Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Return of the son of javaws.exe and his 1000s of clones!


  • This topic is locked This topic is locked
6 replies to this topic

#1 TonyB58

TonyB58

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oregon coast, USA
  • Local time:04:41 AM

Posted 17 February 2016 - 05:20 PM

Hi all, I have an HP notebook running Windows 7 SP 1. I first noticed this puppy slowing me waaaay down and checked for fixes - I followed the advice given to danielzink in another thread by running FRST (64 bit) and Zoek. I also ran EEK, but darned if the stupid thing didn't reload itself the next time I booted up in the morning. I ran FRST and Zoek again today.
 
Here are the logs for those:
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
Ran by Bubba (2016-02-17 12:49:52) Run:6
Running from C:\Users\Bubba\Desktop
Loaded Profiles: Bubba (Available Profiles: Bubba)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
U3 idsvc; No ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; No ImagePath
NETSVCx32: NetSetupSvc -> C:\Windows\SysWOW64\NetSetupSvc.dll ==> No File
NETSVCx32: UserManager -> C:\Windows\SysWOW64\usermgr.dll ==> No File
Task: {00410D6F-DA4C-417D-A6CA-7721096FA180} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd No Task File <==== ATTENTION
Task: {13A31235-ABBF-4F31-8115-9D988B1D5C9C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent No Task File <==== ATTENTION
Task: {2F716ED6-4A4B-4388-B89F-308C8CF227B5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d No Task File <==== ATTENTION
Task: {2F716ED6-4A4B-4388-B89F-308C8CF227B5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d No Task File <==== ATTENTION
Task: {5B234265-48A8-479A-ACF2-38F29FB1C25A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d No Task File <==== ATTENTION
Task: {6876F48B-033D-4E8C-9511-13E443471C7F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess No Task File <==== ATTENTION
Task: {77EFEDBD-A5DA-4E8F-BFF4-FE924872BB68} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d No Task File <==== ATTENTION
Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync No Task File <==== ATTENTION
Task: {92F4B6A1-DB8B-4409-8C5A-4C0CD5E8F2A1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent No Task File <==== ATTENTION
Task: {BE447FF6-4BA9-4408-B0BC-792148CA21F6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d No Task File <==== ATTENTION
Task: {C06DBE78-C8A4-4C58-87E8-95F094BA6B6C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d No Task File <==== ATTENTION
Task: {C4226DA7-DC7A-4845-AC5F-CF3D92FC9617} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B No Task File <==== ATTENTION
Task: {FA775421-5625-4805-B6B4-219A5B4D1175} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig No Task File <==== ATTENTION
*****************

idsvc => service not found.
wfpcapture => service not found.
wpcsvc => service not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs NetSetupSvc  not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs UserManager  not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00410D6F-DA4C-417D-A6CA-7721096FA180} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13A31235-ABBF-4F31-8115-9D988B1D5C9C} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F716ED6-4A4B-4388-B89F-308C8CF227B5} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F716ED6-4A4B-4388-B89F-308C8CF227B5} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B234265-48A8-479A-ACF2-38F29FB1C25A} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6876F48B-033D-4E8C-9511-13E443471C7F} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77EFEDBD-A5DA-4E8F-BFF4-FE924872BB68} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F4C3A2F-D807-437E-BAA4-10DF9721ED47} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92F4B6A1-DB8B-4409-8C5A-4C0CD5E8F2A1} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE447FF6-4BA9-4408-B0BC-792148CA21F6} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C06DBE78-C8A4-4C58-87E8-95F094BA6B6C} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4226DA7-DC7A-4845-AC5F-CF3D92FC9617} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA775421-5625-4805-B6B4-219A5B4D1175} => key not found.

==== End of Fixlog 12:49:54 ====
 
And:
 
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Bubba on Wed 02/17/2016 at 12:50:58.56.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Safe Mode NETWORK Internet Access Detected
Launched: C:\Users\Bubba\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== Older Logs ======================

C:\zoek-results2016-02-13-040446.log    10242 bytes
C:\zoek-results2016-02-13-205338.log    9222 bytes
C:\zoek-results2016-02-16-052310.log    10191 bytes
C:\zoek-results2016-02-16-230305.log    9182 bytes

==== System Restore Info ======================

==== Empty Folders Check ======================

C:\PROGRA~3\ioloGovernor deleted successfully
C:\Users\Bubba\AppData\Local\offsync deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Running Processes ======================

