ksp136 Posted February 13, 2017 ID:1101376 Share Posted February 13, 2017 Hi! About a month ago my computer began randomly flashing the cmd window, usually about 3-6 windows will quickly open and close. I've run various scans and the return is always clean but the flashes continue. I recorded my screen to "catch" the pop ups so I could see what they say. It's something about bitsadmin... I've attached the screen shot. Link to post Share on other sites More sharing options...
kevinf80 Posted February 13, 2017 ID:1101432 Share Posted February 13, 2017 Hello ksp136 and welcome to Malwarebytes, My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please: Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good... Change the download folder setting in the Default Browser only. so all of the tools we may use are saved to the Desktop:Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen. NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.Change default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties" In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK" Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location..... Next, Follow the instructions in the following link to show hidden files:http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/ Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.htmlNote: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Next, Open FRST again, Type the following in the edit box on FRST, after "Search:".BITSAdmin It then should look like this:Search: BITSAdmin Click Search Registry button and post the log (Search.txt) it will produce. Let me see all those logs in your next reply... Thank you, Kevin.. Link to post Share on other sites More sharing options...
ksp136 Posted February 13, 2017 Author ID:1101501 Share Posted February 13, 2017 Hi Kevin! Thanks for the fast response! I've attached all three logs and copy pasted the FRST log only. See below: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2017 Ran by KP (administrator) on KP (13-02-2017 10:10:35) Running from C:\Users\KP\Desktop Loaded Profiles: KP (Available Profiles: KP) Platform: Windows 10 Home Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (GameHouse) C:\Program Files (x86)\GameHouse Games\aminstantservice.exe (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Dynamsoft Corporation) C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe (Dynamsoft Corporation) C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe (Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (WildTangent, Inc.) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Dynamsoft Corporation) C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Spotify Ltd) C:\Users\KP\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe (Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8520448 2016-05-24] (Realtek Semiconductor) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.) HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKU\S-1-5-21-565673585-3621012978-1595873997-1001\...\Run: [Google Update] => C:\Users\KP\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-17] (Google Inc.) HKU\S-1-5-21-565673585-3621012978-1595873997-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.) HKU\S-1-5-21-565673585-3621012978-1595873997-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.) HKU\S-1-5-21-565673585-3621012978-1595873997-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-01-17] (Apple Inc.) HKU\S-1-5-21-565673585-3621012978-1595873997-1001\...\Run: [Spotify Web Helper] => C:\Users\KP\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-02] (Spotify Ltd) HKU\S-1-5-21-565673585-3621012978-1595873997-1001\...\Run: [GoogleChromeAutoLaunch_7173795419EC2074CF4FDA28B9D73281] => C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.) HKU\S-1-5-21-565673585-3621012978-1595873997-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd) HKU\S-1-5-21-565673585-3621012978-1595873997-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [37376 2016-07-16] (Microsoft Corporation) HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation) HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation) Startup: C:\Users\KP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2016-10-23] ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\KP\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook) BootExecute: autocheck autochk /r \??