Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Astromenda search, fastcleanpro, speedboost


  • This topic is locked This topic is locked
37 replies to this topic

#1 Infection_objection

Infection_objection

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 26 August 2014 - 01:46 PM

Yesterday, I went to use the pc and immediately when I started it up could tell there was a problem. Clicked on my
Firefox browser and it immediately had some "Norton" Free clean pro type box popup which I have never used before and then took my search to Astromenda. Right about the same time a "Scan" program called fast clean pro popped up and began scvanning, I clicked out of it and turned the pc off immediately. I then did restart the computer, and found when I hover over the desktop icons that these new programs have put on my desktop it will automatically begin running them. Also, I have noticed a Gray download arrow pops up around the time I open my browser every time, as if I was downloading something, but the arrow has always been green when I actually am downloading. I am fairly certain this all happened within the last couple days when my son was on my computer playing "Armor Games."

 

DDS.txt following

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6001.18639  BrowserJavaVersion: 10.55.2
Run by tonysherri at 13:06:12 on 2014-08-26
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.2814.1588 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\MyPC Backup\BackupStack.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\WSE_Astromenda\BRS\brs.exe
C:\Users\tonysherri\AppData\Roaming\gameo\gameo.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\FastClean PRO\fastcleanpro.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\FastClean PRO\fastcleanpro.exe
C:\Program Files\MyPC Backup\MyPC Backup.exe
C:\Windows\System32\wscript.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\consent.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Windows\system32\consent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\tonysherri\AppData\Roaming\gameo\gameo.exe
C:\Users\tonysherri\AppData\Roaming\gameo\gameo.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\SmarterPower\bin\utilSmarterPower.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\SmarterPower\updateSmarterPower.exe
C:\Windows\explorer.exe
C:\Windows\System32\wscript.exe
C:\Windows\system32\FirewallControlPanel.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://astromenda.com/?f=1&a=ast_dsites_14_34_ff&cd=2XzuyEtN2Y1L1QzutDtDtByDyDyCyCtAyB0C0DtCyCtCtB0BtN0D0Tzu0SzyyCyBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtCyDtCtD0CtGtA0B0FtBtG0E0ByD0FtGtCtAyE0CtGyE0A0C0Czy0DtD0AyC0E0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0DzyzzyB0E0FzytGyBtDyD0FtGyE0D0E0BtGzyyEtDtBtGyDzztByDyE0FyCzy0CyD0C0D2Q&cr=637993089&ir=
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uURLSearchHooks: {D8278076-BC68-4484-9233-6E7F1628B56C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [BRS] c:\program files\wse_astromenda\brs\brs.exe -runBRS
uRun: [Gameo] c:\users\tonysherri\appdata\roaming\gameo\gameo.exe "c:\users\tonysherri\appdata\roaming\gameo\gameo.dat" mode:minimized
uRun: [fastclean] "c:\program files\fastclean pro\fastcleanpro.exe"
uRunOnce: [WSE_Astromenda] wscript /E:vbscript /B "c:\users\tonysh~1\appdata\roaming\wse_astromenda\updateproc\bkup.dat"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\users\tonysh~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\mypcba~1.lnk - c:\program files\mypc backup\MyPC Backup.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\fastcl~1.lnk - c:\windows\installer\{01b0d3c2-dcd1-4f5c-92b7-d82988610623}\_BE1D971AE7AA44B392E14121945B1705.exe
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: NameServer = 8.8.8.8 24.178.162.3 24.247.15.53
TCP: Interfaces\{9939FC22-22CB-457D-B369-1700FE25590E} : DHCPNameServer = 8.8.8.8 24.178.162.3 24.247.15.53
TCP: Interfaces\{A0EA9512-6AAE-4324-9866-0DF71580A9B3} : DHCPNameServer = 192.168.1.1
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tonysherri\appdata\roaming\mozilla\firefox\profiles\0amvtsy0.default\
FF - prefs.js: browser.search.selectedEngine - Astromenda
FF - prefs.js: browser.startup.homepage - hxxp://astromenda.com/?f=1&a=ast_dsites_14_34_ff&cd=2XzuyEtN2Y1L1QzutDtDtByDyDyCyCtAyB0C0DtCyCtCtB0BtN0D0Tzu0SzyyCyBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtCyDtCtD0CtGtA0B0FtBtG0E0ByD0FtGtCtAyE0CtGyE0A0C0Czy0DtD0AyC0E0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0DzyzzyB0E0FzytGyBtDyD0FtGyE0D0E0BtGzyyEtDtBtGyDzztByDyE0FyCzy0CyD0C0D2Q&cr=637993089&ir=
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\users\tonysherri\appdata\local\roblox\versions\version-9054e3065d02489e\NPRobloxProxy.dll
.
---- FIREFOX POLICIES ----
.
user_pref(extensions.autoDisableScopes,14);
============= SERVICES / DRIVERS ===============
.
R1 {5eeb83d0-96ea-4249-942c-beead6847053}Gt;{5eeb83d0-96ea-4249-942c-beead6847053}Gt;c:\windows\system32\drivers\{5eeb83d0-96ea-4249-942c-beead6847053}Gt.sys [2014-8-25 55064]
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files\mypc backup\BackupStack.exe [2014-8-14 36424]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-20 365952]
R2 Update SmarterPower;Update SmarterPower;c:\program files\smarterpower\updateSmarterPower.exe [2014-8-24 323320]
R2 Util SmarterPower;Util SmarterPower;c:\program files\smarterpower\bin\utilSmarterPower.exe [2014-8-25 323320]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-20 193840]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files\wildtangent games\app\GamesAppIntegrationService.exe [2014-4-24 227904]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2014-4-24 203344]
.
=============== Created Last 30 ================
.
2014-08-25 20:43:38 55064 ----a-w- c:\windows\system32\drivers\{5eeb83d0-96ea-4249-942c-beead6847053}Gt.sys
2014-08-25 00:57:03 -------- d-----w- c:\users\tonysherri\appdata\local\IsolatedStorage
2014-08-25 00:56:37 -------- d-----w- c:\program files\FastClean PRO
2014-08-25 00:53:33 -------- d-----w- c:\users\tonysherri\appdata\local\fastcleanpro
2014-08-25 00:31:55 -------- d--h--w- c:\users\tonysherri\appdata\roaming\GoldenGate
2014-08-25 00:31:14 -------- d-----w- c:\users\tonysherri\appdata\local\gameo
2014-08-25 00:31:11 -------- d-----w- c:\program files\MyPC Backup
2014-08-25 00:31:04 -------- d-----w- c:\users\tonysherri\appdata\roaming\gameo
2014-08-25 00:30:42 -------- d-----w- c:\users\tonysherri\appdata\roaming\0D0S1L2Z1P1B
2014-08-25 00:30:39 -------- d-----w- c:\users\tonysherri\appdata\roaming\DigitalSites
2014-08-25 00:26:44 -------- d-----w- c:\program files\PC SpeedBoost
2014-08-25 00:26:42 -------- d-----w- c:\programdata\BoostSoftware
2014-08-25 00:26:34 -------- d-----w- c:\users\tonysherri\appdata\roaming\WSE_Astromenda
2014-08-25 00:26:13 -------- d-----w- c:\program files\SmarterPower
2014-08-25 00:25:55 -------- d-----w- c:\program files\WSE_Astromenda
2014-08-25 00:25:13 -------- d-----w- c:\program files\GPLGS
2014-08-25 00:25:11 86016 ----a-w- c:\windows\system32\custmon32i.dll
2014-08-25 00:25:10 -------- d-----w- c:\program files\PDFCreator
2014-08-24 16:40:28 -------- d-----w- c:\programdata\HipSoft
2014-08-24 16:05:26 -------- d-----w- c:\programdata\BlueStacks
2014-08-24 16:03:54 -------- d-----w- c:\program files\WildTangent Games
2014-08-24 01:57:17 -------- d-----w- c:\users\tonysherri\appdata\roaming\WildTangent
2014-08-03 14:54:07 822384 ----a-w- c:\program files\mozilla firefox\icuuc52.dll
2014-08-03 14:54:07 10594416 ----a-w- c:\program files\mozilla firefox\icudt52.dll
2014-08-03 14:54:07 1022576 ----a-w- c:\program files\mozilla firefox\icuin52.dll
.
==================== Find3M  ====================
.
.
============= FINISH: 13:12:00.90 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Infection_objection

Infection_objection
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 26 August 2014 - 02:04 PM

I also wanted to add...it is an older PC I bought from a friend to help them out and planned to give it to my son. When I got it, it had a lot of junk progrmas and I was in the process of cleaning up programs we didn't want on the PC, and installing new o0nes but have been running into issues with java and hadn't found the time to look into what I can do or need to do. My son was not to be using it yet. And now here I am hoping one of you can offer me some good help and advice to get it up and going again.



#3 Jo*

Jo*

  • Malware Response Team
  • 3,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:52 AM

Posted 27 August 2014 - 01:46 AM

:welcome:

Hello Infection_objection,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.