C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files (x86)\iolo\System Mechanic\SystemGuardAlerter.exe
C:\Users\Bubba\Desktop\zoek.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Bubba\AppData\Roaming\Mozilla\Firefox\Profiles\e3ddo9zm.default

user.js not found
---- Lines yahoo removed from prefs.js ----
user_pref("capability.policy.maonoscript.sites", "addons.mozilla.org afx.ms ajax.aspnetcdn.com ajax.googleapis.com bleepingcomputer.com bootstrapcdn.c
---- FireFox user.js and prefs.js backups ----

prefs_20160217_0123_.backup

==== Deleting Files \ Folders ======================

C:\Users\Bubba\AppData\Roaming\iolo deleted
C:\Users\Bubba\AppData\Roaming\Mozilla\Firefox\Profiles\e3ddo9zm.default\jetpack deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 8093 MB
CPU Info: Celeron® Dual-Core CPU       T3100  @ 1.90GHz
CPU Speed: 1918.3 MHz
Sound Card: Not detected
Display Adapters: | RDP Encoder Mirror Driver
Monitors: 1x;
Screen Resolution: 800 X 600 - 32 bit
Network: Network Present
Network Adapters: Realtek RTL8191SE 802.11b/g/n WiFi Adapter | Realtek PCIe FE Family Controller
CD / DVD Drives: 1x (D: | ) D: hp      DVDRAM GT30L
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  218.7GB
Hard Disks - Free: C:  33.7GB
Manufacturer *: Hewlett-Packard
BIOS Info: AT/AT COMPATIBLE | 09/15/09 | HPQOEM - f
Time Zone: Pacific Standard Time
Motherboard *: Hewlett-Packard 1526
Country: United States
Language: ENU

==== System Specs (Software) ======================

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall *Enabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
Default Browser: Firefox    44.0.2
Internet Explorer Version: 11.0.9600.18163
Mozilla Firefox version: 44.0.2 (x86 en-US)
Adobe Reader version: 15.10.20056.167417
Flash Player version: 20.0.0.286
Shockwave Player version: 12.2r162

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2016-01-20 22:22:53    7A29B63C26A071B62503056AA17DFD29    644    ----a-w-    C:\Windows\cdplayer.ini
====== C:\Users\Bubba\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2016-01-22 23:31:16    28E75F316CCCD79337E4957C53017D4B    154560    ----a-w-    C:\Windows\Sysnative\drivers\ksecpkg.sys
2016-01-22 23:31:13    0F776895884B8DC430A307D57FD867BB    95680    ----a-w-    C:\Windows\Sysnative\drivers\ksecdd.sys
2016-01-22 23:31:10    C49F1C4CA74FC52AFB2E892D8E50EA39    129024    ----a-w-    C:\Windows\Sysnative\drivers\mrxsmb20.sys
2016-01-22 23:31:10    A572BEF41F3C55D7DAF24D2340C91FEC    290816    ----a-w-    C:\Windows\Sysnative\drivers\mrxsmb10.sys
2016-01-22 23:31:10    32B85C4923D895B2FB35821A799BA38D    159232    ----a-w-    C:\Windows\Sysnative\drivers\mrxsmb.sys
2016-01-22 23:27:35    C51B07394A087DA666A410DBFD26663A    116736    ----a-w-    C:\Windows\Sysnative\drivers\drmk.sys
2016-01-22 23:27:35    647599CAE8CA0EF2FB09C4B150BC97FF    230400    ----a-w-    C:\Windows\Sysnative\drivers\portcls.sys
2016-01-22 23:27:35    26FE888505E5A945B0536AF9A2A27A6F    5632    ----a-w-    C:\Windows\Sysnative\drivers\drmkaud.sys
====== C:\Windows\Tasks ======
2016-02-16 20:45:58    EE0744343F262AD28637BA6CF62CA6FB    3206    ----a-w-    C:\Windows\Sysnative\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1664557020-3925135753-4154257917-1000
2016-02-16 20:45:52    22BA3A50A0A9E668D7CA4ACEE66A3B62    3340    ----a-w-    C:\Windows\Sysnative\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1664557020-3925135753-4154257917-1000
2016-02-13 00:48:47    8706E1F5648812DC66CA1DEEE0654DA0    3228    ----a-w-    C:\Windows\Sysnative\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1664557020-3925135753-4154257917-1000
2016-02-13 00:48:41    8C656F1B8B1554933042B160902F03C0    3362    ----a-w-    C:\Windows\Sysnative\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1664557020-3925135753-4154257917-1000
2016-01-22 21:59:04    B904D60CD65A037AF7214B423E17B30F    3768    ----a-w-    C:\Windows\Sysnative\Tasks\Adobe Flash Player Updater
2016-01-22 21:59:04    A787EB47572B14301B6EB8115E8B15C9    830    ----a-w-    C:\Windows\Tasks\Adobe Flash Player Updater.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2016-01-29 21:48:05    --------    d-----w-    C:\PROGRA~2\COMMON~1\DESIGNER
2016-01-23 01:41:13    --------    d-----w-    C:\PROGRA~2\COMMON~1\Java
2016-01-22 22:04:26    --------    d-----w-    C:\PROGRA~2\QuickTime
======= C: =====
====== C:\Users\Bubba\AppData\Roaming ======
2016-02-17 21:05:48    --------    d-----w-    C:\Users\Bubba\AppData\Local\offsync
2016-02-16 21:50:23    --------    d-----w-    C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2016-02-16 21:50:23    --------    d-----w-    C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2016-02-16 21:50:23    --------    d-----w-    C:\Users\Default\AppData\Local\Temp
2016-02-16 21:50:23    --------    d-----w-    C:\Users\Default User\AppData\Local\Temp
2016-02-16 05:18:42    --------    d-----w-    C:\Users\Bubba\AppData\Local\Temp
2016-01-19 18:36:00    --------    d-----w-    C:\Users\Bubba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EveHQ
====== C:\Users\Bubba ======
2016-02-16 03:37:48    02AC8743B7B90A21A02E28A7BE392CCC    2371072    ----a-w-    C:\Users\Bubba\Desktop\FRST64.exe
2016-01-22 22:04:38    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-01-22 22:04:26    --------    d-----w-    C:\ProgramData\Apple Computer

