 - 2014-06-18 19:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-19 13:47 - 2014-06-18 19:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-19 13:47 - 2014-06-18 19:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-19 13:47 - 2014-06-18 19:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-19 13:47 - 2014-06-18 19:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-19 13:47 - 2014-06-18 19:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-19 13:47 - 2014-06-18 19:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-19 13:47 - 2014-06-18 19:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-19 13:47 - 2014-06-06 10:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-19 13:47 - 2014-06-06 09:18 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-19 13:47 - 2014-05-31 07:07 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-19 13:47 - 2014-05-31 07:06 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-07-19 13:47 - 2014-05-31 00:40 - 13287936 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-07-19 13:47 - 2014-05-31 00:30 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-07-19 13:47 - 2014-05-30 23:48 - 03463680 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-19 13:47 - 2014-05-30 23:37 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-07-19 13:47 - 2014-05-30 23:36 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-19 13:47 - 2014-05-30 23:35 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-07-19 13:47 - 2014-05-30 23:32 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-19 13:46 - 2014-05-31 00:12 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-19 13:46 - 2014-05-31 00:06 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-19 13:46 - 2014-05-31 00:03 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-19 13:46 - 2014-05-31 00:01 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-19 13:46 - 2014-05-30 23:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-19 13:46 - 2014-05-30 23:54 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2021-10-21 10:36 - 2014-02-10 14:34 - 00000852 _____ () C:\Windows\system32\Drivers\RTKHDRC.dat
2021-10-04 04:34 - 2014-02-10 14:34 - 00000712 _____ () C:\Windows\system32\Drivers\RTMICEQ0.dat
2014-08-08 19:39 - 2014-08-02 14:33 - 00020186 _____ () C:\Users\Janet Wilkins\Downloads\FRST.txt
2014-08-08 19:39 - 2014-08-02 14:30 - 00000000 ____D () C:\FRST
2014-08-08 19:38 - 2014-08-08 19:38 - 02094080 _____ (Farbar) C:\Users\Janet Wilkins\Downloads\FRST64 (2).exe
2014-08-08 19:33 - 2014-08-08 19:31 - 00000254 _____ () C:\Users\Janet Wilkins\Downloads\Search.txt
2014-08-08 19:33 - 2014-02-10 14:12 - 01909868 _____ () C:\Windows\WindowsUpdate.log
2014-08-08 19:30 - 2013-08-22 12:36 - 00000000 ____D () C:\Windows\system32\sru
2014-08-08 19:26 - 2014-02-10 15:53 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1E3F42A5-1DC0-4653-9ED3-2AF5A7B70FA8}
2014-08-08 19:23 - 2014-08-08 19:23 - 02094080 _____ (Farbar) C:\Users\Janet Wilkins\Downloads\FRST64 (1).exe
2014-08-08 19:23 - 2014-08-01 21:03 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-08 19:20 - 2014-05-07 20:40 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6a4dc59ddd57.job
2014-08-08 19:20 - 2014-04-19 17:29 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-08 19:20 - 2013-11-27 23:37 - 00050430 _____ () C:\Windows\PFRO.log
2014-08-08 19:20 - 2013-08-22 11:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-08 19:19 - 2013-08-22 10:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-08-08 19:18 - 2014-08-08 19:09 - 00000000 ____D () C:\AdwCleaner
2014-08-08 18:10 - 2014-08-08 18:10 - 01366203 _____ () C:\Users\Janet Wilkins\Downloads\adwcleaner_3.304.exe
2014-08-08 18:09 - 2014-08-08 18:09 - 00001753 _____ () C:\Users\Janet Wilkins\Desktop\MBAM.txt
2014-08-08 17:56 - 2014-02-10 15:39 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2163079962-4274105740-2544478712-1001
