Jump to content

Random pop up ads, Help


Recommended Posts

Hello, I downloaded something that I can't get rid of. I've ran several programs, deleted a few things detected, ran Malwarebytes (been a paying customer for years, it hasn't detected anything) , uninstalled and reinstalled Firefox then removed it. Installed Chrome (which I never had) and it's now doing it on there. I'll click on a link and a pop up new tab will come up. First it says Terraclick.com then it says lp.musicboxnewtab.com with an ad.. 

 

This originally started by a browser hi jack/redirect where every time I opened it, it opened into a non set homepage. I got rid of that, now I have this. 

 

I ran Farbar just now. This is what I have: 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-09-2015
Ran by Hypno (administrator) on HYPNORAYGUN (01-10-2015 14:16:03)
Running from C:\Users\Hypno\Downloads
Loaded Profiles: Hypno (Available Profiles: Hypno)
Platform: Windows 8.1 Connected (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Dell Inc.) C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86) (x86)\Lexmark 5300 Series\lxdkamon.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\imstrayicon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543000 2014-03-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [519256 2014-02-16] (Waves Audio Ltd.)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM-x32\...\Run: [lxdkmon.exe] => C:\Program Files (x86) (x86)\Lexmark 5300 Series\lxdkmon.exe [455336 2010-02-15] ()
HKLM-x32\...\Run: [lxdkamon] => C:\Program Files (x86) (x86)\Lexmark 5300 Series\lxdkamon.exe [25256 2010-02-15] ()
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-10-30] (Qualcomm®Atheros®)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
AutoConfigURL: [s-1-5-21-1188468758-1272634306-373300443-1001] => http://stopblock.me/wpad.dat?6a7e33d7632b2a86907a914d4cfeaf5c177020
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{36968F8E-9445-4C71-925E-031F5072C6F6}: [DhcpNameServer] 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{4A1A0DDE-BD5F-421D-9A83-8F193CC8F565}: [DhcpNameServer] 71.10.216.1 71.10.216.2
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1188468758-1272634306-373300443-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.yahoo.com/
HKU\S-1-5-21-1188468758-1272634306-373300443-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1188468758-1272634306-373300443-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1188468758-1272634306-373300443-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1188468758-1272634306-373300443-1001 -> {D82486F8-9441-4F09-A262-552F2F035E33} URL = 
 