====== C: exe-files ==
2016-02-16 05:28:45    F77A897A069852D868A3D02B39D0CA61    3723376    ----a-w-    C:\EEK\Start Commandline Scanner.exe
2016-02-16 05:28:45    38BFBA956EBFB8FA19D9B1A0BC4DF9B1    3723376    ----a-w-    C:\EEK\Start Emergency Kit Scanner.exe
2016-02-16 05:28:44    F87E3A80C2A950E1F2B3F11BF88014F1    10815272    ----a-w-    C:\EEK\bin64\a2emergencykit.exe
2016-02-16 05:28:44    A00498FD79D0F49DE5EC0D476AC3AE0A    4444616    ----a-w-    C:\EEK\bin32\a2cmd.exe
2016-02-16 05:28:44    4E431121527BCB0FAE131AE0643FC194    6832216    ----a-w-    C:\EEK\bin64\a2cmd.exe
2016-02-16 05:28:44    03556B328F27698C697FA2095CEA96AD    7474800    ----a-w-    C:\EEK\bin32\a2emergencykit.exe
=== C: other files ==
2016-02-16 05:28:50    CEFDBBD7A1F6D0905E441F679107023B    102128    ----a-w-    C:\EEK\bin32\epp.sys
2016-02-16 05:28:50    AD2D0DD976F59A93B95B2268CC956E7C    123992    ----a-w-    C:\EEK\bin64\epp.sys

==== Orphaned Tasks deleted from Registry ======================

Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse deleted
Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse deleted

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1664557020-3925135753-4154257917-1000\Software\iolo\System Mechanic\startup manager\configuration\Disabled\registry\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"DivXMediaServer"="C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"

[HKEY_USERS\S-1-5-21-1664557020-3925135753-4154257917-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="C:\Users\Bubba\AppData\Local\Akamai\netsession_win.exe"
"HP Officejet Pro 8610 (NET)"="C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe -deviceID CN48EC30H5:NW -scfn HP Officejet Pro 8610 (NET) -AutoStart 1"
"Starfield Updater"="C:\Users\Bubba\AppData\Local\Workspace\workspaceupdate.exe"
"wben"="C:\Users\Bubba\AppData\Local\Workspace\wben.exe"
"Workspace Status"="C:\Users\Bubba\AppData\Local\Workspace\workspacestatus.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files (x86)\update\realsched.exe  -osboot"
"RealDownloader"="C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe"
"iolo Startup"="C:\Program Files (x86)\iolo\common\Lib\ioloLManager.exe /lbstartup"
"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
"athenaNetDeviceManager"="C:\Program Files (x86)\athenahealth, Inc\athenaNetDeviceManager\TrayApp\ADM.TrayApp.exe"
"DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="C:\Users\Bubba\AppData\Local\Akamai\netsession_win.exe"
"HP Officejet Pro 8610 (NET)"="C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe -deviceID CN48EC30H5:NW -scfn HP Officejet Pro 8610 (NET) -AutoStart 1"
"Starfield Updater"="C:\Users\Bubba\AppData\Local\Workspace\workspaceupdate.exe"
"wben"="C:\Users\Bubba\AppData\Local\Workspace\wben.exe"
"Workspace Status"="C:\Users\Bubba\AppData\Local\Workspace\workspacestatus.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"boinctray"="C:\Program Files\BOINC\boinctray.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"