***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#4 Infection_objection

Infection_objection
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 27 August 2014 - 07:22 AM

 Results of screen317's Security Check version 0.99.87  
 Windows Vista Service Pack 1 x86 (UAC is enabled)  
 Out of date service pack!!
 Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 55  
 Java™ 6 Update 7  
 Java version out of Date!
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (31.0)
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSASCui.exe
 Windows Defender MSASCui.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````
 



#5 Infection_objection

Infection_objection
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 27 August 2014 - 07:36 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:26-08-2014
Ran by tonysherri (administrator) on TONYSHERRI-PC on 27-08-2014 07:29:01
Running from C:\Users\tonysherri\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\SmarterPower\updateSmarterPower.exe
() C:\Program Files\SmarterPower\bin\utilSmarterPower.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
() C:\Program Files\WSE_Astromenda\BRS\brs.exe
() C:\Users\tonysherri\AppData\Roaming\gameo\gameo.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(MyPCBackup.com) C:\Program Files\MyPC Backup\MyPC Backup.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\tonysherri\AppData\Roaming\gameo\gameo.exe
() C:\Users\tonysherri\AppData\Roaming\gameo\gameo.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\tonysherri\Desktop\FRST(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [QPService] => C:\Program Files\HP\QuickPlay\QPService.exe [468264 2008-09-23] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-10-06] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2008-11-15] (CyberLink Corp.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-08-01] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [UpdatePDIRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4027518196-3332891925-840020564-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company)
HKU\S-1-5-21-4027518196-3332891925-840020564-1000\...\Run: [HPAdvisor] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972080 2008-09-30] (Hewlett-Packard)
HKU\S-1-5-21-4027518196-3332891925-840020564-1000\...\Run: [BRS] => C:\Program Files\WSE_Astromenda\BRS\brs.exe [1072128 2014-08-24] ()
HKU\S-1-5-21-4027518196-3332891925-840020564-1000\...\Run: [Gameo] => C:\Users\tonysherri\AppData\Roaming\gameo\gameo.exe [41402880 2014-08-03] ()
HKU\S-1-5-21-4027518196-3332891925-840020564-1000\...\Run: [fastclean] => C:\Program Files\FastClean Pro\fastcleanpro.exe [2926184 2014-07-17] ()
HKU\S-1-5-21-4027518196-3332891925-840020564-1000\...\RunOnce: [WSE_Astromenda] => wscript /E:vbscript /B "C:\Users\TONYSH~1\AppData\Roaming\WSE_Astromenda\UpdateProc\bkup.dat"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FastClean Pro.lnk
ShortcutTarget: FastClean Pro.lnk -> C:\Windows\Installer\{01B0D3C2-DCD1-4F5C-92B7-D82988610623}\_BE1D971AE7AA44B392E14121945B1705.exe (Flexera Software LLC)
Startup: C:\Users\tonysherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://astromenda.com/?f=1&a=ast_dsites_14_34_ff&cd=2XzuyEtN2Y1L1QzutDtDtByDyDyCyCtAyB0C0DtCyCtCtB0BtN0D0Tzu0SzyyCyBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtCyDtCtD0CtGtA0B0FtBtG0E0ByD0FtGtCtAyE0CtGyE0A0C0Czy0DtD0AyC0E0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0DzyzzyB0E0FzytGyBtDyD0FtGyE0D0E0BtGzyyEtDtBtGyDzztByDyE0FyCzy0CyD0C0D2Q&cr=637993089&ir=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
URLSearchHook: HKCU - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} -  No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dsites_14_34_ff&cd=2XzuyEtN2Y1L1QzutDtDtByDyDyCyCtAyB0C0DtCyCtCtB0BtN0D0Tzu0SzyyCyBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtCyDtCtD0CtGtA0B0FtBtG0E0ByD0FtGtCtAyE0CtGyE0A0C0Czy0DtD0AyC0E0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0DzyzzyB0E0FzytGyBtDyD0FtGyE0D0E0BtGzyyEtDtBtGyDzztByDyE0FyCzy0CyD0C0D2Q&cr=637993089&ir=
SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dsites_14_34_ff&cd=2XzuyEtN2Y1L1QzutDtDtByDyDyCyCtAyB0C0DtCyCtCtB0BtN0D0Tzu0SzyyCyBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtCyDtCtD0CtGtA0B0FtBtG0E0ByD0FtGtCtAyE0CtGyE0A0C0Czy0DtD0AyC0E0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0DzyzzyB0E0FzytGyBtDyD0FtGyE0D0E0BtGzyyEtDtBtGyDzztByDyE0FyCzy0CyD0C0D2Q&cr=637993089&ir=
SearchScopes: HKLM - {B5F099C4-BFA8-4583-9FA5-E80C8E8040D5} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM - {E9D4E014-3CA2-4E2F-A41D-82B294BAE6A8} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKCU - DefaultScope {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dsites_14_34_ff&cd=2XzuyEtN2Y1L1QzutDtDtByDyDyCyCtAyB0C0DtCyCtCtB0BtN0D0Tzu0SzyyCyBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtCyDtCtD0CtGtA0B0FtBtG0E0ByD0FtGtCtAyE0CtGyE0A0C0Czy0DtD0AyC0E0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0DzyzzyB0E0FzytGyBtDyD0FtGyE0D0E0BtGzyyEtDtBtGyDzztByDyE0FyCzy0CyD0C0D2Q&cr=637993089&ir=
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11405&pf=V7&p2=%5EBBD%5EOSJ000%5EYY%5EUS&gct=sb&itbv=12.10.6.48&apn_uid=7D0B0411-510E-40E3-B27B-56E38CBF435F&apn_ptnrs=BBD&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_7.0.6001.18639&doi=2014-04-22&trgb=IE&q={searchTerms}&psv=
SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dsites_14_34_ff&cd=2XzuyEtN2Y1L1QzutDtDtByDyDyCyCtAyB0C0DtCyCtCtB0BtN0D0Tzu0SzyyCyBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtCyDtCtD0CtGtA0B0FtBtG0E0ByD0FtGtCtAyE0CtGyE0A0C0Czy0DtD0AyC0E0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0DzyzzyB0E0FzytGyBtDyD0FtGyE0D0E0BtGzyyEtDtBtGyDzztByDyE0FyCzy0CyD0C0D2Q&cr=637993089&ir=
SearchScopes: HKCU - {B5F099C4-BFA8-4583-9FA5-E80C8E8040D5} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {E9D4E014-3CA2-4E2F-A41D-82B294BAE6A8} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {4F524A2D-5637-4300-76A7-7A786E7484D7} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 24.178.162.3 24.247.15.53

