Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

fbi ransome page


  • This topic is locked This topic is locked
8 replies to this topic

#1 dbltip

dbltip

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 27 December 2014 - 09:11 PM

While surfing the net, a page popped saying it's from the FBI and asking me to pay $300 using a green dot card.  I closed google crome through task manager and performed a system restore to a previous date.  Then ran a full system scan with Norton internet security.  It found 3 adwares.  I then updated windows and restarted the pc.  After the restart I entered my screen lock password and the pc restarted again.  Now I don't see Norton Internet Security but action manager says windows firewall and Norton firewall are both on and can be a problem.  I'm not sure if my pc is still infected.  What steps should I take to rid my pc of this ransomware?  I am using windows 8.1



BC AdBot (Login to Remove)

 


#2 dbltip

dbltip
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 27 December 2014 - 09:44 PM

I just noticed I can't open Google Chrome or Internet Explorer.



#3 dbltip

dbltip
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 30 December 2014 - 10:59 PM

Forgot to mention what I did before I couldn't access the internet.  I performed a system restore to an earlier date.  I then performed a factory reset.  I have recovered internet access but fear there might be something left behind.  What kind of steps can I take to reassure myself the laptop is now safe?



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:55 AM

Posted 01 January 2015 - 09:54 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#5 dbltip

dbltip
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 01 January 2015 - 08:26 PM

I didn't delete the Toshiba.com files that came up in the AdwCleaner because when I open Internet Explorer it says this page can't be displayed so I have to access the internet through the Toshiba start page.  Thanks for your help.

 

# AdwCleaner v4.106 - Report created 01/01/2015 at 19:02:21

 

# Updated 21/12/2014 by Xplode

 

# Database : 2015-01-01.1 [Live]

 

# Operating System : Windows 8.1  (64 bits)

 

# Username : angel - ANGELS

 

# Running from : C:\Users\angel\AppData\Local\Microsoft\Windows\INetCache\IE\N05B2406\adwcleaner_4.106.exe

 

# Option : Clean

 

 

***** [ Services ] *****

 

 

 

***** [ Files / Folders ] *****

 

 

Folder Deleted : C:\Users\angel\Favorites\StumbleUpon

 

File Deleted : C:\Users\angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Goodgame Empire.lnk

 

 

***** [ Scheduled Tasks ] *****

 

 

 

***** [ Shortcuts ] *****

 

 

 

***** [ Registry ] *****

 

 

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]

 

Key Deleted : HKCU\Software\Pokki

 

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki

 

 

***** [ Browsers ] *****

 

 

-\\ Internet Explorer v11.0.9600.17031

 

 

[x] Not Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]

 

[x] Not Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]

 

[x] Not Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]

 

[x] Not Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]

 

[x] Not Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]

 

[x] Not Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]

 

 

*************************

 

 

AdwCleaner[R0].txt - [1894 octets] - [01/01/2015 18:55:10]

 

AdwCleaner[S0].txt - [1569 octets] - [01/01/2015 19:02:21]

 

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1629 octets] ##########

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-01-2015

 

Ran by angel (administrator) on ANGELS on 01-01-2015 19:17:11

 

Running from C:\Users\angel\Desktop

 

Loaded Profile: angel (Available profiles: angel)

 

Platform: Windows 8.1 (X64) OS Language: English (United States)

 

Internet Explorer Version 11 (Default browser: IE)

 

Boot Mode: Normal

 

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

 

==================== Processes (Whitelisted) =================

 

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

 

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

 

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

 

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

 

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

 

(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe

 

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

 

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

 

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

 

(Intel Corporation) C:\Windows\System32\igfxtray.exe

 

(Intel Corporation) C:\Windows\System32\hkcmd.exe

 

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

 

(Intel Corporation) C:\Windows\System32\igfxpers.exe

 

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

 

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe

 

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe

 

(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe

 

(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe

 

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

 

(Microsoft Corporation) C:\Windows\System32\WWAHost.exe

 

(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe

 

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

 

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

 

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

 

(Toshiba America Information Systems.) C:\Program Files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe

 

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe

 

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe

 

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

 

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

 

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

 

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

 

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

 

 

 

==================== Registry (Whitelisted) ==================

 

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

 

HKLM\...\Run: [] => [X]

 

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)

 

HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-01-04] (TOSHIBA Corporation)

 

HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)

 

HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2013-08-05] (TOSHIBA CORPORATION)

 

HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)

 

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

 

 

==================== Internet (Whitelisted) ====================

 

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB

 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB

 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB

 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB

 

HKU\S-1-5-21-2568210396-2584312728-4257580313-1001\Software\Microsoft\Internet Explorer\Main,Start Page =

 

HKU\S-1-5-21-2568210396-2584312728-4257580313-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB

 

HKU\S-1-5-21-2568210396-2584312728-4257580313-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com

 

HKU\S-1-5-21-2568210396-2584312728-4257580313-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com

 

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

 

SearchScopes: HKU\S-1-5-21-2568210396-2584312728-4257580313-1001 -> {B83E3709-8677-4D4D-A6D8-C50A07C559D0} URL =

 

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

 

FireFox:

 

========

 

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

 

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

 

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

 

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF

 

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-12-29]

 

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn

 

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2015-01-01]

 

 

Chrome:

 

=======

 

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path

 

CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-12-29]

 

CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path

 

CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-12-29]

 

 

==================== Services (Whitelisted) =================

 

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

 

R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-02-25] (WildTangent)

 

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]

 

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)

 

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)

 

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)

 

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

 

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

 

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)

 

R2 taisregispinger; C:\Program Files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe [2196120 2012-08-03] (Toshiba America Information Systems.)

 

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)

 

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

 

 

==================== Drivers (Whitelisted) ====================

 

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

 

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)

 

R3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [1587416 2014-12-09] (Symantec Corporation)

 

R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)

 

R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-29] (Symantec Corporation)

 

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-29] (Symantec Corporation)

 

R3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150101.001\IDSvia64.sys [637656 2014-12-29] (Symantec Corporation)

 

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

 

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-01] (Malwarebytes Corporation)

 

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)

 

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)

 

R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150101.003\ENG64.SYS [129752 2014-12-29] (Symantec Corporation)

 

R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150101.003\EX64.SYS [2137304 2014-12-29] (Symantec Corporation)

 

R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291032 2013-11-22] (Realtek Semiconductor Corp.)

 

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-21] (Synaptics Incorporated)

 

R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)

 

R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)

 

R3 SymDS; C:\Windows\system32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)

 

R3 SymEFA; C:\Windows\system32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)

 

S0 SymELAM; C:\Windows\System32\drivers\NISx64\1506000.020\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)

 

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-10-06] (Symantec Corporation)

 

R3 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)

 

R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)

 

R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-10-10] (Windows ® Win 7 DDK provider)

 

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

 

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

 

==================== One Month Created Files and Folders ========

 

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

 

2015-01-01 19:17 - 2015-01-01 19:17 - 00012568 _____ () C:\Users\angel\Desktop\FRST.txt

 

2015-01-01 19:17 - 2015-01-01 19:17 - 00000000 ____D () C:\FRST

 

2015-01-01 19:15 - 2015-01-01 19:15 - 02123264 _____ (Farbar) C:\Users\angel\Desktop\frst64.exe

 

2015-01-01 18:55 - 2015-01-01 19:02 - 00000000 ____D () C:\AdwCleaner

 

2014-12-30 20:24 - 2014-12-30 20:24 - 00000013 __RSH () C:\Windows\system32\Drivers\fbd.sys

 

2014-12-30 20:13 - 2015-01-01 19:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

 

2014-12-30 20:13 - 2014-12-30 20:13 - 00001129 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

 

2014-12-30 20:13 - 2014-12-30 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

 

2014-12-30 20:13 - 2014-12-30 20:13 - 00000000 ____D () C:\ProgramData\Malwarebytes

 

2014-12-30 20:13 - 2014-12-30 20:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

 

2014-12-30 20:13 - 2014-11-21 06:23 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

 

2014-12-30 20:13 - 2014-11-21 06:23 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

 

2014-12-30 20:13 - 2014-11-21 06:23 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

 

2014-12-30 20:09 - 2014-12-30 20:09 - 00000000 __SHD () C:\Users\angel\AppData\Local\EmieUserList

 

2014-12-30 20:09 - 2014-12-30 20:09 - 00000000 __SHD () C:\Users\angel\AppData\Local\EmieSiteList