==== Startup Folders ======================

2015-06-22 22:48:20    2059    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk
2014-05-21 20:31:09    1000    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
2015-06-22 22:48:20    1968    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [01/22/2016 01:58 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/30/2015 03:52 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/30/2015 03:52 PM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HPCustParticipation HP Officejet Pro 8610" ["C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe"]
"C:\Windows\SysNative\tasks\iolo DelOnReboot" [cmd.exe]
"C:\Windows\SysNative\tasks\iolo Process Governor" [C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe]
"C:\Windows\SysNative\tasks\McAfee Remediation (Prepare)" [C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe]
"C:\Windows\SysNative\tasks\McAfeeLogon" [C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe]
"C:\Windows\SysNative\tasks\RealDownloader Update Check" [C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe]
"C:\Windows\SysNative\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1664557020-3925135753-4154257917-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe]
"C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1664557020-3925135753-4154257917-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe]
"C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1664557020-3925135753-4154257917-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe]
"C:\Windows\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1664557020-3925135753-4154257917-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1664557020-3925135753-4154257917-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\ScanToPCActivationApp.exe_{BF7F206E-CF10-4DB9-8577-88D8129C2B5B}" [C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\{072D53F6-8C6E-428E-8478-64437F75115B}" [C:\Program Files (x86)\CCP\vintel-0.62.exe]
"C:\Windows\SysNative\tasks\{073BBCAB-96E3-46F1-B47A-6B0E3A861B4D}" [C:\Users\Bubba\Desktop\vintel-0.51.exe]
"C:\Windows\SysNative\tasks\{1B99B6F3-23F4-4636-A9D5-6949939904BD}" [C:\Program Files (x86)\Atari\Civilization 2 Test of Time\civ2.exe]
"C:\Windows\SysNative\tasks\{2F045350-C4D4-4BBC-9872-646DEC2F8E8E}" [C:\Program Files (x86)\Atari\Civilization 2 Test of Time\civtot11.exe]
"C:\Windows\SysNative\tasks\{311F8406-161C-4F28-8C82-91D9F17E9506}" [C:\Program Files (x86)\Firaxis Games\Sid Meier's Alpha Centauri\terranx.exe]
"C:\Windows\SysNative\tasks\{32F8BB8C-2F5D-46FD-843A-09240E61CA43}" [C:\Users\Bubba\Documents\'Classic' Takamo files 2014\INPUT.EXE]
"C:\Windows\SysNative\tasks\{392F08D7-3016-4905-9099-DA770E6F6FED}" [C:\Program Files (x86)\CCP\vintel-0.62.exe]
"C:\Windows\SysNative\tasks\{3ED5CF6C-2A1E-4176-AA6B-59C021AD3DCB}" [C:\Program Files (x86)\CCP\EVE\eve.exe]
"C:\Windows\SysNative\tasks\{557EE934-4F89-48BC-AD22-775DFA5534A1}" [C:\Program Files (x86)\Firaxis Games\Sid Meier's Alpha Centauri\terranx.exe]
"C:\Windows\SysNative\tasks\{59D5FE62-AEF8-4D12-8868-235E976844DE}" [C:\Program Files (x86)\CCP\vintel-0.62.exe]
"C:\Windows\SysNative\tasks\{5BC8EE0E-34DF-409F-B8F2-EAB54044DDF9}" [C:\Program Files (x86)\Firaxis Games\Sid Meier's Alpha Centauri\axstart.exe]
"C:\Windows\SysNative\tasks\{6FBE6ED1-3DEE-4AEB-A9EC-9953FF4C6A32}" [C:\Windows.old\Users\Tony\Documents\103\civII_test of time\Civilization_2__The_Test_of_Time\civ2.exe]
"C:\Windows\SysNative\tasks\{71AE1D50-E7D2-4AFC-8FD3-DC6A833A2E62}" [C:\Program Files (x86)\Firaxis Games\Sid Meier's Alpha Centauri\axstart.exe]
"C:\Windows\SysNative\tasks\{7B6B5F0F-A416-486E-9BB6-2EBCD857D6A9}" [C:\Users\Bubba\Documents\'Classic' Takamo files 2014\INPUT.EXE]
"C:\Windows\SysNative\tasks\{7C519215-9EFA-4D83-9B9F-151BB9EA0AF3}" [C:\program files (x86)\RealPlay.exe]
"C:\Windows\SysNative\tasks\{7E155B6D-D5C1-4E05-ABE2-DFE86620BCC9}" [C:\Users\Bubba\Documents\'Classic' Takamo files 2014\INPUT.EXE]
"C:\Windows\SysNative\tasks\{7E4A555B-330A-40B9-AB68-6CAF81173FE9}" [C:\Program Files (x86)\Atari\Civilization 2 Test of Time\civ2.exe]
"C:\Windows\SysNative\tasks\{9CB1757D-21EF-43B2-BE05-8D74B79E3017}" [C:\Program Files (x86)\Firaxis Games\Sid Meier's Alpha Centauri\terranx.exe]
"C:\Windows\SysNative\tasks\{A12D7BB5-DCFB-418E-B0E7-CE0A9E04DDAC}" [C:\Windows.old\Users\Tony\Documents\Downloads\Master of Orion\Moo\INSTALL.EXE]
"C:\Windows\SysNative\tasks\{AC4B765C-D8C6-4A57-BD01-2875A339CB29}" [C:\Program Files (x86)\Atari\Civilization 2 Test of Time\civ2.exe]
"C:\Windows\SysNative\tasks\{AD8D00C6-A1F9-4D93-A932-8DC5978F3CE1}" [C:\Users\Bubba\Documents\'Classic' Takamo files 2014\INPUT.EXE]
"C:\Windows\SysNative\tasks\{AFCFE17C-FFEE-4317-B2B8-39530E18FD9B}" [C:\Program Files (x86)\Firaxis Games\Sid Meier's Alpha Centauri\axstart.exe]
"C:\Windows\SysNative\tasks\{B40945E7-997D-4B0F-ACB3-20771BAB0ED3}" [C:\Windows.old\Users\Tony\Documents\103\civII_test of time\Civilization_2__The_Test_of_Time\civ2.exe]
"C:\Windows\SysNative\tasks\{BAC4833B-6138-42D9-B10F-3B99C51B7D81}" [C:\Program Files (x86)\Atari\Civilization 2 Test of Time\civtot11.exe]
"C:\Windows\SysNative\tasks\{BDD7F744-D652-4949-BA6A-4EFEA6791B99}" [C:\Program Files (x86)\CCP\vintel-0.62.exe]
"C:\Windows\SysNative\tasks\{E06F21E7-A5DB-4781-A78F-55496680CE1A}" [C:\Users\Bubba\Documents\'Classic' Takamo files 2014\INPUT.EXE]
"C:\Windows\SysNative\tasks\{EABF2C64-803E-4ABB-9249-9D1A35BDFEF9}" [C:\Users\Bubba\Desktop\vintel-0.51.exe]
"C:\Windows\SysNative\tasks\{ED8A4052-5E7A-4766-8F7E-B885441DD8EB}" [C:\Users\Bubba\Documents\'Classic' Takamo files 2014\INPUT.EXE]
"C:\Windows\SysNative\tasks\{F6F64E74-BA44-44C3-B2CA-57AF2AC609C8}" [C:\Program Files (x86)\CCP\vintel-0.62.exe]
"C:\Windows\SysNative\tasks\{F75D081C-0BA0-444B-807B-29F680DD63D3}" [C:\Users\Bubba\Documents\'Classic' Takamo files 2014\INPUT.EXE]
"C:\Windows\SysNative\tasks\{FC6F61A2-B9A9-4AF1-A8D1-D12D38EE5A76}" [C:\Users\Bubba\Documents\'Classic' Takamo files 2014\INPUT.EXE]
"C:\Windows\SysNative\tasks\{FCB8D40F-904D-4012-BE66-388CE1167B56}" [C:\Program Files (x86)\Firaxis Games\Sid Meier's Alpha Centauri\axstart.exe]
"C:\Windows\SysNative\tasks\{FFACC1A4-8394-480E-BAFA-3DFCF493BC6D}" [C:\Program Files (x86)\Atari\Civilization 2 Test of Time\civtot11.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Bubba\AppData\Roaming\Mozilla\Firefox\Profiles\e3ddo9zm.default
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.defaultenginename.US", "Google");
user_pref("browser.search.selectedEngine", "Secure Search");
user_pref("keyword.URL", "gram");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{338950EA-82DB-44C1-930D-0C28E023C9F0}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [01/19/2015 01:57 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Bubba\AppData\Roaming\Mozilla\Firefox\Profiles\e3ddo9zm.default
- Youtube Downloader - 4K Download - %ProfilePath%\extensions\paulsaintuzb@gmail.com
- McAfee SafeKey - %ProfilePath%\extensions\{072844D3-7DEE-45F6-A406-E87F76302E4B}
- Amazon Assistant for Firefox - %ProfilePath%\extensions\abb@amazon.com.xpi
- Classic Theme Restorer - %ProfilePath%\extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi
- Heartbleed Notifier em:type2 em:version0.1.1.1-signed em:descriptionNotify of heartbleed vulnerabilities em:creatorKris Maglione em:bootstraptrue - %ProfilePath%\extensions\heartbleed@dactyl.googlecode.com.xpi
- FastestFox - %ProfilePath%\extensions\smarterwiki@wikiatic.com.xpi
- Social Fixer - %ProfilePath%\extensions\socialfixer@mattkruse.com.xpi
- Flagfox - %ProfilePath%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi
- CouponsHelper - %ProfilePath%\extensions\{239cc760-75a9-4276-b1fc-c0ceb963f373}.xpi
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Video DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Bubba\AppData\Roaming\Mozilla\Firefox\Profiles\e3ddo9zm.default
252949179FE1C491B7D16A9AA376B29B    - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll -    RealPlayer Video Downloader for HTML5  (32-bit)
87132527E2256CF6683A18C4EB34DD3B    - C:\Windows\system32\Wat\npWatWeb.dll -    Windows Activation Technologies
30F232783820C8146F8A050F9E2F5D1D    - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll -    Shockwave for Director / Shockwave for Director
4390CCD3790F8D9C427C0C29590C62D7    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll -    Shockwave Flash
A107920551356DAEE665F0884F34D2D7    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll -    Shockwave Flash
ABECD734D5987FCE3053A2BC8AC7340A    - C:\Users\Bubba\AppData\Roaming\Mozilla\Plugins\npatgpc.dll -    ActiveTouch General Plugin Container
9C5BB5C14408A2C735A18164EEC2F2DA    - C:\Users\Bubba\AppData\Roaming\Mozilla\Plugins\npoff.dll -    Online Storage plug-in
9F47DB26ED35DB2D99EAE88453F7510F    - C:\Users\Bubba\AppData\Roaming\Mozilla\Plugins\npwbe.dll -    Workspace Webmail plug-in 1.0.21.46
ABECD734D5987FCE3053A2BC8AC7340A    - C:\Users\Bubba\AppData\Roaming\Mozilla\plugins\npatgpc.dll -    ActiveTouch General Plugin Container
9C5BB5C14408A2C735A18164EEC2F2DA    - C:\Users\Bubba\AppData\Roaming\Mozilla\plugins\npoff.dll -    Online Storage plug-in
9F47DB26ED35DB2D99EAE88453F7510F    - C:\Users\Bubba\AppData\Roaming\Mozilla\plugins\npwbe.dll -    Workspace Webmail plug-in 1.0.21.46
F00CEF0100E086D1CE1AAF10ECAFE785    - C:\Users\Bubba\AppData\Roaming\Mozilla\Plugins\npwbe64.dll -    Workspace Webmail plug-in 1.0.21.46
F00CEF0100E086D1CE1AAF10ECAFE785    - C:\Users\Bubba\AppData\Roaming\Mozilla\plugins\npwbe64.dll -    Workspace Webmail plug-in 1.0.21.46
D98D6D9726A18E31385DAE3DDAE35953    - C:\Users\Bubba\AppData\Roaming\Mozilla\Plugins\npoff64.dll -    Online Storage plug-in
D98D6D9726A18E31385DAE3DDAE35953    - C:\Users\Bubba\AppData\Roaming\Mozilla\plugins\npoff64.dll -    Online Storage plug-in


