Jump to content

Recommended Posts

Hi! About a month ago my computer began randomly flashing the cmd window, usually about 3-6 windows will quickly open and close. I've run various scans and the return is always clean but the flashes continue. I recorded my screen to "catch" the pop ups so I could see what they say. It's something about bitsadmin... I've attached the screen shot. 

cmd window.jpg

Link to post
Share on other sites

Hello ksp136 and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the Default Browser only. so all of the tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Next,

Open FRST again,

Type the following in the edit box on FRST, after "Search:".

BITSAdmin

It then should look like this:

Search: BITSAdmin

Click Search Registry button and post the log (Search.txt) it will produce.

Let me see all those logs in your next reply...

Thank you,

Kevin..
Link to post
Share on other sites

Hi Kevin! 

Thanks for the fast response! I've attached all three logs and copy pasted the FRST log only. See below:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2017
Ran by KP (administrator) on KP (13-02-2017 10:10:35)
Running from C:\Users\KP\Desktop
Loaded Profiles: KP (Available Profiles: KP)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(GameHouse) C:\Program Files (x86)\GameHouse Games\aminstantservice.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Dynamsoft Corporation) C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Dynamsoft Corporation) C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(WildTangent, Inc.) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dynamsoft Corporation) C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Spotify Ltd) C:\Users\KP\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8520448 2016-05-24] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\S-1-5-21-565673585-3621012978-1595873997-1001\...\Run: [Google Update] => C:\Users\KP\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-17] (Google Inc.)
HKU\S-1-5-21-565673585-3621012978-1595873997-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-21-565673585-3621012978-1595873997-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-565673585-3621012978-1595873997-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-565673585-3621012978-1595873997-1001\...\Run: [Spotify Web Helper] => C:\Users\KP\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-02] (Spotify Ltd)
HKU\S-1-5-21-565673585-3621012978-1595873997-1001\...\Run: [GoogleChromeAutoLaunch_7173795419EC2074CF4FDA28B9D73281] => C:\Users\KP\AppData\Local\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
HKU\S-1-5-21-565673585-3621012978-1595873997-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-565673585-3621012978-1595873997-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [37376 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
Startup: C:\Users\KP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2016-10-23]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\KP\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
BootExecute: autocheck autochk /r \??\Z:autocheck autochk * 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.32.15.130 10.32.15.2
Tcpip\..\Interfaces\{112301ac-dd3e-4440-b350-b47c5b0c0548}: [DhcpNameServer] 10.32.15.130 10.32.15.2
Tcpip\..\Interfaces\{ae9954ea-ba81-4a26-bbba-a6ea9f6c3814}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-565673585-3621012978-1595873997-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM-x32 -> {84F78381-D466-4F94-98E2-999A3D8545A6} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-565673585-3621012978-1595873997-1001 -> {84F78381-D466-4F94-98E2-999A3D8545A6} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-565673585-3621012978-1595873997-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={54D293C5-FFFD-4FDA-AC7D-6DE2439757C2}&mid=c2dd5d01906a47cc8a0f61139c04f251-293647f61a89b3a8030879699880a6d128693694&lang=en&ds=AVG&coid=avgtbavg&cmpid=1215tb&pr=fr&d=2015-12-09 15:50:07&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File

FireFox:
========
FF ProfilePath: C:\Users\KP\AppData\Roaming\Mozilla\Firefox\Profiles\j8wweao3.default-1472094346928 [2017-02-13]
FF Extension: (Firefox Hotfix) - C:\Users\KP\AppData\Roaming\Mozilla\Firefox\Profiles\j8wweao3.default-1472094346928\Extensions\firefox-hotfix@mozilla.org.xpi [2016-11-06]
FF Extension: (Youtube Unblocker Remediation) - C:\Users\KP\AppData\Roaming\Mozilla\Firefox\Profiles\j8wweao3.default-1472094346928\features\{3c8be9b8-1d17-42f5-a3fd-0b052fee393b}\malware-remediation@mozilla.org.xpi [2016-11-06]
FF SearchPlugin: C:\Users\KP\AppData\Roaming\Mozilla\Firefox\Profiles\j8wweao3.default-1472094346928\searchplugins\avg-secure-search.xml [2016-11-26]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-06-25] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-565673585-3621012978-1595873997-1001: @tools.google.com/Google Update;version=3 -> C:\Users\KP\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-565673585-3621012978-1595873997-1001: @tools.google.com/Google Update;version=9 -> C:\Users\KP\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-565673585-3621012978-1595873997-1001: LWAPlugin15.8 -> C:\Users\KP\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\KP\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation)

Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default [2017-02-13]
CHR Extension: (Google Slides) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-08]
CHR Extension: (Entanglement Web App) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2015-12-08]
CHR Extension: (Google Docs) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-08]
CHR Extension: (Google Drive) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-08]
CHR Extension: (YouTube) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-08]
CHR Extension: (Google Cast) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-25]
CHR Extension: (Adblock Plus) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27]
CHR Extension: (Google Search) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-08]
CHR Extension: (Adobe Acrobat) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-31]
CHR Extension: (Pandora) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2015-12-08]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2016-11-21]
CHR Extension: (Google Sheets) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-08]
CHR Extension: (Full Screen Weather) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2015-12-08]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2017-02-10]
CHR Extension: (Google Docs Offline) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-31]
CHR Extension: (SwagButton) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2017-01-18]
CHR Extension: (Learn Korean Free - KoreanClass101.com) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnpllochhpaedhafkgknfalcfibdhmae [2015-12-08]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2016-08-28]
CHR Extension: (Pathuku - Connect the lines) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkiilmogcdkeefnbemdagpmcediekadb [2015-12-08]
CHR Extension: (Japanese Kana) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhmomiblghhhfjleapinggmnjhinign [2015-12-08]
CHR Extension: (Google Play Music) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2016-06-13]
CHR Extension: (Little Alchemy) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2016-02-14]
CHR Extension: (Skype) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-27]
CHR Extension: (Poppit!) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2015-12-08]
CHR Extension: (Hello Kitty) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mioiobnjjjgemkflahplehgpkbjcojld [2015-12-08]
CHR Extension: (Ghostery) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-01-15]
CHR Extension: (Mahjong Solitaire) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc [2015-12-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-31]
CHR Extension: (imo free video calls and text) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocaebkdojpikfmhmnekiflipcicedobi [2015-12-08]
CHR Extension: (Gmail) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-08]
CHR Extension: (Chrome Media Router) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-02]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESMService; C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3744904 2015-06-19] (Intel Corporation)
R2 AMInstantService; C:\Program Files (x86)\GameHouse Games\aminstantservice.exe [2041776 2016-10-26] (GameHouse)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [971160 2017-01-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337600 2017-01-09] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [725976 2017-01-09] (AVG Technologies CZ, s.r.o.)
S2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [74288 2016-10-27] (CyberGhost S.R.L)
S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [623072 2016-03-18] (Intel Corporation)
R2 Dynamsoft WebTWAIN Service; C:\WINDOWS\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe [1347088 2015-08-31] (Dynamsoft Corporation)
R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1385640 2016-07-07] (Intel Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-06-25] (WildTangent)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-22] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-03-18] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-11] (Intel Corporation)
S3 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2015-12-03] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [338208 2015-03-19] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe [1696712 2016-02-23] (McAfee, Inc.)
