Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I dont have permission to access MSE and i cant download anything.


  • Please log in to reply
17 replies to this topic

#1 Nihilistic_mystic

Nihilistic_mystic

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 24 November 2013 - 05:36 PM

Hi, I'm new to this forum and I'm having a big problem.
 
I cant access my antivirus (Microsoft security essentials) because it says I don't have permission. Also, I am unable to download anything (windows 7), as it is deleted immediately because "it contains a virus". I know that this is not true. Is there a workaround so I can use my antivirus, or get an anti-rootkit and get rid of this evil little bastard? I'm stuck.

Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

Edit: Thank you, Animal. Sorry about that.


Edited by bloopie, 24 November 2013 - 07:41 PM.
Moved from Aii to the Logs forum at the request of JSntgRvr. ~bloopie


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:12 AM

Posted 24 November 2013 - 05:52 PM

It looks like you're infected with ZeroAccess rootkit.

 

I'll report this topic to appropriate helpers.

1. Please let us know what Windows version you have and if it's 32- or 64-bit.
2. Is the computer bootable in any mode?

Hold on there....


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:12 AM

Posted 24 November 2013 - 06:27 PM

Please download Farbar Recovery Scan Tool and save it to your desktop. If unable, download the file to a USB flash drive in another coputer, plug the USB flash drive to the ailing computer, and run the application from there.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 Nihilistic_mystic

Nihilistic_mystic
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 24 November 2013 - 06:29 PM

Im running 64 bit Windows 7 ultimate. The computer is running slowly, but its working fine apart from no antivirus access or downloads of any kind. I ran a malwarebytes quick scan as well and it only found one item and deleted it. I cant get into MSE from the systems list either. it just doesn't show up.



#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:12 AM

Posted 24 November 2013 - 06:34 PM

Download the file to a USB flash drive in another computer, plug the USB flash drive to the ailing computer, and run the application from there.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 Nihilistic_mystic