==== Chromium Look ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://athenanet.athenahealth.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://athenanet.athenahealth.com/"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll
O2 - BHO: McAfee SafeKey Vault - {9DB059B3-DD36-4a55-846C-59BE42A1202A} - C:\Program Files (x86)\SafeKey\LPToolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll
O3 - Toolbar: McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RealDownloader] C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files (x86)\iolo\common\Lib\ioloLManager.exe" /lbstartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [athenaNetDeviceManager] C:\Program Files (x86)\athenahealth, Inc\athenaNetDeviceManager\TrayApp\ADM.TrayApp.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Bubba\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [HP Officejet Pro 8610 (NET)] "C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe" -deviceID "CN48EC30H5:NW" -scfn "HP Officejet Pro 8610 (NET)" -AutoStart 1
O4 - HKCU\..\Run: [Starfield Updater] "C:\Users\Bubba\AppData\Local\Workspace\workspaceupdate.exe"
O4 - HKCU\..\Run: [wben] "C:\Users\Bubba\AppData\Local\Workspace\wben.exe"
O4 - HKCU\..\Run: [Workspace Status] "C:\Users\Bubba\AppData\Local\Workspace\workspacestatus.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: FAH.lnk = C:\Program Files\WinZip\FAH\FAHConsole.exe
O4 - Global Startup: RealPlayer Cloud Service UI.lnk = C:\Program Files (x86)\RPDS\Bin64\rpsystray.exe
O4 - Global Startup: WinZip Preloader.lnk = C:\Program Files\WinZip\WzPreloader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: SafeKey - file://C:\Users\Bubba\AppData\LocalLow\SafeKey\context.html?cmd=lastpass
O8 - Extra context menu item: SafeKey Fill Forms - file://C:\Users\Bubba\AppData\LocalLow\SafeKey\context.html?cmd=fillforms
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: McAfee SafeKey - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\SafeKey\LPToolbar.dll
O9 - Extra 'Tools' menuitem: McAfee SafeKey - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\SafeKey\LPToolbar.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.athenahealth.com
O15 - Trusted Zone: *.csod.com
O15 - Trusted Zone: *.getsatisfaction.com
O15 - Trusted Zone: *.https://secure.athenahealthpayment.com
O15 - Trusted Zone: *.webex.com
O16 - DPF: {4569CCE2-2DE0-40A0-B37D-84AEBF4E7A74} (AthenaImageUploader Control) - https://static.athenanet.athenahealth.com/static_20150826/AthenaImageUploader.cab
O16 - DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} (PopupMenu Object) - https://static.athenanet.athenahealth.com/static_20150908/iemenu.cab
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - (no file)
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: athenaNetDeviceManager - Unknown owner - C:\Program Files (x86)\athenahealth, Inc\athenaNetDeviceManager\WindowsService\Apollo.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: File Backup Service (File Backup) - Starfield Technologies - C:\Program Files (x86)\Workspace\offSyncService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\1.8.259.0\McCSPServiceHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Service Controller (mfemms) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: RealPlayer Cloud Service - RealNetworks, Inc. - c:\program files (x86)\RPDS\Bin\rpdsvc.exe
O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) - Unknown owner - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Bubba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Bubba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Bubba\AppData\Local\Mozilla\Firefox\Profiles\e3ddo9zm.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1064 folders=543 3637618101 bytes)

