Jump to content

Need help removing SweetPacks & OptimizerPro1


Recommended Posts

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Let me see those logs...

 

Kevin

Link to post
Share on other sites

Kevin, many thanks for the response. Here are the results:

 

 

# AdwCleaner v3.010 - Report created 29/10/2013 at 19:44:26
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Phillip - PHILLIP-HP
# Running from : C:\Users\Phillip\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : vToolbarUpdater17.0.12

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Windows\SysWOW64\WNLT
Folder Deleted : C:\Users\Phillip\AppData\Local\Conduit
Folder Deleted : C:\Users\Phillip\AppData\Local\Temp\CT3314312
Folder Deleted : C:\Users\Phillip\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Phillip\AppData\Roaming\DSite
Folder Deleted : C:\Users\Phillip\Documents\optimizer pro
Folder Deleted : C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\me2iaaij.default\Smartbar
Folder Deleted : C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\me2iaaij.default\CT3314312
Folder Deleted : C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\me2iaaij.default\Extensions\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4}
Folder Deleted : C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\END
File Deleted : C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\me2iaaij.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\me2iaaij.default\searchplugins\MyStart Search.xml
File Deleted : C:\Windows\Tasks\DSite.job
File Deleted : C:\Windows\System32\Tasks\DSite

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3314312
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_eibleipkbineaadpnemmalkahodjhdbd]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\me2iaaij.default\prefs.js ]

Line Deleted : user_pref("CT3314312.ConnectTB_activeApp", "%EF%F4%F9%FA%E7%ED%F8%E7%F3");
Line Deleted : user_pref("CT3314312.ConnectTB_activeApp.enc", "aW5zdGFncmFt");
Line Deleted : user_pref("CT3314312.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3314312.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3314312.FF19Solved", "true");
Line Deleted : user_pref("CT3314312.FirstTime", "true");
Line Deleted : user_pref("CT3314312.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3314312.LAST_CLIENT_STATS_SUBMIT_2.enc", "MTM4MzA4NTI1MQ==");
Line Deleted : user_pref("CT3314312.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc", "MTM4MzA4NTI2NQ==");
Line Deleted : user_pref("CT3314312.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "OA==");
Line Deleted : user_pref("CT3314312.LOCAL_COOKIE_STATS_STATS_SITE_NOT_SUPPORTED.enc", "OQ==");
Line Deleted : user_pref("CT3314312.LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MQ==");
Line Deleted : user_pref("CT3314312.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MTM4MzA4NzE5MA==");
Line Deleted : user_pref("CT3314312.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_NOT_SUPPORTED.enc", "MTM4MzA4NzE0NA==");
Line Deleted : user_pref("CT3314312.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MTM4MzA4NTkyNw==");



Line Deleted : user_pref("CT3314312.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3314312.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3314312.SF_STATUS.enc", "RU5BQkxFRA==");
Line Deleted : user_pref("CT3314312.SF_USER_ID.enc", "Y2lkXzI5MTAyMDEzMTgyMDUwMzc3NjM0MA==");

Line Deleted : user_pref("CT3314312.UserID", "UN23336337562316130");
Line Deleted : user_pref("CT3314312.acp_personal.appstate.enc", "ZW5hYmxl");
Line Deleted : user_pref("CT3314312.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3314312.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3314312.cb_experience_000.enc", "MTA=");
Line Deleted : user_pref("CT3314312.cb_firstuse0100.enc", "MQ==");
Line Deleted : user_pref("CT3314312.cb_user_id_000.enc", "Q0I5NDQ4MzA1MzY2MThfMTM4MzA4NzAyMDc3OF9GaXJlZm94");
Line Deleted : user_pref("CT3314312.cbfirsttime.enc", "VHVlIE9jdCAyOSAyMDEzIDE4OjIwOjUwIEdNVC0wNDAwIChFYXN0ZXJuIFN0YW5kYXJkIFRpbWUp");
Line Deleted : user_pref("CT3314312.countryCode", "US");
Line Deleted : user_pref("CT3314312.defaultSearch", "true");
Line Deleted : user_pref("CT3314312.discover-experiments-photopop.enc", "eyJuYW1lIjoicGhvdG9wb3BfbmEiLCJ2ZXJzaW9uIjoxMH0=");
Line Deleted : user_pref("CT3314312.discover-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzgzMDg1OTE2NzU1LDE0NDAwMDAwXX0=");
Line Deleted : user_pref("CT3314312.discover-user-id.enc", "IjI3NDU2MzFjLTRkMGMtNDlkMS04NjRkLWJlZjA4Mjg5MWJiMiI=");
Line Deleted : user_pref("CT3314312.embeddedsData", "[{\"appId\":\"130232788306295517\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3314312.enableAlerts", "true");
Line Deleted : user_pref("CT3314312.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3314312.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3314312.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3314312.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3314312.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3314312.fullUserID", "UN23336337562316130.IN.20131029180917");
Line Deleted : user_pref("CT3314312.ground-country-code.enc", "IlVTIg==");
Line Deleted : user_pref("CT3314312.impression_counter.enc", "NA==");
Line Deleted : user_pref("CT3314312.impression_session_counter.enc", "MA==");
Line Deleted : user_pref("CT3314312.impression_session_id.enc", "IjdlMjAxNThmLWI5ODAtNGM0ZC1iNWYwLTNjYTcwZjIxNzBhOSI=");
Line Deleted : user_pref("CT3314312.impression_session_last_active.enc", "MTM4MzA4NzE4MTQzMA==");
Line Deleted : user_pref("CT3314312.installDate", "29/10/2013 18:09:26");
Line Deleted : user_pref("CT3314312.installId", "cid118");
Line Deleted : user_pref("CT3314312.installSessionId", "{51E2A171-4CE7-4867-AC52-BEA21FA23C7D}");
Line Deleted : user_pref("CT3314312.installSp", "TRUE");
Line Deleted : user_pref("CT3314312.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3314312.installUsage", "2013-10-30T01:14:22.9646196+03:00");
Line Deleted : user_pref("CT3314312.installUsageEarly", "2013-10-30T01:14:04.8682716+03:00");
Line Deleted : user_pref("CT3314312.installerVersion", "1.8.0.14");
Line Deleted : user_pref("CT3314312.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3314312.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3314312.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3314312.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3314312.keyword", "true");