\Z:autocheck autochk * ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 10.32.15.130 10.32.15.2 Tcpip\..\Interfaces\{112301ac-dd3e-4440-b350-b47c5b0c0548}: [DhcpNameServer] 10.32.15.130 10.32.15.2 Tcpip\..\Interfaces\{ae9954ea-ba81-4a26-bbba-a6ea9f6c3814}: [DhcpNameServer] 172.20.10.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\S-1-5-21-565673585-3621012978-1595873997-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE SearchScopes: HKLM-x32 -> {84F78381-D466-4F94-98E2-999A3D8545A6} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-565673585-3621012978-1595873997-1001 -> {84F78381-D466-4F94-98E2-999A3D8545A6} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-565673585-3621012978-1595873997-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={54D293C5-FFFD-4FDA-AC7D-6DE2439757C2}&mid=c2dd5d01906a47cc8a0f61139c04f251-293647f61a89b3a8030879699880a6d128693694&lang=en&ds=AVG&coid=avgtbavg&cmpid=1215tb&pr=fr&d=2015-12-09 15:50:07&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms} BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File FireFox: ======== FF ProfilePath: C:\Users\KP\AppData\Roaming\Mozilla\Firefox\Profiles\j8wweao3.default-1472094346928 [2017-02-13] FF Extension: (Firefox Hotfix) - C:\Users\KP\AppData\Roaming\Mozilla\Firefox\Profiles\j8wweao3.default-1472094346928\Extensions\firefox-hotfix@mozilla.org.xpi [2016-11-06] FF Extension: (Youtube Unblocker Remediation) - C:\Users\KP\AppData\Roaming\Mozilla\Firefox\Profiles\j8wweao3.default-1472094346928\features\{3c8be9b8-1d17-42f5-a3fd-0b052fee393b}\malware-remediation@mozilla.org.xpi [2016-11-06] FF SearchPlugin: C:\Users\KP\AppData\Roaming\Mozilla\Firefox\Profiles\j8wweao3.default-1472094346928\searchplugins\avg-secure-search.xml [2016-11-26] FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-06-25] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-565673585-3621012978-1595873997-1001: @tools.google.com/Google Update;version=3 -> C:\Users\KP\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin HKU\S-1-5-21-565673585-3621012978-1595873997-1001: @tools.google.com/Google Update;version=9 -> C:\Users\KP\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin HKU\S-1-5-21-565673585-3621012978-1595873997-1001: LWAPlugin15.8 -> C:\Users\KP\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Users\KP\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation) Chrome: ======= CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR Profile: C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default [2017-02-13] CHR Extension: (Google Slides) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-08] CHR Extension: (Entanglement Web App) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2015-12-08] CHR Extension: (Google Docs) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-08] CHR Extension: (Google Drive) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-08] CHR Extension: (YouTube) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-08] CHR Extension: (Google Cast) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-25] CHR Extension: (Adblock Plus) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27] CHR Extension: (Google Search) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-08] CHR Extension: (Adobe Acrobat) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-31] CHR Extension: (Pandora) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2015-12-08] CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2016-11-21] CHR Extension: (Google Sheets) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-08] CHR Extension: (Full Screen Weather) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2015-12-08] CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2017-02-10] CHR Extension: (Google Docs Offline) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16] CHR Extension: (AdBlock) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-31] CHR Extension: (SwagButton) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2017-01-18] CHR Extension: (Learn Korean Free - KoreanClass101.com) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnpllochhpaedhafkgknfalcfibdhmae [2015-12-08] CHR Extension: (TinEye Reverse Image Search) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2016-08-28] CHR Extension: (Pathuku - Connect the lines) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkiilmogcdkeefnbemdagpmcediekadb [2015-12-08] CHR Extension: (Japanese Kana) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhmomiblghhhfjleapinggmnjhinign [2015-12-08] CHR Extension: (Google Play Music) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2016-06-13] CHR Extension: (Little Alchemy) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2016-02-14] CHR Extension: (Skype) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-27] CHR Extension: (Poppit!) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2015-12-08] CHR Extension: (Hello Kitty) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mioiobnjjjgemkflahplehgpkbjcojld [2015-12-08] CHR Extension: (Ghostery) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-01-15] CHR Extension: (Mahjong Solitaire) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc [2015-12-08] CHR Extension: (Chrome Web Store Payments) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-31] CHR Extension: (imo free video calls and text) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocaebkdojpikfmhmnekiflipcicedobi [2015-12-08] CHR Extension: (Gmail) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-08] CHR Extension: (Chrome Media Router) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-02] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AESMService; C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3744904 2015-06-19] (Intel Corporation) R2 AMInstantService; C:\Program Files (x86)\GameHouse Games\aminstantservice.exe [2041776 2016-10-26] (GameHouse) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.) S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [971160 2017-01-09] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337600 2017-01-09] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [725976 2017-01-09] (AVG Technologies CZ, s.r.o.) S2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [74288 2016-10-27] (CyberGhost S.R.L) S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [623072 2016-03-18] (Intel Corporation) R2 Dynamsoft WebTWAIN Service; C:\WINDOWS\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe [1347088 2015-08-31] (Dynamsoft Corporation) R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1385640 2016-07-07] (Intel Corporation) R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-06-25] (WildTangent) S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.) R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.) R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-22] (Intel Corporation) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-03-18] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-11] (Intel Corporation) S3 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2015-12-03] (McAfee, Inc.) S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [338208 2015-03-19] (McAfee, Inc.) S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe [1696712 2016-02-23] (McAfee, Inc.) S3 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-11] (Electronic Arts) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [308464 2016-05-24] (Realtek Semiconductor) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [260704 2016-09-02] (Synaptics Incorporated) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\Kingsoft Office\wpscloudsvr.exe [173824 2017-01-09] (Zhuhai Kingsoft Office Software Co.,Ltd) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 Avgboota; C:\WINDOWS\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\WINDOWS\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdrivera.sys [312576 2016-11-04] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\WINDOWS\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\WINDOWS\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\WINDOWS\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\WINDOWS\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\WINDOWS\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.) R0 avguniva; C:\WINDOWS\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\WINDOWS\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o.) R3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation) R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [43512 2016-07-07] (Intel Corporation) R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [251384 2016-07-07] (Intel Corporation) S2 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [415976 2015-09-23] (McAfee, Inc.) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [889584 2015-12-11] (Realtek ) S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [753368 2015-07-21] (Realsil Semiconductor Corporation) R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6294016 2017-02-01] (Realtek Semiconductor Corporation ) S3 SGXEPC; C:\WINDOWS\System32\drivers\sgx_driver.sys [54768 2015-06-19] (Windows (R) Win 7 DDK provider) S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-27] (Synaptics Incorporated) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [71264 2016-09-02] (Synaptics Incorporated) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.) R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-02-06] (Zemana Ltd.) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-02-06] (Zemana Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-13 10:10 - 2017-02-13 10:11 - 00026533 _____ C:\Users\KP\Desktop\FRST.txt 2017-02-13 10:07 - 2017-02-13 10:10 - 00000000 ____D C:\FRST 2017-02-13 10:06 - 2017-02-13 10:06 - 02421248 _____ (Farbar) C:\Users\KP\Desktop\FRST64.exe 2017-02-13 00:38 - 2017-02-13 00:38 - 540134393 _____ C:\Users\KP\Desktop\KP-09-02-2017-14-27-.fbr 2017-02-10 20:41 - 2017-02-10 20:41 - 01465148 _____ C:\Users\KP\Downloads\Debt-Guide.pdf 2017-02-10 00:34 - 2017-02-10 00:34 - 00120740 _____ C:\Users\KP\Documents\cc_20170210_003359.reg 2017-02-09 22:05 - 2017-02-09 22:05 - 00478392 ____N (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\4F45CB54.sys 2017-02-09 22:05 - 2017-02-09 22:05 - 00085600 ____N (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\57018824.sys 2017-02-09 22:05 - 2017-02-09 22:05 - 00000000 ____D C:\KVRT_Data 2017-02-09 22:04 - 2017-02-09 22:05 - 108104160 _____ (Kaspersky Lab ZAO) C:\Users\KP\Downloads\KVRT.exe 2017-02-09 21:58 - 2017-02-09 21:58 - 13160824 _____ (ParetoLogic Inc.) C:\Users\KP\Downloads\ParetoLogic PC Health Advisor.exe 2017-02-09 21:43 - 2017-02-09 21:43 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\KP\Downloads\rkill.exe 2017-02-09 21:38 - 2017-02-09 21:39 - 14449600 _____ (Copyright 2017.) C:\Users\KP\Downloads\Zemana.AntiMalware.Portable (1).exe 2017-02-08 07:40 - 2017-02-08 07:43 - 00419148 _____ C:\WINDOWS\Minidump\020817-51078-01.dmp 2017-02-08 07:40 - 2017-02-08 07:40 - 1432010488 _____ C:\WINDOWS\MEMORY.DMP 2017-02-08 07:40 - 2017-02-08 07:40 - 00000000 ____D C:\WINDOWS\Minidump 2017-02-07 23:22 - 2017-02-07 23:22 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe 2017-02-07 22:57 - 2017-02-07 22:57 - 00793696 _____ C:\Users\KP\Downloads\Kings_Cage_Red_Queen_3_022017_Victoria_Aveyard.epub 2017-02-07 22:56 - 2017-02-07 22:56 - 00054736 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys 2017-02-07 22:56 - 2017-02-07 22:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2017-02-07 22:56 - 2017-02-07 22:56 - 00000000 ____D C:\Program Files\HitmanPro 2017-02-07 22:54 - 2017-02-07 23:22 - 00000000 ____D C:\ProgramData\HitmanPro 2017-02-07 22:52 - 2017-02-07 22:54 - 11581544 _____ (SurfRight B.V.) C:\Users\KP\Downloads\hitmanpro_x64.exe 2017-02-06 01:29 - 2017-02-13 10:10 - 00945527 _____ C:\WINDOWS\ZAM.krnl.trace 2017-02-06 01:29 - 2017-02-13 10:10 - 00891959 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2017-02-06 01:29 - 2017-02-06 01:29 - 14449600 _____ (Copyright 2017.) C:\Users\KP\Downloads\Zemana.AntiMalware.Portable.exe 2017-02-06 01:29 - 2017-02-06 01:29 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys 2017-02-06 01:29 - 2017-02-06 01:29 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys 2017-02-06 01:29 - 2017-02-06 01:29 - 00000000 ____D C:\Users\KP\AppData\Local\Zemana 2017-02-06 01:24 - 2017-02-06 01:24 - 06771840 _____ (ESET spol. s r.o.) C:\Users\KP\Downloads\esetonlinescanner_enu.exe 2017-02-05 19:47 - 2017-02-05 19:47 - 03663455 _____ C:\Users\KP\Downloads\Student Council .pptx 2017-02-03 01:37 - 2017-02-09 13:15 - 00000000 ____D