S3 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-11] (Electronic Arts)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [308464 2016-05-24] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [260704 2016-09-02] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\Kingsoft Office\wpscloudsvr.exe [173824 2017-01-09] (Zhuhai Kingsoft Office Software Co.,Ltd)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\WINDOWS\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\WINDOWS\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdrivera.sys [312576 2016-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\WINDOWS\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\WINDOWS\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\WINDOWS\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\WINDOWS\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\WINDOWS\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\WINDOWS\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\WINDOWS\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o.)
R3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [43512 2016-07-07] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [251384 2016-07-07] (Intel Corporation)
S2 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [415976 2015-09-23] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [889584 2015-12-11] (Realtek                                            )
S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [753368 2015-07-21] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6294016 2017-02-01] (Realtek Semiconductor Corporation                           )
S3 SGXEPC; C:\WINDOWS\System32\drivers\sgx_driver.sys [54768 2015-06-19] (Windows (R) Win 7 DDK provider)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-27] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [71264 2016-09-02] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-02-06] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-02-06] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-13 10:10 - 2017-02-13 10:11 - 00026533 _____ C:\Users\KP\Desktop\FRST.txt
2017-02-13 10:07 - 2017-02-13 10:10 - 00000000 ____D C:\FRST
2017-02-13 10:06 - 2017-02-13 10:06 - 02421248 _____ (Farbar) C:\Users\KP\Desktop\FRST64.exe
2017-02-13 00:38 - 2017-02-13 00:38 - 540134393 _____ C:\Users\KP\Desktop\KP-09-02-2017-14-27-.fbr
2017-02-10 20:41 - 2017-02-10 20:41 - 01465148 _____ C:\Users\KP\Downloads\Debt-Guide.pdf
2017-02-10 00:34 - 2017-02-10 00:34 - 00120740 _____ C:\Users\KP\Documents\cc_20170210_003359.reg
2017-02-09 22:05 - 2017-02-09 22:05 - 00478392 ____N (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\4F45CB54.sys
2017-02-09 22:05 - 2017-02-09 22:05 - 00085600 ____N (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\57018824.sys
2017-02-09 22:05 - 2017-02-09 22:05 - 00000000 ____D C:\KVRT_Data
2017-02-09 22:04 - 2017-02-09 22:05 - 108104160 _____ (Kaspersky Lab ZAO) C:\Users\KP\Downloads\KVRT.exe
2017-02-09 21:58 - 2017-02-09 21:58 - 13160824 _____ (ParetoLogic Inc.) C:\Users\KP\Downloads\ParetoLogic PC Health Advisor.exe
2017-02-09 21:43 - 2017-02-09 21:43 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\KP\Downloads\rkill.exe
2017-02-09 21:38 - 2017-02-09 21:39 - 14449600 _____ (Copyright 2017.) C:\Users\KP\Downloads\Zemana.AntiMalware.Portable (1).exe
2017-02-08 07:40 - 2017-02-08 07:43 - 00419148 _____ C:\WINDOWS\Minidump\020817-51078-01.dmp
2017-02-08 07:40 - 2017-02-08 07:40 - 1432010488 _____ C:\WINDOWS\MEMORY.DMP
2017-02-08 07:40 - 2017-02-08 07:40 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-07 23:22 - 2017-02-07 23:22 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2017-02-07 22:57 - 2017-02-07 22:57 - 00793696 _____ C:\Users\KP\Downloads\Kings_Cage_Red_Queen_3_022017_Victoria_Aveyard.epub
2017-02-07 22:56 - 2017-02-07 22:56 - 00054736 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2017-02-07 22:56 - 2017-02-07 22:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-02-07 22:56 - 2017-02-07 22:56 - 00000000 ____D C:\Program Files\HitmanPro
2017-02-07 22:54 - 2017-02-07 23:22 - 00000000 ____D C:\ProgramData\HitmanPro
2017-02-07 22:52 - 2017-02-07 22:54 - 11581544 _____ (SurfRight B.V.) C:\Users\KP\Downloads\hitmanpro_x64.exe
2017-02-06 01:29 - 2017-02-13 10:10 - 00945527 _____ C:\WINDOWS\ZAM.krnl.trace