Nihilistic_mystic
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 24 November 2013 - 06:45 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-11-2013
Ran by Colby (administrator) on COLBY-PC on 24-11-2013 15:37:54
Running from G:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1573160 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [2227] - C:\ProgramData\dxeryw.exe [120320 2010-11-20] ( ())
HKLM\...\Policies\Explorer: [301548880] 0x504B030415C52C865045F9114D0700000030000001312709D7632458FE8D1107CBCBF725DC50614B59C90569CCB6FA5FB44BA4AE96C263F186ACC82550C7653D8D455FB3C89C2A34B0254AA9F80534BFBD723B4CD72DB64ED5EACD45732D243AB2CFDD88BF784B8817D017A77AB24E96F93D93B8ABD21339C5FA2E49D22ED3FE0AD3DB1B56B6708C42F0899376F17D088F5DC0D0B3EA4F4004D6C8315409BAA9A598C7533D2CB2E49B2E8F97BA728D010B4CA1E1D7B15C34F3A63F4C834DEF33D4874B15F14DAE38C5860EE7D58FD61178818E33E939E9D05CAA9D13E46644F3D72273B28D938A8A63849E63EC09670B73EEC172136F2007835E5B040F5D7DD10B88CF087F6F41C1D6BA3C8E968406274A97CAAAB93E827586DF9DD0E4E9095885017460C26C58F5CE7A1A3CD176A69AABCBF9CA76444B48A69558D11630E3C67E272147D90988332ECDAC8CF28F8862A8601B0DDB1A189DE1933384F58FC7E6BD881B3DA70D30436520BBD362DC20B4487829BF2F94F9FFE77DEF4F28367506FD16273F6249464EE3263CB5A12FF64DBD8445D2AE533B6FDD7ADC6C1F7ADCCB31F403C489A43605FFA961078280FB3663C245ED364B95C1D764C2C5C32AD1C33D85DD62146A40117A072392A52D4B90CB65C727C7E0BE3092607FB2321578C685084923DA3FE8D7BC6FA407D9302B0FEC09AEB7700BA4BED390710DF0C269777630969B53CD6F47A69A422416C3C7C72F29818933BE71AE1B05E27FA6DBEC9435EB2F231A8AB2F084148365EDF76D89B0624DA2B2B9427E33DC7715F22F84349FDA1475820A8241BD27BCD314101E99949C9F6FF743D17DB7ACFB7AE81C2E3EF243F99F1BB09758BDD6C96BD44C417623DC2B5DC8FD9953F1298E4626D129A7EAD5B1C5FFC2BC14764507CAE63704B7B8BFC293D8A471F5E2E95232E7955779268D5E240AE190A9E19B056D47B17823A6B5B2635EBAEB78CE851C144D9B531DB7E527A6F1E14E310CC094A5B4986CFC5CA6778097C4C07D6218B775E8050B7A06B74EFE996B010B6A31FEDDFD4D0FC2B173464306560422E1BF8193C785ED6A1D16181E4B25BB9D26315E547ADD6BBEE849AD5101170DFD575AED5C1D880BDFAA073B36639B7C836706906119B4A3865974FAF96B34BD86F03BC25302B1FBC0AD07DD6E9B7C87B68EEAFE21D169A3C282B4A24A3A303231618735CBF9654CBFB317B9DE7F684194662F5C8B47D81330D239E69DF9CB9ABEF6638738B6BDE721DA92EBE2DA945379FEC3079BF69686FFCC6922C21BADCD755DE71CA8BCC3B6D4ADD1DC430BCC6038658D63F627837F2ACD74958ACB80914EDFBCD10250C0BD0757E1EDFE3D9BEC9FBC8405E67DF0B4A27289694C87E3E826375FCDC3B982C3C68DBCBB5B26E076F5375C7C80FEF6479845292397303470A0950D5B61ED2C5B51D3C4900A30955AC2CB090F8E8473C816FB4160A289713CB1BCA87F22E48822EA6F9B2AA109A40513AD8D325ADBDD366C260E7A23BA5364E025428FDB3EA41578671ECEC6317C2C3F3144D0EAD2554ACD2ED7CF1CB85A708BC90742F962FF03D6F6481709CE24A0F3F147950ABE0318CC63E9A61B2870C6978968AE6D999F8540434D22409AAA5D81980869D252040EDDEF9BBF16B635C50B3658EF67F4DC072E1E3F5A7B4AD0429B68C5D607B9D0AD592F50EC849713BBA7F52B338569AE887AE8F0520113ECBD592EF2753F157C37ACA03FB4F0879020CF1B020D619B6507C173CC45A46B972E7ABF8193798818EA171073C32366300BBE0DE0CE716C509E065E053073CBEBF155CFE6221B6B168D5A4829BB426E369347922F29F6B915DEE66CB9B3A4D3189E4882E81D1B16A21741A452084845869A43F0972D71E1CF3F7FF19E99289BEE1000D6A3FE7CF3F3B8091491B29B0638B03C204236711A1BCC7FD6E3981B984563DC5A73A10CEDC6BEDBFD2C1B7D5B449AFDAEA85EA58CFF92D4CD959228617600041B10B484F1DD69BFA0B267EE0CEDC8CEC6B3E5F583CBCCA55D86B3CF2D6F592F314DB6B334C42C7C1C91526B02777EDB70CC543569D4B8A7809F005FC03E41209A2526003170EC10D7380DA3F3E08950DC315A8E303773046E9E9CC4FB000196307EAE5F1407BC67D86505917E04F57903BD88A6F1B3157E2ED1421B71586C7022F334C256FD9D891D15D0DBF30DF63343304DB129DA4132BE3A2E84CDE1408EE50FB3E6ADB9E0E8EBB4A670B57946A4F40B92A016BDCC935E700759636BDDEB5C5E35F1EC5977FE5857E15563AE031B5668083A7D4B453D278A0100855A86A31E4D8BD26B1DA2DC034C13EACDBF0193C2155D5A67143953288EC8E2B0745951924C41BFA98C84E0C214CB6096A250590C0BA057C3EC2E875801E3F7FEDF966FF0D3FDD079B0EF8D19BF7DB352DD861DCF19382945E52D6D7709D5CBE04DC6DECF6BA01ECFF80D82030F195725C75519F6965A1B1025D1E788577A83D5D5149C4E0098D323710869FD36657B0D956025E3F3E29F802FCB55106D804EBF4FCC28C660FADBD6C72C01D1F7619E686080E3835359C1278FCE57FA4F9363CB0148E2FC4D9757AAD975538E9A3447FCCA3AD906BEEF9A65B8872804D1EADE45BA7B0309120E7F1F4CFED4C35AD8E818B27858025FC85A1B79DAEC3CFDCDDF4AB5120561
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1813928 2013-10-08] (Valve Corporation)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
MountPoints2: {7ef68e03-8421-11e1-aa26-001e33b46c27} - G:\StartClickFreeBackup.exe
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2010-09-24] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [462920 2012-07-03] (Malwarebytes Corporation)
HKU\Guest\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-09-08] (Apple Inc.)
HKU\Guest\...\CurrentVersion\Windows: [Load] c:\users\guest\dxatjj.exe <===== ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x39F20628B552CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.cracked.com/
http://www.gamefaqs.com/
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25