Line Deleted : user_pref("CT3314312.lastVersion", "10.21.1.7");
Line Deleted : user_pref("CT3314312.mam_gk_appStateReportTime.enc", "MTM4MzA4NDg4ODIxNg==");
Line Deleted : user_pref("CT3314312.mam_gk_appState_ACplus.enc", "b24=");
Line Deleted : user_pref("CT3314312.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3314312.mam_gk_appState_Discover.enc", "b24=");
Line Deleted : user_pref("CT3314312.mam_gk_appState_Easytobook.enc", "b24=");
Line Deleted : user_pref("CT3314312.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Deleted : user_pref("CT3314312.mam_gk_appState_Find-a-Pro.enc", "b24=");
Line Deleted : user_pref("CT3314312.mam_gk_appState_Piclicktestnew.enc", "b24=");
Line Deleted : user_pref("CT3314312.mam_gk_appState_PriceGong.enc", "b24=");
Line Deleted : user_pref("CT3314312.mam_gk_appState_WindowShopper.enc", "b24=");
Line Deleted : user_pref("CT3314312.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlBpY2xpY2t0ZXN0bmV3IiwidXJsIjoiaHR0cDovL2xhYnMuYXBwcy5zZWFyY2guY29uZHVpdC5jb20vc2VhcmNoaW1hZ2VzYXBwcy9waWNsaWNrL2luamVjdC8zLz9zZWFyY2hU[...]
Line Deleted : user_pref("CT3314312.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3314312.mam_gk_calledSetupService.enc", "MQ==");
Line Deleted : user_pref("CT3314312.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkRpc2NvdmVyIiwiY3JpdGVyaWFzIjpbeyJjcml0ZXJpYUlkIjoiZWJhOWQ5NWMtNTQ1ZS00YmUzLTliODctZTI3YmFkYTc2NmE1IiwiZG9tYWlucyI6WyI[...]
Line Deleted : user_pref("CT3314312.mam_gk_currentVersion.enc", "MS4xMC40LjA=");
Line Deleted : user_pref("CT3314312.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Deleted : user_pref("CT3314312.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3314312.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3314312.mam_gk_lastLoginTime.enc", "MTM4MzA4NDg4NDU3Ng==");
Line Deleted : user_pref("CT3314312.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Deleted : user_pref("CT3314312.mam_gk_mamEnabled.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3314312.mam_gk_new_welcome_experience.enc", "MQ==");
Line Deleted : user_pref("CT3314312.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3314312.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzEwMzAiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjE1N18xIiwiaXNUZXN0Ijp0cnVlLCJVc2VyQ291bnRy[...]
Line Deleted : user_pref("CT3314312.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3314312.mam_gk_userId.enc", "MGQ1MTNlZDktMWViMC00NjAyLWEwNzAtODE0NzAxNWI5ZWI5");
Line Deleted : user_pref("CT3314312.mam_gk_user_approval_interacted.enc", "MQ==");
Line Deleted : user_pref("CT3314312.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Deleted : user_pref("CT3314312.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"Removing BCool, Sweet Packs & OptimizerPro1\",\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fmail.google.com%2Fmail%2Fu%2F0%2F%3Fshva%3D1%23i[...]
Line Deleted : user_pref("CT3314312.openThankYouPage", "false");
Line Deleted : user_pref("CT3314312.openUninstallPage", "true");

Line Deleted : user_pref("CT3314312.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3314312.originalSearchEngine", "");
Line Deleted : user_pref("CT3314312.originalSearchEngineName", "");
Line Deleted : user_pref("CT3314312.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3314312.rematchagent-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzgzMDg1OTE2NDAyLDE0NDAwMDAwXX0=");
Line Deleted : user_pref("CT3314312.rematchagent-user-id.enc", "IjMxNWNhZjIzLTUwYjAtNGI5NC05ZjIzLWMyZjNmZDUzYWNiNCI=");
Line Deleted : user_pref("CT3314312.response_cache.enc", "eyJjaGFubmVsIjp7ImxpbmsiOiJodHRwOi8vZG93bmxvYWQuY25ldC5jb20vTWFsd2FyZWJ5dGVzLUFudGktTWFsd2FyZS8zMDAxLTgwMjJfNC0xMDgwNDU3Mi5odG1sP3NwaT03NmZmZDZmYzUxODhmNTE1M[...]
Line Deleted : user_pref("CT3314312.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3314312.search.searchAppId", "130232788306295517");
Line Deleted : user_pref("CT3314312.search.searchCount", "0");
Line Deleted : user_pref("CT3314312.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3314312.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3314312.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3314312.searchRevert", "false");
Line Deleted : user_pref("CT3314312.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3314312.searchUserMode", "2");
Line Deleted : user_pref("CT3314312.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3314312.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3314312.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3314312.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3314312\"}");

Line Deleted : user_pref("CT3314312.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"SweetPacks A5 \"}");
Line Deleted : user_pref("CT3314312.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3314312.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3314312.serviceLayer_services_Configuration_lastUpdate", "1383084849023");
Line Deleted : user_pref("CT3314312.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1383084855244");
Line Deleted : user_pref("CT3314312.serviceLayer_services_appsMetadata_lastUpdate", "1383084852635");
Line Deleted : user_pref("CT3314312.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1383084852656");
Line Deleted : user_pref("CT3314312.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1383084849287");
Line Deleted : user_pref("CT3314312.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1383084869815");
Line Deleted : user_pref("CT3314312.serviceLayer_services_login_10.21.1.7_lastUpdate", "1383084869821");
Line Deleted : user_pref("CT3314312.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1383084852141");
Line Deleted : user_pref("CT3314312.serviceLayer_services_searchAPI_lastUpdate", "1383084848589");
Line Deleted : user_pref("CT3314312.serviceLayer_services_serviceMap_lastUpdate", "1383084846954");
Line Deleted : user_pref("CT3314312.serviceLayer_services_toolbarContextMenu_lastUpdate", "1383084853111");
Line Deleted : user_pref("CT3314312.serviceLayer_services_toolbarSettings_lastUpdate", "1383084848775");
Line Deleted : user_pref("CT3314312.serviceLayer_services_translation_lastUpdate", "1383084852570");
Line Deleted : user_pref("CT3314312.settingsINI", true);
Line Deleted : user_pref("CT3314312.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3314312.showToolbarPermission", "false");
Line Deleted : user_pref("CT3314312.smartbar.CTID", "CT3314312");
Line Deleted : user_pref("CT3314312.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3314312.smartbar.homepage", "true");
Line Deleted : user_pref("CT3314312.smartbar.toolbarName", "SweetPacks A5 ");
Line Deleted : user_pref("CT3314312.startPage", "true");
Line Deleted : user_pref("CT3314312.toolbarBornServerTime", "30-10-2013");
Line Deleted : user_pref("CT3314312.toolbarCurrentServerTime", "30-10-2013");
Line Deleted : user_pref("CT3314312.toolbarInstallDate", "29-10-2013 18:09:18");
Line Deleted : user_pref("CT3314312.toolbarLoginClientTime", "Tue Oct 29 2013 18:14:29 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3314312.url_history0001.enc", "aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo6OmNsaWNraGFuZGxlcjo6OjEzODMwODc3MDc2OTcsLCxodHRwczovL3d3dy5nb29nbGUuY29tOjo6Y2xpY2toYW5kbGVyOjo6MTM4MzA4NzcwNzkyMywsLGh0dHBz[...]
Line Deleted : user_pref("CT3314312.versionFromInstaller", "10.21.1.7");
Line Deleted : user_pref("CT3314312.xpeMode", "0");
Line Deleted : user_pref("CT3314312_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1383085701269,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "SweetPacks A5 Customized Web Search");

Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3314312");
Line Deleted : user_pref("browser.search.defaultenginename", "SweetPacks A5 Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "SweetPacks A5 Customized Web Search");

Line Deleted : user_pref("browser.search.selectedEngine", "SweetPacks A5 Customized Web Search");

Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3314312");


Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3314312");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3314312");
Line Deleted : user_pref("smartbar.machineId", "BOASVSLE36FI8POKIORBI81YF4DM+UU6WZEKK0ZLUAJIYI9W6CHXLCNA4TUWFQNXONCT/X8AGUHBGOS69HKFEW");


-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [26356 octets] - [29/10/2013 19:40:59]
AdwCleaner[s0].txt - [25837 octets] - [29/10/2013 19:44:26]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [25898 octets] ##########

