Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cannot access regedit or task manager due to hijack


  • Please log in to reply
4 replies to this topic

#1 lffoar

lffoar

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Adelaide South Australia
  • Local time:08:15 AM

Posted 23 December 2017 - 02:08 AM

I downloaded a game and it has corrupted my comp. Mbam  pops up with a message about blocking outbound with something to do with net framework.
I can't access regedit "has been blocked by administrator" but I am the admin.
Task manager does not show with ctrl-alt-del.
Here's what I have done so far:
Ran MBAM in safe mode and it shows 3 problems, so quarantined them
Ran ESET online scanner and it deleted 4-5 items
Ran Avast boot scan, no result shown
Ran Adwcleaner, nothing shown
Ran JRT, nothing shown
Ran RKill, nothing shown
Did this yesterday and the computer appeared to be OK. I could get to the task manager and regedit but MBAM kept popping up with the outbound blocking message. Turned it on today and the same problems are back so just ran scans again and it seems to be OK again. I suspect it will go haywire on the next startup so help would be appreciated.
Result of the farbar scan follows

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
Ran by Skinny's (administrator) on SKINNYS-PC (23-12-2017 17:19:50)
Running from C:\Users\Skinny's\Desktop\Cleaners
Loaded Profiles: Skinny's (Available Profiles: Skinny's)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2017-12-22] (AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1558744967-2584864110-4024010262-1000\...\Run: [FoxyGames] => C:\Users\Skinny's\AppData\Local\Temp\FoxyGames.exe <==== ATTENTION
HKU\S-1-5-21-1558744967-2584864110-4024010262-1000\...\Policies\system: [EnableLUA] 0
HKU\S-1-5-21-1558744967-2584864110-4024010262-1000\...\MountPoints2: {ef689eb2-6126-11e4-b517-806e6f6e6963} - D:\InstAll.exe
HKU\S-1-5-21-1558744967-2584864110-4024010262-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation)
Startup: C:\Users\Skinny's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FoxyGames.lnk [2017-12-23]
ShortcutTarget: FoxyGames.lnk -> C:\Users\Skinny's\AppData\Local\Temp\FoxyGames.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 activation.acronis.com
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{9A0B48CB-DB50-4370-965B-C03753165E0E}: [DhcpNameServer] 10.1.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-11-18] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-02-25] (Eyeo GmbH)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-08-12] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-18] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: facu13qj.default
FF ProfilePath: C:\Users\Skinny's\AppData\Roaming\Mozilla\Firefox\Profiles\facu13qj.default [2017-12-23]
FF Homepage: Mozilla\Firefox\Profiles\facu13qj.default -> hxxp://google.com/
FF Extension: (Avast SafePrice) - C:\Users\Skinny's\AppData\Roaming\Mozilla\Firefox\Profiles\facu13qj.default\Extensions\sp@avast.com.xpi [2017-12-08]
FF Extension: (Avast Online Security) - C:\Users\Skinny's\AppData\Roaming\Mozilla\Firefox\Profiles\facu13qj.default\Extensions\wrc@avast.com.xpi [2017-11-02]
FF Extension: (Adblock Plus) - C:\Users\Skinny's\AppData\Roaming\Mozilla\Firefox\Profiles\facu13qj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-17]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2015-09-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2015-09-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2015-09-09] (Tracker Software Products (Canada) Ltd.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\Skinny's\AppData\Local\Google\Chrome\User Data\Default [2017-12-22]
CHR Extension: (Google Slides) - C:\Users\Skinny's\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-22]
CHR Extension: (Google Docs) - C:\Users\Skinny's\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-22]
CHR Extension: (Google Drive) - C:\Users\Skinny's\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-22]
CHR Extension: (YouTube) - C:\Users\Skinny's\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-22]
CHR Extension: (Avast SafePrice) - C:\Users\Skinny's\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-07-22]
CHR Extension: (Google Sheets) - C:\Users\Skinny's\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-22]
CHR Extension: (Google Docs Offline) - C:\Users\Skinny's\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Skinny's\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-22]
CHR Extension: (Gmail) - C:\Users\Skinny's\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-22]
CHR Extension: (Chrome Media Router) - C:\Users\Skinny's\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-22]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2017-12-22] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2017-12-22] (AVAST Software)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-18] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-05-18] (NVIDIA Corporation)
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28848 2014-09-16] (Samsung Electronics Co., Ltd.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36096 2013-09-13] (Advanced Micro Devices, Inc.)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2017-12-22] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2017-12-22] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2017-12-22] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2017-12-22] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2017-12-22] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2017-12-22] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2017-12-22] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146664 2017-12-22] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2017-12-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2017-12-22] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2017-12-22] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457400 2017-12-22] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2017-12-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2017-12-22] (AVAST Software)