==================== Services (Whitelisted) =================

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [655944 2012-07-03] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] ()
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{10b7ce9b-d967-c2e4-9b5b-2b9f556ee02d}\   \...\???\{10b7ce9b-d967-c2e4-9b5b-2b9f556ee02d}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-24 15:37 - 2013-11-24 15:37 - 00000000 ____D C:\FRST
2013-11-24 14:05 - 2013-11-24 14:05 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Malwarebytes
2013-11-24 11:31 - 2013-11-24 11:31 - 00000000 ____D C:\Windows\TempAC98BA0D-0216-BD53-1CC1-274BE0DEF138-Signatures
2013-11-24 11:31 - 2013-11-24 11:31 - 00000000 ____D C:\be7e95a6a0a967e0ae8260618fd053
2013-11-21 16:42 - 2013-10-12 00:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-21 16:42 - 2013-10-12 00:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-21 16:42 - 2013-10-12 00:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-21 16:42 - 2013-10-12 00:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-21 16:42 - 2013-10-12 00:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-21 16:42 - 2013-10-11 23:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-21 16:42 - 2013-10-11 23:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-21 16:42 - 2013-10-11 23:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-21 16:42 - 2013-10-11 23:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-21 16:42 - 2013-10-11 23:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-21 16:42 - 2013-10-11 22:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-21 16:42 - 2013-10-11 22:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-21 16:42 - 2013-10-11 21:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-21 16:42 - 2013-10-11 21:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-21 16:41 - 2013-10-12 00:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-21 16:41 - 2013-10-12 00:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-21 16:41 - 2013-10-12 00:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-21 16:41 - 2013-10-12 00:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-21 16:41 - 2013-10-12 00:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-21 16:41 - 2013-10-12 00:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-21 16:41 - 2013-10-11 23:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-21 16:41 - 2013-10-11 23:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-21 16:41 - 2013-10-11 23:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-21 16:41 - 2013-10-11 23:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-21 16:41 - 2013-10-11 23:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-21 16:41 - 2013-10-11 23:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-21 16:40 - 2013-10-12 00:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-21 16:40 - 2013-10-12 00:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-21 16:40 - 2013-10-12 00:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-21 16:40 - 2013-10-11 23:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-21 16:40 - 2013-10-11 23:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-17 16:08 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-17 16:08 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-17 16:04 - 2013-09-27 17:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-17 16:04 - 2013-09-24 18:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-17 16:04 - 2013-09-24 18:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-17 16:04 - 2013-09-24 18:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-17 16:04 - 2013-09-24 18:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-17 16:04 - 2013-09-24 18:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-17 16:04 - 2013-09-24 18:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-17 16:04 - 2013-09-24 18:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-17 16:04 - 2013-09-24 18:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-17 16:04 - 2013-09-24 17:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-17 16:04 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-17 16:04 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-17 16:04 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-17 16:04 - 2013-09-24 17:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-17 16:04 - 2013-07-04 04:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-17 16:02 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-17 16:02 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-17 16:02 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-17 16:02 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-17 16:02 - 2013-10-02 18:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-17 16:02 - 2013-10-02 18:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-17 16:01 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-10 15:42 - 2013-11-10 15:42 - 00000000 ____D C:\Users\Colby\AppData\Local\Google
2013-11-10 15:42 - 2013-11-10 15:42 - 00000000 ____D C:\Program Files (x86)\Google

==================== One Month Modified Files and Folders =======

2013-11-24 15:37 - 2013-11-24 15:37 - 00000000 ____D C:\FRST
2013-11-24 15:28 - 2009-07-13 20:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-24 15:28 - 2009-07-13 20:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-24 15:02 - 2012-04-05 15:24 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-24 15:02 - 2012-04-05 15:24 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-24 14:34 - 2010-09-12 09:46 - 01798620 _____ C:\Windows\WindowsUpdate.log
2013-11-24 14:16 - 2012-09-13 07:03 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-24 14:05 - 2013-11-24 14:05 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Malwarebytes
2013-11-24 13:54 - 2012-08-14 16:26 - 00001986 _____ C:\Users\Guest\Desktop\Rkill.txt
2013-11-24 13:54 - 2012-08-14 16:26 - 00000000 ____D C:\Users\Guest\Desktop\rkill-backup
2013-11-24 13:53 - 2012-01-01 09:27 - 00000000 ____D C:\Users\Guest
2013-11-24 13:52 - 2012-01-01 09:28 - 00001413 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-24 13:52 - 2012-01-01 09:28 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-24 13:52 - 2012-01-01 09:28 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-24 12:41 - 2011-08-12 14:36 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-24 11:44 - 2011-07-07 13:15 - 00000000 ____D C:\Users\Colby\Documents\video gamey stuff
2013-11-24 11:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-11-24 11:32 - 2010-09-12 10:05 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C7ECEE37-F037-42DD-BAC5-28F46A45897C}
2013-11-24 11:31 - 2013-11-24 11:31 - 00000000 ____D C:\Windows\TempAC98BA0D-0216-BD53-1CC1-274BE0DEF138-Signatures
2013-11-24 11:31 - 2013-11-24 11:31 - 00000000 ____D C:\be7e95a6a0a967e0ae8260618fd053
2013-11-24 11:31 - 2012-12-09 16:32 - 00002141 _____ C:\Windows\epplauncher.mif
2013-11-24 11:31 - 2012-12-09 16:32 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-24 11:31 - 2012-12-09 16:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-21 16:59 - 2009-07-13 21:13 - 00741634 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-21 16:54 - 2012-08-19 07:04 - 00002630 _____ C:\Windows\setupact.log
2013-11-21 16:54 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-21 16:39 - 2010-09-12 10:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-21 16:28 - 2013-08-22 18:07 - 00000000 ____D C:\Windows\system32\MRT
2013-11-18 21:56 - 2010-09-12 10:24 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-12 20:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-10 15:42 - 2013-11-10 15:42 - 00000000 ____D C:\Users\Colby\AppData\Local\Google
2013-11-10 15:42 - 2013-11-10 15:42 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-31 18:10 - 2012-08-31 14:03 - 00000000 ____D C:\Users\Colby\Super Nintendo Roms
ZeroAccess:
C:\Users\Colby\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

Files to move or delete:
====================
C:\ProgramData\23lldnur.pad
C:\ProgramData\dxdxxq.exe
C:\ProgramData\dxeryw.exe
C:\ProgramData\dxobury.exe
C:\ProgramData\ism_0_llatsni.pad
C:\Users\Guest\dxatjj.exe

Some content of TEMP:
====================
C:\Users\Colby\AppData\Local\Temp\1013102753.exe
C:\Users\Colby\AppData\Local\Temp\2SKKKKKKK.exe
C:\Users\Colby\AppData\Local\Temp\658451519.exe
C:\Users\Colby\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Colby\AppData\Local\Temp\jre-7u10-windows-i586-iftw.exe
C:\Users\Colby\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Colby\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

LastRegBack: 2013-11-21 17:24

==================== End Of Log ============================

 

Here is the FRST.exe. Addition is coming next

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-11-2013
Ran by Colby at 2013-11-24 15:38:36
Running from G:\
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
7-Zip 9.20 (x32)
AAC Decoder (x32 Version: 7.1.0)
Adobe AIR (x32 Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (x32 Version: 11.2.202.228)
Adobe Reader X (10.1.4) (x32 Version: 10.1.4)
Apple Application Support (x32 Version: 1.3.2)
Apple Mobile Device Support (Version: 3.2.0.47)
Apple Software Update (x32 Version: 2.1.3.127)
AutoUpdate (x32 Version: 1.1)
Bonjour (Version: 2.0.3.0)
CCleaner (Version: 3.21)
Codec Pack - All In 1 6.0.3.0 (x32)
D3DX10 (x32 Version: 15.4.2368.0902)
DivX Codec (x32 Version: 6.8.5)
DivX Converter (x32 Version: 7.1.0)
DivX Player (x32 Version: 7.2.0)
DivX Plus DirectShow Filters (x32)
DivX Version Checker (x32 Version: 7.1.0.2)
DivX Web Player (x32 Version: 1.5.0)
H.264 Decoder (x32 Version: 1.1.0)
Half-Life (x32)
Half-Life: Blue Shift (x32)
Half-Life: Opposing Force (x32)
iTunes (Version: 10.0.1.22)
Java Auto Updater (x32 Version: 2.0.5.1)
Java™ 6 Update 26 (x32 Version: 6.0.260)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kerbal Space Program Demo (x32)
Malwarebytes Anti-Malware version 1.62.0.1300 (x32 Version: 1.62.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
MKV Splitter (x32 Version: 1.0.1)
Motorola Mobile Drivers Installation 5.7.0 (Version: 5.7.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
QuickTime (x32 Version: 7.68.75.0)
Steam (x32 Version: 1.0.0.0)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Access 2007 Help (KB963663) (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Infopath 2007 Help (KB963662) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
VC80CRTRedist - 8.0.50727.762 (x32 Version: 1.0.0)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Yahoo! Detect (x32)

==================== Restore Points  =========================

03-09-2013 00:31:02 Windows Update
09-09-2013 01:50:44 Windows Update
16-09-2013 00:49:40 Windows Update
17-09-2013 22:54:17 Windows Update
22-09-2013 21:51:45 Windows Update
25-09-2013 23:32:17 Windows Update
30-09-2013 03:06:44 Windows Update
03-10-2013 18:20:28 Windows Update
06-10-2013 22:52:07 Windows Update
13-10-2013 21:34:55 Windows Update
14-10-2013 23:13:56 Windows Update
20-10-2013 23:44:51 Windows Update
28-10-2013 01:40:06 Windows Update
01-11-2013 00:56:01 Windows Update
19-11-2013 05:50:59 Windows Update
24-11-2013 19:29:24 Windows Update

==================== Hosts content: ==========================

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {20B750FB-E053-4182-9A77-A36A3ECD2074} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-08-12] ()
Task: {2394C343-7B8B-48FC-A982-9B2261DCC4F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\Program Files\Windows Defender\MpCmdRun.exe [2009-07-13] ()
Task: {4AB412D9-84EE-40D1-955F-01F64588C81A} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => C:\Program Files\Windows Defender\MpCmdRun.exe [2009-07-13] ()
Task: {793A9732-AD7B-4A1D-9CDA-373524D6D8EE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05] (Adobe Systems Incorporated)
Task: {94B9F287-D4EF-4374-9E66-8BCD760E2E10} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-07-24] (Piriform Ltd)
Task: {97021351-4978-4C17-AD9F-F48166CB702C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2010-08-09 23:01 - 2010-08-09 23:01 - 00067872 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photo AIO Printer 964
Description: Photo AIO Printer 964
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/24/2013 11:31:58 AM) (Source: Microsoft Security Client Setup) (User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. Security Essentials is not currently monitoring and helping to protect your computer. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (11/24/2013 11:31:57 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: c:\Program Files\Microsoft Security Client\MsMpEng.exe.

Error: (11/17/2013 10:17:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15554

Error: (11/17/2013 10:17:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15554

Error: (11/17/2013 10:17:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/10/2013 05:57:10 PM) (Source: Bonjour Service) (User: )
Description: 480: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (11/10/2013 05:31:48 PM) (Source: Bonjour Service) (User: )
Description: 480: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (11/03/2013 03:28:44 PM) (Source: Bonjour Service) (User: )
Description: 220: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (10/31/2013 05:37:33 PM) (Source: Bonjour Service) (User: )
Description: 484: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (10/20/2013 04:26:55 PM) (Source: Bonjour Service) (User: )
Description: 468: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

System errors:
=============
Error: (11/24/2013 02:16:15 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (11/24/2013 02:16:15 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (11/24/2013 01:03:06 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
%%5

Error: (11/24/2013 11:33:06 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.4.304.0 (KB2902885).

Error: (11/24/2013 11:29:42 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (11/24/2013 11:29:42 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (11/21/2013 04:55:28 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/21/2013 04:54:30 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (11/21/2013 04:54:28 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (11/21/2013 04:54:15 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
%%5

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 56%
Total physical RAM: 1916 MB
Available physical RAM: 830.02 MB
Total Pagefile: 3831.99 MB
Available Pagefile: 2428.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:224.2 GB) (Free:169.03 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive g: (KINGSTON) (Removable) (Total:3.77 GB) (Free:3.58 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: CA1DE32B)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=224 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=7 GB) - (Type=17)

========================================================
Disk: 3 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================


Edited by Nihilistic_mystic, 24 November 2013 - 06:48 PM.


#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:12 AM

Posted 24 November 2013 - 07:14 PM

  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as fixlist.txt
  • Change the Save as Type to All Files
  • and Save it on the location where FRST is.
  • Insert the Flash drive in the ailing computer

    Start
    HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
    HKU\Guest\...\CurrentVersion\Windows: [Load] c:\users\guest\dxatjj.exe <===== ATTENTION
    c:\users\guest\dxatjj.exe
    U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{10b7ce9b-d967-c2e4-9b5b-2b9f556ee02d}\ \...\???\{10b7ce9b-d967-c2e4-9b5b-2b9f556ee02d}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
    C:\Users\Colby\AppData\Local\Google\Desktop\Install
    C:\Program Files (x86)\Google\Desktop\Install
    C:\ProgramData\23lldnur.pad
    C:\ProgramData\dxdxxq.exe
    C:\ProgramData\dxeryw.exe
    C:\ProgramData\dxobury.exe
    C:\ProgramData\ism_0_llatsni.pad
    C:\Users\Guest\dxatjj.exe
    C:\Users\Colby\AppData\Local\Temp\1013102753.exe
    C:\Users\Colby\AppData\Local\Temp\2SKKKKKKK.exe
    C:\Users\Colby\AppData\Local\Temp\658451519.exe
    C:\Users\Colby\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
    C:\Users\Colby\AppData\Local\Temp\jre-7u10-windows-i586-iftw.exe
    C:\Users\Colby\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
    C:\Users\Colby\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
    DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
    DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
    End

  • Run FRST and click on the Fix button. Wait until finished.
    The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

    Restart the computer.

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

  • Download : ADWCleaner to your desktop.

    NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

    Close all programs and click on the AdwCleaner icon.

    scan-results.jpg

    Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

    The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt

    Re-run Malwarebytes Antimalware and post its report.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 Nihilistic_mystic

Nihilistic_mystic
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 24 November 2013 - 07:31 PM

save over FRST64 or FRST.txt? Sorry about the confusion, i'm way out of my league here.


Edited by Nihilistic_mystic, 24 November 2013 - 07:33 PM.


#9 Nihilistic_mystic

Nihilistic_mystic
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 24 November 2013 - 07:38 PM

Nevermind, I figured it out! heres the fixlog! Back in a second!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-11-2013
Ran by Colby at 2013-11-24 16:36:49 Run:1
Running from G:\
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKU\Guest\...\CurrentVersion\Windows: [Load] c:\users\guest\dxatjj.exe <===== ATTENTION
c:\users\guest\dxatjj.exe
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{10b7ce9b-d967-c2e4-9b5b-2b9f556ee02d}\ \...\???\{10b7ce9b-d967-c2e4-9b5b-2b9f556ee02d}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
C:\Users\Colby\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
C:\ProgramData\23lldnur.pad
C:\ProgramData\dxdxxq.exe
C:\ProgramData\dxeryw.exe
C:\ProgramData\dxobury.exe
C:\ProgramData\ism_0_llatsni.pad
C:\Users\Guest\dxatjj.exe
C:\Users\Colby\AppData\Local\Temp\1013102753.exe
C:\Users\Colby\AppData\Local\Temp\2SKKKKKKK.exe
C:\Users\Colby\AppData\Local\Temp\658451519.exe
C:\Users\Colby\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Colby\AppData\Local\Temp\jre-7u10-windows-i586-iftw.exe
C:\Users\Colby\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Colby\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
End

*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
HKU\Guest\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully.
c:\users\guest\dxatjj.exe => Moved successfully.
*etadpug => Service deleted successfully.
C:\Users\Colby\AppData\Local\Google\Desktop\Install => Moved successfully.
C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.
C:\ProgramData\23lldnur.pad => Moved successfully.
C:\ProgramData\dxdxxq.exe => Moved successfully.
C:\ProgramData\dxeryw.exe => Moved successfully.
C:\ProgramData\dxobury.exe => Moved successfully.
C:\ProgramData\ism_0_llatsni.pad => Moved successfully.
"C:\Users\Guest\dxatjj.exe" => File/Directory not found.
C:\Users\Colby\AppData\Local\Temp\1013102753.exe => Moved successfully.
C:\Users\Colby\AppData\Local\Temp\2SKKKKKKK.exe => Moved successfully.
C:\Users\Colby\AppData\Local\Temp\658451519.exe => Moved successfully.
C:\Users\Colby\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe => Moved successfully.
C:\Users\Colby\AppData\Local\Temp\jre-7u10-windows-i586-iftw.exe => Moved successfully.
C:\Users\Colby\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Users\Colby\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe => Moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.
"C:\Program Files\Microsoft Security Client\Backup" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\DbgHelp.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\Drivers" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\en-us" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\EppManifest.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\mpevmsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpOAv.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MSESysprep.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpEng.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\msseces.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\msseoobe.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\msseooberes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsseWat.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\NisLog.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\NisSrv.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\NisWFP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\Setup.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SetupRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\shellext.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SqmApi.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SymSrv.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SymSrv.yes" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.

The system needs a manual reboot.

==== End of Fixlog ====



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:12 AM

Posted 24 November 2013 - 07:48 PM

Now the other scans. You should be able to download now from your computer.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 Nihilistic_mystic

Nihilistic_mystic
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 24 November 2013 - 07:57 PM

Here's the JRT log.

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 11/24/2013 at 16:55:26.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#12 Nihilistic_mystic

Nihilistic_mystic
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 24 November 2013 - 08:08 PM

Here's the ADW log.

 

# AdwCleaner v3.013 - Report created 24/11/2013 at 17:03:20
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Colby - COLBY-PC
# Running from : C:\Users\Colby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LPR5L3WG\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736

*************************

AdwCleaner[R0].txt - [1022 octets] - [24/11/2013 17:02:28]
AdwCleaner[S0].txt - [953 octets] - [24/11/2013 17:03:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1012 octets] ##########



#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:12 AM

Posted 24 November 2013 - 08:15 PM

Re-run Malwarebytes Antimalware and post its report.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 Nihilistic_mystic

Nihilistic_mystic
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 24 November 2013 - 08:23 PM

Here you go.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.24.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Colby :: COLBY-PC [administrator]

11/24/2013 5:13:11 PM
mbam-log-2013-11-24 (17-13-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228184
Time elapsed: 7 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#15 Nihilistic_mystic

Nihilistic_mystic
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 24 November 2013 - 08:26 PM

I never would have been able to fix this without your help. Thank you so much, somebody should get you a cape.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users