Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

istartsurf won't go away. Getting redirects in Google Chrome or IE


  • This topic is locked This topic is locked
4 replies to this topic

#1 Miffo

Miffo

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 16 August 2015 - 02:50 PM

Hi,

I've been trying for days to fix this.  I've tried many sets of instructions and still have most of the software installed (as you'll see).  When I run Avast Browser Cleanup, it tells me I have istartsurf and offers to remove it.  I agree but each time I run the cleanup app, it tells me I still have it.  And I know I have it as about every 3rd click seems to take me off to some random website.

 

I did clear a lot of the infection and re-set my home page but this remains. 

 

Thanks.

 

Peter.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-08-2015
Ran by Peter (administrator) on LENOVO-PC (16-08-2015 20:32:04)
Running from C:\Users\Peter\Downloads
Loaded Profiles: Peter (Available Profiles: lenovo & Peter)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(PeerBlock, LLC) C:\Program Files\PeerBlock\peerblock.exe
(BitTorrent Inc.) C:\Users\Peter\AppData\Roaming\uTorrent\uTorrent.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [tvncontrol] => "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKU\S-1-5-21-2543824251-2192436486-2873360760-1004\...\Run: [Google+ Auto Backup] => C:\Users\Peter\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.)
HKU\S-1-5-21-2543824251-2192436486-2873360760-1004\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2124360 2014-01-14] (PeerBlock, LLC)
HKU\S-1-5-21-2543824251-2192436486-2873360760-1004\...\Run: [Dropbox Update] => C:\Users\Peter\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-08] (Dropbox, Inc.)
HKU\S-1-5-21-2543824251-2192436486-2873360760-1004\...\Run: [GoogleChromeAutoLaunch_14883A56D9D426BB697F73C8366CAF1F] => C:\Program Files\Google\Chrome\Application\chrome.exe [813896 2015-08-08] (Google Inc.)
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-11-11] (Microsoft Corporation)
Startup: C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-01-02]
ShortcutTarget: Dropbox.lnk -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2015-06-10]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PeerBlock.lnk [2014-02-03]
ShortcutTarget: PeerBlock.lnk -> C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2543824251-2192436486-2873360760-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:Blank
HKU\S-1-5-21-2543824251-2192436486-2873360760-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-2543824251-2192436486-2873360760-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2543824251-2192436486-2873360760-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{15C1C978-C233-4316-A88A-0507414B5A09}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{60CD4E5B-425E-40DC-AF63-8EF4697370A6}: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\w9s7tytw.default
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
 