2017-02-06 01:29 - 2017-02-13 10:10 - 00891959 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-02-06 01:29 - 2017-02-06 01:29 - 14449600 _____ (Copyright 2017.) C:\Users\KP\Downloads\Zemana.AntiMalware.Portable.exe
2017-02-06 01:29 - 2017-02-06 01:29 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-02-06 01:29 - 2017-02-06 01:29 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-02-06 01:29 - 2017-02-06 01:29 - 00000000 ____D C:\Users\KP\AppData\Local\Zemana
2017-02-06 01:24 - 2017-02-06 01:24 - 06771840 _____ (ESET spol. s r.o.) C:\Users\KP\Downloads\esetonlinescanner_enu.exe
2017-02-05 19:47 - 2017-02-05 19:47 - 03663455 _____ C:\Users\KP\Downloads\Student Council .pptx
2017-02-03 01:37 - 2017-02-09 13:15 - 00000000 ____D C:\ProgramData\Blueberry
2017-02-03 01:37 - 2017-02-03 01:37 - 00000000 ____D C:\Users\KP\Documents\FlashBack Movies
2017-02-02 23:40 - 2017-02-03 01:51 - 00000000 ____D C:\Users\KP\AppData\Roaming\Blueberry
2017-02-02 23:40 - 2017-02-03 01:37 - 00000000 ____D C:\Users\KP\AppData\Roaming\LogSys
2017-02-02 23:40 - 2017-02-02 23:40 - 00001454 _____ C:\Users\Public\Desktop\FlashBack Plus 5 Recorder.lnk
2017-02-02 23:40 - 2017-02-02 23:40 - 00001444 _____ C:\Users\Public\Desktop\FlashBack Plus 5 Player.lnk
2017-02-02 23:40 - 2017-02-02 23:40 - 00000000 ____D C:\WINDOWS\SysWOW64\ShellDD
2017-02-02 23:40 - 2017-02-02 23:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blueberry Software
2017-02-02 23:40 - 2017-02-02 23:40 - 00000000 ____D C:\ProgramData\LogSys
2017-02-02 23:40 - 2017-02-02 23:40 - 00000000 ____D C:\Program Files (x86)\Blueberry Software
2017-02-02 23:19 - 2017-02-02 23:39 - 23413360 _____ (Blueberry) C:\Users\KP\Downloads\bbfbpls5.exe
2017-02-02 22:44 - 2017-02-02 22:44 - 00028903 _____ C:\Users\KP\Downloads\Mr. Right (2015) [720p] [YTS.PE].torrent
2017-02-02 22:43 - 2017-02-02 22:43 - 00032717 _____ C:\Users\KP\Downloads\How to Be Single (2016) [720p] [YTS.PE].torrent
2017-02-02 22:36 - 2017-02-02 22:36 - 00000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-02-02 22:35 - 2017-02-02 22:36 - 08813488 _____ (Piriform Ltd) C:\Users\KP\Downloads\ccsetup526.exe
2017-02-02 19:51 - 2017-02-02 19:51 - 00000000 ____D C:\Users\KP\Downloads\Tori Kelly - Unbreakable Smile [Super Deluxe Edition] - 2016
2017-02-02 19:50 - 2017-02-02 20:01 - 00000000 ____D C:\Users\KP\Downloads\Tori Kelly - Unbreakable Smile (Target Edition) - 2015
2017-02-02 19:49 - 2017-02-02 19:53 - 00000000 ____D C:\Users\KP\Downloads\The Weeknd - Starboy (2016)
2017-02-02 19:48 - 2017-02-02 19:48 - 00011729 _____ C:\Users\KP\Downloads\the weeknd - starboy 2016 flac.torrent
2017-02-02 03:45 - 2017-02-02 03:45 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-01 00:38 - 2017-02-01 00:38 - 06294016 _____ (Realtek Semiconductor Corporation ) C:\WINDOWS\system32\Drivers\rtwlane.sys
2017-02-01 00:38 - 2017-02-01 00:38 - 01164800 _____ (Realtek Semiconductor Corp. ) C:\WINDOWS\system32\Rtlihvs.dll
2017-01-30 22:20 - 2017-01-30 22:20 - 00143625 _____ C:\Users\KP\Desktop\vzbill_paper_5081_010617_013017222017.pdf
2017-01-30 21:58 - 2017-01-30 21:58 - 01016344 _____ C:\Users\KP\Desktop\December bank account.pdf
2017-01-30 19:17 - 2017-01-30 19:17 - 00000000 ____D C:\Users\KP\Downloads\BoxTops
2017-01-30 19:10 - 2017-01-30 19:10 - 00391370 _____ C:\Users\KP\Downloads\BoxTops.zip
2017-01-28 13:47 - 2017-01-28 13:47 - 00001829 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-01-28 13:47 - 2017-01-28 13:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-01-28 13:46 - 2017-01-28 13:47 - 00000000 ____D C:\Program Files\iTunes
2017-01-28 13:46 - 2017-01-28 13:46 - 00000000 ____D C:\Program Files\iPod
2017-01-28 13:43 - 2017-01-28 13:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-01-25 17:57 - 2017-01-25 22:13 - 00062351 _____ C:\Users\KP\Downloads\parent involvement survey (1).xlsx
2017-01-24 17:39 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-24 17:39 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-23 18:11 - 2017-01-23 18:11 - 00034355 _____ C:\Users\KP\Downloads\parent involvement survey.xlsx
2017-01-20 19:06 - 2017-01-20 19:07 - 17797624 _____ C:\Users\KP\Downloads\InstallUserTesting-v2.0 (1).exe
2017-01-18 19:05 - 2017-01-23 08:54 - 00000000 ____D C:\Users\KP\Documents\UserTesting
2017-01-18 19:03 - 2017-01-23 08:47 - 00000000 ____D C:\Users\KP\AppData\Local\UserTestingPlugin
