Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virus stopping network from being used?


  • This topic is locked This topic is locked
9 replies to this topic

#1 tonyntiffy

tonyntiffy

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 08 December 2014 - 03:18 AM

I believe I have a virus and it wont let me use my internet on my computer.  No matter what website I try and go to, I cannot access my network I know my internet is working because my wifi is operating for my other wireless devices.  I think I got this after installing Google Chrome.  This is the 2nd time I got a virus due to Google Chrome.  The last time was a year or so ago and you guys helped me get rid of that one too.  It was a root kit virus.  Please help! Thanks! here is the log of the malware that I ran... I tried to copy and paste the log but I could not for some reason.  My system is only running now in safe mode with networking. 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:40 PM

Posted 11 December 2014 - 09:39 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 tonyntiffy

tonyntiffy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 16 December 2014 - 07:09 AM

Please note that all this is being done in Safe Mode with Networking just to make sure that you are aware.  Thank you in advance for your help!  It is GREATLY appreciated

 

# AdwCleaner v4.105 - Report created 15/12/2014 at 10:21:10
# Updated 08/12/2014 by Xplode
# Database : 2014-12-13.4 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : tonyntiffy - PIERGROSSI
# Running from : C:\Users\tonyntiffy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\URTWN0PG\adwcleaner_4.105.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : YahooAUService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Yahoo! Companion
Folder Deleted : C:\ProgramData\Alawar
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Driver Updater
Folder Deleted : C:\Program Files (x86)\Smart Driver Updater
Folder Deleted : C:\Users\tonyntiffy\AppData\Local\System_Alerts_LLC
Folder Deleted : C:\Users\tonyntiffy\AppData\Local\DesktopTemperature
Folder Deleted : C:\Users\tonyntiffy\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\tonyntiffy\AppData\Roaming\Smart Driver Updater
Folder Deleted : C:\Users\tonyntiffy\AppData\Roaming\Alawar
Folder Deleted : C:\Users\tonyntiffy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Temperature
Folder Deleted : C:\Users\tonyntiffy\Documents\Smart Driver Updater
File Deleted : C:\Users\tonyntiffy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Temperature Monitor.lnk
File Deleted : C:\Users\tonyntiffy\Desktop\Smart Driver Updater.lnk

***** [ Scheduled Tasks ] *****

Task Deleted : RunAsStdUser Task

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\DesktopTemperature.exe
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4EDF1319-D325-422C-8C8B-F1512BBA059E}
Key Deleted : HKCU\Software\Smart Driver Updater
Key Deleted : HKCU\Software\DesktopTemperature
Key Deleted : HKLM\SOFTWARE\InstallIQ
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Desktop Temperature Monitor
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{81BFDC6A-7574-424C-AA2E-0A19FE2B1A3F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Driver Updater_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

*************************

AdwCleaner[R0].txt - [6181 octets] - [15/12/2014 10:17:44]
AdwCleaner[S0].txt - [5809 octets] - [15/12/2014 10:21:10]

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by tonyntiffy (administrator) on PIERGROSSI on 16-12-2014 07:01:46
Running from C:\Users\tonyntiffy\Desktop
Loaded Profile: tonyntiffy (Available profiles: tonyntiffy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] ()
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [664600 2010-09-28] (PDF Complete Inc)
HKLM-x32\...\Run: [BATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [LaunchHPOSIAPP] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [103936 2013-07-23] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
HKU\S-1-5-21-146183986-3892266785-3712315220-1000\...\Run: [GenieoUpdaterService] => C:\Users\tonyntiffy\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe [294240 2014-07-14] ()
HKU\S-1-5-21-146183986-3892266785-3712315220-1000\...\Run: [GenieoSystemTray] => C:\Users\tonyntiffy\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe [539488 2014-07-14] ()
HKU\S-1-5-21-146183986-3892266785-3712315220-1000\...\RunOnce: [Adobe Speed Launcher] => 1418730970
HKU\S-1-5-21-146183986-3892266785-3712315220-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S2].txt [1024 2014-12-16] ()
Startup: C:\Users\tonyntiffy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-146183986-3892266785-3712315220-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-146183986-3892266785-3712315220-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-146183986-3892266785-3712315220-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.genieo.com/?v=w3i20&wtag=W3i_IA,206,0_01,StartPage,20141250,19841,UN,0,6923
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-146183986-3892266785-3712315220-1000 -> {5ACA3368-3AE6-4742-B09B-0F39DCEFDF3B} URL = http://search.genieo.com/results.html?v=w3i20&wtag=W3i_IA,206,0_01,DefaultSearch,20141250,19841,UN,0,6923&q={searchTerms}
SearchScopes: HKU\S-1-5-21-146183986-3892266785-3712315220-1000 -> {E8F957BE-FAF1-475F-B356-4E97CAF69D40} URL = https://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20141250,20028,0,31,0
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-146183986-3892266785-3712315220-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab
DPF: HKLM-x32 {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} http://www.worldwinner.com/games/v41/freecell/freecell.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: HKLM-x32 {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinner.com/games/v43/paint/paint.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @real.com/nppl3260;version=15.0.1.13 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.1.13 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.1.13 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.1.13 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.1.13 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-146183986-3892266785-3712315220-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
FF Plugin HKU\S-1-5-21-146183986-3892266785-3712315220-1000: @nds.com/PCShowPlugin -> C:\Users\tonyntiffy\AppData\Local\DIRECTV Player\npPCShowPlugin.dll No File
FF Plugin HKU\S-1-5-21-146183986-3892266785-3712315220-1000: @nds.com/PlayerPlugin -> C:\Users\tonyntiffy\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF Plugin HKU\S-1-5-21-146183986-3892266785-3712315220-1000: NDS.com/PlayerPlugin -> C:\Users\tonyntiffy\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-02-01]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-12-26]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-09-23]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-26]