2014-08-08 17:51 - 2014-05-07 20:41 - 00004992 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for JANET-Janet Wilkins Janet
2014-08-08 17:50 - 2014-04-19 17:29 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-08 17:37 - 2014-04-27 22:34 - 00000000 ____D () C:\Users\Janet Wilkins\AppData\Local\CrashDumps
2014-08-08 17:31 - 2014-04-19 17:10 - 00000000 __RDO () C:\Users\Janet Wilkins\SkyDrive
2014-08-08 17:30 - 2014-04-23 21:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-08 17:29 - 2013-08-22 12:36 - 00000000 ____D () C:\Windows\Performance
2014-08-08 17:28 - 2014-08-08 17:28 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-08 17:28 - 2014-08-01 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-08 17:28 - 2014-08-01 21:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-08 17:25 - 2014-08-08 17:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Janet Wilkins\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-08 07:18 - 2014-04-28 18:50 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-07 23:29 - 2014-08-07 23:29 - 00688992 _____ (Swearware) C:\Users\Janet Wilkins\Downloads\dds.com
2014-08-07 19:54 - 2013-08-22 12:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-08-06 22:53 - 2013-08-22 12:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-08-05 21:41 - 2013-08-22 12:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-08-04 20:17 - 2013-11-27 23:43 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-03 11:17 - 2013-08-22 12:36 - 00000000 ____D () C:\Windows\Help
2014-08-02 22:28 - 2014-08-02 22:27 - 08292476 _____ () C:\Users\Janet Wilkins\Downloads\HotAirBalloons (1).themepack
2014-08-02 22:25 - 2014-05-03 15:38 - 01071616 ___SH () C:\Users\Janet Wilkins\Downloads\Thumbs.db
2014-08-02 22:08 - 2014-08-02 22:08 - 08292476 _____ () C:\Users\Janet Wilkins\Downloads\HotAirBalloons.themepack
2014-08-02 22:07 - 2014-08-02 22:06 - 11617413 _____ () C:\Users\Janet Wilkins\Downloads\ColorSplash.themepack
2014-08-02 22:04 - 2014-08-02 22:04 - 14790110 _____ () C:\Users\Janet Wilkins\Downloads\LondonArchitectureImranMirza.themepack
2014-08-02 15:01 - 2014-08-02 15:01 - 00036221 _____ () C:\Users\Janet Wilkins\Downloads\Addition (1).txt
2014-08-02 14:35 - 2014-08-02 14:34 - 00036221 _____ () C:\Users\Janet Wilkins\Downloads\Addition.txt
2014-08-02 14:27 - 2014-08-02 14:26 - 02094080 _____ (Farbar) C:\Users\Janet Wilkins\Downloads\FRST64.exe
2014-08-02 14:05 - 2013-08-22 12:36 - 00000000 ____D () C:\Windows\Camera
2014-08-02 11:26 - 2014-04-23 21:21 - 00119296 ___SH () C:\Users\Janet Wilkins\Desktop\Thumbs.db
2014-08-01 21:03 - 2014-08-01 21:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 21:02 - 2014-08-01 21:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Janet Wilkins\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-31 20:04 - 2014-07-31 19:12 - 00000000 ____D () C:\ProgramData\8f08eb1026db07cd
2014-07-31 19:44 - 2013-11-28 00:00 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-31 19:44 - 2013-11-28 00:00 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-07-31 19:21 - 2014-07-31 19:20 - 00002096 _____ () C:\install.log
2014-07-31 19:19 - 2014-07-31 19:19 - 00000045 _____ () C:\user.js
2014-07-31 19:15 - 2014-07-31 19:15 - 00000000 ____D () C:\Users\Janet Wilkins\AppData\Local\com
2014-07-31 19:13 - 2014-04-19 17:29 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-31 19:12 - 2014-07-31 19:12 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-31 19:11 - 2014-07-31 19:11 - 00000000 ____D () C:\Users\Janet Wilkins\AppData\Local\Comodo
2014-07-31 19:11 - 2014-07-31 19:11 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-31 19:11 - 2014-07-31 19:11 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-31 19:11 - 2014-07-31 19:11 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-07-31 19:11 - 2014-07-31 19:11 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-07-31 19:11 - 2014-07-31 19:11 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-07-31 19:11 - 2014-07-31 19:11 - 00000000 ____D () C:\Users\Guest