R3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [42536 2014-11-18] (IVT Corporation.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [84008 2010-11-15] (Broadcom Corporation.)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [77480 2013-07-02] (Fresco Logic)
R3 fspad_win764; C:\Windows\System32\DRIVERS\fspad_win764.sys [53760 2011-06-19] (Windows ® Win 7 DDK provider)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2017-12-23] (Malwarebytes)
S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2017-12-23] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-12-23] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [125952 2014-08-14] (Intel Corporation)
R3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [377560 2000-01-01] (Realsil Semiconductor Corporation)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [268976 2014-09-16] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111280 2014-09-16] (Samsung Electronics Co., Ltd.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-05-19] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-05-19] (Zemana Ltd.)
S4 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S4 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S4 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S4 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S4 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S4 BtFilter; system32\DRIVERS\btfilter.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-23 17:19 - 2017-12-23 17:19 - 000000000 ____D C:\FRST
2017-12-23 17:17 - 2017-12-23 17:18 - 000006268 _____ C:\TDSSKiller.3.1.0.15_23.12.2017_17.17.50_log.txt
2017-12-23 17:17 - 2017-12-23 17:17 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-12-23 17:16 - 2017-12-23 17:17 - 000209338 _____ C:\TDSSKiller.3.1.0.15_23.12.2017_17.16.14_log.txt
2017-12-23 17:16 - 2017-12-23 17:16 - 000000000 ____D C:\TDSSKiller_Quarantine
2017-12-23 17:15 - 2017-12-23 17:15 - 000003042 _____ C:\Users\Skinny's\Desktop\Rkill.txt
2017-12-23 17:10 - 2017-12-23 17:10 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-12-23 17:10 - 2017-12-23 17:10 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-12-23 17:10 - 2017-12-23 17:10 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-12-23 09:57 - 2017-12-23 17:07 - 000000000 ___HD C:\Users\Skinny's\AppData\Roaming\ConfigsEx
2017-12-22 12:14 - 2017-12-22 12:14 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\2615F761.sys
2017-12-22 12:13 - 2017-12-22 12:19 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-12-22 12:11 - 2017-12-23 17:16 - 000218020 _____ C:\Windows\ntbtlog.txt
2017-12-22 10:39 - 2017-12-22 10:39 - 000000117 _____ C:\Users\Skinny's\Documents\EnableRegistry.bat..txt
2017-12-22 09:56 - 2017-12-22 09:55 - 000365680 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-12-22 09:56 - 2017-12-22 09:55 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2017-12-11 10:32 - 2017-12-11 10:32 - 000000000 ____D C:\Users\Skinny's\AppData\Local\ESET
2017-12-11 10:15 - 2017-12-22 10:30 - 000000000 ____D C:\Users\Skinny's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haunted Legends 11 - The Cursed Gift Collector's Edition
2017-12-11 10:05 - 2017-12-22 10:30 - 000000000 ____D C:\Users\Skinny's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dawn of Hope 2 - Daughter of Thunder Collectors Edition
2017-12-11 10:05 - 2017-12-11 10:05 - 000000896 _____ C:\Users\Skinny's\Desktop\Dawn of Hope 2 - Daughter of Thunder Collectors Edition.lnk
2017-12-11 10:03 - 2017-12-22 10:30 - 000000000 ____D C:\Users\Skinny's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dark Romance 7 - The Monster Within Collector's Edition
2017-12-11 09:36 - 2017-12-22 10:30 - 000000000 ____D C:\Program Files (x86)\gamehouse
2017-12-11 09:35 - 2017-12-11 09:35 - 000000000 ____D C:\Users\Skinny's\AppData\LocalLow\AKPublish
2017-12-08 09:08 - 2017-12-08 09:08 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2017-12-06 14:03 - 2017-12-06 14:11 - 000000000 ____D C:\Users\Skinny's\AppData\Roaming\Jewel Match Twilight
2017-12-06 08:15 - 2017-12-06 08:15 - 000000000 ____D C:\Users\Skinny's\AppData\Roaming\Gametop
2017-12-04 09:17 - 2017-12-10 10:45 - 000000000 ____D C:\Users\Skinny's\AppData\LocalLow\Shaman Games
2017-12-03 14:07 - 2017-12-10 10:54 - 000000000 ____D C:\Users\Skinny's\AppData\LocalLow\phime studio
2017-12-03 14:07 - 2017-12-03 14:07 - 000000000 ____D C:\ProgramData\Gametop
2017-12-02 07:46 - 2017-12-10 10:47 - 000000000 ____D C:\Users\Skinny's\AppData\Roaming\Alawar Stargaze
2017-12-02 07:34 - 2017-12-02 07:34 - 000000000 ____D C:\Users\Skinny's\AppData\Roaming\ToomkyGames.com
2017-12-01 13:07 - 2017-12-01 13:07 - 000003872 _____ C:\Windows\System32\Tasks\CCleaner Update
2017-12-01 12:56 - 2017-12-01 12:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-01 12:56 - 2017-12-01 12:56 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-12-01 12:40 - 2017-12-22 10:30 - 000000000 ____D C:\Program Files (x86)\bigfishgames
2017-11-26 11:45 - 2017-11-26 11:45 - 000000000 ____D C:\Users\Skinny's\AppData\Local\Murder on the Titanic