Chrome: 
=======
CHR Profile: C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-06]
CHR Extension: (Google Docs) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-31]
CHR Extension: (Google Drive) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-31]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-13]
CHR Extension: (YouTube) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-31]
CHR Extension: (Google Search) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-31]
CHR Extension: (Google Calendar) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-12-31]
CHR Extension: (Google Sheets) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-06]
CHR Extension: (Select To Get Maps) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\hinehgnhgiohbfpbpgkjnelkcgdkcgha [2013-12-31]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-29]
CHR Extension: (Hangouts) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-05-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-31]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2013-12-31]
CHR Extension: (Gmail) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-31]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-10-30] (Teruten) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-10-30] () [File not signed]
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [20040 2014-01-14] ()
S3 avchv; system32\DRIVERS\avchv.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-16 20:32 - 2015-08-16 20:32 - 00014655 _____ C:\Users\Peter\Downloads\FRST.txt
2015-08-16 20:31 - 2015-08-16 20:32 - 00000000 ____D C:\FRST
2015-08-16 20:30 - 2015-08-16 20:31 - 01676800 _____ (Farbar) C:\Users\Peter\Downloads\FRST.exe
2015-08-15 23:34 - 2015-08-15 23:34 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-13 10:21 - 2015-08-13 10:21 - 00001450 _____ C:\Users\Peter\Desktop\JRT.txt
2015-08-12 07:22 - 2015-08-12 20:31 - 00000000 ____D C:\ProgramData\Sophos
2015-08-12 07:12 - 2015-08-12 07:13 - 128322608 _____ (Sophos Limited) C:\Users\Peter\Downloads\Sophos Virus Removal Tool.exe
2015-08-12 07:08 - 2015-08-13 09:30 - 00002158 _____ C:\Users\Peter\Desktop\Rkill.txt
2015-08-12 03:01 - 2015-07-30 14:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 21:17 - 2015-07-30 18:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-11 21:17 - 2015-07-30 18:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-11 21:17 - 2015-07-30 18:57 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-11 21:17 - 2015-07-30 18:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-11 21:17 - 2015-07-30 18:57 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-11 21:17 - 2015-07-30 18:57 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-11 21:17 - 2015-07-30 18:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-11 21:17 - 2015-07-30 17:52 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-11 21:17 - 2015-07-30 17:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-11 21:17 - 2015-07-21 01:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-11 21:17 - 2015-07-20 18:56 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-11 21:17 - 2015-07-20 18:56 - 02061312 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-11 21:17 - 2015-07-20 18:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-11 21:17 - 2015-07-20 18:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-11 21:17 - 2015-07-20 18:56 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-11 21:17 - 2015-07-20 18:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-11 21:17 - 2015-07-20 18:56 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-11 21:17 - 2015-07-20 18:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-11 21:17 - 2015-07-20 18:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-11 21:17 - 2015-07-20 18:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-11 21:17 - 2015-07-20 18:56 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-11 21:17 - 2015-07-16 21:20 - 19870208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-11 21:17 - 2015-07-16 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-11 21:17 - 2015-07-16 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-11 21:17 - 2015-07-16 20:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-11 21:17 - 2015-07-16 20:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-11 21:17 - 2015-07-16 20:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-11 21:17 - 2015-07-16 20:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-11 21:17 - 2015-07-16 20:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-11 21:17 - 2015-07-16 20:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-11 21:17 - 2015-07-16 20:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-11 21:17 - 2015-07-16 20:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-11 21:17 - 2015-07-16 20:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-11 21:17 - 2015-07-16 20:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-11 21:17 - 2015-07-16 20:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-11 21:17 - 2015-07-16 20:39 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-11 21:17 - 2015-07-16 20:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-11 21:17 - 2015-07-16 20:32 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-11 21:17 - 2015-07-16 20:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-11 21:17 - 2015-07-16 20:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-11 21:17 - 2015-07-16 20:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-11 21:17 - 2015-07-16 20:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-11 21:17 - 2015-07-16 20:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-11 21:17 - 2015-07-16 20:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-11 21:17 - 2015-07-16 20:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-11 21:17 - 2015-07-16 20:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-11 21:17 - 2015-07-16 20:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-11 21:17 - 2015-07-16 20:06 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-11 21:17 - 2015-07-16 20:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-11 21:17 - 2015-07-16 19:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-11 21:17 - 2015-07-16 19:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-11 21:17 - 2015-07-16 19:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-11 21:17 - 2015-07-15 18:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-11 21:17 - 2015-07-15 18:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-11 21:17 - 2015-07-15 18:59 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-11 21:17 - 2015-07-15 18:59 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-11 21:17 - 2015-07-15 18:59 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-11 21:17 - 2015-07-15 18:56 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-11 21:17 - 2015-07-15 18:55 - 01159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-11 21:17 - 2015-07-15 18:55 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-11 21:17 - 2015-07-15 18:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-11 21:17 - 2015-07-15 18:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-11 21:17 - 2015-07-15 18:55 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-11 21:17 - 2015-07-15 18:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-11 21:17 - 2015-07-15 18:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-11 21:17 - 2015-07-15 18:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-11 21:17 - 2015-07-15 18:55 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-11 21:17 - 2015-07-15 18:54 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-11 21:17 - 2015-07-15 18:54 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-11 21:17 - 2015-07-15 18:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-11 21:17 - 2015-07-15 18:54 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-11 21:17 - 2015-07-15 18:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-11 21:17 - 2015-07-15 18:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-11 21:17 - 2015-07-15 18:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-11 21:17 - 2015-07-15 18:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-11 21:17 - 2015-07-15 18:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-11 21:17 - 2015-07-15 18:54 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-11 21:17 - 2015-07-15 18:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-11 21:17 - 2015-07-15 18:54 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-11 21:17 - 2015-07-15 18:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-11 21:17 - 2015-07-15 18:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-11 21:17 - 2015-07-15 18:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-11 21:17 - 2015-07-15 18:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-11 21:17 - 2015-07-15 18:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-11 21:17 - 2015-07-15 17:36 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-11 21:17 - 2015-07-15 17:36 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-11 21:17 - 2015-07-15 