 

2014-12-29 23:15 - 2014-12-29 23:15 - 00000000 _____ () C:\Recovery.txt

 

2014-12-29 22:59 - 2014-12-29 22:59 - 00000000 ____D () C:\Users\angel\AppData\Roaming\Macromedia

 

2014-12-29 22:58 - 2015-01-01 18:32 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5E0F7F0C-BC4D-46FF-880D-73FED4308B3C}

 

2014-12-29 22:57 - 2014-12-29 22:57 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security

 

2014-12-29 22:38 - 2015-01-01 19:09 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2568210396-2584312728-4257580313-1001

 

2014-12-29 22:36 - 2015-01-01 19:04 - 00000000 __RDO () C:\Users\angel\OneDrive

 

2014-12-29 22:35 - 2014-12-30 19:58 - 00002381 _____ () C:\Users\angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dragons of Atlantis.lnk

 

2014-12-29 22:35 - 2014-12-30 19:58 - 00002342 _____ () C:\Users\angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

 

2014-12-29 22:35 - 2014-12-29 22:36 - 00002361 _____ () C:\Users\angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Edgeworld.lnk

 

2014-12-29 22:35 - 2014-12-29 22:35 - 00002516 _____ () C:\Users\angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FarmVille 2.lnk

 

2014-12-29 22:35 - 2014-12-29 22:35 - 00002370 _____ () C:\Users\angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Groupon.lnk

 

2014-12-29 22:35 - 2014-12-29 22:35 - 00002171 _____ () C:\Users\angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk

 

2014-12-29 22:34 - 2014-12-29 22:34 - 00000000 ____D () C:\Users\Public\Pokki

 

2014-12-29 22:33 - 2014-12-30 19:57 - 00000000 ____D () C:\Users\angel\AppData\Local\TOSHIBA

 

2014-12-29 22:33 - 2014-12-29 22:34 - 00000000 ____D () C:\Users\angel\AppData\Local\PackageStaging

 

2014-12-29 22:33 - 2014-12-29 22:33 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

 

2014-12-29 22:32 - 2014-12-29 22:32 - 00001457 _____ () C:\Users\angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

 

2014-12-29 22:32 - 2014-12-29 22:32 - 00000000 ____D () C:\Users\angel\AppData\Roaming\Adobe

 

2014-12-29 22:31 - 2015-01-01 18:54 - 00000000 ____D () C:\Users\angel\AppData\Local\Packages

 

2014-12-29 22:31 - 2014-12-29 22:31 - 00000000 ____D () C:\Users\angel\AppData\Local\VirtualStore

 

2014-12-29 22:30 - 2015-01-01 18:29 - 00000000 ____D () C:\Users\angel\AppData\Local\Pokki

 

2014-12-29 22:30 - 2014-12-29 22:36 - 00000000 ____D () C:\Users\angel

 

2014-12-29 22:30 - 2014-12-29 22:30 - 00000020 ___SH () C:\Users\angel\ntuser.ini

 

2014-12-29 22:30 - 2014-03-25 19:55 - 00000000 ___RD () C:\Users\angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

 

2014-12-29 22:30 - 2014-03-25 19:55 - 00000000 ___RD () C:\Users\angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

 

2014-12-29 22:30 - 2014-02-21 20:37 - 00000369 _____ () C:\Users\angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk

 

2014-12-29 22:30 - 2014-02-21 20:37 - 00000369 _____ () C:\Users\angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk

 

2014-12-29 22:30 - 2013-08-22 07:36 - 00000000 ___RD () C:\Users\angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

 

2014-12-29 22:30 - 2013-08-22 07:36 - 00000000 ____D () C:\Users\angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

 

 

==================== One Month Modified Files and Folders =======

 

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

 

2015-01-01 19:15 - 2014-10-06 20:02 - 01394704 _____ () C:\Windows\WindowsUpdate.log

 

2015-01-01 19:13 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\sru

 

2015-01-01 19:08 - 2014-03-25 19:26 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI

 

2015-01-01 19:03 - 2014-03-25 19:16 - 00009480 _____ () C:\Windows\PFRO.log

 

2015-01-01 19:03 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

 

2015-01-01 19:03 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\system32\config\BBI

 