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-10-2013
Ran by Phillip (administrator) on PHILLIP-HP on 29-10-2013 19:57:22
Running from C:\Users\Phillip\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
() C:\Windows\Installer\MSIF0D7.tmp
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-11] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
HKLM\...\Run: [setDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Phillip\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-09-08] (Google Inc.)
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [HPQuickWebProxy] - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4767304 2013-03-06] (AVAST Software)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
AppInit_DLLs:   [97280 2009-07-13] ()
AppInit_DLLs-x32:   [ ] ()
Startup: C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM - {556BF556-456C-4870-8E7F-10D242D9C4CF} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {556BF556-456C-4870-8E7F-10D242D9C4CF} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {2320E327-83D4-4CCB-B437-3F5C9557A36B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3314312&CUI=UN32040192322543119&UM=2
SearchScopes: HKCU - {556BF556-456C-4870-8E7F-10D242D9C4CF} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 66.44.205.4 66.44.213.60

FireFox:
========
FF ProfilePath: C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\me2iaaij.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Phillip\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Phillip\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\me2iaaij.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: SweetPacks A5  - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\me2iaaij.default\Extensions\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4}
FF Extension: pinterest - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\me2iaaij.default\Extensions\pinterest@robertnyman.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [linksicle@linksicle.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com

Chrome:
=======

CHR RestoreOnStartup:         "urls_to_restore_on_startup": [
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\6.0.2_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (New Tab) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4_0
CHR Extension: (YouTube) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (avast! WebRep) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\Phillip\AppData\Local\newhb2.crx
CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\Phillip\AppData\Local\newhb2.crx
CHR HKLM-x32\...\Chrome\Extension: [eibleipkbineaadpnemmalkahodjhdbd] - C:\Users\Phillip\AppData\Local\CRE\eibleipkbineaadpnemmalkahodjhdbd.crx
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248 2013-03-06] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [136912 2013-03-06] (AVAST Software)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-11-01] (Intel Corporation)
R2 Level Quality Watcher; C:\Windows\Installer\MSIF0D7.tmp [507912 2013-10-29] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-03-06] (AVAST Software)
R1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [127136 2013-03-06] (AVAST Software)
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-03-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-03-06] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2013-02-18] (ALWIL Software)
R0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [263096 2013-03-06] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [70992 2013-03-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-03-06] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025808 2013-03-06] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [377920 2013-03-06] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [68920 2013-03-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178624 2013-03-06] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-02] (AVG Technologies)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S1 lsnfd; system32\drivers\lsnfd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-29 19:57 - 2013-10-29 19:57 - 00000000 ____D C:\FRST
2013-10-29 19:55 - 2013-10-29 19:55 - 01956538 _____ (Farbar) C:\Users\Phillip\Downloads\FRST64.exe
2013-10-29 19:52 - 2013-10-29 19:52 - 01089183 _____ (Farbar) C:\Users\Phillip\Downloads\FRST.exe
2013-10-29 19:51 - 2013-10-29 19:51 - 00026011 _____ C:\Users\Phillip\Documents\AdwCleaner[s0].txt
2013-10-29 19:40 - 2013-10-29 19:45 - 00000000 ____D C:\AdwCleaner
2013-10-29 19:39 - 2013-10-29 19:39 - 01060070 _____ C:\Users\Phillip\Downloads\AdwCleaner.exe
2013-10-29 18:54 - 2013-10-29 18:54 - 00000000 ____D C:\Users\Phillip\AppData\Roaming\Malwarebytes
2013-10-29 18:52 - 2013-10-29 18:52 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-29 18:52 - 2013-10-29 18:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-29 18:52 - 2013-10-29 18:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-29 18:52 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-29 18:50 - 2013-10-29 18:50 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Phillip\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-29 18:26 - 2013-10-29 18:26 - 00000000 ____D C:\Users\Phillip\AppData\Local\BrowserSafeguard
2013-10-29 18:12 - 2013-10-29 18:12 - 00000000 ____D C:\Program Files (x86)\Level Quality Watcher
2013-10-29 18:10 - 2013-10-29 18:10 - 00000000 ____D C:\Users\Phillip\AppData\Local\NativeMessaging
2013-10-29 18:10 - 2013-10-29 18:10 - 00000000 ____D C:\Users\Phillip\AppData\Local\CRE
2013-10-29 18:01 - 2013-10-29 18:01 - 01888040 _____ (Express Install       ) C:\Users\Phillip\Downloads\Setup.exe
2013-10-24 03:08 - 2013-10-24 03:08 - 00361117 _____ C:\Users\Phillip\AppData\Local\newhb2.crx
2013-10-21 08:21 - 2013-09-22 19:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-21 08:21 - 2013-09-22 18:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-21 08:21 - 2013-09-20 23:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-21 08:21 - 2013-09-20 23:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-21 08:20 - 2013-09-22 19:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-21 08:20 - 2013-09-22 19:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-21 08:20 - 2013-09-22 19:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-21 08:20 - 2013-09-22 19:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-21 08:20 - 2013-09-22 19:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-21 08:20 - 2013-09-22 19:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-21 08:20 - 2013-09-22 19:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-21 08:20 - 2013-09-22 19:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-21 08:20 - 2013-09-22 19:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-21 08:20 - 2013-09-22 19:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-21 08:20 - 2013-09-22 19:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-21 08:20 - 2013-09-22 19:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-21 08:20 - 2013-09-22 18:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-21 08:20 - 2013-09-22 18:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-21 08:20 - 2013-09-22 18:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-21 08:20 - 2013-09-22 18:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-21 08:20 - 2013-09-22 18:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-21 08:20 - 2013-09-22 18:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-21 08:20 - 2013-09-22 18:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-21 08:20 - 2013-09-22 18:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-21 08:20 - 2013-09-22 18:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-21 08:20 - 2013-09-22 18:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-21 08:20 - 2013-09-22 18:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-21 08:20 - 2013-09-22 18:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-21 08:20 - 2013-09-22 18:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-21 08:20 - 2013-09-20 22:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-21 08:20 - 2013-09-20 22:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-11 16:15 - 2013-10-11 16:15 - 00001931 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-10-11 16:14 - 2013-10-11 16:14 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-09 13:28 - 2013-07-04 08:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 13:28 - 2013-07-04 07:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 13:28 - 2013-06-06 01:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 13:28 - 2013-06-06 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 13:28 - 2013-06-06 00:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 13:28 - 2013-06-05 23:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 13:28 - 2013-06-05 23:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 13:27 - 2013-09-13 21:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 13:27 - 2013-09-07 22:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 13:27 - 2013-09-07 22:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 13:27 - 2013-09-07 22:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 13:27 - 2013-08-28 22:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 13:27 - 2013-08-28 22:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 13:27 - 2013-08-28 22:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 13:27 - 2013-08-28 22:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 13:27 - 2013-08-28 22:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 13:27 - 2013-08-28 21:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 13:27 - 2013-08-28 21:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 13:27 - 2013-08-28 21:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 13:27 - 2013-08-28 21:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 13:27 - 2013-08-28 21:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 13:27 - 2013-08-28 21:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 13:27 - 2013-08-28 20:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 13:27 - 2013-08-28 20:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 13:27 - 2013-08-28 20:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 13:27 - 2013-08-28 20:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 13:27 - 2013-08-27 21:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 13:27 - 2013-07-20 06:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 13:27 - 2013-07-12 06:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 13:27 - 2013-07-12 06:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 13:27 - 2013-07-04 08:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 13:27 - 2013-07-04 08:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 13:27 - 2013-07-04 07:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 13:27 - 2013-07-04 07:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 13:27 - 2013-07-04 06:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 13:27 - 2013-07-03 00:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 13:27 - 2013-07-03 00:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 13:27 - 2013-07-03 00:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 13:27 - 2013-06-25 18:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 13:27 - 2013-06-06 01:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 13:27 - 2013-06-06 01:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 13:27 - 2013-06-06 00:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 13:27 - 2013-06-06 00:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 13:27 - 2013-06-05 23:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 13:26 - 2013-09-04 08:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 13:26 - 2013-09-04 08:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 13:26 - 2013-09-04 08:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 13:26 - 2013-09-04 08:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 13:26 - 2013-09-04 08:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 13:26 - 2013-09-04 08:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 13:26 - 2013-09-04 08:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 13:26 - 2013-08-27 21:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 13:26 - 2013-08-01 08:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 13:26 - 2013-07-20 06:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-01 09:10 - 2013-10-29 18:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-10-29 19:57 - 2013-10-29 19:57 - 00000000 ____D C:\FRST
2013-10-29 19:57 - 2009-07-14 00:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-29 19:57 - 2009-07-14 00:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-29 19:55 - 2013-10-29 19:55 - 01956538 _____ (Farbar) C:\Users\Phillip\Downloads\FRST64.exe
2013-10-29 19:55 - 2012-10-17 08:45 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-29 19:55 - 2012-10-17 08:45 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-29 19:55 - 2012-05-10 08:41 - 01925679 _____ C:\Windows\WindowsUpdate.log
2013-10-29 19:52 - 2013-10-29 19:52 - 01089183 _____ (Farbar) C:\Users\Phillip\Downloads\FRST.exe
2013-10-29 19:51 - 2013-10-29 19:51 - 00026011 _____ C:\Users\Phillip\Documents\AdwCleaner[s0].txt
2013-10-29 19:50 - 2013-09-08 13:33 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2042720928-3841148246-1882919235-1000UA.job
2013-10-29 19:48 - 2010-11-20 23:47 - 00802436 _____ C:\Windows\PFRO.log
2013-10-29 19:48 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-29 19:48 - 2009-07-14 00:51 - 00061105 _____ C:\Windows\setupact.log
2013-10-29 19:45 - 2013-10-29 19:40 - 00000000 ____D C:\AdwCleaner
2013-10-29 19:39 - 2013-10-29 19:39 - 01060070 _____ C:\Users\Phillip\Downloads\AdwCleaner.exe
2013-10-29 19:24 - 2013-07-05 20:31 - 03665920 ___SH C:\Users\Phillip\Documents\Thumbs.db
2013-10-29 19:02 - 2012-10-18 17:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-29 18:54 - 2013-10-29 18:54 - 00000000 ____D C:\Users\Phillip\AppData\Roaming\Malwarebytes
2013-10-29 18:52 - 2013-10-29 18:52 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-29 18:52 - 2013-10-29 18:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-29 18:52 - 2013-10-29 18:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-29 18:50 - 2013-10-29 18:50 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Phillip\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-29 18:27 - 2013-10-01 09:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-29 18:26 - 2013-10-29 18:26 - 00000000 ____D C:\Users\Phillip\AppData\Local\BrowserSafeguard
2013-10-29 18:12 - 2013-10-29 18:12 - 00000000 ____D C:\Program Files (x86)\Level Quality Watcher
2013-10-29 18:10 - 2013-10-29 18:10 - 00000000 ____D C:\Users\Phillip\AppData\Local\NativeMessaging
2013-10-29 18:10 - 2013-10-29 18:10 - 00000000 ____D C:\Users\Phillip\AppData\Local\CRE
2013-10-29 18:01 - 2013-10-29 18:01 - 01888040 _____ (Express Install       ) C:\Users\Phillip\Downloads\Setup.exe
2013-10-29 17:59 - 2013-07-07 23:16 - 05464064 ____H C:\Users\Phillip\Documents\photothumb.db
2013-10-29 16:50 - 2013-09-08 13:33 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2042720928-3841148246-1882919235-1000Core.job
2013-10-29 11:10 - 2013-07-27 00:30 - 00000113 _____ C:\Users\Phillip\AppData\Roaming\WB.CFG
2013-10-29 11:10 - 2013-07-06 12:49 - 00000006 _____ C:\Users\Phillip\AppData\Roaming\WBPU-TTL.DAT
2013-10-29 10:17 - 2012-10-17 07:48 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{835C1BB2-FA6D-4CBE-8305-036F1F2536A8}
2013-10-28 18:02 - 2012-10-26 21:41 - 00003198 _____ C:\Windows\System32\Tasks\HPCeeScheduleForPhillip
2013-10-28 18:02 - 2012-10-26 21:41 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForPhillip.job
2013-10-28 12:08 - 2013-04-01 13:58 - 00000000 ____D C:\Users\Phillip\AppData\Local\CrashDumps
2013-10-24 08:08 - 2012-12-06 09:55 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-10-24 08:08 - 2012-10-18 17:33 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-10-24 03:08 - 2013-10-24 03:08 - 00361117 _____ C:\Users\Phillip\AppData\Local\newhb2.crx
2013-10-21 08:51 - 2009-07-14 01:13 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-21 08:44 - 2013-04-29 21:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-21 08:44 - 2009-07-14 00:45 - 00294040 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-21 08:43 - 2013-04-29 21:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-21 08:08 - 2013-08-02 07:19 - 00000000 ____D C:\Windows\system32\MRT
2013-10-21 07:28 - 2012-11-08 10:28 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-17 13:24 - 2012-10-17 08:47 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-15 14:35 - 2013-08-26 16:58 - 00003737 _____ C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-10-15 14:35 - 2013-07-06 10:31 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-10-11 16:15 - 2013-10-11 16:15 - 00001931 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-10-11 16:14 - 2013-10-11 16:14 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-09 13:02 - 2012-10-18 17:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 13:02 - 2012-10-18 17:28 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 13:02 - 2011-07-12 23:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-07 19:50 - 2012-10-17 08:45 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-07 19:50 - 2012-10-17 08:45 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-04 16:45 - 2013-09-08 13:33 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2042720928-3841148246-1882919235-1000UA
2013-10-04 16:45 - 2013-09-08 13:33 - 00003494 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2042720928-3841148246-1882919235-1000Core
2013-10-02 21:50 - 2012-10-17 08:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-02 11:10 - 2013-07-06 10:31 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-10-02 08:11 - 2012-10-17 08:40 - 00000000 ____D C:\Users\Phillip\AppData\Local\Mozilla