2017-01-18 19:02 - 2017-01-18 19:03 - 17797624 _____ C:\Users\KP\Downloads\InstallUserTesting-v2.0.exe
2017-01-17 20:33 - 2017-01-17 20:33 - 29963203 _____ C:\Users\KP\Desktop\tonga.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-13 09:32 - 2016-10-09 10:13 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-13 00:01 - 2016-10-11 00:28 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-02-12 23:42 - 2016-06-02 20:40 - 00000000 ____D C:\ProgramData\MFAData
2017-02-10 22:25 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-10 00:33 - 2015-12-08 19:50 - 00000000 ____D C:\Users\KP\Desktop\virus stuff
2017-02-09 21:30 - 2015-12-08 20:30 - 00000000 ____D C:\Users\KP\Desktop\movies
2017-02-09 19:01 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-09 10:48 - 2016-01-04 15:55 - 00000000 ____D C:\Users\KP\AppData\Roaming\vlc
2017-02-09 10:32 - 2015-12-10 18:04 - 00000326 _____ C:\WINDOWS\Tasks\HPCeeScheduleForKP.job
2017-02-09 10:28 - 2016-07-16 01:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-08 07:52 - 2015-12-08 17:35 - 00000000 ____D C:\Users\KP\Documents\YouCam
2017-02-08 07:50 - 2016-10-23 12:11 - 00000000 ___RD C:\Users\KP\iCloudDrive
2017-02-08 07:49 - 2016-10-09 10:16 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-08 07:49 - 2015-12-08 17:34 - 00000000 __SHD C:\Users\KP\IntelGraphicsProfiles
2017-02-08 07:45 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-08 07:44 - 2016-10-09 10:22 - 00000000 ____D C:\Users\KP
2017-02-08 07:40 - 2016-10-09 10:56 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-06 23:13 - 2015-12-08 19:35 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-06 22:42 - 2016-01-03 09:13 - 00000000 ____D C:\Users\KP\Desktop\games
2017-02-06 00:57 - 2015-12-09 23:13 - 00000000 ____D C:\Users\KP\AppData\Roaming\uTorrent
2017-02-02 22:35 - 2016-10-31 18:15 - 00000000 ____D C:\Users\KP\AppData\Local\Spotify
2017-02-02 20:51 - 2016-10-31 18:14 - 00000000 ____D C:\Users\KP\AppData\Roaming\Spotify
2017-02-02 17:33 - 2015-12-08 17:47 - 00002491 _____ C:\Users\KP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-31 01:22 - 2016-01-20 15:35 - 00000000 ____D C:\Users\KP\AppData\Local\ElevatedDiagnostics
2017-01-31 01:07 - 2016-06-02 20:38 - 00000000 ____D C:\Users\KP\AppData\Local\AvgSetupLog
2017-01-30 22:28 - 2016-02-13 12:17 - 00000000 ____D C:\Users\KP\Desktop\being an adult
2017-01-30 18:49 - 2016-08-02 17:09 - 00000000 ____D C:\Users\KP\Desktop\PHENND
2017-01-28 13:46 - 2015-12-08 19:23 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-01-25 18:30 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-19 19:27 - 2015-12-28 14:24 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-19 09:11 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-19 00:04 - 2016-06-02 20:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-01-18 18:30 - 2016-12-14 00:14 - 00003284 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-18 18:30 - 2015-12-08 17:39 - 00002407 _____ C:\Users\KP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-18 18:30 - 2015-12-08 17:39 - 00000000 ___RD C:\Users\KP\OneDrive
2017-01-17 18:42 - 2015-12-15 15:29 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-01-17 18:42 - 2015-12-15 15:29 - 00000000 ____D C:\ProgramData\Skype
2017-01-16 07:14 - 2015-07-16 01:05 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-16 07:10 - 2017-01-09 12:30 - 00000608 _____ C:\WINDOWS\Tasks\WpsExternal_KP_20170109123037.job
2017-01-16 07:10 - 2017-01-09 12:30 - 00000414 _____ C:\WINDOWS\Tasks\WpsUpdateTask_KP.job
2017-01-16 07:10 - 2016-10-23 14:08 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-01-16 07:10 - 2016-10-23 14:08 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-16 07:10 - 2016-06-14 23:27 - 00000730 _____ C:\WINDOWS\Tasks\WpsKtpcntrQingTask_KP.job
2017-01-16 07:09 - 2016-10-09 10:13 - 00366288 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-15 23:25 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-01-15 23:24 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-15 23:24 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-15 23:24 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-15 23:24 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-15 23:24 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-15 23:17 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports

==================== Files in the root of some directories =======

2016-12-04 22:57 - 2016-12-04 22:58 - 0000003 _____ () C:\Users\KP\AppData\Local\run1.txt

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-06 23:04

==================== End of FRST.txt ============================

 

 

Addition.txt

SearchReg.txt

FRST.txt

Link to post
Share on other sites

Thanks for those logs, continue as follows please:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Clean install Malwarebytes from version 2 to version 3...

Please download MBAM-clean and save it to your desktop.
 
  • Right-click on mbam-clean.exe icon and select user posted image Run as Administrator to start the tool.
  • It will ask you to reboot the machine - please do so.
  • Run the cleaner tool again, re-boot when complete. <<<---do not miss this step


If you have lost the activation licence key information it can be located here: http://www.cleverbridge.com/342/?scope=cusecolp

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes and is updated do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

If you have lost the activation licence key information it can be located here: http://www.cleverbridge.com/342/?scope=cusecolp

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress....
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
 
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.


Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Let me see those logs in your reply, also tell me if there are any remaining issues or concerns...

Thank you,

Kevin...

 

 

fixlist.txt

Link to post
Share on other sites

lI did all of that. Here are the logs. The last scan came back clean. Now my mouse doesn't seem to work in my web browser... 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/13/17
Scan Time: 5:05 PM
Logfile: malwarebytes results.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1254
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: KP\KP

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 469942
Time Elapsed: 37 min, 41 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.ParetoLogic, C:\USERS\KP\DOWNLOADS\PARETOLOGIC PC HEALTH ADVISOR.EXE, Delete-on-Reboot, [2415], [366058],1.0.1254

Physical Sector: 0
(No malicious items detected)


(end)

 

 