2015-01-01 18:59 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness

 

2014-12-30 19:56 - 2013-08-22 07:36 - 00000000 ___HD () C:\Windows\ELAMBKUP

 

2014-12-29 23:15 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\Recovery

 

2014-12-29 23:14 - 2013-08-22 07:36 - 00262144 _____ () C:\Windows\system32\config\BCD-Template

 

2014-12-29 22:57 - 2014-10-06 20:19 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration

 

2014-12-29 22:57 - 2014-10-06 20:19 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64

 

2014-12-29 22:57 - 2014-10-06 20:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security

 

2014-12-29 22:35 - 2014-03-25 20:54 - 00000000 ____D () C:\ProgramData\Toshiba

 

2014-12-29 22:31 - 2014-10-06 20:18 - 00000000 ____D () C:\ProgramData\Norton

 

2014-12-29 22:31 - 2013-08-22 11:10 - 00000000 ____D () C:\Windows\SysWOW64\sysprep

 

2014-12-29 22:31 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM

 

2014-12-29 22:18 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\rescache

 

2014-12-29 22:15 - 2013-08-22 06:44 - 00335784 _____ () C:\Windows\system32\FNTCACHE.DAT

 

 

Some content of TEMP:

 

====================

 

C:\Users\angel\AppData\Local\Temp\oct657A.tmp.exe

 

C:\Users\angel\AppData\Local\Temp\Quarantine.exe

 

C:\Users\angel\AppData\Local\Temp\sqlite3.dll

 

 

 

==================== Bamital & volsnap Check =================

 

 

(There is no automatic fix for files that do not pass verification.)

 

 

C:\Windows\System32\winlogon.exe => File is digitally signed

 

C:\Windows\System32\wininit.exe => File is digitally signed

 

C:\Windows\explorer.exe => File is digitally signed

 

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

 

C:\Windows\System32\svchost.exe => File is digitally signed

 

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

 

C:\Windows\System32\services.exe => File is digitally signed

 

C:\Windows\System32\User32.dll => File is digitally signed

 

C:\Windows\SysWOW64\User32.dll => File is digitally signed

 

C:\Windows\System32\userinit.exe => File is digitally signed

 

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

 

C:\Windows\System32\rpcss.dll => File is digitally signed

 

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

 

LastRegBack: 2014-03-25 19:16

 

 

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2015

 

Ran by angel at 2015-01-01 19:18:11

 

Running from C:\Users\angel\Desktop

 

Boot Mode: Normal

 

==========================================================

 

 

 

==================== Security Center ========================

 

 

(If an entry is included in the fixlist, it will be removed.)

 

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}

 

AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}

 

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

 

 

==================== Installed Programs ======================

 

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

 

Adobe Reader XI (11.0.03)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)

 

Amazon 1Button App (HKLM-x32\...\{893CB813-4179-4BFE-8D33-ABCC38816B48}) (Version: 1.0.6 - Amazon)

 

Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)

 

Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden

 

Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden

 

CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3920.05 - CyberLink Corp.)

 

Dragons of Atlantis (HKU\S-1-5-21-2568210396-2584312728-4257580313-1001\...\Pokki_cfada041afdc4a11092a096cac66ab6a0945d92b) (Version: v1.1.6 - Pokki)

 

Edgeworld (HKU\S-1-5-21-2568210396-2584312728-4257580313-1001\...\Pokki_2e9d53cc2b402b6e65aa9551308ca17a19c4721a) (Version: v1.1.6 - Pokki)

 

FarmVille 2 (HKU\S-1-5-21-2568210396-2584312728-4257580313-1001\...\Pokki_34e8f5c0c9e5744bf2cdb514283762dd0524776b) (Version: 1.0.4.55785 - Pokki)

 

Goodgame Empire (HKU\S-1-5-21-2568210396-2584312728-4257580313-1001\...\Pokki_149b46d4a102c0304583931ceaa3f0bf19785ee3) (Version: v1.1.5 - Pokki)

 

Groupon (HKU\S-1-5-21-2568210396-2584312728-4257580313-1001\...\Pokki_893e2a8f4b240ed6d7def79e56791067c96f41be) (Version: 1.0.2.55621 - Pokki)

 

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)

 

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)

 

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)

 

King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden

 

Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden

 

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

 

Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)

 

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

 

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

 

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

 

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

 

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

 

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

 

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

 

Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)

 

Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)

 

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

 

Pokki Start Menu (HKU\S-1-5-21-2568210396-2584312728-4257580313-1001\...\Pokki_Start_Menu) (Version: 0.269.5.339 - Pokki)

 

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.29073 - Realtek Semiconductor Corp.)