C:\ProgramData\Blueberry 2017-02-03 01:37 - 2017-02-03 01:37 - 00000000 ____D C:\Users\KP\Documents\FlashBack Movies 2017-02-02 23:40 - 2017-02-03 01:51 - 00000000 ____D C:\Users\KP\AppData\Roaming\Blueberry 2017-02-02 23:40 - 2017-02-03 01:37 - 00000000 ____D C:\Users\KP\AppData\Roaming\LogSys 2017-02-02 23:40 - 2017-02-02 23:40 - 00001454 _____ C:\Users\Public\Desktop\FlashBack Plus 5 Recorder.lnk 2017-02-02 23:40 - 2017-02-02 23:40 - 00001444 _____ C:\Users\Public\Desktop\FlashBack Plus 5 Player.lnk 2017-02-02 23:40 - 2017-02-02 23:40 - 00000000 ____D C:\WINDOWS\SysWOW64\ShellDD 2017-02-02 23:40 - 2017-02-02 23:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blueberry Software 2017-02-02 23:40 - 2017-02-02 23:40 - 00000000 ____D C:\ProgramData\LogSys 2017-02-02 23:40 - 2017-02-02 23:40 - 00000000 ____D C:\Program Files (x86)\Blueberry Software 2017-02-02 23:19 - 2017-02-02 23:39 - 23413360 _____ (Blueberry) C:\Users\KP\Downloads\bbfbpls5.exe 2017-02-02 22:44 - 2017-02-02 22:44 - 00028903 _____ C:\Users\KP\Downloads\Mr. Right (2015) [720p] [YTS.PE].torrent 2017-02-02 22:43 - 2017-02-02 22:43 - 00032717 _____ C:\Users\KP\Downloads\How to Be Single (2016) [720p] [YTS.PE].torrent 2017-02-02 22:36 - 2017-02-02 22:36 - 00000870 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-02-02 22:35 - 2017-02-02 22:36 - 08813488 _____ (Piriform Ltd) C:\Users\KP\Downloads\ccsetup526.exe 2017-02-02 19:51 - 2017-02-02 19:51 - 00000000 ____D C:\Users\KP\Downloads\Tori Kelly - Unbreakable Smile [Super Deluxe Edition] - 2016 2017-02-02 19:50 - 2017-02-02 20:01 - 00000000 ____D C:\Users\KP\Downloads\Tori Kelly - Unbreakable Smile (Target Edition) - 2015 2017-02-02 19:49 - 2017-02-02 19:53 - 00000000 ____D C:\Users\KP\Downloads\The Weeknd - Starboy (2016) 2017-02-02 19:48 - 2017-02-02 19:48 - 00011729 _____ C:\Users\KP\Downloads\the weeknd - starboy 2016 flac.torrent 2017-02-02 03:45 - 2017-02-02 03:45 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2017-02-01 00:38 - 2017-02-01 00:38 - 06294016 _____ (Realtek Semiconductor Corporation ) C:\WINDOWS\system32\Drivers\rtwlane.sys 2017-02-01 00:38 - 2017-02-01 00:38 - 01164800 _____ (Realtek Semiconductor Corp. ) C:\WINDOWS\system32\Rtlihvs.dll 2017-01-30 22:20 - 2017-01-30 22:20 - 00143625 _____ C:\Users\KP\Desktop\vzbill_paper_5081_010617_013017222017.pdf 2017-01-30 21:58 - 2017-01-30 21:58 - 01016344 _____ C:\Users\KP\Desktop\December bank account.pdf 2017-01-30 19:17 - 2017-01-30 19:17 - 00000000 ____D C:\Users\KP\Downloads\BoxTops 2017-01-30 19:10 - 2017-01-30 19:10 - 00391370 _____ C:\Users\KP\Downloads\BoxTops.zip 2017-01-28 13:47 - 2017-01-28 13:47 - 00001829 _____ C:\Users\Public\Desktop\iTunes.lnk 2017-01-28 13:47 - 2017-01-28 13:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2017-01-28 13:46 - 2017-01-28 13:47 - 00000000 ____D C:\Program Files\iTunes 2017-01-28 13:46 - 2017-01-28 13:46 - 00000000 ____D C:\Program Files\iPod 2017-01-28 13:43 - 2017-01-28 13:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2017-01-25 17:57 - 2017-01-25 22:13 - 00062351 _____ C:\Users\KP\Downloads\parent involvement survey (1).xlsx 2017-01-24 17:39 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2017-01-24 17:39 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2017-01-23 18:11 - 2017-01-23 18:11 - 00034355 _____ C:\Users\KP\Downloads\parent involvement survey.xlsx 2017-01-20 19:06 - 2017-01-20 19:07 - 17797624 _____ C:\Users\KP\Downloads\InstallUserTesting-v2.0 (1).exe 2017-01-18 19:05 - 2017-01-23 08:54 - 00000000 ____D C:\Users\KP\Documents\UserTesting 2017-01-18 19:03 - 2017-01-23 08:47 - 00000000 ____D C:\Users\KP\AppData\Local\UserTestingPlugin 2017-01-18 19:02 - 2017-01-18 19:03 - 17797624 _____ C:\Users\KP\Downloads\InstallUserTesting-v2.0.exe 2017-01-17 20:33 - 2017-01-17 20:33 - 29963203 _____ C:\Users\KP\Desktop\tonga.zip ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-13 09:32 - 2016-10-09 10:13 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-02-13 00:01 - 2016-10-11 00:28 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task 2017-02-12 23:42 - 2016-06-02 20:40 - 00000000 ____D C:\ProgramData\MFAData 2017-02-10 22:25 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-02-10 00:33 - 2015-12-08 19:50 - 00000000 ____D