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-23 17:19 - 2017-05-19 11:18 - 000042733 _____ C:\Windows\ZAM.krnl.trace
2017-12-23 17:19 - 2017-05-19 11:18 - 000010458 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-12-23 17:19 - 2014-10-05 07:00 - 000000000 ____D C:\Users\Skinny's\Desktop\Cleaners
2017-12-23 17:17 - 2016-12-04 12:23 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-23 17:17 - 2009-07-14 15:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-23 17:14 - 2009-07-14 15:43 - 000006186 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-23 17:09 - 2009-07-14 15:15 - 000031936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-23 17:09 - 2009-07-14 15:15 - 000031936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-23 11:55 - 2015-06-23 12:13 - 000000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-12-23 10:01 - 2017-07-03 15:29 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-12-23 10:01 - 2017-06-21 12:23 - 000000000 ____D C:\Users\Skinny's\AppData\LocalLow\Mozilla
2017-12-22 12:25 - 2015-03-06 11:24 - 000000000 ____D C:\Users\Skinny's\AppData\Roaming\Everything
2017-12-22 12:25 - 2014-11-03 11:05 - 000000000 ____D C:\Users\Skinny's\AppData\Roaming\Five-BN Games
2017-12-22 12:25 - 2014-10-05 06:16 - 000000000 ____D C:\Users\Skinny's\Desktop\Finished games
2017-12-22 12:24 - 2017-10-01 10:56 - 000000000 ____D C:\Users\Skinny's\AppData\Local\Astar Games
2017-12-22 12:23 - 2016-08-09 12:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com
2017-12-22 12:14 - 2014-10-31 19:24 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-22 10:54 - 2015-03-26 14:20 - 000000000 ____D C:\AdwCleaner
2017-12-22 10:54 - 2014-10-05 04:29 - 000000000 ____D C:\Users\Skinny's
2017-12-22 10:54 - 2009-07-14 13:50 - 000000000 ____D C:\Windows\registration
2017-12-22 10:54 - 2009-07-14 13:50 - 000000000 ____D C:\Windows\inf
2017-12-22 10:30 - 2016-10-28 12:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-12-22 10:30 - 2015-12-04 10:32 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-12-22 10:30 - 2014-10-31 18:29 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-12-22 10:30 - 2014-10-05 06:52 - 000000000 ____D C:\Users\Skinny's\Desktop\Unused
2017-12-22 10:30 - 2014-10-05 06:14 - 000000000 ___RD C:\Users\Skinny's\Desktop\Games to play
2017-12-22 09:56 - 2017-03-10 10:26 - 000003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-12-22 09:55 - 2017-11-18 09:08 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2017-12-22 09:55 - 2017-03-10 10:26 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2017-12-22 09:55 - 2017-03-10 10:26 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-12-22 09:55 - 2017-03-10 10:26 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2017-12-22 09:55 - 2017-03-10 10:26 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2017-12-22 09:55 - 2014-10-05 06:44 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-12-22 09:55 - 2014-10-05 06:44 - 000457400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-12-22 09:55 - 2014-10-05 06:44 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-12-22 09:55 - 2014-10-05 06:44 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-12-22 09:55 - 2014-10-05 06:44 - 000146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-12-22 09:55 - 2014-10-05 06:44 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-12-22 09:55 - 2014-10-05 06:44 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-12-22 09:55 - 2014-10-05 06:44 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-12-22 09:54 - 2015-10-14 12:24 - 000000000 ____D C:\Users\Skinny's\AppData\Local\JollyBear
2017-12-22 09:54 - 2015-10-14 12:24 - 000000000 ____D C:\ProgramData\JollyBear
2017-12-22 09:50 - 2014-12-26 06:45 - 000000000 ____D C:\ProgramData\TEMP
2017-12-20 12:19 - 2017-02-14 11:05 - 000012658 _____ C:\Users\Skinny's\Desktop\Bills.xlsx
2017-12-19 10:41 - 2015-04-08 12:32 - 000000000 ____D C:\Users\Skinny's\AppData\Roaming\Mad Head Games
2017-12-19 10:14 - 2017-10-21 12:04 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-12-15 09:53 - 2017-06-20 19:43 - 000000000 ____D C:\Users\Skinny's\AppData\Local\Oberon Games
2017-12-15 09:51 - 2016-11-14 09:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyRealGames.com
2017-12-10 10:56 - 2017-06-02 09:23 - 000000000 ____D C:\Windows\Minidump
2017-12-10 10:56 - 2014-11-01 10:13 - 000000000 ____D C:\Users\Skinny's\AppData\Local\CrashDumps
2017-12-10 10:45 - 2014-12-08 08:47 - 000000000 ____D C:\Users\Skinny's\AppData\Roaming\ShamanGS
2017-12-10 10:41 - 2015-01-29 13:55 - 000000000 ____D C:\Users\Skinny's\AppData\Roaming\Lazy Turtle Games
2017-12-08 12:24 - 2009-07-14 13:50 - 000000000 ____D C:\Windows\rescache
2017-12-02 07:12 - 2017-06-21 12:23 - 000000000 ____D C:\Users\Skinny's\AppData\Roaming\Mozilla
2017-12-01 13:07 - 2014-10-05 07:00 - 000000000 ____D C:\Program Files\CCleaner
2017-12-01 12:34 - 2015-03-26 12:50 - 000000000 ____D C:\Users\Skinny's\AppData\Roaming\DominiGames
2017-12-01 12:29 - 2014-11-20 07:56 - 000000000 ____D C:\Users\Skinny's\AppData\Roaming\Artifex Mundi
2017-12-01 12:23 - 2017-08-27 10:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gamebra.com
2017-12-01 12:17 - 2017-11-10 11:11 - 000000000 ____D C:\Users\Skinny's\AppData\Roaming\Playrix Entertainment
2017-12-01 12:15 - 2017-08-28 10:28 - 000000000 ____D C:\Users\Skinny's\AppData\Roaming\AMAX Interactive
2017-12-01 12:11 - 2017-09-12 11:33 - 000000000 ____D C:\Users\Skinny's\AppData\Roaming\Blue Tea Games
2017-12-01 12:06 - 2014-11-01 07:51 - 000000000 ____D C:\Users\Skinny's\AppData\Roaming\Eipix
2017-11-30 12:49 - 2016-11-25 12:04 - 000000000 ____D C:\Users\Skinny's\AppData\Roaming\Floodlight Games
2017-11-30 12:49 - 2016-11-25 12:04 - 000000000 ____D C:\ProgramData\Floodlight Games
2017-11-26 11:44 - 2017-10-16 12:26 - 000000000 ____D C:\Users\Skinny's\Desktop\Probably wont play