FireFox:
========
FF ProfilePath: C:\Users\Hypno\AppData\Roaming\Mozilla\Firefox\Profiles\ob4zic6x.default-1443596698055
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https%3a//mail.yahoo.com
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-12-10] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.yahoo.com/
CHR StartupUrls: Default -> "hxxp://yahoo.com/","hxxp://facebook.com/","hxxp://twitter.com/"
CHR Profile: C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-01]
CHR Extension: (Google Docs) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-01]
CHR Extension: (Google Drive) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-01]
CHR Extension: (YouTube) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]
CHR Extension: (Google Search) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-01]
CHR Extension: (Google Sheets) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-01]
CHR Extension: (Google Docs Offline) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-01]
CHR Extension: (Gmail) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-01]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [317568 2013-10-30] (Windows ® Win 7 DDK provider) [File not signed]
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2005392 2015-02-12] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-10-30] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-10-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-01 14:16 - 2015-10-01 14:16 - 00016759 _____ C:\Users\Hypno\Downloads\FRST.txt
2015-10-01 14:15 - 2015-10-01 14:16 - 00000000 ____D C:\FRST
2015-10-01 14:15 - 2015-10-01 14:15 - 02192384 _____ (Farbar) C:\Users\Hypno\Downloads\FRST64 (1).exe
2015-10-01 14:14 - 2015-10-01 14:14 - 02192384 _____ (Farbar) C:\Users\Hypno\Downloads\FRST64.exe
2015-10-01 13:17 - 2015-10-01 13:17 - 00000262 _____ C:\Users\Hypno\Downloads\debug.log
2015-10-01 10:44 - 2015-10-01 10:44 - 00002277 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-01 10:44 - 2015-10-01 10:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-01 10:43 - 2015-10-01 13:48 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-01 10:43 - 2015-10-01 10:48 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-01 10:43 - 2015-10-01 10:43 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-10-01 10:43 - 2015-10-01 10:43 - 00003656 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-10-01 10:42 - 2015-10-01 13:17 - 00000000 ____D C:\Users\Hypno\AppData\Local\Google
2015-10-01 10:42 - 2015-10-01 10:42 - 00000000 ____D C:\Users\Hypno\AppData\Local\Deployment
2015-09-30 20:16 - 2015-09-30 20:16 - 00000000 ___RD C:\Users\Hypno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-09-30 09:45 - 2015-10-01 10:59 - 00000000 ____D C:\Users\Hypno\AppData\Roaming\AVAST Software
2015-09-29 18:52 - 2015-09-29 18:52 - 00001825 _____ C:\Users\Hypno\Desktop\AdwCleaner[C1].txt
2015-09-29 18:45 - 2015-09-30 11:00 - 00000000 ____D C:\AdwCleaner
2015-09-29 15:58 - 2015-09-29 15:58 - 00463688 _____ (Bleeping Computer, LLC) C:\Users\Hypno\Downloads\sc-cleaner.exe
2015-09-24 13:45 - 2015-09-30 19:54 - 00002130 _____ C:\Windows\PFRO.log
2015-09-24 13:45 - 2015-09-30 19:54 - 00000464 _____ C:\Windows\setupact.log
2015-09-24 13:45 - 2015-09-24 13:45 - 00000000 _____ C:\Windows\setuperr.log
2015-09-23 20:45 - 2015-09-23 22:06 - 00000646 _____ C:\Users\Hypno\Downloads\Seneca 1995.mp4
2015-09-23 16:48 - 2015-10-01 14:14 - 01283803 _____ C:\Windows\WindowsUpdate.log
2015-09-23 15:48 - 2015-09-23 15:49 - 06666544 _____ (Piriform Ltd) C:\Users\Hypno\Downloads\ccsetup509pro.exe
2015-09-23 15:45 - 2015-10-01 11:00 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-09-23 11:08 - 2015-09-23 11:08 - 00000000 ____D C:\ProgramData\Lavasoft
2015-09-23 00:03 - 2015-09-30 02:05 - 00000000 ____D C:\Users\Hypno\Desktop\Old Firefox Data
2015-09-21 22:49 - 2015-09-21 22:58 - 00000000 ____D C:\Users\Hypno\AppData\Roaming\PTGui
2015-09-21 22:34 - 2015-09-21 22:34 - 00000000 ____D C:\Users\Hypno\AppData\Roaming\PTGui Pro
2015-09-21 22:20 - 2015-09-21 22:20 - 00000000 ____D C:\Users\Hypno\AppData\Roaming\SpringFiles
2015-09-21 13:43 - 2015-09-21 13:43 - 18819272 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-09-15 22:47 - 2015-09-15 22:59 - 14079676 _____ C:\Users\Hypno\Desktop\test.wav
2015-09-15 15:18 - 2015-09-15 23:26 - 00000000 ____D C:\Users\Hypno\Documents\Mixpad Projects