Some content of TEMP:
====================
C:\Users\Phillip\AppData\Local\Temp\Extract.exe
C:\Users\Phillip\AppData\Local\Temp\GoogleSetup.exe
C:\Users\Phillip\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Phillip\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Phillip\AppData\Local\Temp\nseCA2A.exe
C:\Users\Phillip\AppData\Local\Temp\nseFCCE.exe
C:\Users\Phillip\AppData\Local\Temp\nsj4CDE.exe
C:\Users\Phillip\AppData\Local\Temp\nso33A3.exe
C:\Users\Phillip\AppData\Local\Temp\nso4B09.exe
C:\Users\Phillip\AppData\Local\Temp\nso68E8.exe
C:\Users\Phillip\AppData\Local\Temp\nszB37C.exe
C:\Users\Phillip\AppData\Local\Temp\oi_{5B68D073-AE53-4F68-BE92-A5B57782BE95}.exe
C:\Users\Phillip\AppData\Local\Temp\Quarantine.exe
C:\Users\Phillip\AppData\Local\Temp\Resource.exe
C:\Users\Phillip\AppData\Local\Temp\Shortcut_IMsetup.exe
C:\Users\Phillip\AppData\Local\Temp\sp54620.exe
C:\Users\Phillip\AppData\Local\Temp\SP54714.exe
C:\Users\Phillip\AppData\Local\Temp\SP54976.exe
C:\Users\Phillip\AppData\Local\Temp\SP54982.exe
C:\Users\Phillip\AppData\Local\Temp\SP55152.exe
C:\Users\Phillip\AppData\Local\Temp\SP55175.exe
C:\Users\Phillip\AppData\Local\Temp\SP56929.exe
C:\Users\Phillip\AppData\Local\Temp\SP57049.exe
C:\Users\Phillip\AppData\Local\Temp\SP57398.exe
C:\Users\Phillip\AppData\Local\Temp\SP58712.exe
C:\Users\Phillip\AppData\Local\Temp\SP58776.exe
C:\Users\Phillip\AppData\Local\Temp\SP58843.exe
C:\Users\Phillip\AppData\Local\Temp\sp58915.exe
C:\Users\Phillip\AppData\Local\Temp\SP59757.exe
C:\Users\Phillip\AppData\Local\Temp\SP60723.exe
C:\Users\Phillip\AppData\Local\Temp\SPStub.exe
C:\Users\Phillip\AppData\Local\Temp\SweetIMInstallValidator.exe
C:\Users\Phillip\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Phillip\AppData\Local\Temp\tbSwee.dll
C:\Users\Phillip\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Phillip\AppData\Local\Temp\WSSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-22 14:38

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-10-2013
Ran by Phillip at 2013-10-29 19:59:57
Running from C:\Users\Phillip\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Internet Security (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Internet Security (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security (Enabled) {131692B0-0864-D491-4E21-3A3A1D8BBB47}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.0.112)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)
Amazon MP3 Downloader 1.0.17 (x32 Version: 1.0.17)
avast! Internet Security (x32 Version: 8.0.1483.0)
AVG SafeGuard toolbar (x32 Version: 17.0.2.13)
Bejeweled 3 (x32 Version: 2.2.0.97)
Bing Bar (x32 Version: 7.0.610.0)
Blackhawk Striker 2 (x32 Version: 2.2.0.95)
Blasterball 3 (x32 Version: 2.2.0.97)
Blio (x32 Version: 2.2.6699)
Bounce Symphony (x32 Version: 2.2.0.97)
Cake Mania (x32 Version: 2.2.0.95)
Chronicles of Albian (x32 Version: 2.2.0.95)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
Compaq Setup Manager (x32 Version: 1.1.13476.3753)
Cradle of Rome 2 (x32 Version: 2.2.0.95)
CyberLink YouCam (x32 Version: 3.5.1.4119)
D3DX10 (x32 Version: 15.4.2368.0902)
ESU for Microsoft Windows 7 SP1 (x32 Version: 2.1.1)
Evernote v. 4.2.3 (x32 Version: 4.2.3.22)
Farm Frenzy (x32 Version: 2.2.0.95)
FATE (x32 Version: 2.2.0.97)
Google Chrome (x32 Version: 30.0.1599.101)
Google Drive (x32 Version: 1.12.5329.1887)
Google Update Helper (x32 Version: 1.3.21.165)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Documentation (x32 Version: 1.1.0.0)
HP Games (x32 Version: 1.0.2.5)
HP Launch Box (Version: 1.0.11)
HP MovieStore (x32 Version: 1.0.057)
HP MovieStore (x32 Version: 2.0)
HP On Screen Display (x32 Version: 1.3.5)
HP Power Manager (x32 Version: 1.4.8)
HP Quick Launch (x32 Version: 2.7.2)
HP QuickWeb (x32 Version: 3.1.0.9742)
HP Setup (x32 Version: 8.7.4751.3798)
HP Software Framework (x32 Version: 4.6.8.1)
HP Support Assistant (x32 Version: 7.0.39.15)
Image Editor Packages (HKCU)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 8.1.0.1252)
Intel® Processor Graphics (x32 Version: 8.15.10.2430)
Intel® Rapid Storage Technology (x32 Version: 10.6.0.1002)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Level Quality Watcher (x32 Version: 1.0.0.0)
Mah Jong Medley (x32 Version: 2.2.0.95)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.8.130.8)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Music Manager (HKCU)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97)
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Penguins! (x32 Version: 2.2.0.95)
PhotoScape (x32)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
Poker Superstars III (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.97)
Polar Golfer (x32 Version: 2.2.0.95)
Realtek Ethernet Controller Driver (x32 Version: 7.42.304.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6287)
Realtek PCIE Card Reader (x32 Version: 6.1.7600.77)
REALTEK Wireless LAN Driver (x32 Version: 1.00.11.0706)
Recovery Manager (x32 Version: 2.0.0)
RoxioNow Player (x32 Version: 1.9.5.103)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.14.0)
Slingo Supreme (x32 Version: 2.2.0.97)
swMSM (x32 Version: 12.0.0.1)
Synaptics TouchPad Driver (Version: 15.3.11.0)
Update for Image Editor (HKCU)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update Installer for WildTangent Games App (x32)
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97)
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Zuma Deluxe (x32 Version: 2.2.0.95)

==================== Restore Points  =========================

08-10-2013 12:19:07 Windows Update
11-10-2013 12:27:27 Windows Update
15-10-2013 14:49:54 Windows Update
21-10-2013 11:14:45 Windows Modules Installer
22-10-2013 17:44:42 Windows Update
29-10-2013 12:14:13 Windows Update
29-10-2013 22:23:10 Removed ScorpionSaver
29-10-2013 22:24:50 Removed ScorpionSaver

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0733D33E-E841-483F-8CBF-01D48D50E338} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {07351A32-F138-4795-9A68-4F8705E7091B} - System32\Tasks\HPCeeScheduleForPhillip => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {1672F271-D02D-408D-8319-7124BADFB195} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2042720928-3841148246-1882919235-1000Core => C:\Users\Phillip\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-08] (Google Inc.)
Task: {20CD7113-17A6-443C-A38B-4D50C7A66458} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-03-06] (AVAST Software)
Task: {2E63C2CF-09B7-4985-BBA1-3675C4F6A3CB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2042720928-3841148246-1882919235-1000UA => C:\Users\Phillip\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-08] (Google Inc.)
Task: {36028421-D5EC-4636-895C-3F21399721E4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detection_PostWarrantyAlert.exe [2013-10-22] (Hewlett-Packard)
Task: {3E59D1E6-CA61-48DC-8584-56D8649EF09F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-17] (Google Inc.)
Task: {459B1A37-C406-4CF7-9BEE-29B8999EFB4B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {648D05E3-7142-408E-B65B-11A975B5DCC8} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-15] (CyberLink)
Task: {85DDE5E5-B205-41C9-8B8B-1B81572F3979} - \DSite No Task File
Task: {9E9C8E14-0056-49A2-A3D2-A0C1845FD6F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-17] (Google Inc.)
Task: {A08A507E-9E39-4F39-B2D3-5177F113BFD7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {BA739473-E615-4959-B6AE-AA16B684CC0D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {E28BEA32-48B3-4914-B4A1-FDF74C4421C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {EC08CB68-FB5F-46CC-898B-15647D5333B8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {F4D10789-F5B1-4E29-81A9-4C95F3736877} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detection_PostWarrantyAlert.exe [2013-10-22] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2042720928-3841148246-1882919235-1000Core.job => C:\Users\Phillip\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2042720928-3841148246-1882919235-1000UA.job => C:\Users\Phillip\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForPhillip.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2011-04-04 23:18 - 2011-04-04 23:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-10-29 18:16 - 2013-10-29 16:44 - 02105856 _____ () C:\Program Files\AVAST Software\Avast\defs\13102901\algo.dll
2013-10-01 09:11 - 2013-10-01 09:12 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-05-10 08:42 - 2011-05-20 10:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-11-01 12:35 - 2012-11-01 12:33 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: lsnfd
Description: lsnfd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: lsnfd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/29/2013 07:50:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/29/2013 06:25:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: MsiExec.exe, version: 5.0.7601.17514, time stamp: 0x4ce792c4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0003469c
Faulting process id: 0xdcf0
Faulting application start time: 0xMsiExec.exe0
Faulting application path: MsiExec.exe1
Faulting module path: MsiExec.exe2
Report Id: MsiExec.exe3

Error: (10/29/2013 06:22:51 PM) (Source: CltMngSvc) (User: )
Description: CltMngSvcShutting down. (Error: 2)

Error: (10/29/2013 06:11:15 PM) (Source: CltMngSvc) (User: )
Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056)

Error: (10/29/2013 06:10:51 PM) (Source: CltMngSvc) (User: )
Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056)

Error: (10/28/2013 00:08:44 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program VProtect Application because of this error.

Program: VProtect Application
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (10/28/2013 00:08:44 PM) (Source: Application Error) (User: )
Description: Faulting application name: vprot.exe, version: 17.0.2.13, time stamp: 0x521f6f99
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000096
Fault offset: 0x00048665
Faulting process id: 0x11c4
Faulting application start time: 0xvprot.exe0
Faulting application path: vprot.exe1
Faulting module path: vprot.exe2
Report Id: vprot.exe3

Error: (10/21/2013 08:45:55 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Security, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (10/21/2013 08:45:55 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.ServiceModel.Web, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil".  The error returned was Error: The specified assembly is not installed.
.

Error: (10/21/2013 08:45:55 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Web.Extensions, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil".  The error returned was Error: The specified assembly is not installed.
.


System errors:
=============
Error: (10/29/2013 07:50:13 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

Error: (10/29/2013 07:49:19 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
lsnfd

Error: (10/29/2013 07:48:54 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (10/29/2013 06:14:43 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Installer service, but this action failed with the following error:
%%1056

Error: (10/29/2013 06:12:56 PM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater17.0.12 service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/29/2013 06:12:43 PM) (Source: Service Control Manager) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (10/29/2013 09:39:23 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.

Error: (10/29/2013 04:07:59 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.

Error: (10/28/2013 02:10:50 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (10/28/2013 00:08:34 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.


Microsoft Office Sessions:
=========================
Error: (10/29/2013 07:50:17 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/29/2013 06:25:26 PM) (Source: Application Error)(User: )
Description: MsiExec.exe5.0.7601.175144ce792c4ntdll.dll6.1.7601.18247521ea8e7c00000050003469cdcf001ced4f5c23edd72c:\Windows\syswow64\MsiExec.exeC:\Windows\SysWOW64\ntdll.dll020a2211-40e9-11e3-bc29-a0b3ccbf24a1

Error: (10/29/2013 06:22:51 PM) (Source: CltMngSvc)(User: )
Description: CltMngSvcShutting down. (Error: 2)

Error: (10/29/2013 06:11:15 PM) (Source: CltMngSvc)(User: )
Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056)

Error: (10/29/2013 06:10:51 PM) (Source: CltMngSvc)(User: )
Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056)

Error: (10/28/2013 00:08:44 PM) (Source: Application Error)(User: )
Description: VProtect Application000000000

Error: (10/28/2013 00:08:44 PM) (Source: Application Error)(User: )
Description: vprot.exe17.0.2.13521f6f99ole32.dll6.1.7601.175144ce7b96fc00000960004866511c401cece5c09b88181C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exeC:\Windows\syswow64\ole32.dll376f5815-3feb-11e3-bc29-a0b3ccbf24a1

Error: (10/21/2013 08:45:55 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Security, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (10/21/2013 08:45:55 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.ServiceModel.Web, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil".  The error returned was Error: The specified assembly is not installed.
.

Error: (10/21/2013 08:45:55 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Web.Extensions, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil".  The error returned was Error: The specified assembly is not installed.
.


==================== Memory info ===========================

Percentage of memory in use: 76%
Total physical RAM: 1899.86 MB
Available physical RAM: 443.07 MB
Total Pagefile: 3799.72 MB
Available Pagefile: 1831.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:279.47 GB) (Free:232.19 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:14.46 GB) (Free:1.61 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
Drive g: () (Removable) (Total:3.73 GB) (Free:0.15 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E9B0A126)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=279 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================

 

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware,

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log..

 

Next,

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report here

 

Kevin...

 

fixlist.txt

Link to post
Share on other sites

Here's what we have:

 

Start
AppInit_DLLs:   [97280 2009-07-13] ()
AppInit_DLLs-x32:   [ ] ()
SearchScopes: HKCU - {2320E327-83D4-4CCB-B437-3F5C9557A36B} URL = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3314312&CUI=UN32040192322543119&UM=2
S1 lsnfd; system32\drivers\lsnfd.sys [x]
C:\Users\Phillip\AppData\Local\BrowserSafeguard
C:\Users\Phillip\Downloads\Setup.exe
C:\Program Files (x86)\AVG SafeGuard toolbar
C:\Users\Phillip\AppData\Local\Temp\Extract.exe
C:\Users\Phillip\AppData\Local\Temp\GoogleSetup.exe
C:\Users\Phillip\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Phillip\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Phillip\AppData\Local\Temp\nseCA2A.exe
C:\Users\Phillip\AppData\Local\Temp\nseFCCE.exe
C:\Users\Phillip\AppData\Local\Temp\nsj4CDE.exe
C:\Users\Phillip\AppData\Local\Temp\nso33A3.exe
C:\Users\Phillip\AppData\Local\Temp\nso4B09.exe
C:\Users\Phillip\AppData\Local\Temp\nso68E8.exe
C:\Users\Phillip\AppData\Local\Temp\nszB37C.exe
C:\Users\Phillip\AppData\Local\Temp\oi_{5B68D073-AE53-4F68-BE92-A5B57782BE95}.exe
C:\Users\Phillip\AppData\Local\Temp\Quarantine.exe
C:\Users\Phillip\AppData\Local\Temp\Resource.exe
C:\Users\Phillip\AppData\Local\Temp\Shortcut_IMsetup.exe
C:\Users\Phillip\AppData\Local\Temp\sp54620.exe
C:\Users\Phillip\AppData\Local\Temp\SP54714.exe
C:\Users\Phillip\AppData\Local\Temp\SP54976.exe
C:\Users\Phillip\AppData\Local\Temp\SP54982.exe
C:\Users\Phillip\AppData\Local\Temp\SP55152.exe
C:\Users\Phillip\AppData\Local\Temp\SP55175.exe
C:\Users\Phillip\AppData\Local\Temp\SP56929.exe
C:\Users\Phillip\AppData\Local\Temp\SP57049.exe
C:\Users\Phillip\AppData\Local\Temp\SP57398.exe
C:\Users\Phillip\AppData\Local\Temp\SP58712.exe
C:\Users\Phillip\AppData\Local\Temp\SP58776.exe
C:\Users\Phillip\AppData\Local\Temp\SP58843.exe
C:\Users\Phillip\AppData\Local\Temp\sp58915.exe
C:\Users\Phillip\AppData\Local\Temp\SP59757.exe
C:\Users\Phillip\AppData\Local\Temp\SP60723.exe
C:\Users\Phillip\AppData\Local\Temp\SPStub.exe
C:\Users\Phillip\AppData\Local\Temp\SweetIMInstallValidator.exe
C:\Users\Phillip\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Phillip\AppData\Local\Temp\tbSwee.dll
C:\Users\Phillip\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Phillip\AppData\Local\Temp\WSSetup.exe
Task: {85DDE5E5-B205-41C9-8B8B-1B81572F3979} - \DSite No Task File
End