==================== Files in the root of some directories =======

2015-12-23 08:49 - 2015-12-23 08:49 - 000000017 _____ () C:\Users\Skinny's\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2017-12-11 09:37 - 2017-12-11 09:37 - 000053248 _____ () C:\Users\Skinny's\AppData\Local\Temp\aiw302205.EXE
2017-12-22 09:48 - 2017-12-21 23:56 - 001738936 _____ () C:\Users\Skinny's\AppData\Local\Temp\Bonjour.exe
2017-12-10 10:25 - 2017-12-07 21:09 - 132953650 _____ (RFG) C:\Users\Skinny's\AppData\Local\Temp\HiddenObject.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-10 09:36

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by Skinny's (23-12-2017 17:20:16)
Running from C:\Users\Skinny's\Desktop\Cleaners
Windows 7 Home Premium Service Pack 1 (X64) (2014-10-04 17:59:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1558744967-2584864110-4024010262-500 - Administrator - Disabled)
Guest (S-1-5-21-1558744967-2584864110-4024010262-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1558744967-2584864110-4024010262-1002 - Limited - Enabled)
Skinny's (S-1-5-21-1558744967-2584864110-4024010262-1000 - Administrator - Enabled) => C:\Users\Skinny's

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

100 Percent Hidden Objects (HKLM-x32\...\100 Percent Hidden Objects1.0) (Version: 1.0 - Foxy Games)
20 000 Leagues Under The Sea Captain Nemo (HKLM-x32\...\20 000 Leagues Under The Sea Captain Nemo_is1) (Version: - My Real Games Ltd)
35MM (HKLM-x32\...\35MM_is1) (Version: - )
7-Zip 17.01 beta (x64) (HKLM\...\7-Zip) (Version: 17.01 beta - Igor Pavlov)
Abandoned Cestnut Lodge Asylum (HKLM-x32\...\Abandoned Cestnut Lodge Asylum_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Abe's Exoddus (HKLM-x32\...\GOGPACKABESEXODDUS_is1) (Version: 2.0.0.4 - GOG.com)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{77588F59-3C58-4675-8EEE-998E5BC33CF4}) (Version: 1.4 - Eyeo GmbH)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adventures of Robinson Crusoe (HKLM-x32\...\Adventures of Robinson Crusoe1.0.3.0) (Version: 1.0.3.0 - Adnan_Boy 2008)
Agatha Christie 4 50 from Paddington 1.0 (HKLM-x32\...\Agatha Christie 4 50 from Paddington 1.0) (Version: - )
Agatha Christie Dead Mans Folly (HKLM-x32\...\Agatha Christie Dead Mans Folly_is1) (Version: - My Real Games Ltd)
Agatha Christie Death on the Nile (HKLM-x32\...\Agatha Christie Death on the Nile_is1) (Version: - My Real Games Ltd)
Agatha Christie Peril at End House (HKLM-x32\...\Agatha Christie Peril at End House_is1) (Version: - My Real Games Ltd)
Alice In Wonderland Extended Edition (HKLM-x32\...\Alice In Wonderland Extended Edition_is1) (Version: - My Real Games Ltd)
ALONE IN SPACE (HKLM-x32\...\{EE86B096-68AE-49DE-8B1B-348532}_is1) (Version: - )
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.33 - NVIDIA Corporation) Hidden
Around The World In Eighty Days Extended Edition (HKLM-x32\...\Around The World In Eighty Days Extended Edition_is1) (Version: - My Real Games Ltd)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0010 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)
Badland (HKLM-x32\...\Badland_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
Barn Yarn (HKLM-x32\...\Barn Yarn_is1) (Version: - My Real Games Ltd)
Beyond the Invisible 2 Darkness Came (HKLM-x32\...\Beyond the Invisible 2 Darkness Came) (Version: 2 Darkness Came - gamehouse)
Catch the Witch (HKLM-x32\...\Catch the Witch_is1) (Version: 1.0 - GameTop Pte. Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
Chronicles of Albian (HKLM-x32\...\Chronicles of Albian_is1) (Version: 1.0 - GameTop Pte. Ltd.)
City Style (HKLM-x32\...\City Style_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Classic Adventures The Great Gatsby (HKLM-x32\...\Classic Adventures The Great Gatsby_is1) (Version: - My Real Games Ltd)
Danse Macabre A Lovers Pledge 9.0 (HKLM-x32\...\Danse Macabre A Lovers Pledge 9.0) (Version: 9.0 - bigfishgames)
Dark Romance 7 - The Monster Within Collector's Edition (HKLM-x32\...\Dark Romance 7 - The Monster Within Collector's EditionFinal) (Version: Final - Game-Owl)
Dawn of Hope 2 - Daughter of Thunder Collectors Edition (HKLM-x32\...\Dawn of Hope 2 - Daughter of Thunder Collectors EditionFinal) (Version: Final - Game-Owl)
DeadCore (HKLM-x32\...\DeadCore_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Dream Day True Love (HKLM-x32\...\Dream Day True Love_is1) (Version: - My Real Games Ltd)
Dream Hills (HKLM-x32\...\Dream Hills_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Dream Sleuth (HKLM-x32\...\Dream Sleuth_is1) (Version: 1.0 - Media Contact LLC)
Dreamland (HKLM-x32\...\Dreamland_is1) (Version: - My Real Games Ltd)
Escape From Lost Island (HKLM-x32\...\Escape From Lost Island_is1) (Version: 1.0 - GameTop Pte. Ltd.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Eternity (HKLM-x32\...\Eternity_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - )
Exorcist 2 (HKLM-x32\...\Exorcist 2_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Exorcist 3 Inception of Darkness (HKLM-x32\...\Exorcist 3 Inception of Darkness_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Fall of Gyes (HKLM-x32\...\Fall of Gyes_is1) (Version: 1.0 - GameTop Pte. Ltd.)
FastStone Image Viewer 6.4 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.4 - FastStone Soft)
FBI Paranormal Case (HKLM-x32\...\FBI Paranormal Case_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 9.1.3.5 - Sentelic)
Fresco Logic USB3.0 Host Controller (HKLM\...\{B1E301A1-C2B4-4B0B-AF31-C71F8A53DCDA}) (Version: 3.0.119.1 - Fresco Logic Inc.)