2015-09-15 14:53 - 2015-09-15 14:53 - 00053672 _____ C:\Users\Hypno\Desktop\newguitar.sfk
2015-09-15 14:38 - 2015-09-15 14:50 - 00053672 _____ C:\Users\Hypno\Desktop\EX000_2.sfk
2015-09-15 14:38 - 2015-09-15 14:38 - 00055064 _____ C:\Users\Hypno\Desktop\EX000_4.sfk
2015-09-08 21:33 - 2015-08-26 21:48 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-08 21:33 - 2015-08-26 13:00 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-08 21:33 - 2015-08-26 13:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-08 21:33 - 2015-08-26 13:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-08 21:33 - 2015-08-26 13:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-08 21:33 - 2015-08-26 09:46 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-08 21:33 - 2015-08-26 09:29 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-08 21:33 - 2015-08-26 09:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-08 21:33 - 2015-08-26 09:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-09-08 21:33 - 2015-08-26 09:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-08 21:33 - 2015-08-26 09:26 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-08 21:33 - 2015-08-26 09:26 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-08 21:32 - 2015-08-22 13:19 - 25188352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-08 21:32 - 2015-08-22 12:35 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-08 21:32 - 2015-08-22 12:34 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-08 21:32 - 2015-08-22 12:22 - 19856384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-08 21:32 - 2015-08-22 12:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-08 21:32 - 2015-08-22 12:20 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-08 21:32 - 2015-08-22 11:55 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-08 21:32 - 2015-08-22 11:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-08 21:32 - 2015-08-22 11:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-09-08 21:32 - 2015-08-22 11:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-08 21:32 - 2015-08-22 11:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-09-08 21:32 - 2015-08-22 11:41 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-08 21:32 - 2015-08-22 11:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-08 21:32 - 2015-08-22 11:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-08 21:32 - 2015-08-22 11:41 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-08 21:32 - 2015-08-22 11:39 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-08 21:32 - 2015-08-22 11:28 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-08 21:32 - 2015-08-22 11:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-08 21:32 - 2015-08-22 11:23 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-09-08 21:32 - 2015-08-22 11:22 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-08 21:32 - 2015-08-22 11:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-09-08 21:32 - 2015-08-22 11:18 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-08 21:32 - 2015-08-22 11:18 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-08 21:32 - 2015-08-22 11:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-08 21:32 - 2015-08-22 11:14 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-08 21:32 - 2015-08-22 11:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-08 21:32 - 2015-08-22 11:00 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-08 21:32 - 2015-08-22 10:56 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-08 21:32 - 2015-08-22 10:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-08 21:32 - 2015-07-30 12:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-08 21:32 - 2015-07-30 11:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-08 21:30 - 2015-09-01 21:56 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-08 21:30 - 2015-09-01 21:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-08 21:30 - 2015-09-01 21:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-08 21:30 - 2015-09-01 21:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-08 21:30 - 2015-09-01 21:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-08 21:30 - 2015-08-03 16:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-08 21:30 - 2015-08-03 16:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-08 21:30 - 2015-08-01 09:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-08 21:30 - 2015-07-31 22:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2015-09-08 21:30 - 2015-07-31 22:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2015-09-08 21:30 - 2015-07-31 22:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-08 21:30 - 2015-07-31 22:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2015-09-08 21:30 - 2015-07-31 22:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2015-09-08 21:30 - 2015-07-22 09:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-08 21:30 - 2015-07-22 09:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2015-09-08 21:30 - 2015-07-22 09:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-08 21:30 - 2015-07-22 09:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2015-09-08 21:30 - 2015-07-18 13:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2015-09-08 21:30 - 2015-07-18 13:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2015-09-08 21:30 - 2015-07-18 13:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2015-09-08 21:30 - 2015-07-18 13:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2015-09-08 21:30 - 2015-07-13 22:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tzsync.exe
2015-09-06 23:40 - 2015-09-06 23:40 - 00000000 ____D C:\Users\Hypno\Desktop\scanned pics
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-01 14:14 - 2015-01-28 02:00 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-01 11:03 - 2014-11-30 00:14 - 01752064 ___SH C:\Users\Hypno\Downloads\Thumbs.db
2015-10-01 11:03 - 2014-11-25 20:54 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1188468758-1272634306-373300443-1001
2015-10-01 11:01 - 2015-01-02 01:22 - 00000000 ____D C:\Program Files (x86)\NCH Software
2015-10-01 10:44 - 2015-02-11 23:49 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-01 10:42 - 2015-01-06 00:13 - 00000000 ____D C:\Users\Hypno\AppData\Local\Apps\2.0
2015-09-30 20:21 - 2014-09-21 02:14 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-09-30 20:15 - 2014-11-28 13:59 - 00367104 ___SH C:\Users\Hypno\Desktop\Thumbs.db
2015-09-30 20:15 - 2014-11-25 20:56 - 00000000 ____D C:\Users\Hypno\OneDrive
2015-09-30 19:54 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\FileManager
2015-09-30 19:54 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-30 19:53 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-09-30 19:00 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\sru
2015-09-30 15:12 - 2014-09-21 02:09 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-09-30 14:18 - 2014-03-18 04:53 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-30 10:55 - 2014-12-20 11:28 - 00000000 ____D C:\Users\Hypno\AppData\Roaming\BitTorrent
2015-09-29 16:19 - 2014-12-02 14:49 - 00020519 _____ C:\Windows\system32\lvcoinst.log
2015-09-23 16:03 - 2015-01-03 07:36 - 00000000 ____D C:\Users\Hypno\AppData\Roaming\MPC-HC
2015-09-23 16:02 - 2014-11-28 22:59 - 00000000 ____D C:\Users\Hypno\AppData\Local\CrashDumps
2015-09-23 16:02 - 2014-09-21 02:01 - 00000000 ____D C:\Windows\Panther
2015-09-23 15:48 - 2014-11-28 13:52 - 00000000 ____D C:\Users\Hypno\AppData\Local\Adobe
2015-09-23 15:44 - 2014-12-30 02:11 - 00000000 ____D C:\ProgramData\Adobe
2015-09-22 23:47 - 2014-11-25 20:49 - 00001444 _____ C:\Users\Hypno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-09-22 15:19 - 2015-01-02 01:22 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2015-09-21 14:01 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2015-09-15 22:46 - 2015-01-02 01:22 - 00000000 ____D C:\Users\Hypno\AppData\Roaming\NCH Software
2015-09-15 15:18 - 2015-01-02 01:22 - 00000000 ____D C:\ProgramData\NCH Software
2015-09-14 20:18 - 2015-04-17 11:04 - 00812008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-14 20:18 - 2015-04-17 11:04 - 00178152 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-12 22:16 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\LiveKernelReports
2015-09-12 15:29 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache
2015-09-09 19:17 - 2013-08-22 09:44 - 00359856 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-08 23:56 - 2014-03-18 04:38 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-08 23:56 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-08 21:59 - 2014-12-01 01:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-08 21:52 - 2014-11-30 15:19 - 00000000 ____D C:\Windows\system32\MRT
2015-09-07 01:30 - 2014-11-25 20:48 - 00000000 ____D C:\Users\Hypno
 