Chrome:
=======
CHR HKU\S-1-5-21-146183986-3892266785-3712315220-1000\...\Chrome\Extension: [ffekppndigniegkobcngkdmaadbhhonj] - C:\Users\tonyntiffy\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ffekppndigniegkobcngkdmaadbhhonj] - C:\Users\tonyntiffy\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-12-26]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\Exts\Chrome.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-22] (Advanced Micro Devices, Inc.) [File not signed]
S2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-12-15] (AMD) [File not signed]
S2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7391232 2013-07-23] (LeapFrog Enterprises, Inc.) [File not signed]
S2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\N360.exe [265040 2014-08-01] (Symantec Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140912.003\BHDrvx64.sys [1586904 2014-09-12] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1505000.013\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-08-09] (Symantec Corporation)
S1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140926.003\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-16] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140927.001\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140927.001\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\N360x64\1505000.013\SRTSP64.SYS [875736 2014-07-22] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360x64\1505000.013\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-08-14] ()
R0 SymDS; C:\Windows\System32\drivers\N360x64\1505000.013\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1505000.013\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-26] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360x64\1505000.013\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\N360x64\1505000.013\SYMNETS.SYS [593112 2014-07-23] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-16 07:01 - 2014-12-16 07:02 - 00019543 _____ () C:\Users\tonyntiffy\Desktop\FRST.txt
2014-12-16 07:01 - 2014-12-16 07:01 - 02119168 _____ (Farbar) C:\Users\tonyntiffy\Desktop\FRST64.exe
2014-12-16 07:01 - 2014-12-16 07:01 - 00000000 ____D () C:\FRST
2014-12-16 06:53 - 2014-12-16 06:53 - 00000000 __SHD () C:\Users\tonyntiffy\AppData\Local\EmieBrowserModeList
2014-12-16 03:01 - 2014-12-16 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2014-12-15 10:46 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-15 10:46 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-15 10:46 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-15 10:46 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-15 10:46 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-15 10:46 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-15 10:46 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-15 10:46 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-15 10:46 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-15 10:46 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-15 10:46 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-15 10:46 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-15 10:46 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-15 10:46 - 2014-11-21 21:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-15 10:46 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-15 10:46 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-15 10:46 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-15 10:46 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-15 10:46 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-15 10:46 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-15 10:46 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-15 10:46 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-15 10:46 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-15 10:46 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-15 10:46 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-15 10:46 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-15 10:46 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-15 10:46 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-15 10:46 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-15 10:46 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-15 10:46 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-15 10:46 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-15 10:46 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-15 10:46 - 2014-11-21 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-15 10:46 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-15 10:46 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-15 10:46 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-15 10:46 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-15 10:46 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-15 10:46 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-15 10:46 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-15 10:46 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-15 10:46 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-15 10:46 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-15 10:46 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-15 10:46 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-15 10:46 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-15 10:46 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-15 10:46 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-15 10:46 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-15 10:46 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-15 10:46 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-15 10:46 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-15 10:46 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-15 10:46 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-15 10:46 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-15 10:46 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-15 10:46 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-15 10:29 - 2014-12-15 10:29 - 00015510 _____ () C:\Users\tonyntiffy\Desktop\82.htm
2014-12-15 10:28 - 2014-12-15 10:28 - 02166272 _____ () C:\Users\tonyntiffy\Desktop\adwcleaner_4.105.exe
2014-12-15 10:25 - 2014-12-15 10:25 - 00005977 _____ () C:\Users\tonyntiffy\Desktop\AdwCleaner[S0].txt
2014-12-15 10:17 - 2014-12-16 06:58 - 00000000 ____D () C:\AdwCleaner
2014-12-08 03:08 - 2014-12-08 03:08 - 00002180 ____N () C:\Users\tonyntiffy\Desktop\Genieo.lnk
2014-12-08 03:08 - 2014-12-08 03:08 - 00000000 ____D () C:\Users\tonyntiffy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Genieo
2014-12-08 03:04 - 2014-12-08 03:04 - 00001064 ____N () C:\Users\tonyntiffy\Desktop\1st scan.txt
2014-12-08 03:01 - 2014-12-08 03:01 - 00000000 ____D () C:\Users\tonyntiffy\AppData\Roaming\Genieo
2014-12-08 03:00 - 2014-12-08 03:00 - 01969176 _____ (SafeInstall, LLC) C:\Users\tonyntiffy\Downloads\7Zip.exe
2014-12-08 02:57 - 2014-12-08 02:57 - 00001373 _____ () C:\Users\Public\Desktop\Check PC for Errors.lnk
2014-12-08 02:57 - 2014-12-08 02:57 - 00000458 _____ () C:\Windows\Tasks\RegPowerClean.job
2014-12-08 02:57 - 2014-12-08 02:57 - 00000444 _____ () C:\Windows\Tasks\RPCReminder.job
2014-12-08 02:57 - 2014-12-08 02:57 - 00000000 ____D () C:\Users\tonyntiffy\AppData\Roaming\Yahoo!
2014-12-08 02:57 - 2014-12-08 02:57 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-12-08 02:57 - 2014-12-08 02:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winferno