17:36 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-11 21:17 - 2015-07-10 18:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-11 21:17 - 2015-07-10 18:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-11 21:17 - 2015-07-10 18:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-11 21:17 - 2015-07-09 18:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-11 21:17 - 2015-07-09 18:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-11 21:17 - 2015-07-01 21:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-11 21:17 - 2015-07-01 21:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-11 21:16 - 2015-07-15 03:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-11 21:16 - 2015-07-15 03:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-11 21:16 - 2015-07-15 03:55 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-11 21:16 - 2015-07-15 03:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-11 21:16 - 2015-07-15 03:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-11 21:16 - 2015-07-10 18:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-11 21:16 - 2015-05-09 19:09 - 00715200 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-11 19:45 - 2015-08-11 19:45 - 00000000 ____D C:\Users\Peter\AppData\Local\Anvisoft
2015-08-11 19:45 - 2015-08-11 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2015-08-11 19:45 - 2015-08-11 19:45 - 00000000 ____D C:\Program Files\Anvisoft
2015-08-11 19:44 - 2015-08-11 19:44 - 08806944 _____ (Anvisoft) C:\Users\Peter\Downloads\brtsetup.exe
2015-08-09 19:23 - 2015-08-12 21:09 - 00000000 ____D C:\Users\Peter\Desktop\malware
2015-08-09 19:12 - 2015-08-09 19:12 - 00000000 ____D C:\Users\Peter\AppData\Roaming\TuneUp Software
2015-08-09 19:12 - 2015-08-09 19:12 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-09 19:08 - 2015-08-12 03:43 - 00000000 ____D C:\ProgramData\MFAData
2015-08-09 19:08 - 2015-08-09 19:08 - 00000000 ____D C:\Users\Peter\AppData\Local\MFAData
2015-08-09 19:02 - 2015-08-09 19:03 - 05091576 _____ (AVG Technologies) C:\Users\Peter\Downloads\avg_free_stb_all_6125p1_177.exe
2015-08-09 18:17 - 2015-08-09 18:17 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-08-09 17:23 - 2015-08-09 18:17 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-09 17:23 - 2015-08-09 17:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-08-09 17:23 - 2015-08-09 17:23 - 00000000 ____D C:\Program Files\HitmanPro
2015-08-09 17:22 - 2015-08-09 17:22 - 10113976 _____ (SurfRight B.V.) C:\Users\Peter\Downloads\HitmanPro.exe
2015-08-09 16:04 - 2015-08-09 16:05 - 02248704 _____ C:\Users\Peter\Downloads\adwcleaner_4.208 (1).exe
2015-08-09 15:58 - 2015-08-09 15:59 - 00000000 ____D C:\Users\Peter\AppData\Local\NPE
2015-08-09 15:58 - 2015-08-09 15:58 - 00000000 ____D C:\ProgramData\Norton
2015-08-09 15:57 - 2015-08-09 15:58 - 03088296 _____ (Symantec Corporation) C:\Users\Peter\Downloads\NPE.exe
2015-08-09 11:36 - 2015-08-13 09:32 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-09 11:36 - 2015-08-09 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-09 11:36 - 2015-08-09 11:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-09 11:36 - 2015-08-09 11:36 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-09 11:36 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-09 11:36 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-09 11:36 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-09 11:35 - 2015-08-09 11:35 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Peter\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-09 08:08 - 2015-08-09 08:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-08-09 08:04 - 2015-08-09 08:04 - 02009904 _____ C:\Users\Peter\Downloads\Adaware_Installer.exe
2015-08-09 08:01 - 2015-08-13 10:19 - 00000000 ____D C:\AdwCleaner
2015-07-31 19:56 - 2015-07-31 19:56 - 00000000 ____D C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-31 19:53 - 2015-08-16 20:14 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2543824251-2192436486-2873360760-1001UA.job
2015-07-31 19:53 - 2015-08-16 20:14 - 00000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2543824251-2192436486-2873360760-1001Core.job
2015-07-31 19:53 - 2015-07-31 19:53 - 00000000 ____D C:\Users\lenovo\AppData\Local\Dropbox
2015-07-31 19:36 - 2015-07-31 19:36 - 00001994 _____ C:\Users\Peter\Desktop\mainpc.RDP
2015-07-31 19:33 - 2015-07-31 19:35 - 00001994 ____H C:\Users\Peter\Documents\Default.rdp
2015-07-29 21:41 - 2015-07-29 21:41 - 00000000 ____D C:\Users\Peter\AppData\Local\maozy99