FireFox:
========
FF ProfilePath: C:\Users\tonysherri\AppData\Roaming\Mozilla\Firefox\Profiles\0amvtsy0.default
FF DefaultSearchEngine: Astromenda
FF SelectedSearchEngine: Astromenda
FF Homepage: hxxp://astromenda.com/?f=1&a=ast_dsites_14_34_ff&cd=2XzuyEtN2Y1L1QzutDtDtByDyDyCyCtAyB0C0DtCyCtCtB0BtN0D0Tzu0SzyyCyBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtCyDtCtD0CtGtA0B0FtBtG0E0ByD0FtGtCtAyE0CtGyE0A0C0Czy0DtD0AyC0E0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0DzyzzyB0E0FzytGyBtDyD0FtGyE0D0E0BtGzyyEtDtBtGyDzztByDyE0FyCzy0CyD0C0D2Q&cr=637993089&ir=
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: @nsroblox.roblox.com/launcher -> C:\Users\tonysherri\AppData\Local\Roblox\Versions\version-9054e3065d02489e\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF user.js: detected! => C:\Users\tonysherri\AppData\Roaming\Mozilla\Firefox\Profiles\0amvtsy0.default\user.js
FF SearchPlugin: C:\Users\tonysherri\AppData\Roaming\Mozilla\Firefox\Profiles\0amvtsy0.default\searchplugins\Astromenda.xml
FF Extension: SmarterPower - C:\Users\tonysherri\AppData\Roaming\Mozilla\Firefox\Profiles\0amvtsy0.default\Extensions\{5eeb83d0-96ea-4249-942c-beead6847053}.xpi [2014-08-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-17]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [36424 2014-08-14] (Just Develop It)
S3 GamesAppIntegrationService; C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-10-06] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] () [File not signed]
R2 Update SmarterPower; C:\Program Files\SmarterPower\updateSmarterPower.exe [323320 2014-08-26] ()
R2 Util SmarterPower; C:\Program Files\SmarterPower\bin\utilSmarterPower.exe [323320 2014-08-26] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 {5eeb83d0-96ea-4249-942c-beead6847053}Gt; C:\Windows\System32\drivers\{5eeb83d0-96ea-4249-942c-beead6847053}Gt.sys [55064 2014-08-25] (StdLib)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-27 07:29 - 2014-08-27 07:29 - 00017466 _____ () C:\Users\tonysherri\Desktop\FRST.txt
2014-08-27 07:26 - 2014-08-27 07:26 - 01095168 _____ (Farbar) C:\Users\tonysherri\Desktop\FRST(1).exe
2014-08-27 07:24 - 2014-08-27 07:29 - 00000000 ____D () C:\FRST
2014-08-27 07:24 - 2014-08-27 07:24 - 01095168 _____ (Farbar) C:\Users\tonysherri\Downloads\FRST.exe
2014-08-27 07:23 - 2014-08-27 07:23 - 02103296 _____ (Farbar) C:\Users\tonysherri\Downloads\FRST64.exe
2014-08-27 07:18 - 2014-08-27 07:18 - 00854417 _____ () C:\Users\tonysherri\Downloads\SecurityCheck.exe
2014-08-26 13:13 - 2014-08-26 13:14 - 00013633 _____ () C:\Users\tonysherri\Desktop\dds.txt
2014-08-26 13:13 - 2014-08-26 13:14 - 00005882 _____ () C:\Users\tonysherri\Desktop\attach.txt
2014-08-26 13:04 - 2014-08-26 13:05 - 00688992 ____R (Swearware) C:\Users\tonysherri\Desktop\dds.com
2014-08-25 15:54 - 2014-08-26 13:54 - 00000087 _____ () C:\Users\tonysherri\AppData\Roaming\WB.CFG
2014-08-25 15:43 - 2014-08-25 13:32 - 00055064 _____ (StdLib) C:\Windows\system32\Drivers\{5eeb83d0-96ea-4249-942c-beead6847053}Gt.sys
2014-08-24 19:57 - 2014-08-24 19:57 - 00000000 ____D () C:\Users\tonysherri\AppData\Local\IsolatedStorage
2014-08-24 19:56 - 2014-08-24 19:56 - 00001852 _____ () C:\Users\Public\Desktop\FastClean Pro.lnk
2014-08-24 19:56 - 2014-08-24 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastClean Pro
2014-08-24 19:56 - 2014-08-24 19:56 - 00000000 ____D () C:\Program Files\FastClean PRO
2014-08-24 19:53 - 2014-08-24 19:57 - 00000000 ____D () C:\Users\tonysherri\AppData\Local\fastcleanpro
2014-08-24 19:52 - 2014-08-24 19:52 - 01312632 _____ ( ) C:\Users\tonysherri\Downloads\PDFCreatorSetup(1).exe
2014-08-24 19:31 - 2014-08-25 15:44 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-08-24 19:31 - 2014-08-25 15:43 - 00000000 ____D () C:\Users\tonysherri\AppData\Local\gameo
2014-08-24 19:31 - 2014-08-24 19:32 - 00000000 ___HD () C:\Users\tonysherri\AppData\Roaming\GoldenGate
2014-08-24 19:31 - 2014-08-24 19:31 - 00001754 _____ () C:\Users\tonysherri\Desktop\Sync Folder.lnk
2014-08-24 19:31 - 2014-08-24 19:31 - 00001716 _____ () C:\Users\tonysherri\Desktop\gameo.lnk
2014-08-24 19:31 - 2014-08-24 19:31 - 00001702 _____ () C:\Users\tonysherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\gameo.lnk
2014-08-24 19:31 - 2014-08-24 19:31 - 00000884 _____ () C:\Users\tonysherri\Desktop\MyPC Backup.lnk
2014-08-24 19:31 - 2014-08-24 19:31 - 00000176 _____ () C:\Users\tonysherri\Desktop\Play Games Online.url
2014-08-24 19:31 - 2014-08-24 19:31 - 00000176 _____ () C:\Users\tonysherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2014-08-24 19:31 - 2014-08-24 19:31 - 00000000 ____D () C:\Users\tonysherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-08-24 19:31 - 2014-08-24 19:31 - 00000000 ____D () C:\Users\tonysherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\gameo
2014-08-24 19:31 - 2014-08-24 19:31 - 00000000 ____D () C:\Users\tonysherri\AppData\Roaming\gameo
2014-08-24 19:30 - 2014-08-26 13:37 - 00000308 _____ () C:\Windows\Tasks\Digital Sites.job
2014-08-24 19:30 - 2014-08-24 19:30 - 00000000 ____D () C:\Users\tonysherri\AppData\Roaming\DigitalSites
2014-08-24 19:30 - 2014-08-24 19:30 - 00000000 ____D () C:\Users\tonysherri\AppData\Roaming\0D0S1L2Z1P1B
2014-08-24 19:27 - 2014-08-24 19:27 - 00001815 _____ () C:\Users\Public\Desktop\PC SpeedBoost.lnk
2014-08-24 19:27 - 2014-08-24 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC SpeedBoost
2014-08-24 19:26 - 2014-08-26 15:29 - 00000000 ____D () C:\Program Files\SmarterPower
2014-08-24 19:26 - 2014-08-26 13:54 - 00000308 _____ () C:\Windows\Tasks\WSE_Astromenda.job
2014-08-24 19:26 - 2014-08-24 19:27 - 00000000 ____D () C:\Program Files\PC SpeedBoost
2014-08-24 19:26 - 2014-08-24 19:26 - 00000000 ____D () C:\Users\tonysherri\AppData\Roaming\WSE_Astromenda
2014-08-24 19:26 - 2014-08-24 19:26 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-08-24 19:25 - 2014-08-24 19:26 - 00000000 ____D () C:\Program Files\WSE_Astromenda
2014-08-24 19:25 - 2014-08-24 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator
2014-08-24 19:25 - 2014-08-24 19:25 - 00000000 ____D () C:\Program Files\PDFCreator
2014-08-24 19:25 - 2014-08-24 19:25 - 00000000 ____D () C:\Program Files\GPLGS
2014-08-24 19:25 - 2011-10-04 22:42 - 00086016 _____ () C:\Windows\system32\custmon32i.dll
2014-08-24 19:24 - 2014-08-24 19:24 - 01312632 _____ ( ) C:\Users\tonysherri\Downloads\PDFCreatorSetup.exe
2014-08-24 12:40 - 2014-08-24 18:14 - 00000000 ____D () C:\Users\tonysherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-08-24 12:39 - 2014-08-24 12:39 - 00635760 _____ (ROBLOX Corporation) C:\Users\tonysherri\Downloads\RobloxPlayerLauncher.exe
2014-08-24 12:39 - 2014-08-24 12:39 - 00635760 _____ (ROBLOX Corporation) C:\Users\tonysherri\Downloads\RobloxPlayerLauncher(1).exe
2014-08-24 11:40 - 2014-08-24 11:40 - 00000000 ____D () C:\ProgramData\HipSoft
2014-08-24 11:05 - 2014-08-24 11:05 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-08-24 11:04 - 2014-08-24 19:59 - 00002134 ____N () C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2014-08-24 11:04 - 2014-08-24 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games for HP
2014-08-24 11:03 - 2014-08-24 11:04 - 00000000 ____D () C:\Program Files\WildTangent Games
2014-08-23 20:57 - 2014-08-24 11:04 - 00000000 ____D () C:\Users\tonysherri\AppData\Roaming\WildTangent