2014-12-08 02:57 - 2014-12-08 02:57 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-12-08 02:57 - 2014-12-08 02:57 - 00000000 ____D () C:\Program Files (x86)\Winferno
2014-12-08 02:57 - 2010-10-26 11:07 - 00499785 _____ (Capital Intellect Inc) C:\Windows\SysWOW64\WINUTIL8.DLL
2014-12-08 02:57 - 2010-09-01 15:59 - 00835656 _____ (Capital Intellect Inc) C:\Windows\SysWOW64\WINCTL5.OCX
2014-12-08 02:57 - 2010-01-14 10:31 - 00425984 _____ () C:\Windows\SysWOW64\WinCMR.dll
2014-12-08 02:57 - 2009-06-05 11:06 - 00516832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CapiCom.dll
2014-12-08 02:57 - 2009-06-05 11:04 - 00393216 _____ (Capital Intellect Inc) C:\Windows\SysWOW64\WINLCTL6.DLL
2014-12-07 10:15 - 2014-12-13 11:26 - 3852409631 _____ () C:\Users\tonyntiffy\Desktop\allfilessavedthatweneed120714.zip
2014-12-07 10:00 - 2014-12-07 10:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-12-07 10:00 - 2014-12-07 10:00 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-12-07 08:58 - 2014-12-07 09:03 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-12-06 10:06 - 2014-12-06 10:06 - 17335984 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-06 09:26 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-12-06 09:26 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-12-06 09:26 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-12-06 09:26 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-12-06 09:26 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-12-06 09:25 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-06 09:25 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-06 09:25 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-12-06 09:25 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-12-06 09:25 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-12-06 09:25 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-06 09:25 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-12-06 09:25 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-12-06 09:25 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-12-06 09:25 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-06 09:25 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-12-06 09:25 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-12-06 09:25 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-12-06 09:25 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-12-06 09:25 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-12-06 09:25 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-12-06 09:25 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-06 09:25 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-12-06 09:25 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-12-06 09:25 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-12-06 09:25 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-12-06 09:25 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-12-06 09:25 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-12-06 09:25 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-06 09:25 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-12-06 09:25 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-12-06 09:25 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-12-06 09:25 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-12-06 09:25 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-12-06 09:25 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-12-06 09:25 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-12-06 09:25 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-12-06 09:25 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-12-06 09:25 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-12-06 09:24 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-12-06 09:24 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-12-06 09:24 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-12-06 09:24 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-12-06 09:24 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-06 09:12 - 2014-12-16 06:59 - 00015672 _____ () C:\Windows\PFRO.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-16 07:00 - 2013-08-07 14:26 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-12-16 06:58 - 2011-02-01 18:13 - 01795506 _____ () C:\Windows\WindowsUpdate.log
2014-12-16 06:58 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-16 06:58 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-16 06:57 - 2012-11-03 22:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-16 06:56 - 2014-10-19 20:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-16 06:56 - 2012-01-26 17:24 - 00000000 ____D () C:\Users\tonyntiffy\AppData\Local\Deployment
2014-12-16 06:55 - 2014-10-26 00:00 - 00000392 _____ () C:\Windows\setupact.log
2014-12-16 06:55 - 2014-09-14 16:12 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-16 06:55 - 2013-08-04 20:57 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-16 06:19 - 2014-09-14 16:12 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-16 06:06 - 2013-08-20 20:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-16 03:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-16 03:11 - 2013-08-04 21:01 - 00005354 _____ () C:\Windows\system32\PerfStringBackup.TMP
2014-12-16 03:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-15 11:55 - 2011-02-01 18:25 - 00000000 ____D () C:\ProgramData\PDFC
2014-12-15 10:55 - 2009-07-13 23:45 - 00280672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-15 10:44 - 2013-07-25 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-15 10:38 - 2011-03-05 03:25 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-08 03:20 - 2013-08-08 20:21 - 00002161 ____N () C:\Users\tonyntiffy\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-12-07 09:12 - 2014-10-19 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-07 09:12 - 2014-10-19 20:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-07 09:12 - 2013-08-04 21:08 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-07 09:11 - 2013-08-04 21:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-12-07 09:11 - 2011-11-26 18:53 - 00000000 ____D () C:\Users\tonyntiffy\AppData\Roaming\Malwarebytes
2014-12-06 18:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2014-12-06 10:06 - 2012-04-01 18:19 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-06 10:06 - 2012-04-01 18:19 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-06 10:06 - 2011-05-17 18:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-06 09:27 - 2013-08-04 21:08 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-12-06 09:27 - 2011-03-05 16:48 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-12-06 09:14 - 2011-03-11 04:38 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-06 09:14 - 2011-03-11 04:38 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-06 09:12 - 2014-09-14 16:12 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-06 09:12 - 2011-03-11 04:38 - 00000000 ____D () C:\Program Files\Google
2014-11-21 06:14 - 2014-10-19 20:37 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-10-19 20:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2013-08-04 21:08 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\tonyntiffy\AppData\Local\Temp\Quarantine.exe
C:\Users\tonyntiffy\AppData\Local\Temp\sqlite3.dll
C:\Users\tonyntiffy\AppData\Local\Temp\SymCCIS.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-15 11:24

==================== End Of Log ============================

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5869 octets] ##########

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01
Ran by tonyntiffy at 2014-12-16 07:02:44
Running from C:\Users\tonyntiffy\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Age of Empires III (HKLM-x32\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
AMD Catalyst Install Manager (HKLM\...\{8DDDD1B7-CB3E-3270-6EC0-581C7C7CAE68}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Asian Riddles 2 (HKLM-x32\...\BFG-Asian Riddles 2) (Version:  - )
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1637796.2002211736.1565980332.32 - Audible, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}) (Version: 2.0.5350 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-Lot: Mysteries (HKLM-x32\...\BFG-Build-a-Lot - Mysteries) (Version:  - )
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Christmas Griddlers (HKLM-x32\...\BFG-Christmas Griddlers) (Version:  - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Curse Client (HKU\S-1-5-21-146183986-3892266785-3712315220-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DIRECTV Player (HKLM-x32\...\{43D1B973-3D12-42ba-9E6E-56A8FEFF5250}) (Version: 8.0 - DIRECTV)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DriverTuner 3.1.0.0 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.1.0.0 - LionSea SoftWare)
DriverUpdate (HKLM-x32\...\{C67F5282-3EB4-4FE2-A5C7-ABEE4BE42F6D}) (Version: 2.2.30452 - SlimWare Utilities, Inc.)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fantasy Mosaics 4: Art of Color (HKLM-x32\...\BFG-Fantasy Mosaics 4 - Art of Color) (Version:  - )
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fill and Cross: Trick or Treat (HKLM-x32\...\BFG-Fill and Cross - Trick or Treat) (Version:  - )
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Genieo (HKU\S-1-5-21-146183986-3892266785-3712315220-1000\...\genieo) (Version: 1.0.400 - Genieo Innovation Ltd.)
Google Earth (HKLM-x32\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Grim Tales: The Vengeance Collector's Edition (HKLM-x32\...\BFG-Grim Tales - The Vengeance Collectors Edition) (Version:  - )
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP MAINSTREAM KEYBOARD (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.4.3.0 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4725 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
Hulu Desktop (HKU\S-1-5-21-146183986-3892266785-3712315220-1000\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3130 - CyberLink Corp.) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.1.5.17469 - LeapFrog)
LeapFrog Connect (x32 Version: 5.1.5.17469 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (x32 Version: 5.1.10.17623 - LeapFrog) Hidden
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Medieval Defenders (HKLM-x32\...\BFG-Medieval Defenders) (Version:  - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{EA710A0A-BF5D-433C-8EB5-D17DC54CC298}) (Version: 8.0.6362.201 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Northern Tale (HKLM-x32\...\BFG-Northern Tale) (Version:  - )
Northern Tale 2 (HKLM-x32\...\BFG-Northern Tale 2) (Version:  - )
Northern Tale 3 (HKLM-x32\...\BFG-Northern Tale 3) (Version:  - )
Northern Tale 4 (HKLM-x32\...\BFG-Northern Tale 4) (Version:  - )
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.5.0.19 - Symantec Corporation)
Nostradamus: The Last Prophecy (HKLM-x32\...\BFG-Nostradamus - The Last Prophecy) (Version:  - )
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.9 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
Pin It (HKLM-x32\...\Pin It_is1) (Version: 0.0.3 - Pinterest)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975E}) (Version: 5.10.1102.0 -  NewspaperDirect Inc.)
Puzzler World 2013 (HKLM-x32\...\BFG-Puzzler World 2013) (Version:  - )
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.2.1540.10 - AMD)
RAIDXpert (x32 Version: 3.2.1540.10 - AMD) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version:  - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
Revo Uninstaller Pro 3.0.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.7 - VS Revo Group, Ltd.)
Roads of Rome III (HKLM-x32\...\BFG-Roads of Rome III) (Version:  - )
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
Royal Envoy 3 Collector's Edition (HKLM-x32\...\BFG-Royal Envoy 3 Collector's Edition) (Version:  - )
Royal Envoy: Campaign for the Crown Collector's Edition (HKLM-x32\...\BFG-Royal Envoy - Campaign for the Crown Collectors Edition) (Version:  - )
Sea Voyage 3D Screensaver 1.0 (HKLM-x32\...\Sea Voyage 3D Screensaver_is1) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TestCheck (HKLM-x32\...\TestCheck) (Version:  - )
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 1.9.15 - Tweaking.com)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Winferno Registry Power Cleaner (HKLM-x32\...\RegPowerClean_is1) (Version: 2012 - Winferno.com)
World Mosaics 7 (HKLM-x32\...\BFG-World Mosaics 7) (Version:  - )
World Mosaics Chroma (HKLM-x32\...\BFG-World Mosaics Chroma) (Version:  - )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 5.3.0.16992 - Blizzard Entertainment)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-146183986-3892266785-3712315220-1000_Classes\CLSID\{271d5202-98b6-4015-aa27-56d474f2f506}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-146183986-3892266785-3712315220-1000_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-146183986-3892266785-3712315220-1000_Classes\CLSID\{9a5ded44-0c26-44e1-a340-f60882e0cd7e}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)

==================== Restore Points  =========================

06-12-2014 15:03:16 Scheduled Checkpoint
15-12-2014 15:36:51 Windows Update
16-12-2014 08:00:17 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2013-08-08 20:26 - 00000855 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {09C6AC92-14C8-4FA4-A234-07A311B56441} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {0F620F96-04C8-4D79-9931-8EE5646A6180} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {2E6619E1-C091-486C-89FA-8C35B716ECF2} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2010-08-20] (CyberLink)
Task: {3F23DA0B-1651-4FF7-B7AE-75660F6539AB} - System32\Tasks\{894FFB57-66ED-4008-A73D-C92A14368880} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\uistub.exe [2014-07-31] (Symantec Corporation)
Task: {4DC6F2EE-2DCA-4B9A-94A1-82BFF64CA3C1} - System32\Tasks\{F89A453A-9D45-4D96-AB02-5F05EBAFD5FA} => pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {5E9680DB-A43E-46BC-8434-D71A4B1EED82} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-14] (Google Inc.)
Task: {628B39DD-0C7D-4912-BF54-B6C93141625B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {7003E528-C39D-4DAE-8C7B-2C1ABD4642BD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-06] (Adobe Systems Incorporated)
Task: {75DC1F4E-18DC-4BFB-9B90-580029E6D6C9} - System32\Tasks\{B77CB80C-692E-4533-879C-64FF9C70A9E2} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\uistub.exe [2014-07-31] (Symantec Corporation)
Task: {86F4BC39-A9FA-4BB0-AC86-9F0FC472152F} - System32\Tasks\PinItAutoUpdate => C:\Program Files (x86)\Pinterest\Pin It\AutoUpdater.exe [2013-10-17] ()
Task: {8808D43D-77E8-415D-B7C4-8C16981C297F} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-146183986-3892266785-3712315220-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-11-29] (RealNetworks, Inc.)
Task: {94319AA3-F6E4-4362-8865-14D27A42ACDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-14] (Google Inc.)
Task: {9FAD076A-B541-4D27-AF52-C1B4A4C7033B} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)
Task: {A7BC5564-3BBE-4739-9889-D3BCB948878D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {AC6F6F65-EE1F-4959-A6A3-5654E6BE99AB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {CB6759D5-DB0E-4F22-9197-5F6464FAD4FE} - System32\Tasks\HPOSIAPP64 => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe [2009-02-27] ()
Task: {CE88B502-BF7A-45FC-807C-A5DFAFC48CDA} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-146183986-3892266785-3712315220-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-11-29] (RealNetworks, Inc.)
Task: {D3552C4E-46FA-4EEE-A852-F7E50447F620} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {D6479856-ED36-4400-ACA6-2C8FEE6FBFEB} - System32\Tasks\{CA38249C-B689-4934-A163-7EE0E531CEB2} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\uistub.exe [2014-07-31] (Symantec Corporation)
Task: {D77CF936-9F52-4DC2-87C0-A7624EA11528} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {DA4D4020-F96A-47B4-86E8-E688123921B1} - System32\Tasks\{9F4434FA-B06F-4332-9ECC-AF6DB73200D5} => pcalua.exe -a "C:\Users\tonyntiffy\Downloads\ActiveSetupN (1).exe" -d C:\Users\tonyntiffy\Desktop
Task: {F512E00C-0F6F-4869-862C-1B24FDC3679B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RegPowerClean.job => C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RegPowerClean.exe
Task: C:\Windows\Tasks\RPCReminder.job => C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RPCReminder.exe

==================== Loaded Modules (whitelisted) =============

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:04ADB7A6
AlternateDataStreams: C:\ProgramData\Temp:06C34166
AlternateDataStreams: C:\ProgramData\Temp:07D9FF25
AlternateDataStreams: C:\ProgramData\Temp:08DB8D99
AlternateDataStreams: C:\ProgramData\Temp:0968E571
AlternateDataStreams: C:\ProgramData\Temp:0BF391F5
AlternateDataStreams: C:\ProgramData\Temp:0E61938B
AlternateDataStreams: C:\ProgramData\Temp:109BD730
AlternateDataStreams: C:\ProgramData\Temp:16BD7665
AlternateDataStreams: C:\ProgramData\Temp:1802D824
AlternateDataStreams: C:\ProgramData\Temp:217A2A36
AlternateDataStreams: C:\ProgramData\Temp:236FF5C6
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:35110824
AlternateDataStreams: C:\ProgramData\Temp:361703F1
AlternateDataStreams: C:\ProgramData\Temp:366B74CA
AlternateDataStreams: C:\ProgramData\Temp:38D2EA83
AlternateDataStreams: C:\ProgramData\Temp:38FF076E
AlternateDataStreams: C:\ProgramData\Temp:395F6776
AlternateDataStreams: C:\ProgramData\Temp:3C0887BF
AlternateDataStreams: C:\ProgramData\Temp:4018444F
AlternateDataStreams: C:\ProgramData\Temp:462A7C89
AlternateDataStreams: C:\ProgramData\Temp:479B1CF9
AlternateDataStreams: C:\ProgramData\Temp:4AD2C54D
AlternateDataStreams: C:\ProgramData\Temp:4E71004E
AlternateDataStreams: C:\ProgramData\Temp:5607B58C
AlternateDataStreams: C:\ProgramData\Temp:56C66609
AlternateDataStreams: C:\ProgramData\Temp:57619D72
AlternateDataStreams: C:\ProgramData\Temp:5C3ED5BB
AlternateDataStreams: C:\ProgramData\Temp:5CFE25D5
AlternateDataStreams: C:\ProgramData\Temp:5DABFF83
AlternateDataStreams: C:\ProgramData\Temp:6301CE40
AlternateDataStreams: C:\ProgramData\Temp:67396145
AlternateDataStreams: C:\ProgramData\Temp:6C049F97
AlternateDataStreams: C:\ProgramData\Temp:6DDFD746
AlternateDataStreams: C:\ProgramData\Temp:6F55EB66
AlternateDataStreams: C:\ProgramData\Temp:73B78E79
AlternateDataStreams: C:\ProgramData\Temp:79C6A9CE
AlternateDataStreams: C:\ProgramData\Temp:7BB584AA
AlternateDataStreams: C:\ProgramData\Temp:7BB6E2C8
AlternateDataStreams: C:\ProgramData\Temp:7D288858
AlternateDataStreams: C:\ProgramData\Temp:803039D6
AlternateDataStreams: C:\ProgramData\Temp:8C12CFCD
AlternateDataStreams: C:\ProgramData\Temp:9110335E
AlternateDataStreams: C:\ProgramData\Temp:97B3B270
AlternateDataStreams: C:\ProgramData\Temp:97CA3B9E
AlternateDataStreams: C:\ProgramData\Temp:99AC3203
AlternateDataStreams: C:\ProgramData\Temp:9EBE2014
AlternateDataStreams: C:\ProgramData\Temp:9FB6814A
AlternateDataStreams: C:\ProgramData\Temp:A69FAA24
AlternateDataStreams: C:\ProgramData\Temp:A6A65B80
AlternateDataStreams: C:\ProgramData\Temp:A8DAF782
AlternateDataStreams: C:\ProgramData\Temp:A9ABA3FF
AlternateDataStreams: C:\ProgramData\Temp:AE289451
AlternateDataStreams: C:\ProgramData\Temp:B1E64E47
AlternateDataStreams: C:\ProgramData\Temp:B2D32F1D
AlternateDataStreams: C:\ProgramData\Temp:B36361EE
AlternateDataStreams: C:\ProgramData\Temp:C36F1B98
AlternateDataStreams: C:\ProgramData\Temp:C3AD9507
AlternateDataStreams: C:\ProgramData\Temp:C43C957E
AlternateDataStreams: C:\ProgramData\Temp:C45094A1
AlternateDataStreams: C:\ProgramData\Temp:C9B27A06
AlternateDataStreams: C:\ProgramData\Temp:CA400C1B
AlternateDataStreams: C:\ProgramData\Temp:CB959782
AlternateDataStreams: C:\ProgramData\Temp:CE707633
AlternateDataStreams: C:\ProgramData\Temp:D07517E1
AlternateDataStreams: C:\ProgramData\Temp:D09846EF
AlternateDataStreams: C:\ProgramData\Temp:D1787194
AlternateDataStreams: C:\ProgramData\Temp:D1A3680D
AlternateDataStreams: C:\ProgramData\Temp:D5CCCBAA
AlternateDataStreams: C:\ProgramData\Temp:D64467B5
AlternateDataStreams: C:\ProgramData\Temp:D7C0213D
AlternateDataStreams: C:\ProgramData\Temp:D8AE9DD1
AlternateDataStreams: C:\ProgramData\Temp:DAB09BDB
AlternateDataStreams: C:\ProgramData\Temp:DD95E6D9
AlternateDataStreams: C:\ProgramData\Temp:E0848D16
AlternateDataStreams: C:\ProgramData\Temp:E153075C
AlternateDataStreams: C:\ProgramData\Temp:E5BA9ADD
AlternateDataStreams: C:\ProgramData\Temp:F0E908D5
AlternateDataStreams: C:\ProgramData\Temp:FD786DCA

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk => C:\Windows\pss\Snapfish PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^tonyntiffy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NuvaTime.lnk => C:\Windows\pss\NuvaTime.lnk.Startup
MSCONFIG\startupreg: PCShowServer => "C:\Users\tonyntiffy\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-146183986-3892266785-3712315220-500 - Administrator - Disabled)
Guest (S-1-5-21-146183986-3892266785-3712315220-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-146183986-3892266785-3712315220-1005 - Limited - Enabled)
tonyntiffy (S-1-5-21-146183986-3892266785-3712315220-1000 - Administrator - Enabled) => C:\Users\tonyntiffy

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/16/2014 07:00:26 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/16/2014 06:56:42 AM) (Source: MsiInstaller) (EventID: 1024) (User: PIERGROSSI)
Description: Product: Adobe Reader XI (11.0.09) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011010}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (12/16/2014 06:53:47 AM) (Source: MsiInstaller) (EventID: 1024) (User: PIERGROSSI)
Description: Product: Adobe Reader XI (11.0.09) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011010}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (12/16/2014 06:53:26 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/16/2014 03:11:06 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (12/16/2014 03:11:06 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (12/16/2014 02:25:23 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (12/15/2014 10:59:57 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (12/15/2014 10:59:57 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (12/15/2014 10:47:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

System errors:
=============
Error: (12/16/2014 07:00:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/16/2014 07:00:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/16/2014 07:00:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/16/2014 07:00:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (12/16/2014 07:00:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/16/2014 07:00:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/16/2014 07:00:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/16/2014 07:00:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/16/2014 07:00:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/16/2014 07:00:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (12/16/2014 07:00:26 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\tonyntiffy\Desktop\esetsmartinstaller_enu.exe

Error: (12/16/2014 06:56:42 AM) (Source: MsiInstaller) (EventID: 1024) (User: PIERGROSSI)
Description: Adobe Reader XI (11.0.09){AC76BA86-7AD7-0000-2550-7A8C40011010}1625(NULL)(NULL)(NULL)

Error: (12/16/2014 06:53:47 AM) (Source: MsiInstaller) (EventID: 1024) (User: PIERGROSSI)
Description: Adobe Reader XI (11.0.09){AC76BA86-7AD7-0000-2550-7A8C40011010}1625(NULL)(NULL)(NULL)

Error: (12/16/2014 06:53:26 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\tonyntiffy\Desktop\esetsmartinstaller_enu.exe

Error: (12/16/2014 03:11:06 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 0098020000002D010000

Error: (12/16/2014 03:11:06 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 009120200000000000000AF000000

Error: (12/16/2014 02:25:23 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (12/15/2014 10:59:57 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 0098020000002D010000

Error: (12/15/2014 10:59:57 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 009120200000000000000AF000000

Error: (12/15/2014 10:47:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 009120200000000000000AF000000

CodeIntegrity Errors:
===================================
  Date: 2013-08-07 15:52:31.329
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-07 15:52:31.095
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD Phenom™ II X4 830 Processor
Percentage of memory in use: 16%
Total physical RAM: 7927.89 MB
Available physical RAM: 6636.69 MB
Total Pagefile: 15853.97 MB
Available Pagefile: 14613.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.12 GB) (Free:748.77 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:13.11 GB) (Free:1.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: DD81284D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=918.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:40 PM

Posted 16 December 2014 - 10:04 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKU\S-1-5-21-146183986-3892266785-3712315220-1000\...\Run: [GenieoSystemTray] => C:\Users\tonyntiffy\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe [539488 2014-07-14] ()
HKU\S-1-5-21-146183986-3892266785-3712315220-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S2].txt [1024 2014-12-16] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-146183986-3892266785-3712315220-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-146183986-3892266785-3712315220-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.genieo.com/?v=w3i20&wtag=W3i_IA,206,0_01,StartPage,20141250,19841,UN,0,6923
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-146183986-3892266785-3712315220-1000 -> {5ACA3368-3AE6-4742-B09B-0F39DCEFDF3B} URL = http://search.genieo.com/results.html?v=w3i20&wtag=W3i_IA,206,0_01,DefaultSearch,20141250,19841,UN,0,6923&q={searchTerms}
Toolbar: HKU\S-1-5-21-146183986-3892266785-3712315220-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKU\S-1-5-21-146183986-3892266785-3712315220-1000: @nds.com/PCShowPlugin -> C:\Users\tonyntiffy\AppData\Local\DIRECTV Player\npPCShowPlugin.dll No File
CHR HKU\S-1-5-21-146183986-3892266785-3712315220-1000\...\Chrome\Extension: [ffekppndigniegkobcngkdmaadbhhonj] - C:\Users\tonyntiffy\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ffekppndigniegkobcngkdmaadbhhonj] - C:\Users\tonyntiffy\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\Exts\Chrome.crx [Not Found]
AlternateDataStreams: C:\ProgramData\Temp:99AC3203
AlternateDataStreams: C:\ProgramData\Temp:9EBE2014
AlternateDataStreams: C:\ProgramData\Temp:9FB6814A
AlternateDataStreams: C:\ProgramData\Temp:A69FAA24
AlternateDataStreams: C:\ProgramData\Temp:A6A65B80
AlternateDataStreams: C:\ProgramData\Temp:A8DAF782
AlternateDataStreams: C:\ProgramData\Temp:A9ABA3FF
AlternateDataStreams: C:\ProgramData\Temp:AE289451
AlternateDataStreams: C:\ProgramData\Temp:B1E64E47
AlternateDataStreams: C:\ProgramData\Temp:B2D32F1D
AlternateDataStreams: C:\ProgramData\Temp:B36361EE
AlternateDataStreams: C:\ProgramData\Temp:C36F1B98
AlternateDataStreams: C:\ProgramData\Temp:C3AD9507
AlternateDataStreams: C:\ProgramData\Temp:C43C957E
AlternateDataStreams: C:\ProgramData\Temp:C45094A1
AlternateDataStreams: C:\ProgramData\Temp:C9B27A06
AlternateDataStreams: C:\ProgramData\Temp:CA400C1B
AlternateDataStreams: C:\ProgramData\Temp:CB959782
AlternateDataStreams: C:\ProgramData\Temp:CE707633
AlternateDataStreams: C:\ProgramData\Temp:D07517E1
AlternateDataStreams: C:\ProgramData\Temp:D09846EF
AlternateDataStreams: C:\ProgramData\Temp:D1787194
AlternateDataStreams: C:\ProgramData\Temp:D1A3680D
AlternateDataStreams: C:\ProgramData\Temp:D5CCCBAA
AlternateDataStreams: C:\ProgramData\Temp:D64467B5
AlternateDataStreams: C:\ProgramData\Temp:D7C0213D
AlternateDataStreams: C:\ProgramData\Temp:D8AE9DD1
AlternateDataStreams: C:\ProgramData\Temp:DAB09BDB
AlternateDataStreams: C:\ProgramData\Temp:DD95E6D9
AlternateDataStreams: C:\ProgramData\Temp:E0848D16
AlternateDataStreams: C:\ProgramData\Temp:E153075C
AlternateDataStreams: C:\ProgramData\Temp:E5BA9ADD
AlternateDataStreams: C:\ProgramData\Temp:F0E908D5
AlternateDataStreams: C:\ProgramData\Temp:FD786DCA
C:\Users\tonyntiffy\AppData\Roaming\Genieo

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

Edited by nasdaq, 16 December 2014 - 10:04 AM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:40 PM

Posted 22 December 2014 - 11:01 AM

Are you still with me?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:40 PM

Posted 28 December 2014 - 08:59 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

 

Topic re-opened at request of OP.


Edited by Platypus, 02 January 2015 - 07:01 AM.


#7 tonyntiffy

tonyntiffy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 02 January 2015 - 08:00 AM

I apologize for the long delay.  It was a crazy time here in my house during the week of the 16th and I had to go away for 2 weeks.  The computer is still the same... again I have done everything in safemode.  That is the only way I have been able to get this done.  When started in regular windows mode... computer dectects no internet when I open internet exporer.  Side bar note... this is the 2nd time that I got a virus AFTER downloading Chrome, which has been deleted and will never be installed again.  Thanks for all your help and here is as you requested:

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01
Ran by tonyntiffy at 2015-01-02 00:30:25 Run:1
Running from C:\Users\tonyntiffy\Desktop
Loaded Profile: tonyntiffy (Available profiles: tonyntiffy)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

HKU\S-1-5-21-146183986-3892266785-3712315220-1000\...\Run: [GenieoSystemTray] => C:\Users\tonyntiffy\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe [539488 2014-07-14] ()
HKU\S-1-5-21-146183986-3892266785-3712315220-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S2].txt [1024 2014-12-16] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-146183986-3892266785-3712315220-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-146183986-3892266785-3712315220-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.genieo.com/?v=w3i20&wtag=W3i_IA,206,0_01,StartPage,20141250,19841,UN,0,6923
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-146183986-3892266785-3712315220-1000 -> {5ACA3368-3AE6-4742-B09B-0F39DCEFDF3B} URL = http://search.genieo.com/results.html?v=w3i20&wtag=W3i_IA,206,0_01,DefaultSearch,20141250,19841,UN,0,6923&q={searchTerms}
Toolbar: HKU\S-1-5-21-146183986-3892266785-3712315220-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKU\S-1-5-21-146183986-3892266785-3712315220-1000: @nds.com/PCShowPlugin -> C:\Users\tonyntiffy\AppData\Local\DIRECTV Player\npPCShowPlugin.dll No File
CHR HKU\S-1-5-21-146183986-3892266785-3712315220-1000\...\Chrome\Extension: [ffekppndigniegkobcngkdmaadbhhonj] - C:\Users\tonyntiffy\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ffekppndigniegkobcngkdmaadbhhonj] - C:\Users\tonyntiffy\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\Exts\Chrome.crx [Not Found]
AlternateDataStreams: C:\ProgramData\Temp:99AC3203
AlternateDataStreams: C:\ProgramData\Temp:9EBE2014
AlternateDataStreams: C:\ProgramData\Temp:9FB6814A
AlternateDataStreams: C:\ProgramData\Temp:A69FAA24
AlternateDataStreams: C:\ProgramData\Temp:A6A65B80
AlternateDataStreams: C:\ProgramData\Temp:A8DAF782
AlternateDataStreams: C:\ProgramData\Temp:A9ABA3FF
AlternateDataStreams: C:\ProgramData\Temp:AE289451
AlternateDataStreams: C:\ProgramData\Temp:B1E64E47
AlternateDataStreams: C:\ProgramData\Temp:B2D32F1D
AlternateDataStreams: C:\ProgramData\Temp:B36361EE
AlternateDataStreams: C:\ProgramData\Temp:C36F1B98
AlternateDataStreams: C:\ProgramData\Temp:C3AD9507
AlternateDataStreams: C:\ProgramData\Temp:C43C957E
AlternateDataStreams: C:\ProgramData\Temp:C45094A1
AlternateDataStreams: C:\ProgramData\Temp:C9B27A06
AlternateDataStreams: C:\ProgramData\Temp:CA400C1B
AlternateDataStreams: C:\ProgramData\Temp:CB959782
AlternateDataStreams: C:\ProgramData\Temp:CE707633
AlternateDataStreams: C:\ProgramData\Temp:D07517E1
AlternateDataStreams: C:\ProgramData\Temp:D09846EF
AlternateDataStreams: C:\ProgramData\Temp:D1787194
AlternateDataStreams: C:\ProgramData\Temp:D1A3680D
AlternateDataStreams: C:\ProgramData\Temp:D5CCCBAA
AlternateDataStreams: C:\ProgramData\Temp:D64467B5
AlternateDataStreams: C:\ProgramData\Temp:D7C0213D
AlternateDataStreams: C:\ProgramData\Temp:D8AE9DD1
AlternateDataStreams: C:\ProgramData\Temp:DAB09BDB
AlternateDataStreams: C:\ProgramData\Temp:DD95E6D9
AlternateDataStreams: C:\ProgramData\Temp:E0848D16
AlternateDataStreams: C:\ProgramData\Temp:E153075C
AlternateDataStreams: C:\ProgramData\Temp:E5BA9ADD
AlternateDataStreams: C:\ProgramData\Temp:F0E908D5
AlternateDataStreams: C:\ProgramData\Temp:FD786DCA
C:\Users\tonyntiffy\AppData\Roaming\Genieo

End
*****************

Processes closed successfully.
HKU\S-1-5-21-146183986-3892266785-3712315220-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GenieoSystemTray => value deleted successfully.
HKU\S-1-5-21-146183986-3892266785-3712315220-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Report => Value not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-146183986-3892266785-3712315220-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-146183986-3892266785-3712315220-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}" => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-146183986-3892266785-3712315220-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5ACA3368-3AE6-4742-B09B-0F39DCEFDF3B}" => Key deleted successfully.
"HKCR\CLSID\{5ACA3368-3AE6-4742-B09B-0F39DCEFDF3B}" => Key not found.
HKU\S-1-5-21-146183986-3892266785-3712315220-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
"HKU\S-1-5-21-146183986-3892266785-3712315220-1000\Software\MozillaPlugins\@nds.com/PCShowPlugin" => Key deleted successfully.
C:\Users\tonyntiffy\AppData\Local\DIRECTV Player\npPCShowPlugin.dll not found.
"HKU\S-1-5-21-146183986-3892266785-3712315220-1000\SOFTWARE\Google\Chrome\Extensions\ffekppndigniegkobcngkdmaadbhhonj" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ffekppndigniegkobcngkdmaadbhhonj" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk" => Key deleted successfully.
C:\ProgramData\Temp => ":99AC3203" ADS removed successfully.
C:\ProgramData\Temp => ":9EBE2014" ADS removed successfully.
C:\ProgramData\Temp => ":9FB6814A" ADS removed successfully.
C:\ProgramData\Temp => ":A69FAA24" ADS removed successfully.
C:\ProgramData\Temp => ":A6A65B80" ADS removed successfully.
C:\ProgramData\Temp => ":A8DAF782" ADS removed successfully.
C:\ProgramData\Temp => ":A9ABA3FF" ADS removed successfully.
C:\ProgramData\Temp => ":AE289451" ADS removed successfully.
C:\ProgramData\Temp => ":B1E64E47" ADS removed successfully.
C:\ProgramData\Temp => ":B2D32F1D" ADS removed successfully.
C:\ProgramData\Temp => ":B36361EE" ADS removed successfully.
C:\ProgramData\Temp => ":C36F1B98" ADS removed successfully.
C:\ProgramData\Temp => ":C3AD9507" ADS removed successfully.
C:\ProgramData\Temp => ":C43C957E" ADS removed successfully.
C:\ProgramData\Temp => ":C45094A1" ADS removed successfully.
C:\ProgramData\Temp => ":C9B27A06" ADS removed successfully.
C:\ProgramData\Temp => ":CA400C1B" ADS removed successfully.
C:\ProgramData\Temp => ":CB959782" ADS removed successfully.
C:\ProgramData\Temp => ":CE707633" ADS removed successfully.
C:\ProgramData\Temp => ":D07517E1" ADS removed successfully.
C:\ProgramData\Temp => ":D09846EF" ADS removed successfully.
C:\ProgramData\Temp => ":D1787194" ADS removed successfully.
C:\ProgramData\Temp => ":D1A3680D" ADS removed successfully.
C:\ProgramData\Temp => ":D5CCCBAA" ADS removed successfully.
C:\ProgramData\Temp => ":D64467B5" ADS removed successfully.
C:\ProgramData\Temp => ":D7C0213D" ADS removed successfully.
C:\ProgramData\Temp => ":D8AE9DD1" ADS removed successfully.
C:\ProgramData\Temp => ":DAB09BDB" ADS removed successfully.
C:\ProgramData\Temp => ":DD95E6D9" ADS removed successfully.
C:\ProgramData\Temp => ":E0848D16" ADS removed successfully.
C:\ProgramData\Temp => ":E153075C" ADS removed successfully.
C:\ProgramData\Temp => ":E5BA9ADD" ADS removed successfully.
C:\ProgramData\Temp => ":F0E908D5" ADS removed successfully.
C:\ProgramData\Temp => ":FD786DCA" ADS removed successfully.
C:\Users\tonyntiffy\AppData\Roaming\Genieo => Moved successfully.

The system needed a reboot.

==== End of Fixlog ====

 

 Results of screen317's Security Check version 0.99.93 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled! 
Microsoft Security Essentials  
Norton Security Suite          
  (On Access scanning disabled!)
 Error obtaining update status for antivirus! 
`````````Anti-malware/Other Utilities Check:`````````
 Winferno Registry Power Cleaner 
 Java 7 Update 65 
 Java version 32-bit out of Date!
  Adobe Flash Player 15.0.0.152 Flash Player out of Date! 
 Adobe Reader XI 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:40 PM

Posted 02 January 2015 - 10:12 AM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
The latest version is Java 7 Update 71 for the 32 bit Operating system.
Java 8 Update 25 for the 64 bit Operating system.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 65

===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
===

Please Download Tweaking.com - Windows Repair from Here
[list]
  • Install and then run the program
  • Click Next at the Welcome Screen, Click Next on Step 1 Screen
  • Click Next on Step 2 Screen, Click Do it on Step 3 Screen, After is has completed click Next
  • On Step 4 Under System Restore Click Create, Then under registry back-up Click Backup When you have completed this click Next
  • Click on Repairs
  • Click Open repairs - Icon in the bottom right corner
  • Click the Unselect All button then select just the item(s) below

  • 13 - Repair Winsock & DNS Cache
    14 - Remove Temp Files
    15 - Repair Proxy Settings
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===

    How is the internet Connection now?


#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:40 PM

Posted 08 January 2015 - 01:12 PM

Are you still with me?

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:40 PM

Posted 14 January 2015 - 09:57 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users