Gardenscapes (HKLM-x32\...\Gardenscapes_is1) (Version: - My Real Games Ltd)
Gardenscapes Mansion Makeover (HKLM-x32\...\Gardenscapes Mansion Makeover_is1) (Version: - My Real Games Ltd)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
Haunted Legends 11 - The Cursed Gift Collector's Edition (HKLM-x32\...\Haunted Legends 11 - The Cursed Gift Collector's EditionFinal) (Version: Final - Game-Owl)
Haunted Legends 6 - The Dark Wishes Collector's Edition (HKLM-x32\...\Haunted Legends 6 - The Dark Wishes Collector's EditionFinal) (Version: Final - Game Owl)
Hexus (HKLM-x32\...\Hexus_is1) (Version: - My Real Games Ltd)
Hidden Files Echoes of JFK (HKLM-x32\...\Hidden Files Echoes of JFK_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Hidden Object Crosswords 2 (HKLM-x32\...\Hidden Object Crosswords 21.1) (Version: 1.1 - Foxy Games)
Hollywood Extended Edition (HKLM-x32\...\Hollywood Extended Edition_is1) (Version: - My Real Games Ltd)
Home Makeover Hidden Object (HKLM-x32\...\Home Makeover Hidden Object_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Hypnosis (HKLM-x32\...\Hypnosis_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Jekyll and Hyde (HKLM-x32\...\Jekyll and Hyde_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Jewel Match Twilight (HKLM-x32\...\Jewel Match Twilight_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Jewel Quest The Sleepless Star (HKLM-x32\...\Jewel Quest The Sleepless Star_is1) (Version: - My Real Games Ltd)
Jigsaw Boom 2 (HKLM-x32\...\Jigsaw Boom 2_is1) (Version: - My Real Games Ltd)
Kidnapped (HKLM-x32\...\{1DE74B0D-769C-4A96-B7BC-C12C459AF688}_is1) (Version: 1.4 - Deceptive Games)
Lara Croft and the Temple of Osiris (HKLM-x32\...\Lara Croft and the Temple of Osiris_is1) (Version: - )
Lost Lagoon (HKLM-x32\...\Lost Lagoon_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Magic Academy 2 (HKLM-x32\...\Magic Academy 2_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Manor Memoirs (HKLM-x32\...\Manor Memoirs_is1) (Version: - My Real Games Ltd)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 3.0.337.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Monstrum (HKLM-x32\...\Monstrum_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mystery Case Files 16 - The Revenants Hunt (CE) (ENG) 1.0 (HKLM-x32\...\Mystery Case Files 16 - The Revenants Hunt (CE) (ENG) 1.0) (Version: 1.0 - bigfishgames)
Mystery of Dragon Prince (HKLM-x32\...\Mystery of Dragon Prince_is1) (Version: 1.0 - GameTop Pte. Ltd.)
NVIDIA Graphics Driver 382.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.33 - NVIDIA Corporation)
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
Oddworld - New 'n' Tasty (HKLM-x32\...\Oddworld - New 'n' Tasty_is1) (Version: - )
Oddworld Stranger's Wrath (HKLM-x32\...\GOGPACKSTRANGERSWRATH_is1) (Version: 2.0.0.11 - GOG.com)
Odysseus Long Way Home (HKLM-x32\...\Odysseus Long Way Home_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF-XChange Editor (HKLM\...\{1493B92D-C138-4096-A720-274A2D612153}) (Version: 5.5.315.0 - Tracker Software Products (Canada) Ltd.)
Questerium (HKLM-x32\...\Questerium_is1) (Version: 1.0 - GameTop Pte. Ltd.)
RAPID Mode (HKLM\...\{34EF1328-6F71-4077-99AA-E44690F42043}) (Version: 1.0.1.81 - Samsung Electronics Co., Ltd.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7324 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Scrabble (HKLM-x32\...\Scrabble1.0) (Version: 1.0 - Foxy Games)
Snark Busters - Welcome to the Club (HKLM-x32\...\Snark Busters - Welcome to the Club_is1) (Version: 1.0 - Gamebra, Inc.)
Solitaire Mystery Four Seasons (HKLM-x32\...\Solitaire Mystery Four Seasons_is1) (Version: 1.0 - GameTop Pte. Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1244 - SUPERAntiSpyware.com)
TAKEN (HKLM-x32\...\{15F98566-FDF5-43C1-8D22-02D708382193}_is1) (Version: 1.0 - Math Nerd Productions, LLC)
Tearstone (HKLM-x32\...\Tearstone_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Tembo The Badass Elephant (HKLM-x32\...\Tembo The Badass Elephant1.1) (Version: 1.1 - Foxy Games)
The Godfather II (HKLM-x32\...\The Godfather II_is1) (Version: - )
The Godfather The Game (HKLM-x32\...\The Godfather The Game_is1) (Version: - )
The Time Machine Trapped in Time (HKLM-x32\...\The Time Machine Trapped in Time_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Three Musketeers Secrets Constances Mission (HKLM-x32\...\Three Musketeers Secrets Constances Mission_is1) (Version: - My Real Games Ltd)
Travel Riddles Trip to France (HKLM-x32\...\Travel Riddles Trip to France_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Treasure Island The Golden Bug Extended Edition (HKLM-x32\...\Treasure Island The Golden Bug Extended Edition_is1) (Version: - My Real Games Ltd)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Whispered Stories Sandman (HKLM-x32\...\Whispered Stories Sandman_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Windows Driver Package - Acronis (vididr) AcronisDevices (09/21/2011 1.1.0.62) (HKLM\...\9782FBD51FFC7983B9B0F23C8929CE54EEA46ED8) (Version: 09/21/2011 1.1.0.62 - Acronis)
Windows Driver Package - AMD (amdkmpfd) System (07/24/2013 13.15.1.0001) (HKLM\...\EF70220A4FF8FBE3EC6338B797A142BC03FACCE7) (Version: 07/24/2013 13.15.1.0001 - AMD)
Windows Driver Package - Intel (MEIx64) System (08/05/2014 10.0.27.1012) (HKLM\...\CADC45E55994710AADB2ADB82843052F67FBD1AF) (Version: 08/05/2014 10.0.27.1012 - Intel)
Windows Driver Package - INTEL USB (01/26/2016 10.1.1.14) (HKLM\...\82E9AB2B5A5465ADC231F970AF49FC0659F15FDE) (Version: 01/26/2016 10.1.1.14 - INTEL)