==================== Files in the root of some directories =======
 
2014-09-21 02:04 - 2014-09-21 02:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-09-21 02:03 - 2014-09-21 02:03 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-09-21 01:59 - 2014-09-21 02:00 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-09-21 02:00 - 2014-09-21 02:02 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-09-21 02:02 - 2014-09-21 02:03 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-09-21 01:58 - 2014-09-21 01:59 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Some files in TEMP:
====================
C:\Users\Hypno\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-29 16:19
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-09-2015
Ran by Hypno (2015-10-01 14:17:36)
Running from C:\Users\Hypno\Downloads
Windows 8.1 Connected (X64) (2014-11-26 01:48:48)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1188468758-1272634306-373300443-500 - Administrator - Disabled)
Guest (S-1-5-21-1188468758-1272634306-373300443-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1188468758-1272634306-373300443-1003 - Limited - Enabled)
Hypno (S-1-5-21-1188468758-1272634306-373300443-1001 - Administrator - Enabled) => C:\Users\Hypno
sydel_000 (S-1-5-21-1188468758-1272634306-373300443-1004 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.1.70 - Dell Inc.)
Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Dropbox (HKU\S-1-5-21-1188468758-1272634306-373300443-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
K-Lite Codec Pack 10.9.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.0 - )
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 6.0.19.19317 - LeapFrog)
LeapFrog Connect (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
My Dell Client Framework (HKLM-x32\...\InstallShield_{05F1B866-2372-4E82-9AA8-C64FB11CEF8B}) (Version: 1.0.0.3 - Dell)
My Dell Client Framework (x32 Version: 1.0.0.3 - Dell) Hidden
Nero 2014 (HKLM-x32\...\{0128492C-AB60-43BE-9D9A-8CA622CAF06E}) (Version: 15.0.07700 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
PeaZip 5.5.2 (HKLM-x32\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.25 - NCH Software)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.308 - Qualcomm Atheros Communications)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.30174 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7188 - Realtek Semiconductor Corp.)
SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Sonic Foundry Sound Forge 5.0 (HKLM-x32\...\{F3D6581A-FEA1-11D4-8170-00C04F612EA4}) (Version: 5.0.0.117 - Sonic Foundry)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version:  - NCH Software)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
Visualizer for SketchUp (HKLM\...\{3758A735-50FD-4033-B3F5-77F30ED63F87}) (Version: 1.3.13.0 - Imagination)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.02 - NCH Software)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
18-09-2015 21:03:51 Scheduled Checkpoint
23-09-2015 11:08:27 AA11
30-09-2015 15:08:29 AA11
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0E62425E-B9BE-42CC-8005-CA0C8EF8775A} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {10EE6506-8997-4F4E-A67A-37CD9C08DBF5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-01] (Google Inc.)
Task: {144F19A1-EA57-4434-81BA-6E171E23EDED} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG)
Task: {15D482E8-322C-4BAF-B433-A1ED3ACEC0DF} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)
Task: {29F7DA91-8C96-4AD7-9300-DCBF16C47DC7} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
Task: {4596C201-2628-4889-B91B-D0BD8A2B7ACB} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {AE84B036-97E8-4103-8630-2AFA375077D1} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {B92C98E1-8C51-47F3-9694-4753FAD43955} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {C2999CD8-B496-4022-935F-0E3E8B0848C8} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {D7CEC631-295E-4D58-A790-E34A6FBA9D25} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {D8346D27-6119-4C6C-A3CB-8ED9596512A2} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {DC186D02-EC65-489D-AA6A-4CE6E2ABCF95} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-01] (Google Inc.)
Task: {DD6781DB-F70A-49F9-ADE5-36411CF35E2C} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {F3CBD649-00E7-4839-9B70-42C9EBAAECBE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {F8A8E634-C2A1-49B4-BFA9-971F236BFA17} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-08-22 13:40 - 2013-08-22 13:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2013-08-22 13:40 - 2013-08-22 13:40 - 00040240 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll
2013-08-22 13:40 - 2013-08-22 13:40 - 00046384 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll
2014-01-10 16:53 - 2014-01-10 16:53 - 00016384 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Interfaces.dll
2014-01-10 16:53 - 2014-01-10 16:53 - 00081408 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Objects.dll
2014-01-10 16:53 - 2014-01-10 16:53 - 00815616 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Resources.dll
2014-01-10 17:24 - 2014-01-10 17:24 - 00052736 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.Client.Pulse.Agent.Plugins.SelfUpdate.dll
2014-01-10 17:24 - 2014-01-10 17:24 - 00019968 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.Client.Pulse.Agent.Common.dll
2013-10-30 01:11 - 2013-10-30 01:11 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-10-30 01:07 - 2013-10-30 01:07 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2013-10-30 01:15 - 2013-10-30 01:15 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2014-12-24 14:26 - 2010-02-15 13:26 - 00025256 _____ () C:\Program Files (x86) (x86)\Lexmark 5300 Series\lxdkamon.exe
2015-06-25 13:52 - 2015-05-19 20:26 - 00107256 _____ () C:\Program Files\Dell\SupportAssist\libCSharpCommonCS.dll