# AdwCleaner v6.043 - Logfile created 13/02/2017 at 18:03:39
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-13.1 [Server]
# Operating System : Windows 10 Home  (X64)w
# Username : KP - KP
# Running from : C:\Users\KP\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\Users\KP\AppData\Local\avg web tuneup
[-] Folder deleted: C:\Program Files\avg web tuneup
[-] Folder deleted: C:\Program Files\Common Files\AVG Secure Search
[-] Folder deleted: C:\ProgramData\avg web tuneup
[#] Folder deleted on reboot: C:\ProgramData\Application Data\avg web tuneup
[-] Folder deleted: C:\Program Files (x86)\avg web tuneup
[-] Folder deleted: C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder deleted: C:\Users\KP\AppData\Local\app


***** [ Files ] *****

[-] File deleted: C:\TOSTACK
[-] File deleted: C:\Users\KP\AppData\Roaming\Mozilla\Firefox\Profiles\j8wweao3.default-1472094346928\searchplugins\avg-secure-search.xml


***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

[-] Task deleted: YCMServiceAgent


***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKU\S-1-5-21-565673585-3621012978-1595873997-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com


***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2709 Bytes] - [13/02/2017 18:03:39]
C:\AdwCleaner\AdwCleaner[S0].txt - [2817 Bytes] - [13/02/2017 17:59:39]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2855 Bytes] ##########
 

 

So far I haven't noticed any issues, but I also haven't really been on the computer as I fell asleep while it was doing the last scan. I'll def let you know though!

malwarebytes results.txt

AdwCleaner[C0].txt

Link to post
Share on other sites

Turns out, I completely missed the fix list and the FRST fix part of your previous post. That is now finished. Should I repeat the other steps?

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-02-2017
Ran by KP (14-02-2017 16:39:49) Run:1
Running from C:\Users\KP\Desktop
Loaded Profiles: KP (Available Profiles: KP)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
BootExecute: autocheck autochk /r \??\Z:autocheck autochk *  
Tcpip\Parameters: [DhcpNameServer] 10.32.15.130 10.32.15.2
Tcpip\..\Interfaces\{112301ac-dd3e-4440-b350-b47c5b0c0548}: [DhcpNameServer] 10.32.15.130 10.32.15.2
Tcpip\..\Interfaces\{ae9954ea-ba81-4a26-bbba-a6ea9f6c3814}: [DhcpNameServer] 172.20.10.1 
CHR Extension: (Chrome Media Router) - C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-02]
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
FirewallRules: [{102658C8-3BB8-4D33-8627-5634100246BD}] => LPort=1688
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushDNS
EmptyTemp:
end

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{112301ac-dd3e-4440-b350-b47c5b0c0548}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ae9954ea-ba81-4a26-bbba-a6ea9f6c3814}\\DhcpNameServer => value removed successfully
C:\Users\KP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk => Shortcut argument removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{102658C8-3BB8-4D33-8627-5634100246BD} => value removed successfully

========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{53CDD329-454E-4CB0-A5DC-55CEA4B65F3C} canceled.
{4892C5A6-5253-4761-AD6F-D9F6E52F0409} canceled.
{2C10BBF9-B93C-43BE-A3E7-7F0B39FC3CB0} canceled.
3 out of 3 jobs canceled.

========= End of CMD: =========


========= ipconfig /flushDNS =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 44669239 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 14174292 B
Edge => 2123335 B
Chrome => 771199943 B
Firefox => 5761945 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 7680 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 4922 B
NetworkService => 12 B
KP => 40045228 B

RecycleBin => 1978 B
EmptyTemp: => 837.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:41:15 ====

Link to post
Share on other sites

If the issue does not return we can clean up and remove tools etc....

Uninstall Sophos AV http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/

Next,
Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

I wanted to wait a few days/haven't been on my computer much thanks to running around for work a lot this week, but I haven't seen any pop ups when normally a ton would've occurred by now. So I'm guessing I'm good. I'll go ahead and follow the directions of the last post. Thank you sooooo much for your help!!

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.