C:\Users\KP\Desktop\virus stuff 2017-02-09 21:30 - 2015-12-08 20:30 - 00000000 ____D C:\Users\KP\Desktop\movies 2017-02-09 19:01 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-02-09 10:48 - 2016-01-04 15:55 - 00000000 ____D C:\Users\KP\AppData\Roaming\vlc 2017-02-09 10:32 - 2015-12-10 18:04 - 00000326 _____ C:\WINDOWS\Tasks\HPCeeScheduleForKP.job 2017-02-09 10:28 - 2016-07-16 01:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM 2017-02-08 07:52 - 2015-12-08 17:35 - 00000000 ____D C:\Users\KP\Documents\YouCam 2017-02-08 07:50 - 2016-10-23 12:11 - 00000000 ___RD C:\Users\KP\iCloudDrive 2017-02-08 07:49 - 2016-10-09 10:16 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2017-02-08 07:49 - 2015-12-08 17:34 - 00000000 __SHD C:\Users\KP\IntelGraphicsProfiles 2017-02-08 07:45 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF 2017-02-08 07:44 - 2016-10-09 10:22 - 00000000 ____D C:\Users\KP 2017-02-08 07:40 - 2016-10-09 10:56 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-02-06 23:13 - 2015-12-08 19:35 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-02-06 22:42 - 2016-01-03 09:13 - 00000000 ____D C:\Users\KP\Desktop\games 2017-02-06 00:57 - 2015-12-09 23:13 - 00000000 ____D C:\Users\KP\AppData\Roaming\uTorrent 2017-02-02 22:35 - 2016-10-31 18:15 - 00000000 ____D C:\Users\KP\AppData\Local\Spotify 2017-02-02 20:51 - 2016-10-31 18:14 - 00000000 ____D C:\Users\KP\AppData\Roaming\Spotify 2017-02-02 17:33 - 2015-12-08 17:47 - 00002491 _____ C:\Users\KP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-01-31 01:22 - 2016-01-20 15:35 - 00000000 ____D C:\Users\KP\AppData\Local\ElevatedDiagnostics 2017-01-31 01:07 - 2016-06-02 20:38 - 00000000 ____D C:\Users\KP\AppData\Local\AvgSetupLog 2017-01-30 22:28 - 2016-02-13 12:17 - 00000000 ____D C:\Users\KP\Desktop\being an adult 2017-01-30 18:49 - 2016-08-02 17:09 - 00000000 ____D C:\Users\KP\Desktop\PHENND 2017-01-28 13:46 - 2015-12-08 19:23 - 00000000 ____D C:\Program Files\Common Files\Apple 2017-01-25 18:30 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-01-19 19:27 - 2015-12-28 14:24 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-01-19 09:11 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache 2017-01-19 00:04 - 2016-06-02 20:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2017-01-18 18:30 - 2016-12-14 00:14 - 00003284 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-01-18 18:30 - 2015-12-08 17:39 - 00002407 _____ C:\Users\KP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-01-18 18:30 - 2015-12-08 17:39 - 00000000 ___RD C:\Users\KP\OneDrive 2017-01-17 18:42 - 2015-12-15 15:29 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-01-17 18:42 - 2015-12-15 15:29 - 00000000 ____D C:\ProgramData\Skype 2017-01-16 07:14 - 2015-07-16 01:05 - 00000000 __RHD C:\Users\Public\AccountPictures 2017-01-16 07:10 - 2017-01-09 12:30 - 00000608 _____ C:\WINDOWS\Tasks\WpsExternal_KP_20170109123037.job 2017-01-16 07:10 - 2017-01-09 12:30 - 00000414 _____ C:\WINDOWS\Tasks\WpsUpdateTask_KP.job 2017-01-16 07:10 - 2016-10-23 14:08 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job 2017-01-16 07:10 - 2016-10-23 14:08 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2017-01-16 07:10 - 2016-06-14 23:27 - 00000730 _____ C:\WINDOWS\Tasks\WpsKtpcntrQingTask_KP.job 2017-01-16 07:09 - 2016-10-09 10:13 - 00366288 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-01-15 23:25 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2017-01-15 23:24 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2017-01-15 23:24 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2017-01-15 23:24 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe 2017-01-15 23:24 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences 2017-01-15 23:24 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning 2017-01-15 23:17 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports ==================== Files in the root of some directories ======= 2016-12-04 22:57 - 2016-12-04 22:58 - 0000003 _____ () C:\Users\KP\AppData\Local\run1.txt ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-02-06 23:04 ==================== End of FRST.txt ============================ Addition.txt SearchReg.txt FRST.txt Link to post Share on other sites More sharing options...