2015-07-29 19:21 - 2015-07-29 19:21 - 00001238 _____ C:\Users\Peter\Desktop\mkv2mp4.exe - Shortcut.lnk
2015-07-28 20:02 - 2015-07-28 20:02 - 00000000 ____D C:\Users\Peter\AppData\Local\clone.AD
2015-07-28 19:58 - 2015-07-28 19:58 - 00000000 ____D C:\ProgramData\clone.AD
2015-07-27 18:27 - 2015-07-27 18:52 - 00000000 ____D C:\Users\Peter\AppData\Roaming\freemkvtomp4converter
2015-07-26 22:03 - 2015-07-26 22:00 - 10419427 _____ (Convert Audio Free) C:\Users\Peter\Documents\mkvtomp4_setup [1].exe
2015-07-26 08:59 - 2015-07-26 08:59 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TP-LINK
2015-07-26 08:59 - 2015-07-26 08:59 - 00000000 ____D C:\Program Files\TP-LINK
2015-07-26 08:58 - 2015-07-26 08:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2015-07-26 08:58 - 2015-07-26 08:58 - 00000000 ____D C:\Program Files\WinPcap
2015-07-19 18:03 - 2015-07-19 18:05 - 17385800 _____ (Google Inc.) C:\Users\Peter\Downloads\picasa39-setup (1).exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-16 20:28 - 2013-10-15 15:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-16 20:26 - 2013-09-20 21:08 - 01497603 _____ C:\Windows\WindowsUpdate.log
2015-08-16 20:17 - 2013-12-31 14:57 - 00000000 ____D C:\Users\Peter\AppData\Roaming\uTorrent
2015-08-16 20:15 - 2015-07-08 19:29 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2543824251-2192436486-2873360760-1004UA.job
2015-08-16 20:15 - 2013-10-15 15:00 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-16 20:15 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-08-15 23:44 - 2015-07-08 19:29 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2543824251-2192436486-2873360760-1004Core.job
2015-08-15 23:35 - 2013-10-15 15:00 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-15 23:34 - 2013-12-31 19:26 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Dropbox
2015-08-13 13:15 - 2009-07-14 05:34 - 00020912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-13 13:15 - 2009-07-14 05:34 - 00020912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-13 10:36 - 2014-01-01 10:32 - 00000000 ____D C:\Program Files\PeerBlock
2015-08-13 10:31 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-13 10:31 - 2009-07-14 05:39 - 00080742 _____ C:\Windows\setupact.log
2015-08-13 09:57 - 2013-10-15 15:01 - 00002089 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-12 22:41 - 2013-10-13 13:06 - 00045184 _____ C:\Windows\PFRO.log
2015-08-12 22:33 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\security
2015-08-12 20:59 - 2013-12-31 13:43 - 00000000 ____D C:\Users\Peter
2015-08-12 20:32 - 2013-12-31 19:31 - 00000000 ___RD C:\Users\Peter\Dropbox
2015-08-12 05:28 - 2013-10-15 15:00 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-12 05:28 - 2013-10-15 15:00 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-12 04:21 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2015-08-12 03:50 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-12 03:44 - 2009-07-14 05:33 - 00424976 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-12 03:43 - 2013-12-18 15:18 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 03:24 - 2013-09-25 20:54 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 03:22 - 2013-12-18 15:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 03:18 - 2013-11-12 22:03 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 03:06 - 2013-11-12 22:03 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-11 19:54 - 2014-01-04 15:19 - 00000000 ____D C:\Program Files\MKVToolNix
2015-08-09 16:11 - 2013-09-20 22:08 - 00000000 ____D C:\Users\lenovo
2015-08-09 13:54 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Web
2015-08-08 21:58 - 2013-09-20 21:15 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-08 08:17 - 2013-11-04 15:40 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-31 20:02 - 2013-10-15 14:27 - 00001994 ____H C:\Users\lenovo\Documents\Default.rdp
2015-07-31 19:57 - 2014-01-02 14:19 - 00000000 ___RD C:\Users\lenovo\Dropbox
2015-07-31 19:57 - 2014-01-02 14:16 - 00000000 ____D C:\Users\lenovo\AppData\Roaming\Dropbox
2015-07-31 19:51 - 2013-12-24 21:25 - 00000000 ____D C:\Users\lenovo\Tracing
2015-07-31 19:51 - 2013-10-15 14:47 - 00000000 ____D C:\Users\lenovo\AppData\Roaming\Skype
2015-07-28 20:23 - 2013-12-02 17:53 - 00000000 ____D C:\Temp
2015-07-26 22:11 - 2013-12-31 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-07-26 22:10 - 2013-10-15 15:00 - 00000000 ____D C:\Program Files\Google
2015-07-26 09:51 - 2014-01-04 16:20 - 00000000 ____D C:\Users\Peter\Desktop\utils
2015-07-25 09:00 - 2013-12-31 16:19 - 00005795 ____H C:\Users\Peter\_viminfo
 
==================== Files in the root of some directories =======
 
2014-04-27 17:24 - 2014-10-12 14:30 - 0006656 _____ () C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-23 10:57 - 2015-06-07 11:30 - 0007605 _____ () C:\Users\Peter\AppData\Local\resmon.resmoncfg
 
Some files in TEMP:
====================
C:\Users\lenovo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkshvfp.dll
C:\Users\Peter\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplbqtzs.dll
C:\Users\Peter\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Peter\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Peter\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Peter\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Peter\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Peter\AppData\Local\Temp\MouseKeyboardCenterx86_1033.exe
C:\Users\Peter\AppData\Local\Temp\Quarantine.exe
C:\Users\Peter\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-12 00:38
 
==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:16-08-2015
Ran by Peter (2015-08-16 20:33:23)
Running from C:\Users\Peter\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2543824251-2192436486-2873360760-500 - Administrator - Disabled)
Guest (S-1-5-21-2543824251-2192436486-2873360760-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2543824251-2192436486-2873360760-1002 - Limited - Enabled)
lenovo (S-1-5-21-2543824251-2192436486-2873360760-1001 - Administrator - Enabled) => C:\Users\lenovo
Peter (S-1-5-21-2543824251-2192436486-2873360760-1004 - Administrator - Enabled) => C:\Users\Peter
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2543824251-2192436486-2873360760-1004\...\uTorrent) (Version: 3.3.2.30446 - BitTorrent Inc.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Anvi Browser Repair Tool (HKLM\...\Anvi Browser Repair Tool) (Version: 2.0 - Anvisoft)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2543824251-2192436486-2873360760-1004\...\Dropbox) (Version: 3.8.6 - Dropbox, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.242 - SurfRight B.V.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.04 - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)
PowerLine Utility (HKLM\...\{5D1E5ED5-E436-4A0D-8812-953FFBDFF3B3}) (Version: 1.2.709 - TP-LINK)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Universal Adb Driver (HKLM\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Vim 7.4 (self-installing) (HKLM\...\Vim 7.4) (Version:  - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
XXConsole: Super Console Generator  ver 0.96 (HKLM\...\XXConsole) (Version: 0.96 - Pixelab, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2543824251-2192436486-2873360760-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2543824251-2192436486-2873360760-1004_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Peter\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2543824251-2192436486-2873360760-1004_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Peter\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2543824251-2192436486-2873360760-1004_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Peter\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2543824251-2192436486-2873360760-1004_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Peter\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2543824251-2192436486-2873360760-1004_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Peter\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2543824251-2192436486-2873360760-1004_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Peter\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2543824251-2192436486-2873360760-1004_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Peter\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2543824251-2192436486-2873360760-1004_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2543824251-2192436486-2873360760-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2543824251-2192436486-2873360760-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2543824251-2192436486-2873360760-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2543824251-2192436486-2873360760-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2543824251-2192436486-2873360760-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2543824251-2192436486-2873360760-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2543824251-2192436486-2873360760-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2543824251-2192436486-2873360760-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2543824251-2192436486-2873360760-1004_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2543824251-2192436486-2873360760-1004_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Peter\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
12-08-2015 20:58:42 JRT Pre-Junkware Removal
12-08-2015 22:43:32 JRT Pre-Junkware Removal
13-08-2015 10:19:22 JRT Pre-Junkware Removal
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {13F33E4C-7672-4082-95CE-FBCA80FBD498} - System32\Tasks\sleep => C:\sleep.bat [2011-03-16] ()
Task: {2EF612ED-DFC5-4B7A-82D7-2B51B501A8BF} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2543824251-2192436486-2873360760-1004Core => C:\Users\Peter\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-08] (Dropbox, Inc.)
Task: {37A4993C-E746-4533-AEAE-426A4FF54E5B} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {494A850A-0E5F-4311-8482-144149B5B76A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {6180B9CE-29BC-4002-81AE-C0262EE883D6} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {6A2F2699-6834-464F-8C9C-9DB6C4FB8DEC} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2543824251-2192436486-2873360760-1004UA => C:\Users\Peter\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-08] (Dropbox, Inc.)
Task: {6BD48B27-F609-46DE-8102-691A5FBFF3F7} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2543824251-2192436486-2873360760-1001Core => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-31] (Dropbox, Inc.)
Task: {772C9166-F0D4-48A0-8450-22806E103316} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {7985497A-7A5E-4AA8-BA1A-73A40744D177} - System32\Tasks\wake up => cmd.exe /c "exit"
Task: {A2B2D923-4F4C-45BC-B80C-7B32ABEAAE19} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2543824251-2192436486-2873360760-1001UA => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-31] (Dropbox, Inc.)
Task: {B0C1E68A-6DA8-4412-B46C-2AA1FC35C8F8} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {BBA49440-CE5D-484F-A26B-521DC9989D5A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {DBFC8D62-68CE-4E70-9C7C-BEF712F34E1F} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {E3E5C394-521B-4FE9-8ED3-5FC172415B98} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {EF8895F7-3070-4165-9E5C-4378F1F405FE} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2543824251-2192436486-2873360760-1001Core.job => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2543824251-2192436486-2873360760-1001UA.job => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2543824251-2192436486-2873360760-1004Core.job => C:\Users\Peter\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2543824251-2192436486-2873360760-1004UA.job => C:\Users\Peter\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2006-12-04 01:25 - 2006-12-04 01:25 - 00022723 _____ () C:\Windows\System32\sugs1l3.dll
2015-08-13 09:57 - 2015-08-08 01:13 - 01405768 _____ () C:\Program Files\Google\Chrome\Application\44.0.2403.155\libglesv2.dll
2015-08-13 09:57 - 2015-08-08 01:13 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\44.0.2403.155\libegl.dll
2015-08-13 09:57 - 2015-08-08 01:13 - 16393032 _____ () C:\Program Files\Google\Chrome\Application\44.0.2403.155\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2543824251-2192436486-2873360760-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{1D725D81-BE1C-4706-BBA2-442AB4A2B2D4}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{81B62DB5-A95F-4A20-B425-58EECB29505C}] => (Allow) C:\Users\lenovo\AppData\Local\Temp\nst6191.tmp\BundleSweetIMSetup.exe
FirewallRules: [{AE05D93B-3652-4976-BDAE-F4236B3ADDD7}] => (Allow) C:\Users\lenovo\AppData\Local\Temp\nst6191.tmp\BundleSweetIMSetup.exe
FirewallRules: [{5DA795A0-B4AE-4E37-BFCE-FE3B8AD68C70}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{BFDF1852-8FDA-4407-BDB5-CF5FC2941B2D}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{FD8BED6B-0453-462A-A726-1A211F1D58B3}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D84DA81B-1FD4-4495-ACD3-16E1E58D37D5}] => (Allow) LPort=2869
FirewallRules: [{4B397081-94B2-48FC-9BAB-2A240D040A0C}] => (Allow) LPort=1900
FirewallRules: [{696E3A16-BA9A-4E47-B9FD-4E4912B9281B}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{343500AB-0751-4A04-85C3-CD2CAA459D19}] => (Allow) C:\Users\Peter\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{00889759-3586-48C9-8F62-02C615A8AB04}] => (Allow) C:\Users\Peter\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D9823E0D-6736-4F65-8596-BE68BD443492}] => (Allow) C:\Users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F12FA9EB-F100-4809-B54F-AEEF6E27621D}] => (Allow) C:\Users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{E77266BD-E048-462F-854F-4EBF7521D85B}C:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{347C57AE-EA21-4914-894B-63C5DFAD4564}C:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{E8D3AEC4-39A8-4804-A500-14C2F9B6DF6B}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [UDP Query User{F28F3339-8A3E-408C-8CE4-67650696001D}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [{686B1DE0-86EF-4201-BC9A-38319A522497}] => (Allow) C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{04DC03D2-F86D-4F59-BD99-79C462C9400A}] => (Allow) C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{68CF71C6-E56E-4108-85AF-22DAEA76F348}C:\users\lenovo\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\lenovo\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{D2081CA9-7012-417F-89BC-858CEE5C6227}C:\users\lenovo\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\lenovo\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{9F5E7B9F-273C-4BEB-8129-FD0C33EE6B79}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{A833B8BA-E13D-48A6-9035-7B698FB9B663}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [UDP Query User{923828DE-26BA-44DC-A9ED-56224B1CAF28}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [{BFCA7E6E-CEE7-4930-A4D9-E2F6B250C385}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{5EBFF5DD-C18C-4ED1-BB6E-CC318DAA278B}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{2957E0EE-EE33-4D3B-8D27-F8F218E36191}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/12/2015 03:00:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.
 