 

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)

 

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)

 

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.3.0 - Synaptics Incorporated)

 

TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.6 - Toshiba Corporation)

 

TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.3 - Toshiba Corporation)

 

TOSHIBA Display Utility (HKLM\...\{484A4296-6F3D-4182-8CFA-D664F7DA34AA}) (Version: 1.1.17.0 - Toshiba Corporation)

 

TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.4.2.6403 - Toshiba Corporation)

 

TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.51.81.2C - TOSHIBA CORPORATION)

 

TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)

 

TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 2.0.0.15C - Toshiba Corporation)

 

TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)

 

TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)

 

TOSHIBA Start (HKLM-x32\...\{4F0F44AF-90E9-4A6E-9E82-354A3AB79F22}) (Version: 1.0.0.2 - TOSHIBA America Information Systems, Inc)

 

TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)

 

TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)

 

TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)

 

TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)

 

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

 

Utility Common Driver (x32 Version: 1.0.53.3 - Compal) Hidden

 

WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)

 

WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.20 - WildTangent) Hidden

 

 

==================== Custom CLSID (selected items): ==========================

 

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

 

==================== Restore Points  =========================

 

 

 

==================== Hosts content: ==========================

 

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

 

2013-08-22 05:25 - 2013-08-22 05:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

 

==================== Scheduled Tasks (whitelisted) =============

 

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

 

Task: {08FED62B-B8D0-422A-85F9-280D1CC6EC97} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-21] (Synaptics Incorporated)

 

Task: {23A86F33-74B1-43BC-BCBC-B90B7782BE46} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-02-24] (Realtek Semiconductor)

 

Task: {C0D9B622-0E81-408D-914E-6A293665D5EF} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)

 

Task: {C1090241-1459-4B6D-A5B5-D89B38E8C7ED} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2014-03-12] (TOSHIBA Corporation)

 

Task: {CD145936-EFD9-4429-8DA6-20EB3B292C49} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-20] (Symantec Corporation)

 

Task: {DF6B355A-C2C3-4F09-833A-625C95C89497} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-24] (TOSHIBA Corporation)

 

Task: {DF8CB57C-3687-4388-A6FC-39E359807DAC} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)

 

 

==================== Loaded Modules (whitelisted) =============

 

 

2012-07-18 17:38 - 2012-07-18 17:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll

 

2014-10-06 19:44 - 2013-12-10 06:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

 

 

==================== Alternate Data Streams (whitelisted) =========

 

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

AlternateDataStreams: C:\Users\angel\OneDrive:ms-properties

 

 

==================== Safe Mode (whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

 

==================== EXE Association (whitelisted) =============

 

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

 

(Currently there is no automatic fix for this section.)

 

 

 

========================= Accounts: ==========================

 

 

Administrator (S-1-5-21-2568210396-2584312728-4257580313-500 - Administrator - Disabled)

 

angel (S-1-5-21-2568210396-2584312728-4257580313-1001 - Administrator - Enabled) => C:\Users\angel

 

Guest (S-1-5-21-2568210396-2584312728-4257580313-501 - Limited - Disabled)

 

HomeGroupUser$ (S-1-5-21-2568210396-2584312728-4257580313-1003 - Limited - Enabled)

 

 

==================== Faulty Device Manager Devices =============

 

 

 

==================== Event log errors: =========================

 

 

Application errors:

 

==================

 

Error: (01/01/2015 06:49:06 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

 

Description: 80070005

 

 

Error: (01/01/2015 06:31:57 PM) (Source: Application Hang) (EventID: 1002) (User: )

 

Description: The program LiveComm.exe version 17.5.9600.20413 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

 

Process ID: 11d8

 

 

Start Time: 01d026335d8f67d4

 

 

Termination Time: 4294967295

 

 

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe

 

 

Report Id: 80414913-9227-11e4-8260-f8a963faa217

 

 

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe

 

 

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

 

 

Error: (12/30/2014 08:14:33 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

 

Description: 80070005

 

 

Error: (12/30/2014 07:58:24 PM) (Source: SideBySide) (EventID: 78) (User: )

 

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.

 

A component version required by the application conflicts with another component version already active.

 

Conflicting components are:.

 

Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

 

Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

 

 

Error: (12/30/2014 07:58:12 PM) (Source: SideBySide) (EventID: 78) (User: )

 

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.

 

A component version required by the application conflicts with another component version already active.

 

Conflicting components are:.

 

Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

 

Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

 

 

Error: (12/30/2014 07:58:02 PM) (Source: SideBySide) (EventID: 78) (User: )

 

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.

 

A component version required by the application conflicts with another component version already active.

 

Conflicting components are:.

 

Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

 

Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

 

 

Error: (12/30/2014 07:57:53 PM) (Source: SideBySide) (EventID: 78) (User: )

 

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.

 

A component version required by the application conflicts with another component version already active.

 

Conflicting components are:.

 

Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

 

Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

 

 

Error: (12/30/2014 07:57:52 PM) (Source: SideBySide) (EventID: 78) (User: )

 

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.

 

A component version required by the application conflicts with another component version already active.

 

Conflicting components are:.

 

Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

 

Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

 

 

Error: (12/29/2014 10:21:57 PM) (Source: Windows Search Service Profile Notification) (EventID: 2) (User: )

 

Description: Unable to remove Windows Search Service indexed data for user '<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Search-ProfileNotify' Guid='{FC6F77DD-769A-470E-BCF9-1B6555A118BE}' EventSourceName='Windows Search Service Profile Notification'/><EventID Qualifiers='49152'>2</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2014-12-30T06:21:57.000000000Z'/><EventRecordID>954</EventRecordID><Correlation/><Execution ProcessID='0' ThreadID='0'/><Channel>Application</Channel><Computer>angels</Computer><Security/></System><ProcessingErrorData><ErrorCode>15005</ErrorCode><DataItemName>__binLength</DataItemName><EventPayload>61006E00670065006C0073005C00410064006D0069006E006900730074007200610074006F00720000003000780038003000300034003200310030003300000000000000</EventPayload></ProcessingErrorData></Event>' in response to user profile deletion.  Error code %2.

 

 

%3.

 

 

 

System errors:

 

=============

 

Error: (01/01/2015 07:02:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

 

Description: The Intel® ME Service service terminated unexpectedly.  It has done this 1 time(s).

 

 

Error: (01/01/2015 07:02:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

 

Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).

 

 

Error: (01/01/2015 07:02:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

 

Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).

 

 

Error: (01/01/2015 07:02:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

 

Description: The taisregispinger service terminated unexpectedly.  It has done this 1 time(s).

 

 

Error: (01/01/2015 07:02:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

 

Description: The TMachInfo service terminated unexpectedly.  It has done this 1 time(s).

 

 

Error: (01/01/2015 07:02:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

 

Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

 

 

Error: (01/01/2015 07:02:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

 

Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

 

Error: (01/01/2015 07:02:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

 

Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

 

Error: (01/01/2015 07:02:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

 

Description: The TOSHIBA eco Utility Service service terminated unexpectedly.  It has done this 1 time(s).

 

 

Error: (01/01/2015 07:02:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

 

Description: The GamesAppIntegrationService service terminated unexpectedly.  It has done this 1 time(s).

 

 

 

Microsoft Office Sessions:

 

=========================

 

Error: (01/01/2015 06:49:06 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

 

Description: 80070005

 

 

Error: (01/01/2015 06:31:57 PM) (Source: Application Hang) (EventID: 1002) (User: )

 

Description: LiveComm.exe17.5.9600.2041311d801d026335d8f67d44294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe80414913-9227-11e4-8260-f8a963faa217microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

 

 

Error: (12/30/2014 08:14:33 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

 

Description: 80070005

 

 

Error: (12/30/2014 07:58:24 PM) (Source: SideBySide) (EventID: 78) (User: )

 

Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Users\angel\AppData\Local\Pokki\Engine\HostAppService.exe

 

 

Error: (12/30/2014 07:58:12 PM) (Source: SideBySide) (EventID: 78) (User: )

 

Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Users\angel\AppData\Local\Pokki\Engine\HostAppService.exe