Windows Driver Package - Intel USB (07/09/2013 9.2.0.1034) (HKLM\...\C73419A103EAB9D14F91A4BE7BC932945DEA93BC) (Version: 07/09/2013 9.2.0.1034 - Intel)
Windows Driver Package - IVT Corporation (Btcsrusb) Bluetooth Device (11/18/2014 6.2.84.273) (HKLM\...\C3D4BA105BCE958607E67B708DED58A841AAC664) (Version: 11/18/2014 6.2.84.273 - IVT Corporation)
Windows Driver Package - NVIDIA (nvvad_WaveExtensible) MEDIA (11/24/2014 1.2.27) (HKLM\...\22A615E5AB2DBC0D1F227E94983E9AE635546658) (Version: 11/24/2014 1.2.27 - NVIDIA)
Windows Driver Package - NVIDIA Corporation (NVHDA) MEDIA (01/09/2015 1.3.33.0) (HKLM\...\72C4B3A214CA41AC3E4568DF86D5E8F16F37F147) (Version: 01/09/2015 1.3.33.0 - NVIDIA Corporation)
Windows Driver Package - Qualcomm Atheros Communications (BTATH_BUS) System (06/24/2014 4.0.0.302) (HKLM\...\F1D0D62AB241DAE33AEEB7B18B58C93AC5EF0960) (Version: 06/24/2014 4.0.0.302 - Qualcomm Atheros Communications)
Windows Driver Package - Qualcomm Atheros Communications Inc. (athr) Net (10/17/2014 10.0.0.302) (HKLM\...\7923F506BAAD7FF53123A78A50D0181557C162A1) (Version: 10/17/2014 10.0.0.302 - Qualcomm Atheros Communications Inc.)
Windows Driver Package - Realtek (RTL8167) Net (11/19/2014 7.091.1119.2014) (HKLM\...\82F4F81F9DF251F9CFF1B9A608A3464B45596746) (Version: 11/19/2014 7.091.1119.2014 - Realtek)
Windows Driver Package - Realtek Semiconduct Corp. (RTSUER) USB (12/08/2014 6.3.9600.31207) (HKLM\...\9A2F8207F23EBEB5E8EC1382260E90CFB3658951) (Version: 12/08/2014 6.3.9600.31207 - Realtek Semiconduct Corp.)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (08/19/2014 6.0.1.7324) (HKLM\...\829273D9CB4020F4AD997377D953B418923AAF90) (Version: 08/19/2014 6.0.1.7324 - Realtek Semiconductor Corp.)
Windows Driver Package - Sentelic (fspad_win764) Mouse (02/27/2013 9.4.3.7) (HKLM\...\654C32ED71EE0DEDB4E1A0C7E8CD0BFED0A3E015) (Version: 02/27/2013 9.4.3.7 - Sentelic)
Witchs Pranks Frogs Fortune (HKLM-x32\...\Witchs Pranks Frogs Fortune_is1) (Version: - My Real Games Ltd)
Xpadder version 5.7 (HKLM-x32\...\{0DCE54A9-7256-4132-9D4E-1A64AE35E9B1}_is1) (Version: 5.7 - Xpadder, Inc.)
Yeti Legend - Mystery of the forest (HKLM-x32\...\Yeti Legend - Mystery of the forest_is1) (Version: 1.0 - Gamebra, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-22] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-22] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-22] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-22] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-05-18] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-22] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-30] (VS Revo Group)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {152E07AB-CA13-4136-B3A5-E7B639C025E3} - System32\Tasks\{DB885B0C-7E4B-45A0-8E0F-6C411231FA94} => D:\Game files\Jigsaw Boom\wrapgame.exe
Task: {1610A895-1C46-4D18-92C3-FCA067BF50B1} - System32\Tasks\Live Update => C:\Users\Skinny's\AppData\Roaming\crss.exe <==== ATTENTION
Task: {2C59C7F5-885A-4CAC-ACBC-002F85BC27C9} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-09] (Piriform Ltd)
Task: {332AE2E1-6CAA-4ABB-AB95-F72B5E3B34F7} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2017-06-13] (Microsoft)
Task: {39EBB1C4-15E8-4BCE-930C-3480D89AB173} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-12-22] (AVAST Software)
Task: {3AFBC54D-C49C-41E3-B5D1-4C342AF6F87A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {4546EBD0-3B9F-4DE6-883E-A282B9BA572D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {6B70E3CB-FF28-4512-9B33-26DE5395E275} - \GoogleUpdateTaskClient -> No File <==== ATTENTION
Task: {79DC1C6E-C0D9-4E7B-A4CC-4FEE6B80144D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {825667A3-F644-4BF1-9CA7-3F9B5696C405} - System32\Tasks\SafeZone scheduled Autoupdate 1461192282 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {91815022-4A2A-467E-A369-1977F2B8D072} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {92B9C3F7-8C11-41CD-862D-1854D13060E2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-08-09] (Adobe Systems Incorporated)
Task: {94898C22-A364-4A31-9EC5-3CDB212D53EF} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2017-06-13] (Microsoft Corporation)
Task: {A2E3D0A1-6FCE-4C6E-B1C9-684EA1BE7EBB} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {A59A8F65-9544-49AF-A03A-87B432A58CB9} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2017-12-08] (AVAST Software)
Task: {AB7C2913-2FCB-43A0-8FA7-8C61E77D2E8E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-09] (Piriform Ltd)
Task: {ABA96A53-1E96-4391-B20A-04547D32142D} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2017-06-13] (Microsoft Corporation)
Task: {AC284C4F-A46F-49C8-976F-F378D98F2EC5} - System32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ceip.exe [2017-06-13] (Microsoft)
Task: {AE123FB3-5A24-4092-A4A4-D4AF23567320} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2000-01-01] (Realtek Semiconductor)
Task: {BED9B77D-4E6B-4611-A13E-EA23933433D8} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2017-06-13] (Microsoft Corporation)
Task: {C361BDEB-A865-465D-A54D-A197D44404DE} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2017-06-13] (Microsoft Corporation)
Task: {F7F00F23-AEA9-4D6C-83EB-1729D944D7CC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {FE140AE1-E8F5-410F-8A7D-7EA1326B8B83} - \GoogleUpdate -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Skinny's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hidden Object Crosswords 2\Hidden Object Crosswords 2.lnk -> D:\Game files\in search of lost temple\ho crosswords\Start_Game.bat ()

==================== Loaded Modules (Whitelisted) ==============

2017-12-22 09:55 - 2017-12-22 09:55 - 000067920 _____ () c:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-12-22 09:55 - 2017-12-22 09:55 - 000067984 _____ () C:\Program Files\AVAST Software\Avast\x64\dll_loader.dll
2017-12-22 09:55 - 2017-12-22 09:55 - 000236840 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-12-22 09:55 - 2017-12-22 09:55 - 000902824 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-12-22 09:55 - 2017-12-22 09:55 - 000349568 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2017-12-22 09:55 - 2017-12-22 09:55 - 000058016 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-12-22 09:55 - 2017-12-22 09:55 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll
2017-12-22 09:55 - 2017-12-22 09:55 - 000206152 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-12-22 09:55 - 2017-12-22 09:55 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-12-22 09:55 - 2017-12-22 09:55 - 000196248 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2017-12-23 09:56 - 2017-12-23 09:56 - 005767312 _____ () C:\Program Files\AVAST Software\Avast\defs\17122204\algo.dll
2017-12-22 09:55 - 2017-12-22 09:55 - 000745408 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-12-22 09:55 - 2017-12-22 09:55 - 000148936 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2017-12-22 09:55 - 2017-12-22 09:55 - 000293944 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-06-30 11:38 - 2017-06-30 11:38 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-12-22 09:55 - 2017-12-22 09:55 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:1D476AA6 [125]
AlternateDataStreams: C:\ProgramData\TEMP:268A5068 [127]
AlternateDataStreams: C:\ProgramData\TEMP:28BEC2EC [115]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:3FD496E1 [110]
AlternateDataStreams: C:\ProgramData\TEMP:57B2B96C [124]
AlternateDataStreams: C:\ProgramData\TEMP:5D351BC6 [94]
AlternateDataStreams: C:\ProgramData\TEMP:61B54B15 [260]
AlternateDataStreams: C:\ProgramData\TEMP:7B9BB187 [146]
AlternateDataStreams: C:\ProgramData\TEMP:970D6D3A [118]
AlternateDataStreams: C:\ProgramData\TEMP:A5584049 [114]
AlternateDataStreams: C:\ProgramData\TEMP:B0456F0C [128]
AlternateDataStreams: C:\ProgramData\TEMP:B36361EE [118]
AlternateDataStreams: C:\ProgramData\TEMP:B9C6EB6C [330]
AlternateDataStreams: C:\ProgramData\TEMP:C63BE5D0 [135]
AlternateDataStreams: C:\ProgramData\TEMP:EBCF5924 [286]
AlternateDataStreams: C:\ProgramData\TEMP:F08ADFA2 [131]
AlternateDataStreams: C:\ProgramData\TEMP:F9E10A82 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\38445859.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\38445859.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 13:04 - 2014-10-31 18:42 - 000000861 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 activation.acronis.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1558744967-2584864110-4024010262-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Skinny's\AppData\Roaming\FastStone\FSIV\FSViewerWallPaper.bmp
DNS Servers: 10.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\startupfolder: C:^Users^Skinny's^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Magician.lnk => C:\Windows\pss\Samsung Magician.lnk.Startup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: FLxHCIm => "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
MSCONFIG\startupreg: fspuip => %ProgramFiles%\FSP\fspuip.exe
MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SamsungRapidApp => C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Startdn => "C:\Users\Skinny's\AppData\Local\Startdn.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{0D634000-9DC6-4127-9508-570042D54DA6}D:\game files\taken\taken\taken_bp\binaries\win64\taken_bp.exe] => (Allow) D:\game files\taken\taken\taken_bp\binaries\win64\taken_bp.exe
FirewallRules: [UDP Query User{B7F51FF4-E9E1-4475-A67E-1DC5D08CDD8F}D:\game files\taken\taken\taken_bp\binaries\win64\taken_bp.exe] => (Allow) D:\game files\taken\taken\taken_bp\binaries\win64\taken_bp.exe
FirewallRules: [{2117E232-66D1-41C5-B336-6072038D15EE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C53EA1AF-AC2A-4060-BC12-A958F6BA572D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5CAAB7EB-EC25-413B-A387-ED0B9F55D2F8}D:\game files\abe\oddworld - new 'n' tasty\nnt.exe] => (Allow) D:\game files\abe\oddworld - new 'n' tasty\nnt.exe
FirewallRules: [UDP Query User{A35E261F-C437-4C70-9AF3-8C3E20DD2774}D:\game files\abe\oddworld - new 'n' tasty\nnt.exe] => (Allow) D:\game files\abe\oddworld - new 'n' tasty\nnt.exe
FirewallRules: [{43FC218A-0953-4B5A-BDEB-CE7FBC8F3BF6}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{2D4865CF-539E-4B8F-971F-8BE442437402}] => (Block) D:\Game files\jewel quest sleepless star\Jewel Quest The Sleepless Star\engine.exe
FirewallRules: [{66DFA56C-C73E-4777-A307-6235FAC1AC0A}] => (Block) D:\Game files\jewel quest sleepless star\Jewel Quest The Sleepless Star\engine.exe
FirewallRules: [{41710F70-8755-47FE-AB99-D4F0CBBA4D3D}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe

==================== Restore Points =========================

10-12-2017 10:36:03 Revo Uninstaller Pro's restore point - A Plot Story
10-12-2017 10:37:54 Revo Uninstaller Pro's restore point - Atlantis Mysteries Of Ancient Inventors
10-12-2017 10:39:13 Revo Uninstaller Pro's restore point - Dark Chronicles The Soul Reaver
10-12-2017 10:41:17 Revo Uninstaller Pro's restore point - Dominic Crane
10-12-2017 10:42:55 Revo Uninstaller Pro's restore point - Dream Day Wedding Viva Las Vegas
10-12-2017 10:44:13 Revo Uninstaller Pro's restore point - Dream Walker
10-12-2017 10:45:31 Revo Uninstaller Pro's restore point - James Patterson Womens Murder Club Little Black Lies
10-12-2017 10:46:50 Revo Uninstaller Pro's restore point - Mountain Crime
10-12-2017 10:47:57 Revo Uninstaller Pro's restore point - Portal - Version 1.0
10-12-2017 10:51:52 Revo Uninstaller Pro's restore point - Secret Empires Of The Ancient World
10-12-2017 10:53:22 Revo Uninstaller Pro's restore point - Showing Tonight Mindhunters Incident
10-12-2017 10:54:38 Revo Uninstaller Pro's restore point - Simajo
15-12-2017 09:50:55 Revo Uninstaller Pro's restore point - Dream Day Wedding Married in Manhattan
22-12-2017 09:52:14 Revo Uninstaller Pro's restore point - Big City Adventure - New York
22-12-2017 09:53:04 Revo Uninstaller Pro's restore point - Big City Adventure - Rio de Janeiro
22-12-2017 09:53:55 Revo Uninstaller Pro's restore point - Big City Adventure - Sydney Australia
22-12-2017 10:19:39 JRT Pre-Junkware Removal
22-12-2017 10:26:21 Restore Operation
22-12-2017 12:23:27 Revo Uninstaller Pro's restore point - Laura Jones and the Gates of Good and Evil
22-12-2017 12:24:43 Revo Uninstaller Pro's restore point - Lost Lands 5 - Ice Spell Collector's Edition

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/23/2017 05:14:23 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (12/23/2017 05:14:23 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (12/23/2017 05:12:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (12/23/2017 05:12:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (12/23/2017 10:01:49 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (12/23/2017 10:01:49 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (12/22/2017 12:26:46 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (12/22/2017 12:26:46 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (12/22/2017 12:23:26 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {fc3ca4ba-283f-4b76-b7fd-0ccdd4158085}

Error: (12/22/2017 12:17:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.


System errors:
=============
Error: (12/23/2017 05:10:20 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (12/23/2017 05:10:20 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (12/23/2017 05:10:19 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/23/2017 05:10:14 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/23/2017 05:10:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswArPot
aswbidsdriver
aswbidsh
aswblog
aswbuniv
aswHdsKe
aswRvrt
aswSnx
aswSP
aswVmm
ATKWMIACPIIO
discache
SASDIFSV
SASKUTIL
spldr
Wanarpv6

Error: (12/22/2017 12:11:12 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (12/22/2017 12:11:11 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (12/22/2017 12:11:10 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/22/2017 12:11:05 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/22/2017 12:11:04 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswArPot
aswbidsdriver
aswbidsh
aswblog
aswbuniv
aswHdsKe
aswRvrt
aswSnx
aswSP
aswVmm
ATKWMIACPIIO
discache
ESProtectionDriver
SASDIFSV
SASKUTIL
spldr
Wanarpv6


==================== Memory info ===========================

Processor: Intel® Core™ i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 15%
Total physical RAM: 16361.16 MB
Available physical RAM: 13839.3 MB
Total Virtual: 32720.5 MB
Available Virtual: 30255.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:142.88 GB) NTFS
Drive d: () (Fixed) (Total:673.64 GB) (Free:585.53 GB) NTFS
Drive e: () (Removable) (Total:7.2 GB) (Free:7.18 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 85C661B2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: AA9693FE)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=673.6 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 7.2 GB) (Disk ID: 2DDCEF28)
Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0B)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 23 December 2017 - 08:49 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:45 PM

Posted 23 December 2017 - 08:49 AM

Greetings lffoar and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:45 PM

Posted 23 December 2017 - 05:51 PM

Greetings,

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall Acronis and any other products for which you do not have a valid Product Key, including all "cracked" software. If you are willing to do that please rerun a FRST scan after removal and copy/paste both reports in your reply. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

If you decide to remove the program(s) please run this after removal.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CKScanner report
  • FRST report
  • Addition report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 lffoar

lffoar
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Adelaide South Australia
  • Local time:08:15 AM

Posted 23 December 2017 - 08:56 PM

Hi Gary,

The computer I have this problem with is my laptop which I never use and my grand-daughter uses primarily for games. Kids being kids, she has downloaded "cracked" games and programs 

and only runs to me when there is a stuff up....like now!  I could find no "Acronis" file/program in the computer and as I don't really know what/which/any illegal stuff she has been into, I'm going to format the system and re-install. Thanks for your assistance, it is appreciated.

Bob



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:45 PM

Posted 23 December 2017 - 09:53 PM

Hi Bob.

That is probably a wise idea since there are quite a number of suspect entries.

Thanks for letting me know.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users