2014-07-31 19:11 - 2014-07-31 19:11 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-31 19:11 - 2014-07-31 19:11 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-31 19:11 - 2014-07-31 19:11 - 00000000 ____D () C:\Users\Administrator
2014-07-31 19:11 - 2014-04-19 17:29 - 00000000 ____D () C:\Users\Janet Wilkins\AppData\Local\Google
2014-07-31 19:11 - 2013-08-22 12:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-31 19:11 - 2013-08-22 12:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-07-31 18:14 - 2014-06-26 12:33 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-31 18:14 - 2014-06-26 12:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-31 18:14 - 2013-11-28 00:11 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-07-31 18:13 - 2014-07-31 18:13 - 00000000 ___HD () C:\kleaner.tmp
2014-07-31 17:58 - 2014-02-10 15:48 - 00000000 ____D () C:\Users\Janet
2014-07-31 17:54 - 2014-07-31 17:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-07-31 17:53 - 2014-07-31 17:43 - 169730368 _____ (Kaspersky Lab) C:\Users\Janet Wilkins\Downloads\kis15.0.0.463EN_6013.exe
2014-07-27 21:31 - 2013-08-22 12:36 - 00000000 ____D () C:\Windows\rescache
2014-07-27 16:24 - 2014-06-26 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-26 08:22 - 2014-07-08 07:01 - 00002069 _____ () C:\Users\Public\Desktop\abDocs.lnk
2014-07-26 08:22 - 2013-11-28 00:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2014-07-26 08:22 - 2013-11-28 00:09 - 00000000 ____D () C:\Program Files (x86)\Acer
2014-07-26 08:19 - 2014-02-10 15:35 - 00000000 ____D () C:\Users\Janet Wilkins\AppData\Local\clear.fi
2014-07-24 22:33 - 2014-06-17 08:39 - 00000000 ____D () C:\Users\Janet Wilkins\jagexcache
2014-07-24 22:27 - 2014-02-10 15:33 - 00000000 ____D () C:\Users\Janet Wilkins\AppData\Local\Packages
2014-07-24 22:20 - 2014-07-24 22:19 - 00053988 _____ () C:\Users\Janet Wilkins\Downloads\Schedule 2014.xlsx
2014-07-23 23:14 - 2014-07-08 07:05 - 00002005 _____ () C:\Users\Public\Desktop\abPhoto.lnk
2014-07-23 23:14 - 2014-02-10 15:41 - 00000000 ____D () C:\ProgramData\clear.fi
2014-07-22 21:59 - 2014-07-22 21:59 - 00000000 ____D () C:\Users\Janet Wilkins\AppData\Roaming\Atheros
2014-07-22 21:59 - 2014-07-22 21:59 - 00000000 ____D () C:\ProgramData\Atheros
2014-07-22 21:57 - 2013-08-22 11:44 - 00474072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-22 21:53 - 2014-07-22 21:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-22 21:53 - 2013-08-22 12:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-22 21:53 - 2013-08-22 12:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-22 21:52 - 2013-08-22 16:11 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-22 21:52 - 2013-08-22 12:36 - 00000000 ___RD () C:\Windows\ToastData
2014-07-22 21:52 - 2013-08-22 12:36 - 00000000 ____D () C:\Windows\WinStore
2014-07-22 21:51 - 2014-04-20 09:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-22 21:48 - 2014-04-20 09:50 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-22 21:48 - 2013-08-22 12:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-22 21:48 - 2013-08-22 10:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-19 20:19 - 2014-02-10 14:38 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros
2014-07-19 20:19 - 2013-08-22 11:46 - 00011993 _____ () C:\Windows\setupact.log
2014-07-19 20:16 - 2014-07-19 20:12 - 00000000 ____D () C:\Program Files\Common Files\QCA_Bluetooth
2014-07-19 00:50 - 2014-06-17 08:41 - 00000024 _____ () C:\Users\Janet Wilkins\random.dat
2014-07-19 00:43 - 2014-06-17 08:41 - 00000024 _____ () C:\Users\Janet Wilkins\jagexappletviewer.preferences
2014-07-18 23:55 - 2014-06-17 08:41 - 00000052 _____ () C:\Users\Janet Wilkins\jagex_cl_runescape_LIVE.dat

