My Google Chrome Invaded by ebay homepage

GrahamKnott · Mar 2, 2017

Hi

Sorry about the cut-and-pasted insert below, but for some unknown reason my laptop refuses to do a screen shot. . . a problem for another time.

Right now my problem is this: whenever I bring up my google homepage on Chrome, I keep getting what I guess is ebay's homepage - not immediately. It only happens whenever I click the arrow symbol ('open the homepage') icon, third in along the top left corner of google's menu bar. I've cleared out all the cookies in the privacy settings in Chrome's Settings menu - I only intended to delete the ebay cookie, but again for reasons I know not, every damned cookie vanished without trace, despite having only highlighted the ebay one! I don't know if there's a connection here, but I also briefly lost access to my google email inbox at the same time (I've since rectified that issue). But the ebay issue is still dogging me. Therefore any advice to get rid of this irritant would be very welcome.

NB. The insert below was copied from Chrome's Settings, that's to say: 'Appearance/Reset to default themes' menu heading. I've highlighted the ebay link in red.

fra1-ib.adnxs.com/click?95Dwvb_BCED3kPC9v8EIQAAAAAAAADRAlONx-HTCCEA7pYP1f44NQK03gMQ2n619DIfl7jnQ9DYiH7hYAAAAAAWPNwDLAQAAWAQAAAIAAADe47wDjNUHAAAAAABVU0QAVVNEACwB-gCYYgAAAAABAgUCAQAAAJYABSeWtgAAAAA./cnd=!nwkixgiH38cHEN7H8x0YjKsfIAAoipqc6gwxAAAAAAAAAAA./bn=74885/referrer=http://www.wired.co.uk/article/nokia-3310-and-nokia-6-global-launch/clickenc=http://rover.ebay.com/rover/1/710-230783-50478-37/4?mpt=23601&ff5=&ff6=&ff7=&ff8=&ff9=&ff19=TACTIC&ext_id=&ir_DAP_A1=1&siteid=3&ff10=101495645&ipn=admain2&ff13=1&ff14=unknown&ff20=55&ff14=unknown&ff20=55&ff7=&ff1=&ff10=101495645&ff20=55&mpcr=101495645&rvr_id=1176100182397 Change

Malnutrition · Mar 2, 2017

We can get rid of ebay page on your machine.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"

If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.

Accept the default whitelist options,
If the additions.txt options box is not checked please select it.
Then select Scan

Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.

Please Copy and Paste the contents of these logs in your next post for review

GrahamKnott · Mar 2, 2017

Hi
Well, I've done as you've suggested and the result is as it appears below (there's rather a lot of it, I'm afraid to say). NB. I only managed to extract 'Addition.txt' from the scan tool.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-03-2017
Ran by GeeKay (02-03-2017 20:28:29)
Running from C:\Users\GeeKay\Downloads
Windows 8.1 (Update) (X64) (2014-02-20 10:38:07)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1470319812-4169542574-1874696523-500 - Administrator - Disabled)
GeeKay (S-1-5-21-1470319812-4169542574-1874696523-1001 - Administrator - Enabled) => C:\Users\GeeKay
Guest (S-1-5-21-1470319812-4169542574-1874696523-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . . (Version: 2.1.28.3 - Intel) Hidden
. . . (x32 Version: 2.6.1.4 - Intel) Hidden
Acronis True Image 2014 (HKLM-x32\...\{4A79A394-835A-49D7-8662-60643872DFF6}Visible) (Version: 17.0.6614 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.6614 - Acronis) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 5.8.10.0 - Your Company Name) Hidden
aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.9.145.62246 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.9.145.62246 - Alcor Micro Corp.) Hidden
Amazon Music (HKU\S-1-5-21-1470319812-4169542574-1874696523-1001\...\Amazon Amazon Music) (Version: 3.11.3.1102 - Amazon Services LLC)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.4 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.1.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0005 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0028 - ASUS)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
center (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.29.51 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
essentials (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
f.lux (HKU\S-1-5-21-1470319812-4169542574-1874696523-1001\...\Flux) (Version: - )
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kodak AIO Printer (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.9.1.1 - Eastman Kodak Company)
Media Foundation FLAC Codec (HKLM-x32\...\{5B47D5CC-38D3-4853-9A9E-AD1C7C717D40}) (Version: 1.4.1.0 - Alexander Demidov)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MultiScreen (HKLM-x32\...\{7E750925-00C9-4B23-A1E8-BBFC0955CFD8}) (Version: 3.0.23 - Samsung Electronics Ltd.)
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Nero Audio Pack 1 (HKLM-x32\...\{9FADD6AC-1238-484D-B4D5-AE06602D9E79}) (Version: 10.6.10000 - Nero AG)
Nero12EssTSST (HKLM-x32\...\{1DEC64C1-7F34-44CD-BC35-8E0A096300CF}) (Version: 12.0.01100 - Nero AG)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.16 - Qualcomm Atheros Communications Inc.)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.12.424 - ASUS Cloud Corporation)
Windows Driver Package - ASUS (ATP) Mouse (05/09/2013 1.0.0.173) (HKLM\...\1016059FBF327ED9E3BAE758BD08CF10D3C6252D) (Version: 05/09/2013 1.0.0.173 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1834964F-7200-4F6F-AF68-711F53E49AE2} - System32\Tasks\{29822B99-E4A6-46F8-9664-769832BA053E} => pcalua.exe -a "C:\Program Files (x86)\Asus\AsusVibe\unins000.exe"
Task: {1CA0BA10-31EE-4AAC-9A7E-46DECB4F3E82} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {2B1907C2-6CFC-4E2E-B3CF-C75E437941AF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {2E28DC43-A2E4-4ED3-B75E-D024369CD539} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {4141AAF1-9698-4560-B32D-8BFCB440267A} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
Task: {431568DD-FA19-4277-80C9-C2581FC91785} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {49722F66-CCF2-478D-A65B-678ED8A4FD99} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-06-19] (ASUS)
Task: {7B838A33-338D-4E38-A6F8-7B8C8E251F64} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe
Task: {8931BE15-88D7-426D-B360-08ECBDF13448} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-28] (ASUS)
Task: {B2989074-8342-4B03-913E-11A025414008} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {B71B6F9B-90C2-470A-94A7-C7B392C8E5BE} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-02-26] (ASUSTeK Computer Inc.)
Task: {B821D171-F24E-41E4-B58B-80AE9ED19C0D} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {B9F322E1-10D9-473F-8C2B-9BAD893AA3AF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {BDF88820-1B2E-4FB9-98B4-EC13D773583E} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {C00EE1C9-4099-43B3-80B2-8987E75BDEBB} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {CF9F1413-8F3F-4086-A529-ED47D78B51D2} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {D3854540-35DC-485C-B113-4DD4D9AD6C35} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {D5928D72-DEB9-4C0A-9A24-844FC3271E90} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-05-28] (AsusTek)
Task: {DAF4E682-B8FE-4722-BF6C-6C80BC920C2D} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-07-11] (AO Kaspersky Lab)
Task: {DF66ACE5-F88C-4C5D-B998-9C37E44228F7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {EE942A18-907C-4623-A185-010FEDDC4F3D} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-03-31 13:33 - 2013-04-01 16:16 - 00198144 _____ () C:\WINDOWS\System32\HP2014LM.DLL
2014-03-31 15:04 - 2013-04-01 16:16 - 00065024 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP2014PP.dll
2016-06-08 18:04 - 2016-06-08 18:04 - 00117400 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
2016-06-08 18:04 - 2016-06-08 18:04 - 00256152 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\analyzer.dll
2016-11-19 11:53 - 2012-10-09 18:10 - 00143360 _____ () C:\Program Files\MultiScreen\TitleBarDLL.dll
2013-10-01 09:26 - 2013-10-01 09:26 - 02810968 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2013-10-01 13:02 - 2013-10-01 13:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-02-09 22:06 - 2015-10-29 21:25 - 05890368 _____ () C:\Users\GeeKay\AppData\Local\Amazon Music\Amazon Music Helper.exe
2016-11-19 11:53 - 2012-10-09 18:11 - 00587776 _____ () C:\Program Files\MultiScreen\MultiScreen.exe
2016-11-19 11:53 - 2012-10-09 18:10 - 00084480 _____ () C:\Program Files\MultiScreen\SmartMouseDll.dll
2016-11-19 11:53 - 2012-10-09 18:10 - 00047616 _____ () C:\Program Files\MultiScreen\MGResEng.dll
2016-11-19 11:53 - 2012-10-09 18:10 - 00060928 _____ () C:\Program Files\MultiScreen\HookApp.exe
2016-11-23 16:07 - 2016-06-08 18:07 - 00458904 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
2016-11-23 16:07 - 2016-06-08 18:18 - 00709272 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_modeler.dll
2016-11-23 16:07 - 2016-06-08 18:17 - 00188568 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\foreground_window_input.dll
2016-11-23 16:07 - 2016-06-08 18:12 - 00416408 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
2016-11-23 16:07 - 2016-06-08 18:15 - 00130712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_process_input.dll
2016-11-23 16:07 - 2016-06-08 18:16 - 00025752 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_system_power_state_input.dll
2016-11-23 16:07 - 2016-06-08 18:16 - 00059544 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_quality_and_reliability_input.dll
2016-11-23 16:07 - 2016-06-08 18:16 - 00194712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\acpi_battery_input.dll
2016-11-23 16:07 - 2016-06-08 18:17 - 00159896 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\sema_thermal_input.dll
2016-11-23 16:07 - 2016-06-08 18:17 - 00158360 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\wifi_input.dll
2016-11-23 16:07 - 2016-06-08 18:16 - 00050840 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\devices_use_input.dll
2016-11-23 16:07 - 2016-06-08 18:15 - 00032920 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_disktrace_input.dll
2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\kpcengine.2.3.dll
2017-03-02 19:31 - 2017-03-02 19:31 - 00098816 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32api.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00110080 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\pywintypes27.dll
2017-03-02 19:31 - 2017-03-02 19:31 - 00364544 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\pythoncom27.dll
2017-03-02 19:31 - 2017-03-02 19:31 - 00320512 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32com.shell.shell.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00914432 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\_hashlib.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 01176576 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\wx._core_.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00806400 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\wx._gdi_.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00816128 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\wx._windows_.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 01067008 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\wx._controls_.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00733184 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\wx._misc_.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00682496 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\pysqlite2._sqlite.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00088064 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\_ctypes.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00686080 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\unicodedata.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00119808 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32file.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00108544 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32security.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00007168 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\hashobjs_ext.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00017920 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\thumbnails_ext.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00088064 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\usb_ext.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00012800 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\common.time34.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00018432 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32event.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00167936 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32gui.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00046080 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\_socket.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 01303552 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\_ssl.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00128512 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\_elementtree.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00127488 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\pyexpat.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00038912 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32inet.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00036864 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\_psutil_windows.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00524248 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\windows._lib_cacheinvalidation.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00011264 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32crypt.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00123392 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\wx._wizard.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00077312 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\wx._html2.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00027648 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\_multiprocessing.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00020480 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\_yappi.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00035840 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32process.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00078848 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\wx._animate.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00024064 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32pipe.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00010240 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\select.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00025600 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32pdh.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00017408 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32profile.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00022528 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32ts.pyd
2016-11-19 11:53 - 2012-10-09 18:10 - 00066048 _____ () C:\Program Files\MultiScreen\TitleBarDLLx86.dll
2013-10-24 16:06 - 2013-10-24 16:06 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2013-10-24 16:06 - 2013-10-24 16:06 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2013-10-24 16:09 - 2013-10-24 16:09 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2016-09-07 10:56 - 2016-09-06 11:00 - 05197312 _____ () C:\Users\GeeKay\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-09-07 10:56 - 2016-09-06 11:00 - 00147456 _____ () C:\Users\GeeKay\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1470319812-4169542574-1874696523-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\GeeKay\Pictures\jupitermoons20050513composite.gif
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S
MSCONFIG\startupreg: cAudioFilterAgent => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
MSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmd
MSCONFIG\startupreg: HotKeysCmds => "C:\WINDOWS\system32\hkcmd.exe"
MSCONFIG\startupreg: IgfxTray => "C:\WINDOWS\system32\igfxtray.exe"
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SACpl.exe /c /delay:30

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{08588F33-D886-41AC-90FB-696851B40247}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{97F686F1-AC5C-4CDA-81B6-8F2E74CB4D7E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{08DF9207-336B-4D4F-B1FD-122BC45D324B}] => (Allow) LPort=1900
FirewallRules: [{CACDB418-5466-44CB-97EB-234638B11E8D}] => (Allow) LPort=2869
FirewallRules: [{8F742722-EB63-4B60-8280-435B83C49A8F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{07EE6FA4-7893-479C-A1E8-A68250D2B37F}] => (Allow) LPort=5353
FirewallRules: [{CF8DE9CC-0A4F-414F-AD15-3A61A195F961}] => (Allow) LPort=9322
FirewallRules: [{D83D51E7-43C1-4483-9F54-DB806A05CE60}] => (Allow) LPort=5353
FirewallRules: [{9AFB99AE-31C4-4DA0-9C15-CCD4719468B7}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{59344CD6-AFBE-4483-BAEB-88171BE72FBB}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{60F211E0-D4A0-4AE5-9E3A-8A02313DAF34}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{C42DA487-62D4-47D4-876E-64B7155A3D9D}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{3CC8861E-64E4-44AB-8906-7D345E89A24D}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{827E268B-D2A2-4E5F-9456-BC1CD3402631}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{3A9CB3D3-EACF-4721-A250-28123F7188FD}] => (Block) C:\Program Files (x86)\Acronis\TrueImageHome\license_activator.exe
FirewallRules: [{2975F879-D61E-419D-93AC-C9A849AC4B8F}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{6EA99944-488D-49DB-B456-91E9F166AC31}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{66F592B5-B8CC-4145-9240-08988BBEFAD1}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{28B100B7-B5E3-48FF-9BB6-548CCBE80CE0}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{A8A80FDC-5871-419A-89B8-03092E93335B}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{436F9B07-81F8-414C-874E-0CD21519AA85}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{FCE7ECD2-7FCF-4E41-9096-9B44C13F4EE1}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{BC7941DF-BCF8-44BF-9D46-CE5495759F8B}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{ECB265AC-2F2F-4BD7-B9B3-A888B7F797B4}] => (Allow) LPort=9322
FirewallRules: [{732E2A22-3CD5-4D91-8040-2CA3CBFE90A3}] => (Allow) LPort=5353
FirewallRules: [{29AB1DF3-9B9A-48CE-980B-8401FECD5874}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{0CC79A0B-F081-42C8-A7E5-86F340C22A72}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{E328B688-427E-4F57-ACE1-FB1CDBBB4E9D}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{D3A64666-98E0-4D28-8E7B-244DEE1234FC}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{05C4BAE3-3526-43BC-87C2-635E2355BA8E}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{B5101882-5E41-4AEE-AE01-DDEF8EC89C24}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

13-02-2017 13:37:44 Scheduled Checkpoint
22-02-2017 19:57:05 Scheduled Checkpoint
28-02-2017 11:26:08 Windows Update

==================== Faulty Device Manager Devices =============

Name: HID-compliant touch screen
Description: HID-compliant touch screen
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/02/2017 07:35:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FBAgent.exe, version: 2.0.0.2, time stamp: 0x51bae339
Faulting module name: FBAgent.exe, version: 2.0.0.2, time stamp: 0x51bae339
Exception code: 0xc0000409
Fault offset: 0x0000000000056213
Faulting process ID: 0x528
Faulting application start time: 0x01d2938b690d84df
Faulting application path: C:\Windows\system32\FBAgent.exe
Faulting module path: C:\Windows\system32\FBAgent.exe
Report ID: 742fc72d-ff7f-11e6-bf0b-74d02b6a2a6d
Faulting package full name:
Faulting package-relative application ID:

Error: (03/01/2017 03:09:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FBAgent.exe, version: 2.0.0.2, time stamp: 0x51bae339
Faulting module name: FBAgent.exe, version: 2.0.0.2, time stamp: 0x51bae339
Exception code: 0xc0000409
Fault offset: 0x0000000000056213
Faulting process ID: 0x52c
Faulting application start time: 0x01d2929d571b6016
Faulting application path: C:\Windows\system32\FBAgent.exe
Faulting module path: C:\Windows\system32\FBAgent.exe
Report ID: ff4ed1e9-fe90-11e6-bf0a-74d02b6a2a6d
Faulting package full name:
Faulting package-relative application ID:

Error: (02/28/2017 11:27:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UpdateChecker.exe, version: 0.0.0.0, time stamp: 0x54dc4378
Faulting module name: OLEAUT32.dll, version: 6.3.9600.18434, time stamp: 0x57a61147
Exception code: 0xc0000005
Fault offset: 0x00005310
Faulting process ID: 0x2d8
Faulting application start time: 0x01d291b58597d4c8
Faulting application path: C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
Faulting module path: C:\WINDOWS\SYSTEM32\OLEAUT32.dll
Report ID: f4a6040f-fda8-11e6-bf09-74d02b6a2a6d
Faulting package full name:
Faulting package-relative application ID:

Error: (02/28/2017 11:25:28 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (02/12/2017 08:13:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: audacity.exe, version: 2.0.6.0, time stamp: 0x541e5e06
Faulting module name: TitleBarDLLx86.dll, version: 0.0.0.0, time stamp: 0x50741b2e
Exception code: 0xc000041d
Fault offset: 0x000023c3
Faulting process ID: 0xc80
Faulting application start time: 0x01d2856b9bf447cb
Faulting application path: C:\Program Files (x86)\Audacity\audacity.exe
Faulting module path: C:\Program Files\MultiScreen\TitleBarDLLx86.dll
Report ID: bb0c92b6-f15f-11e6-bf09-74d02b6a2a6d
Faulting package full name:
Faulting package-relative application ID:

Error: (02/12/2017 08:13:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: audacity.exe, version: 2.0.6.0, time stamp: 0x541e5e06
Faulting module name: TitleBarDLLx86.dll, version: 0.0.0.0, time stamp: 0x50741b2e
Exception code: 0xc0000005
Fault offset: 0x000023c3
Faulting process ID: 0xc80
Faulting application start time: 0x01d2856b9bf447cb
Faulting application path: C:\Program Files (x86)\Audacity\audacity.exe
Faulting module path: C:\Program Files\MultiScreen\TitleBarDLLx86.dll
Report ID: b9f59bf3-f15f-11e6-bf09-74d02b6a2a6d
Faulting package full name:
Faulting package-relative application ID:

Error: (02/11/2017 09:55:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: audacity.exe, version: 2.0.6.0, time stamp: 0x541e5e06
Faulting module name: TitleBarDLLx86.dll, version: 0.0.0.0, time stamp: 0x50741b2e
Exception code: 0xc000041d
Fault offset: 0x000023c3
Faulting process ID: 0x1a34
Faulting application start time: 0x01d284b03565dbbc
Faulting application path: C:\Program Files (x86)\Audacity\audacity.exe
Faulting module path: C:\Program Files\MultiScreen\TitleBarDLLx86.dll
Report ID: c68a815c-f0a4-11e6-bf09-74d02b6a2a6d
Faulting package full name:
Faulting package-relative application ID:

Error: (02/11/2017 09:55:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: audacity.exe, version: 2.0.6.0, time stamp: 0x541e5e06
Faulting module name: TitleBarDLLx86.dll, version: 0.0.0.0, time stamp: 0x50741b2e
Exception code: 0xc0000005
Fault offset: 0x000023c3
Faulting process ID: 0x1a34
Faulting application start time: 0x01d284b03565dbbc
Faulting application path: C:\Program Files (x86)\Audacity\audacity.exe
Faulting module path: C:\Program Files\MultiScreen\TitleBarDLLx86.dll
Report ID: c4fc5387-f0a4-11e6-bf09-74d02b6a2a6d
Faulting package full name:
Faulting package-relative application ID:

Error: (02/11/2017 12:03:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FBAgent.exe, version: 2.0.0.2, time stamp: 0x51bae339
Faulting module name: FBAgent.exe, version: 2.0.0.2, time stamp: 0x51bae339
Exception code: 0xc0000409
Fault offset: 0x0000000000056213
Faulting process ID: 0x1b00
Faulting application start time: 0x01d2845ea34a4a28
Faulting application path: C:\Windows\system32\FBAgent.exe
Faulting module path: C:\Windows\system32\FBAgent.exe
Report ID: 1296c3af-f052-11e6-bf09-74d02b6a2a6d
Faulting package full name:
Faulting package-relative application ID:

Error: (02/10/2017 07:42:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FBAgent.exe, version: 2.0.0.2, time stamp: 0x51bae339
Faulting module name: ntdll.dll, version: 6.3.9600.18438, time stamp: 0x57ae642e
Exception code: 0xc0000374
Fault offset: 0x00000000000f1b70
Faulting process ID: 0x157c
Faulting application start time: 0x01d280aba66d2487
Faulting application path: C:\Windows\system32\FBAgent.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report ID: 1fc24601-efc9-11e6-bf09-74d02b6a2a6d
Faulting package full name:
Faulting package-relative application ID:

System errors:
=============
Error: (03/02/2017 07:35:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The AFBAgent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (03/02/2017 07:29:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Group Policy Client service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/02/2017 07:29:18 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service.

Error: (03/02/2017 07:28:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.

Error: (03/02/2017 07:28:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ESRV_SVC_WILLAMETTE service.

Error: (03/02/2017 08:53:52 AM) (Source: DCOM) (EventID: 10010) (User: GeeKay-PC)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (03/02/2017 08:53:18 AM) (Source: DCOM) (EventID: 10010) (User: GeeKay-PC)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (03/02/2017 08:43:49 AM) (Source: DCOM) (EventID: 10010) (User: GeeKay-PC)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (03/02/2017 08:43:15 AM) (Source: DCOM) (EventID: 10010) (User: GeeKay-PC)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (03/02/2017 08:35:59 AM) (Source: DCOM) (EventID: 10010) (User: GeeKay-PC)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU 1007U @ 1.50GHz
Percentage of memory in use: 56%
Total physical RAM: 3981.86 MB
Available physical RAM: 1714.4 MB
Total Virtual: 4685.86 MB
Available Virtual: 2328.75 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:185.96 GB) (Free:139.8 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:258.34 GB) (Free:257.87 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 57788C0B)

Partition: GPT.

==================== End of Addition.txt ============================

Malnutrition · Mar 2, 2017

I really need the FRST.txt file. You need to have the file run from your desktop, then you will see two files. Move FRST to your desktop, then re run it for me please.

Running from C:\Users\GeeKay\Downloads

Change the download folder setting in the default Browser only, so all tools we may use are saved to the Desktop:

Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.

Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser.

Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

Internet Explorer - Click the Tools menu in the upper right-corner of the browser.

Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Change default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

GrahamKnott · Mar 2, 2017

I believe this is the FRST.txt. . . I hope so.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-03-2017
Ran by GeeKay (administrator) on GEEKAY-PC (02-03-2017 20:41:43)
Running from C:\Users\GeeKay\Downloads
Loaded Profiles: GeeKay (Available Profiles: GeeKay)
Platform: Windows 8.1 (Update) (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Users\GeeKay\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Flux Software LLC) C:\Users\GeeKay\AppData\Local\FluxSoftware\Flux\flux.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
() C:\Program Files\MultiScreen\MultiScreen.exe
() C:\Program Files\MultiScreen\HookApp.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.12.424\AsusWSPanel.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [MultiScreen] => C:\Program Files\MultiScreen\MultiScreen.exe [587776 2012-10-09] ()
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.12.424\ASUSWSLoader.exe [63296 2014-10-23] ()
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805824 2013-10-24] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [MultiScreen] => C:\Program Files\MultiScreen\MultiScreen.exe [587776 2012-10-09] ()
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1470319812-4169542574-1874696523-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-1470319812-4169542574-1874696523-1001\...\Run: [Amazon Music] => C:\Users\GeeKay\AppData\Local\Amazon Music\Amazon Music Helper.exe [5890368 2015-10-29] ()
HKU\S-1-5-21-1470319812-4169542574-1874696523-1001\...\Run: [f.lux] => C:\Users\GeeKay\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1470319812-4169542574-1874696523-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.12.424\ASUSWSShellExt64.dll [2014-09-03] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.12.424\ASUSWSShellExt64.dll [2014-09-03] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.12.424\ASUSWSShellExt64.dll [2014-09-03] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => -> No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{439E6F4A-0195-470D-9A0C-C69C5E54327D}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{8D0A7DAF-FE88-4176-A2AA-77908C023D2E}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1470319812-4169542574-1874696523-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/
HKU\S-1-5-21-1470319812-4169542574-1874696523-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\S-1-5-21-1470319812-4169542574-1874696523-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1470319812-4169542574-1874696523-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-08] (AO Kaspersky Lab)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2016-12-08] (AO Kaspersky Lab)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-08] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2016-12-08] (AO Kaspersky Lab)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-12-08]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-23] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://fra1-ib.adnxs.com/click?95Dwvb_BCED3kPC9v8EIQAAAAAAAADRAlONx-HTCCEA7pYP1f44NQK03gMQ2n619DIfl7jnQ9DYiH7hYAAAAAAWPNwDLAQAAWAQAAAIAAADe47wDjNUHAAAAAABVU0QAVVNEACwB-gCYYgAAAAABAgUCAQAAAJYABSeWtgAAAAA./cnd=!nwkixgiH38cHEN7H8x0YjKsfIAAoipqc6gwxAAAAAAAAAAA./bn=74885/referrer=hxxp://www.wired.co.uk/article/nokia-3310-...5&ff20=55&mpcr=101495645&rvr_id=1176100182397
CHR StartupUrls: Default -> "hxxp://google.co.uk/"
CHR Profile: C:\Users\GeeKay\AppData\Local\Google\Chrome\User Data\Default [2017-03-02]
CHR Extension: (Google Docs) - C:\Users\GeeKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\GeeKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\GeeKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\GeeKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Proper Menubar) - C:\Users\GeeKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\egclcjdpndeoioimlbbbmdhcaopnedkp [2017-01-01]
CHR Extension: (Kaspersky Protection) - C:\Users\GeeKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2017-01-25]
CHR Extension: (Google Docs Offline) - C:\Users\GeeKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Color Change for Google™) - C:\Users\GeeKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\hngnmbchfbnklgpmahdjjkfpklacgmcc [2016-10-28]
CHR Extension: (Morpheon Dark) - C:\Users\GeeKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2016-11-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\GeeKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\GeeKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\GeeKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKU\S-1-5-21-1470319812-4169542574-1874696523-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-06-19] (ASUS)
S3 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
S3 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S3 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 0125851392893527mcinstcleanup; C:\Users\GeeKay\AppData\Local\Temp\012585~1.EXE -cleanup -nolog [X] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [3837440 2013-08-14] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [65784 2013-05-28] (ASUS Corporation)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [191312 2016-06-26] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [435032 2016-11-29] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1019616 2016-12-08] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2016-12-08] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [134880 2016-12-08] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1120032 2014-07-03] (Acronis International GmbH)
R0 tib_mounter; C:\WINDOWS\System32\DRIVERS\tib_mounter.sys [198432 2014-07-03] (Acronis International GmbH)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-02 20:28 - 2017-03-02 20:29 - 00038424 _____ C:\Users\GeeKay\Downloads\Addition.txt
2017-03-02 20:26 - 2017-03-02 20:41 - 00020536 _____ C:\Users\GeeKay\Downloads\FRST.txt
2017-03-02 20:24 - 2017-03-02 20:41 - 00000000 ____D C:\FRST
2017-03-02 20:23 - 2017-03-02 20:23 - 02423808 _____ (Farbar) C:\Users\GeeKay\Downloads\FRST64.exe
2017-02-23 12:25 - 2017-02-23 12:25 - 06232760 _____ (Canneverbe Limited ) C:\Users\GeeKay\Downloads\cdbxp_setup_4.5.7.6521.exe
2017-02-03 15:50 - 2017-02-03 15:50 - 00002126 _____ C:\Users\Public\Desktop\Google Earth.lnk
2017-02-03 15:50 - 2017-02-03 15:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-02 19:59 - 2016-10-11 18:14 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-03-02 19:46 - 2016-11-29 12:33 - 00003032 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-03-02 19:32 - 2014-11-07 12:13 - 00000000 ___RD C:\Users\GeeKay\Google Drive
2017-03-02 19:31 - 2014-03-30 22:07 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-03-02 19:30 - 2014-03-31 12:57 - 00000000 ____D C:\ProgramData\Kodak
2017-03-02 19:30 - 2013-08-22 14:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-02 19:29 - 2013-08-22 13:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-03-02 19:28 - 2015-01-18 17:30 - 00000000 ____D C:\Users\GeeKay\AppData\Roaming\ClassicShell
2017-03-02 16:24 - 2014-02-20 13:55 - 00003934 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E35EE7CB-516A-44CE-80FB-6DF6017C7B44}
2017-03-02 12:00 - 2016-10-08 11:03 - 00003474 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2017-03-02 12:00 - 2015-05-18 13:36 - 00003464 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2017-02-28 21:51 - 2014-02-19 15:59 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1470319812-4169542574-1874696523-1001
2017-02-28 21:50 - 2014-04-16 12:40 - 00000000 ____D C:\Users\GeeKay\AppData\Roaming\vlc
2017-02-28 20:55 - 2014-04-16 12:51 - 00000000 ____D C:\Users\GeeKay\AppData\Roaming\dvdcss
2017-02-28 12:33 - 2014-04-01 16:14 - 00000000 ____D C:\Users\GeeKay\Documents\A-Z MISCELLANEOUS
2017-02-28 11:31 - 2014-02-19 13:16 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-28 11:31 - 2012-07-26 07:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-28 11:27 - 2014-02-19 13:16 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-24 14:29 - 2016-10-31 18:42 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-23 20:28 - 2013-08-22 13:36 - 00000000 ____D C:\WINDOWS\Inf
2017-02-21 16:25 - 2016-02-23 11:08 - 00000000 ____D C:\Users\GeeKay\Documents\A-Z HOUSEHOLD
2017-02-21 12:36 - 2013-11-14 12:45 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-21 11:28 - 2014-11-17 18:08 - 00000000 ____D C:\Users\GeeKay\AppData\Roaming\Audacity
2017-02-19 10:49 - 2016-02-27 19:14 - 00000000 ____D C:\Users\GeeKay\Documents\A-Z SPACE STUFF
2017-02-18 18:35 - 2016-10-11 18:14 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-02-14 17:59 - 2016-10-11 18:14 - 00003860 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-02-14 17:59 - 2016-10-11 18:14 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-02-14 17:59 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-14 17:59 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-06 20:52 - 2014-02-20 08:08 - 00002177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 20:52 - 2014-02-20 08:08 - 00002165 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-06 19:41 - 2016-11-16 11:21 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 19:41 - 2016-11-16 11:21 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-03 15:50 - 2014-02-20 08:07 - 00000000 ____D C:\Program Files (x86)\Google

==================== Files in the root of some directories =======

2016-11-19 12:07 - 2017-03-02 19:32 - 0067208 _____ () C:\Users\GeeKay\AppData\Roaming\MultiScreen_log.log
2014-02-19 12:09 - 2016-11-22 20:47 - 0000074 _____ () C:\Users\GeeKay\AppData\Roaming\sp_data.sys
2017-01-04 14:09 - 2017-01-04 14:10 - 0016090 _____ () C:\Users\GeeKay\AppData\Local\clear.log
2014-04-13 16:39 - 2014-04-13 16:39 - 3063800 _____ (Nero AG) C:\Users\GeeKay\AppData\Local\NeroAudioPack1.exe
2014-05-02 22:31 - 2014-05-02 22:31 - 0000017 _____ () C:\Users\GeeKay\AppData\Local\resmon.resmoncfg
2013-04-25 23:15 - 2012-09-07 11:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-04-25 23:15 - 2009-07-22 10:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-04-25 23:15 - 2012-09-07 11:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Files to move or delete:
====================
C:\Users\GeeKay\en_res.dll
C:\Users\GeeKay\es_res.dll
C:\Users\GeeKay\fr_res.dll
C:\Users\GeeKay\grm_res.dll
C:\Users\GeeKay\it_res.dll
C:\Users\GeeKay\jp_res.dll
C:\Users\GeeKay\mfc80u.dll
C:\Users\GeeKay\msvcr80.dll
C:\Users\GeeKay\PCPE Setup.exe
C:\Users\GeeKay\pt_res.dll
C:\Users\GeeKay\ResourceReader.dll
C:\Users\GeeKay\ru_res.dll
C:\Users\GeeKay\zh_res.dll

Some files in TEMP:
====================
2012-09-27 11:17 - 2012-09-27 11:17 - 0456640 _____ (Eastman Kodak Company) C:\Users\GeeKay\AppData\Local\Temp\LogCaptureUtility.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-02 08:35

==================== End of FRST.txt ============================

Malnutrition · Mar 2, 2017

Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Clean up temp files and reduce startup load with CCleaner.

Note: This tool will clean your browsing history as well.

Download CCleaner from here.
After install Click Options.
Go to monitoring.
Uncheck All Monitoring items.
Go to advanced -- Click close program after cleaning.
Go to settings -- click run ccleaner when the computer starts.
Now that you have ccleaner installed and set-up:
Open the program.
Go to Tools
Go to Startup
Now double click each item. To Disable.
Leave only your antivirus enabled.
Then disable All items in your scheduled task as well.
Unless they are related to windows defender.Or your antivirus.
Reboot the machine.

Run the McaFee removal tool, you had it on your machine and there are still remnants on your machine that need to be deleted.

FRST Fix.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

GrahamKnott · Mar 2, 2017

Just a thought: when you say "Change the download folder setting in the default Browser only, so all tools we may use are saved to the Desktop:" will this mean I'll lose all my Chrome "Favorites"? These are precious to me - my working tools, if you like - and I really, really don't want to lose them. Thanks.

Malnutrition · Mar 2, 2017

No, you will not loose anything, you can just change the download for firefox, or go to your download folder and cut and paste FRST to the desktop, or drag it out of the downloads folder to the desktop if you prefer. It is just best to run these tools from the desktop, that is where they are designed to run from.

So long as the end result is you having the files on your desktop then I do not care how they get there.

GrahamKnott · Mar 2, 2017

Well, I've gone to Downloads and selected desktop. Also, I've now dragged FRST.txt and FRST64.exe on to my desktop.

Malnutrition · Mar 2, 2017

Start out by running Adware cleaner, then ccleaner, then Mcafee removal tool, then run the FRST fix. Steps are in order for a reason and they should all be done based on the info I gathered from your machine.

GrahamKnott · Mar 2, 2017

Sorry, but I'm such a literalist when it comes to PCs. As I've already stated, I've now put both FRST.txt and Additional.txt shortcuts on to my desktop. It's just that when you say "run" does this mean scan? I ask this question because I have four options available on the scan tool: 1) Scan: 2) Search Files: 3) Search Registry: or 4) Fix?

A prompt: "Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply."

Many thanks.

Malnutrition · Mar 2, 2017

GrahamKnott · Mar 2, 2017

Yes, I tried clicking 'Fix' and this is what I got:
"No fixlist.txt found."
"The fixlist.txt should be be in the same folder/directory the tool is located."

I take it I'm doing something wrong here.

Malnutrition · Mar 2, 2017

Yes, if you have them both on your desktop then you may have downloaded more than one fixlist in this process.
Right click it and select rename and delete anything like (2) from the name fixlist so it reads just the same as the picture I posted.

GrahamKnott · Mar 2, 2017

So which of the two should I delete?

FRST64.exe
Additional.txt - Shortcut

Malnutrition · Mar 2, 2017

Ok, lets do this...

Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:

Remove disinfection tools

Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt

After delfix has ran, then redownload the FRST and fixlist then run the fix.

GrahamKnott · Mar 2, 2017

I'm very sorry, but I've done everything correctly - deleted all previous items and reinstalled the FRST software - and I keep getting the same negative messages. I'm sorry to have put you to all this trouble.

Malnutrition · Mar 2, 2017

You need to have the Fixlist and FRST side by side.

GrahamKnott · Mar 2, 2017

This doesn't happen. Everytime I download FRST all I get now is the single FRST64.exe file. . . no fixlist at all.

Malnutrition · Mar 2, 2017

Download the fixlist from the link below.....

https://pchelpforum.net/attachments/fixlist-txt.1734/

GrahamKnott

Malnutrition

Malnurished Admin

GrahamKnott

Malnutrition

Malnurished Admin

GrahamKnott

Malnutrition

Malnurished Admin

Attachments

GrahamKnott

Malnutrition

Malnurished Admin

GrahamKnott

Malnutrition

Malnurished Admin

GrahamKnott

Malnutrition

Malnurished Admin

GrahamKnott

Malnutrition

Malnurished Admin

GrahamKnott

Malnutrition

Malnurished Admin

GrahamKnott

Malnutrition

Malnurished Admin

GrahamKnott

Malnutrition

Malnurished Admin

Search

Search

My Google Chrome Invaded by ebay homepage

We value your privacy