System Error:
The system cannot find the file specified.
.
 
Error: (08/11/2015 08:22:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.
 
System Error:
The system cannot find the file specified.
.
 
Error: (08/09/2015 07:41:20 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.
 
Error: (08/09/2015 06:17:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000200,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00FBFADC.64).  hr = 0x80070005, Access is denied.
.
 
Error: (08/09/2015 06:17:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002cc,(null),0,REG_BINARY,020BEFD0.64).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {caa57404-d907-4df9-867e-839ba9c3378e}
 
Error: (08/09/2015 06:17:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002cc,(null),0,REG_BINARY,020BEFBC.64).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {caa57404-d907-4df9-867e-839ba9c3378e}
 
Error: (08/09/2015 06:17:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000b78,(null),0,REG_BINARY,0112EDE0.64).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {d66ce149-eff0-46cc-b33b-f5f31276f481}
 
Error: (08/09/2015 06:17:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000864,(null),0,REG_BINARY,0263EAF8.64).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {aaeee3ac-f790-465d-9a8b-c9dca8c6eb8b}
 
Error: (08/09/2015 06:17:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000b78,(null),0,REG_BINARY,0112EDCC.64).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {d66ce149-eff0-46cc-b33b-f5f31276f481}
 
Error: (08/09/2015 06:17:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000864,(null),0,REG_BINARY,0263EAE4.64).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {aaeee3ac-f790-465d-9a8b-c9dca8c6eb8b}
 
 
System errors:
=============
Error: (08/16/2015 08:15:30 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (08/16/2015 08:15:20 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Microsoft Print To PDF required for printer Microsoft Print to PDF is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (08/15/2015 03:34:51 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer DUALCORE
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{15C1C978-C233-4316-A88A-0507414B5.
The master browser is stopping or an election is being forced.
 
Error: (08/13/2015 12:20:29 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer DUALCORE
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{15C1C978-C233-4316-A88A-0507414B5.
The master browser is stopping or an election is being forced.
 
Error: (08/13/2015 10:19:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (08/13/2015 10:19:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (08/13/2015 10:19:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (08/13/2015 10:19:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (08/13/2015 10:19:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/13/2015 10:19:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Skype Click to Call PNR Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office:
=========================
 
CodeIntegrity:
===================================
  Date: 2015-08-16 20:28:21.453
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-16 20:28:21.109
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-16 20:15:28.214
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-16 20:15:28.089
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-09 20:23:31.005
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-09 20:23:30.677
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-09 20:08:27.035
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-09 20:08:26.879
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-09 19:45:20.809
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-09 19:45:20.731
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T7300 @ 2.00GHz
Percentage of memory in use: 80%
Total physical RAM: 2006.3 MB
Available physical RAM: 381.93 MB
Total Virtual: 4012.59 MB
Available Virtual: 1834.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.43 GB) (Free:10.98 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive p: (Seagate Expansion Drive) (Fixed) (Total:2794.51 GB) (Free:1822.96 GB) NTFS
Drive s: (KINGSTON) (Removable) (Total:29.27 GB) (Free:29.27 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: DE7F4B61)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 29.3 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=29.3 GB) - (Type=0C)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 2.
 
==================== End of log ============================

 



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:22 PM

Posted 17 August 2015 - 08:36 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

EmptyTemp:
CloseProcesses:

HKU\S-1-5-18\...\Run: [] => [X]
SearchScopes: HKU\S-1-5-21-2543824251-2192436486-2873360760-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S3 avchv; system32\DRIVERS\avchv.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

====

How is the computer running now?

#3 Miffo

Miffo
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 17 August 2015 - 09:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

<snip>


Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

====

How is the computer running now?

 

Hi,

 

Thanks for the reply.  I was a bit naughty and just tried your last instruction as I'd not done anything like that before and it was pretty easy.  That seems to have stopped re-directs.

 

Thanks.

 

Peter.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:22 PM

Posted 17 August 2015 - 12:59 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:22 PM

Posted 22 August 2015 - 10:07 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users