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-27 07:29 - 2014-08-27 07:29 - 00017466 _____ () C:\Users\tonysherri\Desktop\FRST.txt
2014-08-27 07:29 - 2014-08-27 07:24 - 00000000 ____D () C:\FRST
2014-08-27 07:26 - 2014-08-27 07:26 - 01095168 _____ (Farbar) C:\Users\tonysherri\Desktop\FRST(1).exe
2014-08-27 07:24 - 2014-08-27 07:24 - 01095168 _____ (Farbar) C:\Users\tonysherri\Downloads\FRST.exe
2014-08-27 07:23 - 2014-08-27 07:23 - 02103296 _____ (Farbar) C:\Users\tonysherri\Downloads\FRST64.exe
2014-08-27 07:18 - 2014-08-27 07:18 - 00854417 _____ () C:\Users\tonysherri\Downloads\SecurityCheck.exe
2014-08-27 07:17 - 2006-11-02 05:33 - 00703388 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-27 07:14 - 2013-09-28 02:40 - 01748969 _____ () C:\Windows\WindowsUpdate.log
2014-08-27 07:13 - 2006-11-02 05:23 - 00000246 _____ () C:\Windows\win.ini
2014-08-27 07:12 - 2013-10-15 21:57 - 00032346 _____ () C:\ProgramData\nvModes.dat
2014-08-27 07:12 - 2013-10-15 21:57 - 00032346 _____ () C:\ProgramData\nvModes.001
2014-08-27 07:12 - 2013-09-28 03:04 - 00000246 _____ () C:\ProgramData\hpqp.ini
2014-08-27 07:11 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-27 07:11 - 2006-11-02 07:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-27 07:11 - 2006-11-02 07:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-26 15:29 - 2014-08-24 19:26 - 00000000 ____D () C:\Program Files\SmarterPower
2014-08-26 13:54 - 2014-08-25 15:54 - 00000087 _____ () C:\Users\tonysherri\AppData\Roaming\WB.CFG
2014-08-26 13:54 - 2014-08-24 19:26 - 00000308 _____ () C:\Windows\Tasks\WSE_Astromenda.job
2014-08-26 13:37 - 2014-08-24 19:30 - 00000308 _____ () C:\Windows\Tasks\Digital Sites.job
2014-08-26 13:14 - 2014-08-26 13:13 - 00013633 _____ () C:\Users\tonysherri\Desktop\dds.txt
2014-08-26 13:14 - 2014-08-26 13:13 - 00005882 _____ () C:\Users\tonysherri\Desktop\attach.txt
2014-08-26 13:05 - 2014-08-26 13:04 - 00688992 ____R (Swearware) C:\Users\tonysherri\Desktop\dds.com
2014-08-25 15:47 - 2013-12-16 22:17 - 00007808 _____ () C:\Users\tonysherri\AppData\Local\d3d9caps.dat
2014-08-25 15:44 - 2014-08-24 19:31 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-08-25 15:43 - 2014-08-24 19:31 - 00000000 ____D () C:\Users\tonysherri\AppData\Local\gameo
2014-08-25 13:32 - 2014-08-25 15:43 - 00055064 _____ (StdLib) C:\Windows\system32\Drivers\{5eeb83d0-96ea-4249-942c-beead6847053}Gt.sys
2014-08-24 20:01 - 2006-11-02 08:01 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-24 19:59 - 2014-08-24 11:04 - 00002134 ____N () C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2014-08-24 19:59 - 2014-08-24 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games for HP
2014-08-24 19:59 - 2006-11-02 07:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-24 19:57 - 2014-08-24 19:57 - 00000000 ____D () C:\Users\tonysherri\AppData\Local\IsolatedStorage
2014-08-24 19:57 - 2014-08-24 19:53 - 00000000 ____D () C:\Users\tonysherri\AppData\Local\fastcleanpro
2014-08-24 19:56 - 2014-08-24 19:56 - 00001852 _____ () C:\Users\Public\Desktop\FastClean Pro.lnk
2014-08-24 19:56 - 2014-08-24 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastClean Pro
2014-08-24 19:56 - 2014-08-24 19:56 - 00000000 ____D () C:\Program Files\FastClean PRO
2014-08-24 19:52 - 2014-08-24 19:52 - 01312632 _____ ( ) C:\Users\tonysherri\Downloads\PDFCreatorSetup(1).exe
2014-08-24 19:32 - 2014-08-24 19:31 - 00000000 ___HD () C:\Users\tonysherri\AppData\Roaming\GoldenGate
2014-08-24 19:31 - 2014-08-24 19:31 - 00001754 _____ () C:\Users\tonysherri\Desktop\Sync Folder.lnk
2014-08-24 19:31 - 2014-08-24 19:31 - 00001716 _____ () C:\Users\tonysherri\Desktop\gameo.lnk
2014-08-24 19:31 - 2014-08-24 19:31 - 00001702 _____ () C:\Users\tonysherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\gameo.lnk
2014-08-24 19:31 - 2014-08-24 19:31 - 00000884 _____ () C:\Users\tonysherri\Desktop\MyPC Backup.lnk
2014-08-24 19:31 - 2014-08-24 19:31 - 00000176 _____ () C:\Users\tonysherri\Desktop\Play Games Online.url
2014-08-24 19:31 - 2014-08-24 19:31 - 00000176 _____ () C:\Users\tonysherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2014-08-24 19:31 - 2014-08-24 19:31 - 00000000 ____D () C:\Users\tonysherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-08-24 19:31 - 2014-08-24 19:31 - 00000000 ____D () C:\Users\tonysherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\gameo
2014-08-24 19:31 - 2014-08-24 19:31 - 00000000 ____D () C:\Users\tonysherri\AppData\Roaming\gameo
2014-08-24 19:30 - 2014-08-24 19:30 - 00000000 ____D () C:\Users\tonysherri\AppData\Roaming\DigitalSites
2014-08-24 19:30 - 2014-08-24 19:30 - 00000000 ____D () C:\Users\tonysherri\AppData\Roaming\0D0S1L2Z1P1B
2014-08-24 19:27 - 2014-08-24 19:27 - 00001815 _____ () C:\Users\Public\Desktop\PC SpeedBoost.lnk
2014-08-24 19:27 - 2014-08-24 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC SpeedBoost
2014-08-24 19:27 - 2014-08-24 19:26 - 00000000 ____D () C:\Program Files\PC SpeedBoost
2014-08-24 19:26 - 2014-08-24 19:26 - 00000000 ____D () C:\Users\tonysherri\AppData\Roaming\WSE_Astromenda
2014-08-24 19:26 - 2014-08-24 19:26 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-08-24 19:26 - 2014-08-24 19:25 - 00000000 ____D () C:\Program Files\WSE_Astromenda
2014-08-24 19:26 - 2014-04-27 10:46 - 00000834 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-24 19:25 - 2014-08-24 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator
2014-08-24 19:25 - 2014-08-24 19:25 - 00000000 ____D () C:\Program Files\PDFCreator
2014-08-24 19:25 - 2014-08-24 19:25 - 00000000 ____D () C:\Program Files\GPLGS
2014-08-24 19:24 - 2014-08-24 19:24 - 01312632 _____ ( ) C:\Users\tonysherri\Downloads\PDFCreatorSetup.exe
2014-08-24 19:21 - 2006-11-02 07:52 - 00129384 _____ () C:\Windows\setupact.log
2014-08-24 18:43 - 2009-04-20 15:34 - 00000000 ____D () C:\ProgramData\WildTangent
2014-08-24 18:14 - 2014-08-24 12:40 - 00000000 ____D () C:\Users\tonysherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-08-24 12:39 - 2014-08-24 12:39 - 00635760 _____ (ROBLOX Corporation) C:\Users\tonysherri\Downloads\RobloxPlayerLauncher.exe
2014-08-24 12:39 - 2014-08-24 12:39 - 00635760 _____ (ROBLOX Corporation) C:\Users\tonysherri\Downloads\RobloxPlayerLauncher(1).exe
2014-08-24 11:40 - 2014-08-24 11:40 - 00000000 ____D () C:\ProgramData\HipSoft
2014-08-24 11:05 - 2014-08-24 11:05 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-08-24 11:04 - 2014-08-24 11:03 - 00000000 ____D () C:\Program Files\WildTangent Games
2014-08-24 11:04 - 2014-08-23 20:57 - 00000000 ____D () C:\Users\tonysherri\AppData\Roaming\WildTangent
2014-08-24 11:04 - 2009-04-20 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games
2014-08-24 11:04 - 2009-04-20 15:34 - 00000000 ____D () C:\Program Files\HP Games
2014-08-03 10:10 - 2014-04-27 10:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-03 09:54 - 2014-04-27 10:46 - 00000858 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-03 09:54 - 2014-04-27 10:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\tonysherri\AppData\Local\Temp\APNSetup.exe
C:\Users\tonysherri\AppData\Local\Temp\CloudBackup1940.exe
C:\Users\tonysherri\AppData\Local\Temp\HPQSi.exe
C:\Users\tonysherri\AppData\Local\Temp\vcredist_x86.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-27 07:17

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version:26-08-2014
Ran by tonysherri at 2014-08-27 07:29:59
Running from C:\Users\tonysherri\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (Version: 1.1.18.0 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.58.0.0 - Conexant)
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2203 - CyberLink Corp.)
CyberLink DVD Suite (Version: 6.0.2203 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2328 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.2328 - CyberLink Corp.) Hidden
ESU for Microsoft Vista (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FastCleanPro (HKLM\...\{01B0D3C2-DCD1-4F5C-92B7-D82988610623}) (Version: 1.00.0000 - ASAP)
gameo (HKCU\...\gameo) (Version: 0.9.0 - Fried Cookie Software)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version:  - )
HP Active Support Library (HKLM\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.5723 - Hewlett-Packard)
HP Help and Support (HKLM\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.1.0 - Hewlett-Packard Company)
HP Quick Launch Buttons 6.40 H2 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 H2 - Hewlett-Packard)
HP Total Care Advisor (HKLM\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.4941.2798 - Hewlett-Packard)
HP Total Care Setup (HKLM\...\{38058455-8C21-4C2F-B2F6-14ED166039CB}) (Version: 1.1.1983.2818 - Hewlett-Packard Company)
HP User Guides 0118 (HKLM\...\{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}) (Version: 3.00 K2 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 2.0.64.3 - Hewlett-Packard) Hidden
HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Juno Preloader (HKLM\...\{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}) (Version: 1.0.0 - Juno, Inc.)
LightScribe System Software  1.14.17.1 (HKLM\...\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}) (Version: 1.14.17.1 - LightScribe)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (HKLM\...\{6A370610-3778-44AF-9AAC-69B2FD1A3356}) (Version: 3.0.541.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
NetZero Preloader (HKLM\...\{352310C3-E46B-42D3-8F32-54721FDD72D9}) (Version: 1.0.0 - NetZero, Inc.)
Norton Internet Security (Version: 16.0.0.125 - Symantec Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
PCSpeedBoost 1.0.5 (HKLM\...\PCSpeedBoost) (Version: 1.0.5 - Boost Software Inc.)
PDF Creator (HKLM\...\PDF Creator) (Version:  - )
PDF Creator Packages (HKCU\...\PDF Creator Packages) (Version:  - ) <==== ATTENTION
Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2202 - CyberLink Corp.)
Power2Go (Version: 6.0.2202 - CyberLink Corp.) Hidden
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2201 - CyberLink Corp.)
PowerDirector (Version: 7.0.2201 - CyberLink Corp.) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.)
ROBLOX Player for tonysherri (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio 2013 for tonysherri (HKCU\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
SmarterPower (HKLM\...\SmarterPower) (Version: 2014.08.24.203617 - SmarterPower)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.0 - Synaptics)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for PDF Creator (HKCU\...\Digital Sites) (Version:  - Update for PDF Creator) <==== ATTENTION
Update Installer for WildTangent Games App (Version:  - WildTangent) Hidden
WildTangent Games App for HP (HKLM\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.14 - WildTangent)
WSE_Astromenda (HKLM\...\WSE_Astromenda) (Version:  - WSE_Astromenda) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4027518196-3332891925-840020564-1000_Classes\CLSID\{76D50904-6780-4c8b-8986-1A7EE0B1716D}\InprocServer32 -> C:\Users\tonysherri\AppData\Local\Roblox\Versions\version-9054e3065d02489e\RobloxProxy.dll (ROBLOX Corporation)