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2013
Ran by Phillip (administrator) on PHILLIP-HP on 30-10-2013 08:02:43
Running from C:\Users\Phillip\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.30.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Phillip :: PHILLIP-HP [administrator]

Protection: Enabled

10/30/2013 8:06:40 AM
mbam-log-2013-10-30 (08-06-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203210
Time elapsed: 10 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)
 

 

Threats were found on the ESET scan:

 

C:\AdwCleaner\Quarantine\C\Users\Phillip\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe.vir    Win32/DownWare.E application
C:\Users\Phillip\AppData\Local\Temp\ge+yAXbX.exe.part    Win32/InstallCore.BN application
C:\Users\Phillip\AppData\Local\Temp\is2029326378\yontoo-c4.exe    multiple threats
C:\Users\Phillip\AppData\Local\Temp\is357113909\uninstaller.exe    Win32/InstallCore.AZ application
C:\Users\Phillip\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe    Win32/DownWare.E application
C:\Users\Phillip\AppData\Roaming\Image Editor Packages\uninstaller.exe    Win32/InstallCore.AZ application
C:\Users\Phillip\Downloads\ImageEditorSetup.exe    Win32/InstallCore.BN application
C:\Users\Phillip\Downloads\PicResizer.exe    a variant of Win32/InstallCore.AF application

Link to post
Share on other sites

Either you did not follow the instructions correctly for FRST fix, or you post incorrect log. What you post is not what I expect to see from FRST fix.... This was the instruction:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

The log you post is not Fixlog.txt

Link to post
Share on other sites

My apologies. Looks like I posted the scan results instead. Maybe this looks better.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2013
Ran by Phillip at 2013-10-30 20:46:35 Run:1
Running from C:\Users\Phillip\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
AppInit_DLLs:   [97280 2009-07-13] ()
AppInit_DLLs-x32:   [ ] ()
SearchScopes: HKCU - {2320E327-83D4-4CCB-B437-3F5C9557A36B} URL = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3314312&CUI=UN32040192322543119&UM=2
S1 lsnfd; system32\drivers\lsnfd.sys [x]
C:\Users\Phillip\AppData\Local\BrowserSafeguard
C:\Users\Phillip\Downloads\Setup.exe
C:\Program Files (x86)\AVG SafeGuard toolbar
C:\Users\Phillip\AppData\Local\Temp\Extract.exe
C:\Users\Phillip\AppData\Local\Temp\GoogleSetup.exe
C:\Users\Phillip\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Phillip\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Phillip\AppData\Local\Temp\nseCA2A.exe
C:\Users\Phillip\AppData\Local\Temp\nseFCCE.exe
C:\Users\Phillip\AppData\Local\Temp\nsj4CDE.exe
C:\Users\Phillip\AppData\Local\Temp\nso33A3.exe
C:\Users\Phillip\AppData\Local\Temp\nso4B09.exe
C:\Users\Phillip\AppData\Local\Temp\nso68E8.exe
C:\Users\Phillip\AppData\Local\Temp\nszB37C.exe
C:\Users\Phillip\AppData\Local\Temp\oi_{5B68D073-AE53-4F68-BE92-A5B57782BE95}.exe
C:\Users\Phillip\AppData\Local\Temp\Quarantine.exe
C:\Users\Phillip\AppData\Local\Temp\Resource.exe
C:\Users\Phillip\AppData\Local\Temp\Shortcut_IMsetup.exe
C:\Users\Phillip\AppData\Local\Temp\sp54620.exe
C:\Users\Phillip\AppData\Local\Temp\SP54714.exe
C:\Users\Phillip\AppData\Local\Temp\SP54976.exe
C:\Users\Phillip\AppData\Local\Temp\SP54982.exe
C:\Users\Phillip\AppData\Local\Temp\SP55152.exe
C:\Users\Phillip\AppData\Local\Temp\SP55175.exe
C:\Users\Phillip\AppData\Local\Temp\SP56929.exe
C:\Users\Phillip\AppData\Local\Temp\SP57049.exe
C:\Users\Phillip\AppData\Local\Temp\SP57398.exe
C:\Users\Phillip\AppData\Local\Temp\SP58712.exe
C:\Users\Phillip\AppData\Local\Temp\SP58776.exe
C:\Users\Phillip\AppData\Local\Temp\SP58843.exe
C:\Users\Phillip\AppData\Local\Temp\sp58915.exe
C:\Users\Phillip\AppData\Local\Temp\SP59757.exe
C:\Users\Phillip\AppData\Local\Temp\SP60723.exe
C:\Users\Phillip\AppData\Local\Temp\SPStub.exe
C:\Users\Phillip\AppData\Local\Temp\SweetIMInstallValidator.exe
C:\Users\Phillip\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Phillip\AppData\Local\Temp\tbSwee.dll
C:\Users\Phillip\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Phillip\AppData\Local\Temp\WSSetup.exe
Task: {85DDE5E5-B205-41C9-8B8B-1B81572F3979} - \DSite No Task File
End