2015-06-25 13:52 - 2015-05-19 20:26 - 00553720 _____ () C:\Program Files\Dell\SupportAssist\libAsapiCSharp.dll
2015-03-16 11:28 - 2015-03-16 11:28 - 00155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-12-24 14:26 - 2010-02-09 08:41 - 00028672 _____ () C:\Program Files (x86) (x86)\Lexmark 5300 Series\App4R.Monitor.Common.dll
2014-12-24 14:26 - 2010-02-09 08:41 - 00036864 _____ () C:\Program Files (x86) (x86)\Lexmark 5300 Series\App4R.Monitor.Core.dll
2014-12-24 14:26 - 2010-02-09 08:40 - 00057344 _____ () C:\Program Files (x86) (x86)\Lexmark 5300 Series\app4r.devmons.mcmdevmon.dll
2014-12-24 14:26 - 2008-06-06 07:45 - 00011776 _____ () C:\Program Files (x86) (x86)\Lexmark 5300 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
2014-02-01 13:30 - 2014-02-01 13:30 - 00861184 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\platforms\qwindows.dll
2014-09-21 01:59 - 2013-03-04 22:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 13:41 - 2013-03-05 13:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-02-26 11:07 - 2015-02-09 10:14 - 01905904 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-09-21 02:15 - 2012-11-26 01:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2015-02-26 11:07 - 2014-02-18 13:12 - 00117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2015-10-01 10:44 - 2015-09-23 21:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-10-01 10:44 - 2015-09-23 21:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll
2015-10-01 10:44 - 2015-09-23 21:34 - 16487752 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\Users\Hypno\OneDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1188468758-1272634306-373300443-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Hypno\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 71.10.216.1 - 71.10.216.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "AdAwareTray"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{383E65B5-108A-458B-8E11-809EE0183915}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{1357C1E0-7FD2-49F2-B39B-B256F27CB5C7}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe
FirewallRules: [{59ADB38E-8A52-4249-952D-4F04962D3C12}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
FirewallRules: [{5DFCAFB9-BB3F-4BBB-B636-C9986FA1D940}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{259B95C8-2A7A-42C1-A97C-8EC75A84C379}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{679E6E4A-EECC-471B-80E1-49F83AF09666}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{6F44041F-DBD4-44DF-AA62-E5552C33A1FF}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{FCFB9474-DD07-4F0A-94CE-54369B8723B3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{89ED3E5C-7937-4417-9684-631BEB559A8F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{C8EB96E7-41CD-46E6-AC55-F9551754F357}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6683267F-3D59-4181-A6D2-0811535700BE}] => (Allow) C:\Windows\SysWOW64\lxdkcoms.exe
FirewallRules: [{B421CB7C-9258-4316-9495-76642D720C5A}] => (Allow) C:\Windows\SysWOW64\lxdkcoms.exe
FirewallRules: [{38A75B82-EFC5-4673-BEE4-7CA7F6B1DF00}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 5300 Series\lxdkamon.exe
FirewallRules: [{7CD468EA-53CE-4D7C-BED9-C8BC6C333AFF}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 5300 Series\lxdkamon.exe
FirewallRules: [{38AEFA95-0615-43EB-A4F3-E0E4BA332047}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 5300 Series\frun.exe
FirewallRules: [{7528B128-953D-4620-9B07-0A8BFEC86CC1}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 5300 Series\frun.exe
FirewallRules: [{D1C18F20-F63F-44ED-B7A8-5864BC6FCD5A}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 5300 Series\lxdkmon.exe
FirewallRules: [{3B192F3D-C4B3-4967-B688-6678C9F2FDE7}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 5300 Series\lxdkmon.exe
FirewallRules: [{36813081-8EDA-4EEA-B207-27D6B04186E3}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{5A7CF105-0277-4C0A-905F-5C599EA2FC7F}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{16B5E429-C15E-472B-9BC9-FE89722ED227}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{D2C08777-2A95-4F43-B96E-8AF6EBB7543C}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{80EF4F7C-6AF2-490F-9F61-2DDA1ED59615}] => (Allow) C:\Users\Hypno\AppData\Local\Temp\nssB7D2.tmp\CnetInstaller-10735947.exe
FirewallRules: [{ABDD6C01-93A2-430D-813F-C982BB85BF9A}] => (Allow) C:\Users\Hypno\AppData\Local\Temp\nssB7D2.tmp\CnetInstaller-10735947.exe
FirewallRules: [{7CE86586-756A-42B9-AE89-5196B48EE9CC}] => (Allow) C:\Users\Hypno\AppData\Local\Temp\nse2E4A.tmp\CnetInstaller-10735947.exe
FirewallRules: [{2F32C58D-E333-4356-ABAC-6AF76062DF80}] => (Allow) C:\Users\Hypno\AppData\Local\Temp\nse2E4A.tmp\CnetInstaller-10735947.exe
FirewallRules: [{BED5D576-2BB4-4177-933D-7E72BE5E0282}] => (Allow) C:\Users\Hypno\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C31C22FB-99F4-401F-8DA8-8BB7B830CA35}] => (Allow) C:\Users\Hypno\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FB3DE7B6-AC1C-4A61-9090-01CD20B1B9E2}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
FirewallRules: [{E15A7092-62A3-4B20-89DB-76112E66D679}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exe
FirewallRules: [{6E726B8D-1DBC-4E70-AE84-3FDEA445DC49}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exe
FirewallRules: [{9C824CA5-DFA9-425D-87F6-4D4A28807D35}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exe
FirewallRules: [{0E0D26A8-2742-4785-ADF0-86B872985C28}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exe
FirewallRules: [{4F0C4838-03AC-4B02-9618-4E6716284820}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Dell Wireless 1705 802.11b/g/n (2.4GHZ)
Description: Dell Wireless 1705 802.11b/g/n (2.4GHZ)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/30/2015 07:55:11 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (09/30/2015 03:12:35 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: HYPNORAYGUN)
Description: Application or service 'Dell Update Service' could not be restarted.
 
Error: (09/29/2015 06:52:03 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (09/29/2015 02:15:48 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)
 
Error: (09/23/2015 02:11:42 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (09/22/2015 03:46:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MixPad.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1efc
 
Start Time: 01d0f573f5a71f58
 
Termination Time: 569
 
Application Path: C:\Program Files (x86)\NCH Software\MixPad\MixPad.exe
 
Report Id: ff039ad2-616a-11e5-8277-38b1db634512
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (09/18/2015 08:22:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 510
 
Start Time: 01d0f278f33cc1f5
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: e8f6c413-5e6c-11e5-8277-38b1db634512
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (09/12/2015 10:11:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1a7c
 
Start Time: 01d0edd136c540de
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 2a92dbe7-59c5-11e5-8277-38b1db634512
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (09/09/2015 07:18:29 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (09/07/2015 03:02:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.55.0, time stamp: 0x557a2a02
Faulting module name: ntdll.dll, version: 6.3.9600.17936, time stamp: 0x55a68dd1
Exception code: 0xc0000374
Fault offset: 0x000e5904
Faulting process id: 0xce0
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5
 
 
System errors:
=============
Error: (09/30/2015 08:20:25 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 80.
 
Error: (09/30/2015 08:20:25 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 80.
 
Error: (09/30/2015 08:15:49 PM) (Source: DCOM) (EventID: 10016) (User: HYPNORAYGUN)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}HypnoRaygunHypnoS-1-5-21-1188468758-1272634306-373300443-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (09/30/2015 08:15:40 PM) (Source: DCOM) (EventID: 10016) (User: HYPNORAYGUN)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}HypnoRaygunHypnoS-1-5-21-1188468758-1272634306-373300443-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (09/30/2015 08:15:40 PM) (Source: DCOM) (EventID: 10016) (User: HYPNORAYGUN)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}HypnoRaygunHypnoS-1-5-21-1188468758-1272634306-373300443-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (09/30/2015 08:15:39 PM) (Source: DCOM) (EventID: 10016) (User: HYPNORAYGUN)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}HypnoRaygunHypnoS-1-5-21-1188468758-1272634306-373300443-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (09/30/2015 08:15:39 PM) (Source: DCOM) (EventID: 10016) (User: HYPNORAYGUN)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}HypnoRaygunHypnoS-1-5-21-1188468758-1272634306-373300443-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (09/30/2015 08:15:39 PM) (Source: DCOM) (EventID: 10016) (User: HYPNORAYGUN)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}HypnoRaygunHypnoS-1-5-21-1188468758-1272634306-373300443-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (09/30/2015 08:15:38 PM) (Source: DCOM) (EventID: 10016) (User: HYPNORAYGUN)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}HypnoRaygunHypnoS-1-5-21-1188468758-1272634306-373300443-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (09/30/2015 08:15:38 PM) (Source: DCOM) (EventID: 10016) (User: HYPNORAYGUN)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}HypnoRaygunHypnoS-1-5-21-1188468758-1272634306-373300443-1001LocalHost (Using LRPC)UnavailableUnavailable
 