Files to move or delete:
====================
C:\Users\Janet Wilkins\jagex_cl_runescape_LIVE.dat
C:\Users\Janet Wilkins\jagex_cl_runescape_LIVE1.dat
C:\Users\Janet Wilkins\random.dat


Some content of TEMP:
====================
C:\Users\Janet Wilkins\AppData\Local\Temp\0093271406840291mcinst.exe
C:\Users\Janet Wilkins\AppData\Local\Temp\BackupSetup.exe
C:\Users\Janet Wilkins\AppData\Local\Temp\msvcr71.dll
C:\Users\Janet Wilkins\AppData\Local\Temp\oct867C.tmp.exe
C:\Users\Janet Wilkins\AppData\Local\Temp\oct9D67.tmp.exe
C:\Users\Janet Wilkins\AppData\Local\Temp\optprosetup.exe
C:\Users\Janet Wilkins\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-31 17:22

==================== End Of Log ============================


I am still experiencing the same issue with highlighted words and the green symbol above the word, when I hover over the word it continues to open another box with ad information. Ads by Cosstmin all over the page too.

Thanks,

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:47 AM

Posted 09 August 2014 - 07:12 AM



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

HKU\S-1-5-21-2163079962-4274105740-2544478712-1001\...\RunOnce: [Application Restart #1] => C:\Users\Janet Wilkins\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-clie (the data entry has 556 more characters).
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\PROGRA~2\mcafee\siteadvisor\x64\mcieplg.dll No File
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\PROGRA~2\mcafee\siteadvisor\mcieplg.dll No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\siteadvisor\x64\mcieplg.dll No File
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\siteadvisor\mcieplg.dll No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\siteadvisor\x64\mcieplg.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\siteadvisor\x64\mcieplg.dll No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\siteadvisor\mcieplg.dll No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\siteadvisor\mcieplg.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CHR HomePage: hxxp://search.conduit.com/?CUI=UN32967797655513976&ctid=CT3282134&SearchSource=48&UP=SP0B7FA3FC-CF76-4038-BB32-F4DDC946B00C&SSPV=
CHR Extension: (cosstminn) - C:\Users\Janet Wilkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejmdbpkoifecioaiggnfcomnadicejdh [2014-07-31]
CHR Extension: (Hola Better Internet) - C:\Users\Janet Wilkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-04-19]
CHR Extension: (cosstminn) - C:\Users\Janet Wilkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejmdbpkoifecioaiggnfcomnadicejdh\2.0 [2014-07-31]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
C:\Users\Janet Wilkins\AppData\Local\Temp\0093271406840291mcinst.exe
C:\Users\Janet Wilkins\AppData\Local\Temp\BackupSetup.exe
C:\Users\Janet Wilkins\AppData\Local\Temp\msvcr71.dll
C:\Users\Janet Wilkins\AppData\Local\Temp\oct867C.tmp.exe
C:\Users\Janet Wilkins\AppData\Local\Temp\oct9D67.tmp.exe
C:\Users\Janet Wilkins\AppData\Local\Temp\optprosetup.exe

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#7 CannuckBrit

CannuckBrit
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 09 August 2014 - 09:35 PM

here are the logs:

Results of screen317's Security Check version 0.99.86
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Google Chrome 35.0.1916.153
Google Chrome 36.0.1985.125
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-08-2014 01
Ran by Janet Wilkins at 2014-08-09 23:23:14 Run:1
Running from C:\Users\Janet Wilkins\Desktop\frst
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

HKU\S-1-5-21-2163079962-4274105740-2544478712-1001\...\RunOnce: [Application Restart #1] => C:\Users\Janet Wilkins\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-clie (the data entry has 556 more characters).
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\PROGRA~2\mcafee\siteadvisor\x64\mcieplg.dll No File
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\PROGRA~2\mcafee\siteadvisor\mcieplg.dll No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\siteadvisor\x64\mcieplg.dll No File
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\siteadvisor\mcieplg.dll No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\siteadvisor\x64\mcieplg.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\siteadvisor\x64\mcieplg.dll No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\siteadvisor\mcieplg.dll No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\siteadvisor\mcieplg.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CHR HomePage: hxxp://search.conduit.com/?CUI=UN32967797655513976&ctid=CT3282134&SearchSource=48&UP=SP0B7FA3FC-CF76-4038-BB32-F4DDC946B00C&SSPV=
CHR Extension: (cosstminn) - C:\Users\Janet Wilkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejmdbpkoifecioaiggnfcomnadicejdh [2014-07-31]
CHR Extension: (Hola Better Internet) - C:\Users\Janet Wilkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-04-19]
CHR Extension: (cosstminn) - C:\Users\Janet Wilkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejmdbpkoifecioaiggnfcomnadicejdh\2.0 [2014-07-31]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
C:\Users\Janet Wilkins\AppData\Local\Temp\0093271406840291mcinst.exe
C:\Users\Janet Wilkins\AppData\Local\Temp\BackupSetup.exe
C:\Users\Janet Wilkins\AppData\Local\Temp\msvcr71.dll
C:\Users\Janet Wilkins\AppData\Local\Temp\oct867C.tmp.exe
C:\Users\Janet Wilkins\AppData\Local\Temp\oct9D67.tmp.exe
C:\Users\Janet Wilkins\AppData\Local\Temp\optprosetup.exe

End
*****************

HKU\S-1-5-21-2163079962-4274105740-2544478712-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKU\S-1-5-21-2163079962-4274105740-2544478712-1001\...\RunOnce: [Application Restart #1] => C:\Users\Janet Wilkins\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-clie (the data entry has 556 more characters). => Value not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive1" => Key not found.
"HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive2" => Key not found.
"HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive3" => Key not found.
"HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive1" => Key not found.
"HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive2" => Key not found.
"HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive3" => Key not found.
"HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => Key deleted successfully.
"HKCR\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => value deleted successfully.
"HKCR\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\dssrequest" => Key deleted successfully.
"HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\sacore" => Key deleted successfully.
"HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}" => Key not found.
"HKCR\Wow6432Node\PROTOCOLS\Handler\dssrequest" => Key not found.
"HKCR\Wow6432Node\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}" => Key deleted successfully.
"HKCR\Wow6432Node\PROTOCOLS\Handler\sacore" => Key not found.
"HKCR\Wow6432Node\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll not found.
CHR HomePage: hxxp://search.conduit.com/?CUI=UN32967797655513976&ctid=CT3282134&SearchSource=48&UP=SP0B7FA3FC-CF76-4038-BB32-F4DDC946B00C&SSPV= ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\Janet Wilkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejmdbpkoifecioaiggnfcomnadicejdh => Moved successfully.
C:\Users\Janet Wilkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio => Moved successfully.
C:\Users\Janet Wilkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejmdbpkoifecioaiggnfcomnadicejdh\2.0 directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
gupdate => Service deleted successfully.
gupdatem => Service deleted successfully.
McAfee SiteAdvisor Service => Service deleted successfully.
C:\Users\Janet Wilkins\AppData\Local\Temp\0093271406840291mcinst.exe => Moved successfully.
C:\Users\Janet Wilkins\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Janet Wilkins\AppData\Local\Temp\msvcr71.dll => Moved successfully.
C:\Users\Janet Wilkins\AppData\Local\Temp\oct867C.tmp.exe => Moved successfully.
C:\Users\Janet Wilkins\AppData\Local\Temp\oct9D67.tmp.exe => Moved successfully.
C:\Users\Janet Wilkins\AppData\Local\Temp\optprosetup.exe => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====

I have looked at a few internet pages and the ads seem to have gone.....I hope I am not speaking too soon but it's looking good so far. Thank you sooooo much!!!

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:47 AM

Posted 10 August 2014 - 08:13 AM

Looking good.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 CannuckBrit

CannuckBrit
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 10 August 2014 - 09:29 AM

Still working great today too! Thanks for everything, what a great service you provide!

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:47 AM

Posted 16 August 2014 - 07:59 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users