==== Empty Temp Folders ======================

C:\Users\Bubba\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Bubba\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Wed 02/17/2016 at 13:48:19.67 ======================
 
 
Help!
:-/

Edited by Queen-Evie, 17 February 2016 - 06:06 PM.
moved from Am I Infected to Malware Removal Logs. FRST and ZOEK logs are allowed only in MRL forum


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:41 AM

Posted 18 February 2016 - 09:35 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

After a restart of the computer please run the Farbar tool again. Make sure that the box "Create an Addition.txt file is marked."

Paste boot logs in your next reply.

Let me know what problem persists.

#3 TonyB58

TonyB58
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oregon coast, USA
  • Local time:04:41 AM

Posted 18 February 2016 - 11:29 PM

Howdy, nasdaq - good to know you. I sincerely appreciate the quick response, I know you guys are all busy with stuff,

 

The machine's been behaving itself, but I did what you suggested - here is the log from RogueKiller:

 

RogueKiller V11.0.12.0 [Feb 15 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Bubba [Administrator]
Started from : C:\Users\Bubba\Desktop\RogueKiller.exe
Mode : Delete -- Date : 02/18/2016 19:15:31

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 7 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\0175451455760316mcinstcleanup (C:\Windows\TEMP\017545~1.EXE -cleanup -nolog) -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0175451455760316mcinstcleanup (C:\Windows\TEMP\017545~1.EXE -cleanup -nolog) -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\0175451455760316mcinstcleanup (C:\Windows\TEMP\017545~1.EXE -cleanup -nolog) -> Deleted
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1664557020-3925135753-4154257917-1000\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1664557020-3925135753-4154257917-1000\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Replaced (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Replaced (2)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUP][FIREFX:Addon] e3ddo9zm.default : Amazon Assistant for Firefox [abb@amazon.com] -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD2500BEVT-60A23T0 ATA Device +++++
--- User ---
[MBR] c5a6b735ca728c360f86d73bf33b7b6c
[BSP] bebe86223db780be427f8cf4e6d68761 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 300 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 616448 | Size: 223940 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 459245568 | Size: 2048 MB
3 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 463456256 | Size: 12177 MB
User = LL1 ... OK
User = LL2 ... OK
 

 

=================

Here is the fixlog from FRST as well:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
Ran by Bubba (2016-02-18 20:07:33) Run:7
Running from C:\Users\Bubba\Desktop
Loaded Profiles: Bubba (Available Profiles: Bubba)
Boot Mode: Normal
==============================================

fixlist content:
*****************
U3 idsvc; No ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; No ImagePath
NETSVCx32: NetSetupSvc -> C:\Windows\SysWOW64\NetSetupSvc.dll ==> No File
NETSVCx32: UserManager -> C:\Windows\SysWOW64\usermgr.dll ==> No File
Task: {00410D6F-DA4C-417D-A6CA-7721096FA180} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd No Task File <==== ATTENTION
Task: {13A31235-ABBF-4F31-8115-9D988B1D5C9C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent No Task File <==== ATTENTION
Task: {2F716ED6-4A4B-4388-B89F-308C8CF227B5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d No Task File <==== ATTENTION
Task: {2F716ED6-4A4B-4388-B89F-308C8CF227B5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d No Task File <==== ATTENTION
Task: {5B234265-48A8-479A-ACF2-38F29FB1C25A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d No Task File <==== ATTENTION
Task: {6876F48B-033D-4E8C-9511-13E443471C7F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess No Task File <==== ATTENTION
Task: {77EFEDBD-A5DA-4E8F-BFF4-FE924872BB68} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d No Task File <==== ATTENTION
Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync No Task File <==== ATTENTION
Task: {92F4B6A1-DB8B-4409-8C5A-4C0CD5E8F2A1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent No Task File <==== ATTENTION
Task: {BE447FF6-4BA9-4408-B0BC-792148CA21F6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d No Task File <==== ATTENTION
Task: {C06DBE78-C8A4-4C58-87E8-95F094BA6B6C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d No Task File <==== ATTENTION
Task: {C4226DA7-DC7A-4845-AC5F-CF3D92FC9617} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B No Task File <==== ATTENTION
Task: {FA775421-5625-4805-B6B4-219A5B4D1175} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig No Task File <==== ATTENTION

*****************

idsvc => service not found.
wfpcapture => service not found.
wpcsvc => service not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs NetSetupSvc  not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs UserManager  not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00410D6F-DA4C-417D-A6CA-7721096FA180} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13A31235-ABBF-4F31-8115-9D988B1D5C9C} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F716ED6-4A4B-4388-B89F-308C8CF227B5} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F716ED6-4A4B-4388-B89F-308C8CF227B5} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B234265-48A8-479A-ACF2-38F29FB1C25A} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6876F48B-033D-4E8C-9511-13E443471C7F} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77EFEDBD-A5DA-4E8F-BFF4-FE924872BB68} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F4C3A2F-D807-437E-BAA4-10DF9721ED47} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92F4B6A1-DB8B-4409-8C5A-4C0CD5E8F2A1} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE447FF6-4BA9-4408-B0BC-792148CA21F6} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C06DBE78-C8A4-4C58-87E8-95F094BA6B6C} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4226DA7-DC7A-4845-AC5F-CF3D92FC9617} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA775421-5625-4805-B6B4-219A5B4D1175} => key not found.

==== End of Fixlog 20:07:35 ====

 

 

 

The boot log is over 900 KB, you sure you want me to post it? :scratchhead:

 

 



#4 TonyB58

TonyB58
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oregon coast, USA
  • Local time:04:41 AM

Posted 18 February 2016 - 11:42 PM

Forgot to include - it seems to be running just fine now.

 

:thumbsup2:



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:41 AM

Posted 19 February 2016 - 07:49 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#6 TonyB58

TonyB58
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oregon coast, USA
  • Local time:04:41 AM

Posted 21 February 2016 - 06:44 PM

So far, so good. Thank you again for the assist, and I will definitely check that out. :clapping:

 

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:41 AM

Posted 27 February 2016 - 08:19 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users