kevinf80 Posted February 13, 2017 ID:1101565 Share Posted February 13, 2017 Thanks for those logs, continue as follows please: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Clean install Malwarebytes from version 2 to version 3... Please download MBAM-clean and save it to your desktop. Right-click on mbam-clean.exe icon and select Run as Administrator to start the tool. It will ask you to reboot the machine - please do so. Run the cleaner tool again, re-boot when complete. <<<---do not miss this step If you have lost the activation licence key information it can be located here: http://www.cleverbridge.com/342/?scope=cusecolp Download Malwarebytes version 3 from the following link:https://www.malwarebytes.com/mwb-download/thankyou/ Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions.... When the install completes and is updated do the following: Open Malwarebytes, select > "settings" > "protection tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply... If you have lost the activation licence key information it can be located here: http://www.cleverbridge.com/342/?scope=cusecolp Next, Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on the Scan in the Actions box Please wait fot the scan to finish.. When "Waiting for action.Please uncheck elements you want to keep" shows in top line.. Click on the Cleaning box. Next click OK on the "Closing Programs" pop up box. Click OK on the Information box & again OK to allow the necessary reboot After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed... Next, Download Sophos Free Virus Removal Tool and save it to your desktop. If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete..... Please Do Not use your PC whilst the scan is in progress.... Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... The Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows The Windows registry All local hard drives, fixed and removable Mapped network drives are not scanned. Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan. Let me see those logs in your reply, also tell me if there are any remaining issues or concerns... Thank you, Kevin... fixlist.txt Link to post Share on other sites More sharing options...
ksp136 Posted February 14, 2017 Author ID:1101726 Share Posted February 14, 2017 lI did all of that. Here are the logs. The last scan came back clean. Now my mouse doesn't seem to work in my web browser... Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 2/13/17 Scan Time: 5:05 PM Logfile: malwarebytes results.txt Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.50 Update Package Version: 1.0.1254 License: Trial -System Information- OS: Windows 10 CPU: x64 File System: NTFS User: KP\KP -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 469942 Time Elapsed: 37 min, 41 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 PUP.Optional.ParetoLogic, C:\USERS\KP\DOWNLOADS\PARETOLOGIC PC HEALTH ADVISOR.EXE, Delete-on-Reboot, [2415], [366058],1.0.1254 Physical Sector: 0 (No malicious items detected) (end) # AdwCleaner v6.043 - Logfile created 13/02/2017 at 18:03:39 # Updated on 27/01/2017 by Malwarebytes # Database : 2017-02-13.1 [Server] # Operating System : Windows 10 Home (X64)w # Username : KP - KP # Running from : C:\Users\KP\Desktop\AdwCleaner.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder deleted: C:\Users\KP\AppData\Local\avg web tuneup [-] Folder deleted: C:\Program Files\avg web tuneup [-] Folder deleted: C:\Program Files\Common Files\AVG Secure Search [-] Folder deleted: C:\ProgramData\avg web tuneup [#] Folder deleted on reboot: C:\ProgramData\Application Data\avg web tuneup [-] Folder deleted: C:\Program Files (x86)\avg web tuneup [-] Folder deleted: C:\Program Files (x86)\Common Files\AVG Secure Search [-] Folder deleted: C:\Users\KP\AppData\Local\app ***** [ Files ] ***** [-] File deleted: C:\TOSTACK [-] File deleted: C:\Users\KP\AppData\Roaming\Mozilla\Firefox\Profiles\j8wweao3.default-1472094346928\searchplugins\avg-secure-search.xml ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** [-] Task deleted: YCMServiceAgent ***** [ Registry ] ***** [-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK [-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1 [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} [-] Key deleted: HKU\S-1-5-21-565673585-3621012978-1595873997-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com ***** [ Web browsers ] ***** ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [2709 Bytes] - [13/02/2017 18:03:39] C:\AdwCleaner\AdwCleaner[S0].txt - [2817 Bytes] - [13/02/2017 17:59:39] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2855 Bytes] ########## So far I haven't noticed any issues, but I also haven't really been on the computer as I fell asleep while it was doing the last scan. I'll def let you know though! malwarebytes results.txt AdwCleaner[C0].txt Link to post Share on other sites More sharing options...
kevinf80 Posted February 14, 2017 ID:1101734 Share Posted February 14, 2017 Do you also have the log from FRST fix...? Can you re-boot your PC, see if the mouse issue corrects itself... Link to post Share on other sites More sharing options...
ksp136 Posted February 14, 2017 Author ID:1101742 Share Posted February 14, 2017 I totally forgot to upload that one and unfortunately I've already left for work and didn't take my laptop. I'll upload it later tonight. Link to post Share on other sites More sharing options...
kevinf80 Posted February 14, 2017 ID:1101768 Share Posted February 14, 2017 OK< thanks for the update.... Link to post Share on other sites More sharing options...