==================== Restore Points  =========================

03-11-2013 19:20:55 Scheduled Checkpoint
07-11-2013 23:31:28 Windows Update
17-12-2013 03:06:42 Removed Skype™ 6.10
17-12-2013 03:08:24 Removed Skype Click to Call
17-12-2013 03:12:36 Removed HP Update.
17-12-2013 03:14:20 Removed Microsoft Office File Validation Add-In
08-01-2014 14:15:13 Windows Update
22-04-2014 23:23:11 Installed Java 7 Update 55
24-04-2014 01:55:43 Scheduled Checkpoint
25-04-2014 23:41:55 Scheduled Checkpoint
27-04-2014 15:40:55 Removed Ask Toolbar
27-04-2014 15:55:17 Windows Update
27-04-2014 16:02:34 Device Driver Package Install: BITDEFENDER S.R.L. System devices
28-04-2014 21:22:59 Scheduled Checkpoint
30-04-2014 00:56:17 Removed Java™ 6 Update 7
30-04-2014 00:57:30 Removed Java 7 Update 55
30-04-2014 01:00:10 Installed Java 7 Update 55
10-05-2014 14:23:39 Scheduled Checkpoint
13-05-2014 13:59:49 avast! antivirus system restore point
13-05-2014 14:08:10 Windows Update
23-05-2014 17:12:11 Restore Operation
17-06-2014 20:07:37 Scheduled Checkpoint
19-06-2014 01:25:57 Scheduled Checkpoint
21-08-2014 17:18:17 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1CADC6AE-76C8-403B-915E-100604ECD48B} - System32\Tasks\ServicePlan => C:\Program Files\Hewlett-Packard\HP TCS\RemEngine.exe [2008-10-20] ()
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {300EE584-70F9-4AEF-9F2D-F03F5CDBF34F} - System32\Tasks\WSE_Astromenda => C:\Users\tonysherri\AppData\Roaming\WSE_Astromenda\UpdateProc\UpdateTask.exe [2014-08-24] ()
Task: {314A0D08-9A5A-4A67-9C3B-5CECFDDBEDA5} - System32\Tasks\Digital Sites => C:\Users\tonysherri\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] ()
Task: {31A2A029-907E-47EC-9AD0-08509D6D3942} - System32\Tasks\HPCeeScheduleFortonysherri => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3B22CD69-97D9-4862-AC88-CB3956D19F32} - System32\Tasks\PCSB_tonysherri_PCSpeedBoost_LogonTask => C:\Program Files\PC SpeedBoost\PCSpeedBoost.exe [2014-08-12] ()
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {5590A7ED-AB2D-41EE-A9C4-A9CABAF4CEB5} - System32\Tasks\ExtendedServicePlan => C:\Program Files\Hewlett-Packard\HP TCS\RemEngine.exe [2008-10-20] ()
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {A8EF9587-3DCD-4DC7-83E2-F7FD1B1E0006} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe [2014-08-14] (MyPC Backup) <==== ATTENTION
Task: {B49EEC80-0444-4AB1-972B-7A122F2410D4} - System32\Tasks\PCSB_tonysherri_PCSpeedBoost_LG_DailyTask => C:\Program Files\PC SpeedBoost\PCSpeedBoost.exe [2014-08-12] ()
Task: {C2CEA1B2-5AD8-4F55-9D78-F42E81C6944D} - System32\Tasks\PCSB_tonysherri_PCSpeedBoost_RS_DailyTask => C:\Program Files\PC SpeedBoost\PCSpeedBoost.exe [2014-08-12] ()
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {ED5F6143-3D3D-45D5-BB81-A0AFB141AC2E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {EE73688E-06FD-4AB7-B0EE-7252599C180D} - System32\Tasks\PCSB_tonysherri_PCSpeedBoost_RS_WeeklyTask => C:\Program Files\PC SpeedBoost\PCSpeedBoost.exe [2014-08-12] ()
Task: {F9928CBF-8E1E-4AE8-8E2D-AF23430F0AA4} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\TONYSH~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\HPCeeScheduleFortonysherri.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
Task: C:\Windows\Tasks\WSE_Astromenda.job => C:\Users\TONYSH~1\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-08-24 19:25 - 2011-10-04 22:42 - 00086016 _____ () C:\Windows\System32\custmon32i.dll
2014-08-14 09:05 - 2014-08-14 09:05 - 00904704 _____ () C:\Program Files\MyPC Backup\x86\System.Data.SQLite.dll
2009-04-20 16:42 - 2008-10-06 11:54 - 00365952 _____ () C:\Program Files\SMINST\BLService.exe
2009-04-20 16:42 - 2008-10-06 11:54 - 00132480 _____ () C:\Program Files\SMINST\STWmiM.dll
2009-04-20 16:34 - 2008-09-15 09:13 - 00241734 _____ () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2014-08-24 15:36 - 2014-08-26 12:59 - 00323320 _____ () C:\Program Files\SmarterPower\updateSmarterPower.exe
2014-08-25 15:42 - 2014-08-26 12:58 - 00323320 _____ () C:\Program Files\SmarterPower\bin\utilSmarterPower.exe
2007-07-12 15:55 - 2007-07-12 15:55 - 01581056 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2007-08-14 15:59 - 2007-08-14 15:59 - 06365184 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2007-07-12 15:55 - 2007-07-12 15:55 - 00131072 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2008-09-30 18:52 - 2008-09-30 18:52 - 00057344 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2008-09-30 18:56 - 2008-09-30 18:56 - 00032768 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
2008-09-30 18:51 - 2008-09-30 18:51 - 00118784 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll
2008-09-30 18:51 - 2008-09-30 18:51 - 00040960 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
2008-09-30 18:51 - 2008-09-30 18:51 - 00005632 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2008-09-30 18:51 - 2008-09-30 18:51 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2008-01-20 21:24 - 2008-01-20 21:24 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2008-09-30 18:51 - 2008-09-30 18:51 - 00010240 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
2008-09-30 18:52 - 2008-09-30 18:52 - 00007168 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
2014-08-24 19:26 - 2014-08-24 19:54 - 01072128 _____ () C:\Program Files\WSE_Astromenda\BRS\brs.exe
2014-08-24 19:31 - 2014-08-03 05:27 - 41402880 _____ () C:\Users\tonysherri\AppData\Roaming\gameo\gameo.exe
2014-08-14 09:09 - 2014-08-14 09:09 - 00012288 _____ () C:\Program Files\MyPC Backup\GetText.dll
2009-04-20 15:31 - 2008-04-11 11:04 - 00685360 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
2014-04-27 10:46 - 2014-07-17 00:42 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-08-24 19:31 - 2014-08-03 05:27 - 00882176 _____ () C:\Users\tonysherri\AppData\Roaming\gameo\ffmpegsumo.dll
2014-08-27 07:12 - 2014-08-27 07:12 - 00271872 _____ () C:\Users\tonysherri\AppData\Local\Temp\nw3256_26532\node_modules\gameo_utils\build\Release\gameo_utils_node.node
2014-08-27 07:12 - 2014-08-27 07:12 - 00095232 _____ () C:\Users\tonysherri\AppData\Local\Temp\nw3256_26532\node_modules\gameo_utils\build\Release\gameo_utils.dll
2014-08-27 07:12 - 2014-08-27 07:12 - 00082944 _____ () C:\Users\tonysherri\AppData\Local\Temp\nw3256_26532\node_modules\machelper\machelper.node
2014-08-27 07:12 - 2014-08-27 07:12 - 00074752 _____ () C:\Users\tonysherri\AppData\Local\Temp\nw3256_26532\node_modules\goldengate\build\Release\gg.node
2014-08-27 07:12 - 2014-08-27 07:12 - 00402432 _____ () C:\Users\tonysherri\AppData\Local\Temp\nw3256_26532\node_modules\goldengate\build\Release\GOLDENGATE.dll
2014-08-27 07:13 - 2014-08-27 07:13 - 16340144 _____ () C:\Users\tonysherri\AppData\Local\Temp\nw3256_26532\plugins\NPSWF32_13_0_0_168.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/27/2014 07:13:32 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TONYSHERRI\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0AMVTSY0.DEFAULT\CACHE\9> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (08/27/2014 07:13:32 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TONYSHERRI\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0AMVTSY0.DEFAULT\CACHE\9> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (08/27/2014 07:13:32 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TONYSHERRI\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0AMVTSY0.DEFAULT\CACHE\8> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (08/27/2014 07:13:32 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TONYSHERRI\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0AMVTSY0.DEFAULT\CACHE\8> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (08/27/2014 07:13:32 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TONYSHERRI\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0AMVTSY0.DEFAULT\CACHE\7> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (08/27/2014 07:13:32 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TONYSHERRI\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0AMVTSY0.DEFAULT\CACHE\7> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (08/27/2014 07:13:31 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TONYSHERRI\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0AMVTSY0.DEFAULT\CACHE\6> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (08/27/2014 07:13:31 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TONYSHERRI\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0AMVTSY0.DEFAULT\CACHE\6> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (08/27/2014 07:13:31 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TONYSHERRI\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0AMVTSY0.DEFAULT\CACHE\5> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (08/27/2014 07:13:31 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TONYSHERRI\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0AMVTSY0.DEFAULT\CACHE\5> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)


System errors:
=============
Error: (08/27/2014 07:12:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (08/27/2014 07:11:48 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (08/27/2014 07:11:46 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:29:52 PM on 8/26/2014 was unexpected.

Error: (08/26/2014 01:59:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Computer Backup (MyPC Backup)%%1053

Error: (08/26/2014 01:59:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Computer Backup (MyPC Backup)

Error: (08/26/2014 01:59:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (08/26/2014 01:58:40 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (08/26/2014 01:58:33 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:56:52 PM on 8/26/2014 was unexpected.

Error: (08/26/2014 00:54:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (08/26/2014 00:54:49 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-08-27 07:29:37.271
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-27 07:29:37.165
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-27 07:29:37.033
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-27 07:29:36.921
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-27 07:29:36.728
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-27 07:29:36.619
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-27 07:29:36.497
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-27 07:29:36.354
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-25 21:12:27.474
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-25 21:12:27.337
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Turion Dual-Core RM-75
Percentage of memory in use: 51%
Total physical RAM: 2813.69 MB
Available physical RAM: 1372.15 MB
Total Pagefile: 5857.85 MB
Available Pagefile: 4399.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1924.7 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:287.17 GB) (Free:217.21 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10.92 GB) (Free:1.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (DOCUMENT) (CDROM) (Total:0.51 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: D610896A)
Partition 1: (Active) - (Size=287.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#6 Jo*

Jo*

  • Malware Response Team
  • 3,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:52 AM

Posted 27 August 2014 - 07:44 AM

Hello Infection_objection,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 Infection_objection

Infection_objection
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 27 August 2014 - 08:15 AM

Good morning Jo.

 

I did by mistake hit cleanup before I posted these results. There was 1 malware found. I am posting the log below.

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.08.27.03

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
tonysherri :: TONYSHERRI-PC [administrator]

8/27/2014 7:54:13 AM
mbar-log-2014-08-27 (07-54-13).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 279800
Time elapsed: 11 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\System32\drivers\{5eeb83d0-96ea-4249-942c-beead6847053}Gt.sys (PUP.Optional.Sanbreel.A) -> Delete on reboot. [ba11bffab322d6da186e3da30a995df7]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 



#8 Infection_objection

Infection_objection
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 27 August 2014 - 08:19 AM

# AdwCleaner v3.308 - Report created 27/08/2014 at 08:17:41
# Updated 20/08/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 1 (32 bits)
# Username : tonysherri - TONYSHERRI-PC
# Running from : C:\Users\tonysherri\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : BackupStack
Service Found : Update SmarterPower
Service Found : Util SmarterPower
Service Found : {5eeb83d0-96ea-4249-942c-beead6847053}Gt

***** [ Files / Folders ] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Public\Desktop\eBay.lnk
File Found : C:\Users\tonysherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Found : C:\Users\tonysherri\AppData\Roaming\Mozilla\Firefox\Profiles\0amvtsy0.default\searchplugins\astromenda.xml
File Found : C:\Users\tonysherri\AppData\Roaming\Mozilla\Firefox\Profiles\0amvtsy0.default\user.js
File Found : C:\Users\tonysherri\Desktop\MyPC Backup.lnk
File Found : C:\Users\tonysherri\Desktop\Sync Folder.lnk
File Found : C:\Windows\system32\drivers\{5eeb83d0-96ea-4249-942c-beead6847053}Gt.sys
Folder Found : C:\Program Files\MyPC Backup
Folder Found : C:\Program Files\SmarterPower
Folder Found : C:\Program Files\wse_astromenda
Folder Found : C:\ProgramData\apn
Folder Found : C:\Users\TONYSH~1\AppData\Local\Temp\apn
Folder Found : C:\Users\TONYSH~1\AppData\Local\Temp\SmarterPower
Folder Found : C:\Users\tonysherri\AppData\Roaming\0D0S1L2Z1P1B
Folder Found : C:\Users\tonysherri\AppData\Roaming\DigitalSites
Folder Found : C:\Users\tonysherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Found : C:\Users\tonysherri\AppData\Roaming\wse_astromenda

***** [ Scheduled Tasks ] *****

Task Found : Digital Sites
Task Found : LaunchSignup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Astromenda
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F524A2D-5637-4300-76A7-7A786E7484D7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
Key Found : HKCU\Software\SmarterPower
Key Found : HKCU\Software\SmarterPower
Key Found : HKCU\Software\WSE_Astromenda
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\InstallCore
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmarterPower
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmarterPower
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSE_Astromenda
Key Found : HKLM\SOFTWARE\SmarterPower
Key Found : HKLM\SOFTWARE\SmarterPower
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update SmarterPower
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util SmarterPower
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4F524A2D-5637-4300-76A7-7A786E7484D7}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BRS]

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6001.18639

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://astromenda.com/?f=1&a=ast_dsites_14_34_ff&cd=2XzuyEtN2Y1L1QzutDtDtByDyDyCyCtAyB0C0DtCyCtCtB0BtN0D0Tzu0SzyyCyBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtCyDtCtD0CtGtA0B0FtBtG0E0ByD0FtGtCtAyE0CtGyE0A0C0Czy0DtD0AyC0E0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0DzyzzyB0E0FzytGyBtDyD0FtGyE0D0E0BtGzyyEtDtBtGyDzztByDyE0FyCzy0CyD0C0D2Q&cr=637993089&ir=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://astromenda.com/?f=2&a=ast_dsites_14_34_ff&cd=2XzuyEtN2Y1L1QzutDtDtByDyDyCyCtAyB0C0DtCyCtCtB0BtN0D0Tzu0SzyyCyBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0C0CtCyDtCtD0CtGtA0B0FtBtG0E0ByD0FtGtCtAyE0CtGyE0A0C0Czy0DtD0AyC0E0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0DzyzzyB0E0FzytGyBtDyD0FtGyE0D0E0BtGzyyEtDtBtGyDzztByDyE0FyCzy0CyD0C0D2Q&cr=637993089&ir=

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\tonysherri\AppData\Roaming\Mozilla\Firefox\Profiles\0amvtsy0.default\prefs.js ]

Line Found : user_pref("browser.search.defaultenginename", "Astromenda");
Line Found : user_pref("browser.search.selectedEngine", "Astromenda");
Line Found : user_pref("browser.startup.homepage", "hxxp://astromenda.com/?f=1&a=ast_dsites_14_34_ff&cd=2XzuyEtN2Y1L1QzutDtDtByDyDyCyCtAyB0C0DtCyCtCtB0BtN0D0Tzu0SzyyCyBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1[...]

*************************

AdwCleaner[R0].txt - [6033 octets] - [27/08/2014 08:17:41]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6093 octets] ##########
 



#9 Jo*

Jo*

  • Malware Response Team
  • 3,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:52 AM

Posted 27 August 2014 - 09:19 AM

Hello Infection_objection,

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run the Farbar Recovery Scan Tool again.
  • Double-click to run FSRT / FSRT64. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#10 Infection_objection

Infection_objection
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 27 August 2014 - 09:58 AM

# AdwCleaner v3.308 - Report created 27/08/2014 at 09:55:31
# Updated 20/08/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 1 (32 bits)
# Username : tonysherri - TONYSHERRI-PC
# Running from : C:\Users\tonysherri\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : BackupStack
[#] Service Deleted : Update SmarterPower
[#] Service Deleted : Util SmarterPower
[#] Service Deleted : {5eeb83d0-96ea-4249-942c-beead6847053}Gt

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\wse_astromenda
Folder Deleted : C:\Program Files\SmarterPower
Folder Deleted : C:\Users\TONYSH~1\AppData\Local\Temp\apn
Folder Deleted : C:\Users\TONYSH~1\AppData\Local\Temp\SmarterPower
Folder Deleted : C:\Users\tonysherri\AppData\Roaming\0D0S1L2Z1P1B
Folder Deleted : C:\Users\tonysherri\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\tonysherri\AppData\Roaming\wse_astromenda
Folder Deleted : C:\Users\tonysherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Windows\system32\drivers\{5eeb83d0-96ea-4249-942c-beead6847053}Gt.sys
File Deleted : C:\Users\tonysherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\tonysherri\Desktop\MyPC Backup.lnk
File Deleted : C:\Users\tonysherri\Desktop\Sync Folder.lnk
File Deleted : C:\Users\tonysherri\AppData\Roaming\Mozilla\Firefox\Profiles\0amvtsy0.default\searchplugins\astromenda.xml
File Deleted : C:\Users\tonysherri\AppData\Roaming\Mozilla\Firefox\Profiles\0amvtsy0.default\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : Digital Sites
Task Deleted : LaunchSignup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BRS]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update SmarterPower
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util SmarterPower
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F524A2D-5637-4300-76A7-7A786E7484D7}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4F524A2D-5637-4300-76A7-7A786E7484D7}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
Key Deleted : HKCU\Software\Astromenda
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\WSE_Astromenda
Key Deleted : HKCU\Software\SmarterPower
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\SmarterPower
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSE_Astromenda
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmarterPower

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6001.18639

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\tonysherri\AppData\Roaming\Mozilla\Firefox\Profiles\0amvtsy0.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Astromenda");
Line Deleted : user_pref("browser.search.selectedEngine", "Astromenda");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://astromenda.com/?f=1&a=ast_dsites_14_34_ff&cd=2XzuyEtN2Y1L1QzutDtDtByDyDyCyCtAyB0C0DtCyCtCtB0BtN0D0Tzu0SzyyCyBtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1[...]

*************************

AdwCleaner[R0].txt - [6173 octets] - [27/08/2014 08:17:41]
AdwCleaner[S0].txt - [5143 octets] - [27/08/2014 09:55:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5203 octets] ##########
 



#11 Infection_objection

Infection_objection
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 27 August 2014 - 10:04 AM

The Junkware removal tool ran, and came back saying a bad module detected and needed to reboot to repair it. I rebooted, and the logfile is completely empty for tyhe Junkware removal.



#12 Infection_objection

Infection_objection
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 27 August 2014 - 10:07 AM

Going to run the Farbar again now. At this time, the Astromenda search is gone. However, the Fastcleanuppro is still popping up and scanning, and when I click on links in Bleepingcomputer to follow your links, I keep getting popup pages.



#13 Infection_objection

Infection_objection
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 27 August 2014 - 10:09 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:26-08-2014
Ran by tonysherri (administrator) on TONYSHERRI-PC on 27-08-2014 10:08:17
Running from C:\Users\tonysherri\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
() C:\Users\tonysherri\AppData\Roaming\gameo\gameo.exe
() C:\Program Files\FastClean PRO\fastcleanpro.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
() C:\Program Files\FastClean PRO\fastcleanpro.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\tonysherri\AppData\Roaming\gameo\gameo.exe
() C:\Users\tonysherri\AppData\Roaming\gameo\gameo.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\tonysherri\Desktop\FRST(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [QPService] => C:\Program Files\HP\QuickPlay\QPService.exe [468264 2008-09-23] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-10-06] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2008-11-15] (CyberLink Corp.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-08-01] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [UpdatePDIRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4027518196-3332891925-840020564-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company)
HKU\S-1-5-21-4027518196-3332891925-840020564-1000\...\Run: [HPAdvisor] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972080 2008-09-30] (Hewlett-Packard)
HKU\S-1-5-21-4027518196-3332891925-840020564-1000\...\Run: [Gameo] => C:\Users\tonysherri\AppData\Roaming\gameo\gameo.exe [41402880 2014-08-03] ()
HKU\S-1-5-21-4027518196-3332891925-840020564-1000\...\Run: [fastclean] => C:\Program Files\FastClean Pro\fastcleanpro.exe [2926184 2014-07-17] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FastClean Pro.lnk
ShortcutTarget: FastClean Pro.lnk -> C:\Windows\Installer\{01B0D3C2-DCD1-4F5C-92B7-D82988610623}\_BE1D971AE7AA44B392E14121945B1705.exe (Flexera Software LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {B5F099C4-BFA8-4583-9FA5-E80C8E8040D5} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM - {E9D4E014-3CA2-4E2F-A41D-82B294BAE6A8} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKCU - {B5F099C4-BFA8-4583-9FA5-E80C8E8040D5} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {E9D4E014-3CA2-4E2F-A41D-82B294BAE6A8} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 24.178.162.3 24.247.15.53

FireFox:
========
FF ProfilePath: C:\Users\tonysherri\AppData\Roaming\Mozilla\Firefox\Profiles\0amvtsy0.default
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: @nsroblox.roblox.com/launcher -> C:\Users\tonysherri\AppData\Local\Roblox\Versions\version-9054e3065d02489e\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-17]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 GamesAppIntegrationService; C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-10-06] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-27 09:59 - 2014-08-27 09:59 - 00000000 ____D () C:\Windows\ERUNT
2014-08-27 09:58 - 2014-08-27 09:58 - 01016261 _____ (Thisisu) C:\Users\tonysherri\Downloads\JRT.exe
2014-08-27 08:17 - 2014-08-27 09:55 - 00000000 ____D () C:\AdwCleaner
2014-08-27 08:15 - 2014-08-27 08:15 - 01364531 _____ () C:\Users\tonysherri\Desktop\AdwCleaner.exe
2014-08-27 07:54 - 2014-08-27 09:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-27 07:54 - 2014-08-27 07:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-27 07:53 - 2014-08-27 07:54 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-27 07:52 - 2014-08-27 08:09 - 00000000 ____D () C:\Users\tonysherri\Desktop\mbar
2014-08-27 07:52 - 2014-08-27 07:52 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-27 07:51 - 2014-08-27 07:51 - 14349744 _____ (Malwarebytes Corp.) C:\Users\tonysherri\Downloads\mbar-1.07.0.1012.exe
2014-08-27 07:29 - 2014-08-27 10:08 - 00012589 _____ () C:\Users\tonysherri\Desktop\FRST.txt
2014-08-27 07:29 - 2014-08-27 07:31 - 00031152 _____ () C:\Users\tonysherri\Desktop\Addition.txt
2014-08-27 07:26 - 2014-08-27 07:26 - 01095168 _____ (Farbar) C:\Users\tonysherri\Desktop\FRST(1).exe
2014-08-27 07:24 - 2014-08-27 10:08 - 00000000 ____D () C:\FRST
2014-08-27 07:24 - 2014-08-27 07:24 - 01095168 _____ (Farbar) C:\Users\tonysherri\Downloads\FRST.exe
2014-08-27 07:23 - 2014-08-27 07:23 - 02103296 _____ (Farbar) C:\Users\tonysherri\Downloads\FRST64.exe
2014-08-27 07:18 - 2014-08-27 07:18 - 00854417 _____ () C:\Users\tonysherri\Downloads\SecurityCheck.exe
2014-08-26 13:13 - 2014-08-26 13:14 - 00013633 _____ () C:\Users\tonysherri\Desktop\dds.txt
2014-08-26 13:13 - 2014-08-26 13:14 - 00005882 _____ () C:\Users\tonysherri\Desktop\attach.txt
2014-08-26 13:04 - 2014-08-26 13:05 - 00688992 ____R (Swearware) C:\Users\tonysherri\Desktop\dds.com
2014-08-25 15:54 - 2014-08-27 07:37 - 00000088 _____ () C:\Users\tonysherri\AppData\Roaming\WB.CFG
2014-08-24 19:57 - 2014-08-24 19:57 - 00000000 ____D () C:\Users\tonysherri\AppData\Local\IsolatedStorage
2014-08-24 19:56 - 2014-08-24 19:56 - 00001852 _____ () C:\Users\Public\Desktop\FastClean Pro.lnk
2014-08-24 19:56 - 2014-08-24 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastClean Pro
2014-08-24 19:56 - 2014-08-24 19:56 - 00000000 ____D () C:\Program Files\FastClean PRO
2014-08-24 19:53 - 2014-08-24 19:57 - 00000000 ____D () C:\Users\tonysherri\AppData\Local\fastcleanpro
2014-08-24 19:52 - 2014-08-24 19:52 - 01312632 _____ ( ) C:\Users\tonysherri\Downloads\PDFCreatorSetup(1).exe
2014-08-24 19:31 - 2014-08-27 10:02 - 00000000 ____D () C:\Users\tonysherri\AppData\Local\gameo
2014-08-24 19:31 - 2014-08-24 19:32 - 00000000 ___HD () C:\Users\tonysherri\AppData\Roaming\GoldenGate
2014-08-24 19:31 - 2014-08-24 19:31 - 00001716 _____ () C:\Users\tonysherri\Desktop\gameo.lnk
2014-08-24 19:31 - 2014-08-24 19:31 - 00001702 _____ () C:\Users\tonysherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\gameo.lnk
2014-08-24 19:31 - 2014-08-24 19:31 - 00000176 _____ () C:\Users\tonysherri\Desktop\Play Games Online.url
2014-08-24 19:31 - 2014-08-24 19:31 - 00000176 _____ () C:\Users\tonysherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2014-08-24 19:31 - 2014-08-24 19:31 - 00000000 ____D () C:\Users\tonysherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\gameo
2014-08-24 19:31 - 2014-08-24 19:31 - 00000000 ____D () C:\Users\tonysherri\AppData\Roaming\gameo
2014-08-24 19:27 - 2014-08-24 19:27 - 00001815 _____ () C:\Users\Public\Desktop\PC SpeedBoost.lnk
2014-08-24 19:27 - 2014-08-24 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC SpeedBoost
2014-08-24 19:26 - 2014-08-27 09:54 - 00000308 _____ () C:\Windows\Tasks\WSE_Astromenda.job
2014-08-24 19:26 - 2014-08-24 19:27 - 00000000 ____D () C:\Program Files\PC SpeedBoost
2014-08-24 19:26 - 2014-08-24 19:26 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-08-24 19:25 - 2014-08-24 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator
2014-08-24 19:25 - 2014-08-24 19:25 - 00000000 ____D () C:\Program Files\PDFCreator
2014-08-24 19:25 - 2014-08-24 19:25 - 00000000 ____D () C:\Program Files\GPLGS
2014-08-24 19:25 - 2011-10-04 22:42 - 00086016 _____ () C:\Windows\system32\custmon32i.dll
2014-08-24 19:24 - 2014-08-24 19:24 - 01312632 _____ ( ) C:\Users\tonysherri\Downloads\PDFCreatorSetup.exe
2014-08-24 12:40 - 2014-08-24 18:14 - 00000000 ____D () C:\Users\tonysherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-08-24 12:39 - 2014-08-24 12:39 - 00635760 _____ (ROBLOX Corporation) C:\Users\tonysherri\Downloads\RobloxPlayerLauncher.exe
2014-08-24 12:39 - 2014-08-24 12:39 - 00635760 _____ (ROBLOX Corporation) C:\Users\tonysherri\Downloads\RobloxPlayerLauncher(1).exe
2014-08-24 11:40 - 2014-08-24 11:40 - 00000000 ____D () C:\ProgramData\HipSoft
2014-08-24 11:05 - 2014-08-24 11:05 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-08-24 11:04 - 2014-08-24 19:59 - 00002134 ____N () C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2014-08-24 11:04 - 2014-08-24 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games for HP
2014-08-24 11:03 - 2014-08-24 11:04 - 00000000 ____D () C:\Program Files\WildTangent Games
2014-08-23 20:57 - 2014-08-24 11:04 - 00000000 ____D () C:\Users\tonysherri\AppData\Roaming\WildTangent

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-27 10:08 - 2014-08-27 07:29 - 00012589 _____ () C:\Users\tonysherri\Desktop\FRST.txt
2014-08-27 10:08 - 2014-08-27 07:24 - 00000000 ____D () C:\FRST
2014-08-27 10:07 - 2006-11-02 05:33 - 00703388 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-27 10:03 - 2013-09-28 02:40 - 01782976 _____ () C:\Windows\WindowsUpdate.log
2014-08-27 10:02 - 2014-08-24 19:31 - 00000000 ____D () C:\Users\tonysherri\AppData\Local\gameo
2014-08-27 10:01 - 2013-12-16 22:17 - 00007808 _____ () C:\Users\tonysherri\AppData\Local\d3d9caps.dat
2014-08-27 10:01 - 2013-10-15 21:57 - 00032346 _____ () C:\ProgramData\nvModes.dat
2014-08-27 10:01 - 2013-10-15 21:57 - 00032346 _____ () C:\ProgramData\nvModes.001
2014-08-27 10:01 - 2013-09-28 03:04 - 00000246 _____ () C:\ProgramData\hpqp.ini
2014-08-27 10:01 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-27 10:01 - 2006-11-02 07:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-27 10:01 - 2006-11-02 07:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-27 10:00 - 2006-11-02 08:01 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-27 09:59 - 2014-08-27 09:59 - 00000000 ____D () C:\Windows\ERUNT
2014-08-27 09:58 - 2014-08-27 09:58 - 01016261 _____ (Thisisu) C:\Users\tonysherri\Downloads\JRT.exe
2014-08-27 09:56 - 2014-08-27 07:54 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-27 09:56 - 2008-01-20 21:47 - 00192354 _____ () C:\Windows\PFRO.log
2014-08-27 09:55 - 2014-08-27 08:17 - 00000000 ____D () C:\AdwCleaner
2014-08-27 09:54 - 2014-08-24 19:26 - 00000308 _____ () C:\Windows\Tasks\WSE_Astromenda.job
2014-08-27 09:12 - 2006-11-02 05:23 - 00000246 _____ () C:\Windows\win.ini
2014-08-27 08:15 - 2014-08-27 08:15 - 01364531 _____ () C:\Users\tonysherri\Desktop\AdwCleaner.exe
2014-08-27 08:09 - 2014-08-27 07:52 - 00000000 ____D () C:\Users\tonysherri\Desktop\mbar
2014-08-27 08:09 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\IME
2014-08-27 07:54 - 2014-08-27 07:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-27 07:54 - 2014-08-27 07:53 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-27 07:52 - 2014-08-27 07:52 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-27 07:51 - 2014-08-27 07:51 - 14349744 _____ (Malwarebytes Corp.) C:\Users\tonysherri\Downloads\mbar-1.07.0.1012.exe
2014-08-27 07:37 - 2014-08-25 15:54 - 00000088 _____ () C:\Users\tonysherri\AppData\Roaming\WB.CFG
2014-08-27 07:31 - 2014-08-27 07:29 - 00031152 _____ () C:\Users\tonysherri\Desktop\Addition.txt
2014-08-27 07:26 - 2014-08-27 07:26 - 01095168 _____ (Farbar) C:\Users\tonysherri\Desktop\FRST(1).exe
2014-08-27 07:24 - 2014-08-27 07:24 - 01095168 _____ (Farbar) C:\Users\tonysherri\Downloads\FRST.exe
2014-08-27 07:23 - 2014-08-27 07:23 - 02103296 _____ (Farbar) C:\Users\tonysherri\Downloads\FRST64.exe
2014-08-27 07:18 - 2014-08-27 07:18 - 00854417 _____ () C:\Users\tonysherri\Downloads\SecurityCheck.exe
2014-08-26 13:14 - 2014-08-26 13:13 - 00013633 _____ () C:\Users\tonysherri\Desktop\dds.txt
2014-08-26 13:14 - 2014-08-26 13:13 - 00005882 _____ () C:\Users\tonysherri\Desktop\attach.txt
2014-08-26 13:05 - 2014-08-26 13:04 - 00688992 ____R (Swearware) C:\Users\tonysherri\Desktop\dds.com
2014-08-24 19:59 - 2014-08-24 11:04 - 00002134 ____N () C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2014-08-24 19:59 - 2014-08-24 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games for HP
2014-08-24 19:59 - 2006-11-02 07:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-24 19:57 - 2014-08-24 19:57 - 00000000 ____D () C:\Users\tonysherri\AppData\Local\IsolatedStorage
2014-08-24 19:57 - 2014-08-24 19:53 - 00000000 ____D () C:\Users\tonysherri\AppData\Local\fastcleanpro
2014-08-24 19:56 - 2014-08-24 19:56 - 00001852 _____ () C:\Users\Public\Desktop\FastClean Pro.lnk
2014-08-24 19:56 - 2014-08-24 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastClean Pro
2014-08-24 19:56 - 2014-08-24 19:56 - 00000000 ____D () C:\Program Files\FastClean PRO
2014-08-24 19:52 - 2014-08-24 19:52 - 01312632 _____ ( ) C:\Users\tonysherri\Downloads\PDFCreatorSetup(1).exe
2014-08-24 19:32 - 2014-08-24 19:31 - 00000000 ___HD () C:\Users\tonysherri\AppData\Roaming\GoldenGate
2014-08-24 19:31 - 2014-08-24 19:31 - 00001716 _____ () C:\Users\tonysherri\Desktop\gameo.lnk
2014-08-24 19:31 - 2014-08-24 19:31 - 00001702 _____ () C:\Users\tonysherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\gameo.lnk
2014-08-24 19:31 - 2014-08-24 19:31 - 00000176 _____ () C:\Users\tonysherri\Desktop\Play Games Online.url
2014-08-24 19:31 - 2014-08-24 19:31 - 00000176 _____ () C:\Users\tonysherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2014-08-24 19:31 - 2014-08-24 19:31 - 00000000 ____D () C:\Users\tonysherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\gameo
2014-08-24 19:31 - 2014-08-24 19:31 - 00000000 ____D () C:\Users\tonysherri\AppData\Roaming\gameo
2014-08-24 19:27 - 2014-08-24 19:27 - 00001815 _____ () C:\Users\Public\Desktop\PC SpeedBoost.lnk
2014-08-24 19:27 - 2014-08-24 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC SpeedBoost
2014-08-24 19:27 - 2014-08-24 19:26 - 00000000 ____D () C:\Program Files\PC SpeedBoost
2014-08-24 19:26 - 2014-08-24 19:26 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-08-24 19:26 - 2014-04-27 10:46 - 00000834 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-24 19:25 - 2014-08-24 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator
2014-08-24 19:25 - 2014-08-24 19:25 - 00000000 ____D () C:\Program Files\PDFCreator
2014-08-24 19:25 - 2014-08-24 19:25 - 00000000 ____D () C:\Program Files\GPLGS
2014-08-24 19:24 - 2014-08-24 19:24 - 01312632 _____ ( ) C:\Users\tonysherri\Downloads\PDFCreatorSetup.exe
2014-08-24 19:21 - 2006-11-02 07:52 - 00129384 _____ () C:\Windows\setupact.log
2014-08-24 18:43 - 2009-04-20 15:34 - 00000000 ____D () C:\ProgramData\WildTangent
2014-08-24 18:14 - 2014-08-24 12:40 - 00000000 ____D () C:\Users\tonysherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-08-24 12:39 - 2014-08-24 12:39 - 00635760 _____ (ROBLOX Corporation) C:\Users\tonysherri\Downloads\RobloxPlayerLauncher.exe
2014-08-24 12:39 - 2014-08-24 12:39 - 00635760 _____ (ROBLOX Corporation) C:\Users\tonysherri\Downloads\RobloxPlayerLauncher(1).exe
2014-08-24 11:40 - 2014-08-24 11:40 - 00000000 ____D () C:\ProgramData\HipSoft
2014-08-24 11:05 - 2014-08-24 11:05 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-08-24 11:04 - 2014-08-24 11:03 - 00000000 ____D () C:\Program Files\WildTangent Games
2014-08-24 11:04 - 2014-08-23 20:57 - 00000000 ____D () C:\Users\tonysherri\AppData\Roaming\WildTangent
2014-08-24 11:04 - 2009-04-20 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My HP Games
2014-08-24 11:04 - 2009-04-20 15:34 - 00000000 ____D () C:\Program Files\HP Games
2014-08-03 10:10 - 2014-04-27 10:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-03 09:54 - 2014-04-27 10:46 - 00000858 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-03 09:54 - 2014-04-27 10:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\tonysherri\AppData\Local\Temp\APNSetup.exe
C:\Users\tonysherri\AppData\Local\Temp\CloudBackup1940.exe
C:\Users\tonysherri\AppData\Local\Temp\HPQSi.exe
C:\Users\tonysherri\AppData\Local\Temp\Quarantine.exe
C:\Users\tonysherri\AppData\Local\Temp\vcredist_x86.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-27 10:07

==================== End Of Log ============================



#14 Infection_objection

Infection_objection
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 27 August 2014 - 10:14 AM

# AdwCleaner v3.308 - Report created 27/08/2014 at 10:12:50
# Updated 20/08/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 1 (32 bits)
# Username : tonysherri - TONYSHERRI-PC
# Running from : C:\Users\tonysherri\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6001.18639


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\tonysherri\AppData\Roaming\Mozilla\Firefox\Profiles\0amvtsy0.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [6173 octets] - [27/08/2014 08:17:41]
AdwCleaner[R1].txt - [762 octets] - [27/08/2014 10:12:50]
AdwCleaner[S0].txt - [5283 octets] - [27/08/2014 09:55:31]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [881 octets] ##########
 



#15 Jo*

Jo*

  • Malware Response Team
  • 3,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:52 AM

Posted 27 August 2014 - 10:36 AM

Hello Infection_objection,

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
start
() C:\Program Files\FastClean PRO\fastcleanpro.exe
HKU\S-1-5-21-4027518196-3332891925-840020564-1000\...\Run: [fastclean] => C:\Program Files\FastClean Pro\fastcleanpro.exe [2926184 2014-07-17] ()
C:\Program Files\FastClean PRO
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.



***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users