 

 

Error: (12/30/2014 07:58:02 PM) (Source: SideBySide) (EventID: 78) (User: )

 

Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Users\angel\AppData\Local\Pokki\Engine\HostAppService.exe

 

 

Error: (12/30/2014 07:57:53 PM) (Source: SideBySide) (EventID: 78) (User: )

 

Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Users\angel\AppData\Local\Temp\oct657A.tmp.exe

 

 

Error: (12/30/2014 07:57:52 PM) (Source: SideBySide) (EventID: 78) (User: )

 

Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Users\angel\AppData\Local\Temp\oct657A.tmp.exe

 

 

Error: (12/29/2014 10:21:57 PM) (Source: Windows Search Service Profile Notification) (EventID: 2) (User: )

 

Description: <Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Search-ProfileNotify' Guid='{FC6F77DD-769A-470E-BCF9-1B6555A118BE}' EventSourceName='Windows Search Service Profile Notification'/><EventID Qualifiers='49152'>2</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2014-12-30T06:21:57.000000000Z'/><EventRecordID>954</EventRecordID><Correlation/><Execution ProcessID='0' ThreadID='0'/><Channel>Application</Channel><Computer>angels</Computer><Security/></System><ProcessingErrorData><ErrorCode>15005</ErrorCode><DataItemName>__binLength</DataItemName><EventPayload>61006E00670065006C0073005C00410064006D0069006E006900730074007200610074006F00720000003000780038003000300034003200310030003300000000000000</EventPayload></ProcessingErrorData></Event>

 

 

 

==================== Memory info ===========================

 

 

Processor: Intel® Core™ i3-4005U CPU @ 1.70GHz

 

Percentage of memory in use: 36%

 

Total physical RAM: 4006.96 MB

 

Available physical RAM: 2554.73 MB

 

Total Pagefile: 5414.96 MB

 

Available Pagefile: 3664.91 MB

 

Total Virtual: 131072 MB

 

Available Virtual: 131071.8 MB

 

 

==================== Drives ================================

 

 

Drive c: (TI10699900B) (Fixed) (Total:455.2 GB) (Free:432.45 GB) NTFS

 

 

==================== MBR & Partition Table ==================

 

 

========================================================

 

Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)

 

 

Partition: GPT Partition Type.

 

 

==================== End Of Log ============================



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:55 AM

Posted 02 January 2015 - 08:48 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start


HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2568210396-2584312728-4257580313-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com
HKU\S-1-5-21-2568210396-2584312728-4257580313-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2568210396-2584312728-4257580313-1001 -> {B83E3709-8677-4D4D-A6D8-C50A07C559D0} URL =
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
C:\Users\angel\AppData\Local\Temp\oct657A.tmp.exe

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

This should reset your Internet Browser to the default values.

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#7 dbltip

dbltip
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 02 January 2015 - 09:32 AM

As far as I can tell everything is running normal.  Thanks for your help.
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-01-2015
Ran by angel at 2015-01-02 08:12:56 Run:1
Running from C:\Users\angel\Desktop
Loaded Profile: angel (Available profiles: angel)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
 
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2568210396-2584312728-4257580313-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com
HKU\S-1-5-21-2568210396-2584312728-4257580313-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2568210396-2584312728-4257580313-1001 -> {B83E3709-8677-4D4D-A6D8-C50A07C559D0} URL =
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
C:\Users\angel\AppData\Local\Temp\oct657A.tmp.exe
 
End
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-2568210396-2584312728-4257580313-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value deleted successfully.
HKU\S-1-5-21-2568210396-2584312728-4257580313-1001\Software\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2568210396-2584312728-4257580313-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B83E3709-8677-4D4D-A6D8-C50A07C559D0}" => Key deleted successfully.
HKCR\CLSID\{B83E3709-8677-4D4D-A6D8-C50A07C559D0} => Key not found. 
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
C:\Users\angel\AppData\Local\Temp\oct657A.tmp.exe => Moved successfully.
 
==== End of Fixlog 08:12:56 ====
 

 Results of screen317's Security Check version 0.99.93  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender           
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Reader XI  
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:55 AM

Posted 02 January 2015 - 10:12 AM

Looking good.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:55 AM

Posted 08 January 2015 - 01:12 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users