 
CodeIntegrity:
===================================
  Date: 2015-09-30 19:49:34.971
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-30 19:49:34.549
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-30 19:49:34.111
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-30 19:49:17.529
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-30 19:49:17.107
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-30 19:49:16.685
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-30 19:49:15.935
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-30 19:49:15.514
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-30 19:49:15.060
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-30 19:49:13.826
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU J1800 @ 2.41GHz
Percentage of memory in use: 51%
Total physical RAM: 3987.2 MB
Available physical RAM: 1915.6 MB
Total Virtual: 5459.2 MB
Available Virtual: 2469.82 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:456.3 GB) (Free:411.51 GB) NTFS
Drive d: (Elements) (Fixed) (Total:1863.01 GB) (Free:921.68 GB) NTFS
Drive f: (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32
Drive w: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.42 GB) NTFS
Drive x: (PBR Image) (Fixed) (Total:8.08 GB) (Free:0.7 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 240AD42F)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 000F408A)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
Link to post
Share on other sites

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


FRST.gif Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please upload them into your next reply.
Link to post
Share on other sites

It is okay.

FRST.gif Fix with Farbar Recovery Scan Tool

 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please upload it to your reply.


servicerepairico.png Fix with ESET Services Repair

Please download Services Repair by ESET and save it to your desktop.

  • Right-click on servicerepairico.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • If security notifications appear, click Continue or Run.
  • Accept the prompt about restoring services.
  • Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
  • A log will be saved in the CCSupport folder the tool created on your desktop.
Please include that logfile in your next reply.


FRST.gif FRST search

Once again we shall use FRST for additional checks. Re-run FRST/FRST64 by double-clicking:

  • Copy wpad.dat;wpad into the Search: field in FRST then click the Search Registry button.
  • FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
  • Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

At this moment, things seem to have stopped. I'm going to install Firefox and see how that behaves. That's where it first started. I do appreciate all your help. And a Beer fund donation will be made. I would like to see how Firefox does before this is totally closed out, if that is okay? Thank you again! 

Link to post
Share on other sites

Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)

Recommended reading:

icon_exclaim.gifMUST READ - security tips:

icon_exclaim.gifMUST READ - general maintenance:

The Importance of Software Updating:

In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.

Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

Recommended additional software:

icon_arrow.gifCCleaner - to clean unneeded temporary files.

icon_arrow.gifMalwarebytes' Anti-Malware - to scan your system from time to time in search for malware.

icon_arrow.gifMalwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.

icon_arrow.gifMcShield - to prevent infections spread by removable media.

icon_arrow.gifUnchecky - to prevent from installing additional foistware, implemented in legitimate installations.

icon_arrow.gifAdblock - to surf the web without annoying ads!

Post-cleanup procedures:

Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report. You do not need to attach it.
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix

Tool deletes old system restore points and create a fresh system restore point after cleaning.

My help is free for everybody.

If you're happy with the help provided and/or wish to show your appreciation for the assistance you received, then you can consider a donation:

btn_donateCC_LG.gif

Thank you!

Stay safe,

TwinHeadedEagle :)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.