*****************

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2320E327-83D4-4CCB-B437-3F5C9557A36B} => Key not found.
HKCR\CLSID\{2320E327-83D4-4CCB-B437-3F5C9557A36B} => Key not found.
lsnfd => Service not found.
C:\Users\Phillip\AppData\Local\BrowserSafeguard => Moved successfully.
"C:\Users\Phillip\Downloads\Setup.exe" => File/Directory not found.
C:\Program Files (x86)\AVG SafeGuard toolbar => Moved successfully.
C:\Users\Phillip\AppData\Local\Temp\Extract.exe => Moved successfully.
C:\Users\Phillip\AppData\Local\Temp\GoogleSetup.exe => Moved successfully.
C:\Users\Phillip\AppData\Local\Temp\HPHelpUpdater.exe => Moved successfully.
"C:\Users\Phillip\AppData\Local\Temp\mgsqlite3.dll" => File/Directory not found.
"C:\Users\Phillip\AppData\Local\Temp\nseCA2A.exe" => File/Directory not found.
"C:\Users\Phillip\AppData\Local\Temp\nseFCCE.exe" => File/Directory not found.
"C:\Users\Phillip\AppData\Local\Temp\nsj4CDE.exe" => File/Directory not found.
"C:\Users\Phillip\AppData\Local\Temp\nso33A3.exe" => File/Directory not found.
"C:\Users\Phillip\AppData\Local\Temp\nso4B09.exe" => File/Directory not found.
"C:\Users\Phillip\AppData\Local\Temp\nso68E8.exe" => File/Directory not found.
"C:\Users\Phillip\AppData\Local\Temp\nszB37C.exe" => File/Directory not found.
C:\Users\Phillip\AppData\Local\Temp\oi_{5B68D073-AE53-4F68-BE92-A5B57782BE95}.exe => Moved successfully.
"C:\Users\Phillip\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
C:\Users\Phillip\AppData\Local\Temp\Resource.exe => Moved successfully.
"C:\Users\Phillip\AppData\Local\Temp\Shortcut_IMsetup.exe" => File/Directory not found.
C:\Users\Phillip\AppData\Local\Temp\sp54620.exe => Moved successfully.
C:\Users\Phillip\AppData\Local\Temp\SP54714.exe => Moved successfully.
C:\Users\Phillip\AppData\Local\Temp\SP54976.exe => Moved successfully.
C:\Users\Phillip\AppData\Local\Temp\SP54982.exe => Moved successfully.
C:\Users\Phillip\AppData\Local\Temp\SP55152.exe => Moved successfully.
C:\Users\Phillip\AppData\Local\Temp\SP55175.exe => Moved successfully.
C:\Users\Phillip\AppData\Local\Temp\SP56929.exe => Moved successfully.
C:\Users\Phillip\AppData\Local\Temp\SP57049.exe => Moved successfully.
C:\Users\Phillip\AppData\Local\Temp\SP57398.exe => Moved successfully.
C:\Users\Phillip\AppData\Local\Temp\SP58712.exe => Moved successfully.
C:\Users\Phillip\AppData\Local\Temp\SP58776.exe => Moved successfully.
C:\Users\Phillip\AppData\Local\Temp\SP58843.exe => Moved successfully.
C:\Users\Phillip\AppData\Local\Temp\sp58915.exe => Moved successfully.
C:\Users\Phillip\AppData\Local\Temp\SP59757.exe => Moved successfully.
C:\Users\Phillip\AppData\Local\Temp\SP60723.exe => Moved successfully.
"C:\Users\Phillip\AppData\Local\Temp\SPStub.exe" => File/Directory not found.
"C:\Users\Phillip\AppData\Local\Temp\SweetIMInstallValidator.exe" => File/Directory not found.
"C:\Users\Phillip\AppData\Local\Temp\System.Data.SQLite.dll" => File/Directory not found.
C:\Users\Phillip\AppData\Local\Temp\tbSwee.dll => Moved successfully.
C:\Users\Phillip\AppData\Local\Temp\UninstallHPSA.exe => Moved successfully.
"C:\Users\Phillip\AppData\Local\Temp\WSSetup.exe" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{85DDE5E5-B205-41C9-8B8B-1B81572F3979} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85DDE5E5-B205-41C9-8B8B-1B81572F3979} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite => Key deleted successfully.

==== End of Fixlog ====

Link to post
Share on other sites

Excellent, ok do the following:

 

Download OTM from either of the following links and save to your Desktop:

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Filles

    :Filesipconfig /flushdns /cC:\Users\Phillip\AppData\Local\Temp\ge+yAXbX.exe.partC:\Users\Phillip\AppData\Local\Temp\is2029326378\yontoo-c4.exeC:\Users\Phillip\AppData\Local\Temp\is357113909\uninstaller.exeC:\Users\Phillip\AppData\Roaming\DSite\UpdateProc\UpdateTask.exeC:\Users\Phillip\AppData\Roaming\Image Editor Packages\uninstaller.exeC:\Users\Phillip\Downloads\ImageEditorSetup.exeC:\Users\Phillip\Downloads\PicResizer.exe:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Post those logs, also let me know if there are any remaining issues or concerns...

 

Kevin...

Link to post
Share on other sites

Everything seems to be looking good again.

 

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Phillip\Downloads\cmd.bat deleted successfully.
C:\Users\Phillip\Downloads\cmd.txt deleted successfully.
C:\Users\Phillip\AppData\Local\Temp\ge+yAXbX.exe.part moved successfully.
C:\Users\Phillip\AppData\Local\Temp\is2029326378\yontoo-c4.exe moved successfully.
C:\Users\Phillip\AppData\Local\Temp\is357113909\uninstaller.exe moved successfully.
C:\Users\Phillip\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe moved successfully.
C:\Users\Phillip\AppData\Roaming\Image Editor Packages\uninstaller.exe moved successfully.
C:\Users\Phillip\Downloads\ImageEditorSetup.exe moved successfully.
C:\Users\Phillip\Downloads\PicResizer.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
 
User: Phillip
->Temp folder emptied: 1011696547 bytes
->Temporary Internet Files folder emptied: 11820307 bytes
->FireFox cache emptied: 261569026 bytes
->Google Chrome cache emptied: 323396497 bytes
->Flash cache emptied: 2878 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 692863386 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 14321966 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67691 bytes
RecycleBin emptied: 322402328 bytes
 
Total Files Cleaned = 2,516.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 10312013_070749

Files moved on Reboot...
C:\Users\Phillip\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Phillip\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
C:\Windows\temp\avg_secure_search.log moved successfully.
File move failed. C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

 

 

Results of screen317's Security Check version 0.99.76  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Flash Player 11.9.900.117  
 Adobe Reader XI  
 Mozilla Firefox (25.0)
 Google Chrome 30.0.1599.101  
 Google Chrome 30.0.1599.69  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

 

Link to post
Share on other sites

Excellent, if no remaining issues do the following:

 

We need to remove FRST, first it is very important to deal with its Quarantine folder using FRST itself..

OK, we continue:

Delete any fixlist.txt file previously used, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful. 

Next,

 

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

 

Next,

 

Uninstall adwcleaner.exe

  •   Please close all open programs and internet browsers.
  •   Double click on adwcleaner.exe to run the tool.
  •   Click on Uninstall
  • Click Yes at Would you like to Uninstall Adwcleaner

 

Next,

 

  • Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.
  • Double click OTC_Icon.jpg icon to start the program.
    If you are using Vista or Windows 7 accept UAC
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
  • This will remove tools we have used and itself.

 

Any tools/logs remaining on the Desktop or downloads folder can be deleted.

 

Finanlly,

 

Create a new restore point:

 

   1. Right-click on Computer and go to Properties.

   2. Next click on the System Protection link.

   3. The System Properties dialog screen opens up and you will want to click on Create.

   4. Type in a description for the restore point which will help you remember the point at which it was created. Click on create.

   5. You should see the message "The restore point was created successfully

 

To remove all but the most recent restore point do the following:

 

   1.      Open Disk Cleanup by clicking the Start button 4f6cbd09-148c-4dd8-b1f2-48f232a2fd33.jpg. In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.

   2.      If prompted, select the drive that you want to clean up, and then click OK.

   3.      In the Disk Cleanup for (usually C:\) dialog box, click Clean up system files. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

   4.      If prompted, select the drive that you want to clean up, and then click OK.

   5.      Click the More Options tab, under System Restore and Shadow Copies, click Clean up.

   6.      In the Disk Cleanup dialog box, click Delete.

   7.      Click Delete Files, and then click OK. Re-Boot your PC.

 

Let me know if those steps complete, also if any remaining issues or concerns...

 

Kevin

 

 

 

 

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.