ksp136 Posted February 14, 2017 Author ID:1101844 Share Posted February 14, 2017 Turns out, I completely missed the fix list and the FRST fix part of your previous post. That is now finished. Should I repeat the other steps? Fix result of Farbar Recovery Scan Tool (x64) Version: 14-02-2017 Ran by KP (14-02-2017 16:39:49) Run:1 Running from C:\Users\KP\Desktop Loaded Profiles: KP (Available Profiles: KP) Boot Mode: Normal ============================================== fixlist content: ***************** Start CreateRestorePoint: CloseProcesses: BootExecute: autocheck autochk /r \??\Z:autocheck autochk * Tcpip\Parameters: [DhcpNameServer] 10.32.15.130 10.32.15.2 Tcpip\..\Interfaces\{112301ac-dd3e-4440-b350-b47c5b0c0548}: [DhcpNameServer] 10.32.15.130 10.32.15.2 Tcpip\..\Interfaces\{ae9954ea-ba81-4a26-bbba-a6ea9f6c3814}: [DhcpNameServer] 172.20.10.1 CHR Extension: (Chrome Media Router) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-02] ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square FirewallRules: [{102658C8-3BB8-4D33-8627-5634100246BD}] => LPort=1688 CMD: bitsadmin /reset /allusers CMD: ipconfig /flushDNS EmptyTemp: end ***************** Restore point was successfully created. Processes closed successfully. HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value removed successfully HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{112301ac-dd3e-4440-b350-b47c5b0c0548}\\DhcpNameServer => value removed successfully HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ae9954ea-ba81-4a26-bbba-a6ea9f6c3814}\\DhcpNameServer => value removed successfully C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk => Shortcut argument removed successfully. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{102658C8-3BB8-4D33-8627-5634100246BD} => value removed successfully ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. {53CDD329-454E-4CB0-A5DC-55CEA4B65F3C} canceled. {4892C5A6-5253-4761-AD6F-D9F6E52F0409} canceled. {2C10BBF9-B93C-43BE-A3E7-7F0B39FC3CB0} canceled. 3 out of 3 jobs canceled. ========= End of CMD: ========= ========= ipconfig /flushDNS ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 32768 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 44669239 B Java, Flash, Steam htmlcache => 506 B Windows/system/drivers => 14174292 B Edge => 2123335 B Chrome => 771199943 B Firefox => 5761945 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 7680 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 128 B LocalService => 4922 B NetworkService => 12 B KP => 40045228 B RecycleBin => 1978 B EmptyTemp: => 837.3 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 16:41:15 ==== Link to post Share on other sites More sharing options...
kevinf80 Posted February 14, 2017 ID:1101848 Share Posted February 14, 2017 What is the current status of your laptop, are there any obvious issues or concerns...? What was the result of the Sophos AV scan.. Link to post Share on other sites More sharing options...
ksp136 Posted February 15, 2017 Author ID:1101895 Share Posted February 15, 2017 So far so good but I haven't been on it for too long since running the fix. The mouse was good after the reboot. The Sophos AC scan came back clean with no problems or logs. Link to post Share on other sites More sharing options...
kevinf80 Posted February 15, 2017 ID:1101925 Share Posted February 15, 2017 If the issue does not return we can clean up and remove tools etc.... Uninstall Sophos AV http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/ Next, Download "Delfix by Xplode" and save it to your desktop. Or use the following if first link is down:"Delfix link mirror" If your security program alerts to Delfix either, accept the alert or turn your security off. Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator Make Sure the following items are checked: Remove disinfection tools <----- this will remove tools we have used. Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created. Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection Now click on "Run" and wait patiently until the tool has completed. The tool will create a log when it has completed. We don't need you to post this. Any remnant files/logs from tools we have used can be deleted… Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner? Take care and surf safe Kevin... Link to post Share on other sites More sharing options...
ksp136 Posted February 18, 2017 Author ID:1102646 Share Posted February 18, 2017 I wanted to wait a few days/haven't been on my computer much thanks to running around for work a lot this week, but I haven't seen any pop ups when normally a ton would've occurred by now. So I'm guessing I'm good. I'll go ahead and follow the directions of the last post. Thank you sooooo much for your help!! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 18, 2017 Root Admin ID:1102731 Share Posted February 18, 2017 Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts