Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trying to fix my moms laptop and could use some help


  • This topic is locked This topic is locked
7 replies to this topic

#1 Abbey77

Abbey77

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 22 March 2017 - 11:09 PM

Hi, my mom's acer aspire laptop crashed I cannot figure it what is wrong with it. The operating system is windows 7. I can turn the computer on, but cannot run any programs during normal startup. The cursor will just spin if I try to click on anything and the whole compute will freeze up and have to be restarted via the power button. I can start up in safe mode, but most virus scanning programs fail to launch.

The wireless internet won't connect, but I can connect with an Ethernet cable. I was able to download and run malwarebytes, and found and deleted 10 viruses/suspicious files. I ran combofix, but the issues persisted. I also ran hijackthis, but didn't understand the results. And there are no prior restore points saved. Any suggestions??? Thanks!

Oh, also, my mom didn't know to select shut down from the menu, and has been shutting the computer down with the power button for over 2 years; just found that out today... and the only thing she uses the computer for is Facebook and the Sporcle quizs site, so I'm not sure if she got a virus from either of those sites.

BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:28 PM

Posted 23 March 2017 - 05:43 PM

Hello Abbey77 and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

If these programmes don’t run in normal mode, please run them in safe mode. When you do run them, please follow these instructions in the order given.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner by clicking on Scan
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista/7/8/10, instead of double-clicking, right-mouse click JRT.exe and select ‘Run as Administrator’
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

================================================

Logs to include with next post:

AdwCleaner log
JRT.txt
Frst.txt
Addition.txt


Thanks

Satchfan


Edited by satchfan, 23 March 2017 - 05:46 PM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 Abbey77

Abbey77
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 23 March 2017 - 06:55 PM

Thanks for your help!!!

 

# AdwCleaner v6.044 - Logfile created 23/03/2017 at 19:30:19
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-23.2 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : User - USER-PC
# Running from : C:\Users\User\Downloads\adwcleaner_6.044.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: WtuSystemSupport
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\ProgramData\apn
[#] Folder deleted on reboot: C:\ProgramData\Application Data\apn
[-] Folder deleted: C:\Program Files (x86)\avg web tuneup
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key deleted: HKLM\SOFTWARE\AVG Tuneup
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\metrolyrics.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\thenicestplaceontheinter.net
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\metrolyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\thenicestplaceontheinter.net
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\User\AppData\Local\Comodo\Dragon\User Data\Default\Web data] [Search Provider] Deleted: yahoo.com
[-] [C:\Users\User\AppData\Local\Comodo\Dragon\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\User\AppData\Local\Comodo\Dragon\User Data\Default\Web data] [Search Provider] Deleted: ask.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [2493 Bytes] - [23/03/2017 19:30:19]
C:\AdwCleaner\AdwCleaner[S0].txt - [2580 Bytes] - [23/03/2017 19:27:00]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2639 Bytes] ##########
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows 7 Home Premium x64 
Ran by User (Limited) on Thu 03/23/2017 at 19:42:41.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 17 
 
Successfully deleted: C:\Program Files (x86)\GUTE3DA.tmp (File) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NRS0QITR (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S6VBYUT5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SMMC5SI8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VHGRJ5O9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NRS0QITR (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S6VBYUT5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SMMC5SI8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VHGRJ5O9 (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 03/23/2017 at 19:44:15.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by User (administrator) on USER-PC (23-03-2017 19:48:16)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKU\S-1-5-21-4235655529-2770116333-402950571-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C0].txt [2742 2017-03-23] ()
HKU\S-1-5-21-4235655529-2770116333-402950571-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-28] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-28] (AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-28] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3F9583C7-1ECF-4902-AF4A-E805C6432D0D}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4235655529-2770116333-402950571-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4235655529-2770116333-402950571-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-02-28] (AVAST Software)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-02-28] (AVAST Software)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKU\S-1-5-21-4235655529-2770116333-402950571-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\TomTom\HOME\Profiles\q3sof51z.default [2015-08-27]
FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2015-08-27] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-03-23]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-15]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-22]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-15]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-22]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-07-04] (Advanced Micro Devices, Inc.) [File not signed]
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7147320 2017-02-28] (AVAST Software s.r.o.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-28] (AVAST Software)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1257384 2017-02-27] (AVG Technologies CZ, s.r.o.)
S2 dlbu_device; C:\Windows\system32\dlbucoms.exe [567280 2007-02-28] ( )
S2 dlbu_device; C:\Windows\SysWOW64\dlbucoms.exe [538096 2007-02-28] ( )
S2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2070712 2016-09-08] (Comodo)
S2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [118464 2016-12-23] (COMODO)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309272 2017-02-28] (AVAST Software s.r.o.)
S0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-02-28] (AVAST Software s.r.o.)
S0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-02-28] (AVAST Software s.r.o.)
S0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-02-28] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-02-28] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32088 2017-02-28] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126600 2017-02-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-02-28] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-02-28] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [993608 2017-02-28] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [548928 2017-03-21] () [File not signed]
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-02-28] (AVAST Software)
S0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337592 2017-03-14] (AVAST Software)
S1 isedrv; C:\Windows\system32\drivers\isedrv.sys [49312 2016-12-23] (COMODO)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-03-23] (Malwarebytes)
S3 aswHdsKe; \??\C:\Windows\system32\drivers\aswHdsKe.sys [X]
S3 athr; system32\DRIVERS\athrx.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-23 19:48 - 2017-03-23 19:48 - 00009353 _____ C:\Users\User\Desktop\FRST.txt
2017-03-23 19:48 - 2017-03-23 19:48 - 00000000 ____D C:\FRST
2017-03-23 19:47 - 2017-03-23 19:47 - 02424832 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2017-03-23 19:46 - 2017-03-23 19:46 - 01766912 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2017-03-23 19:44 - 2017-03-23 19:44 - 00003238 _____ C:\Users\User\Desktop\JRT.txt
2017-03-23 19:40 - 2017-03-23 19:40 - 01663904 _____ (Malwarebytes) C:\Users\User\Downloads\JRT (1).exe
2017-03-23 19:40 - 2017-03-23 19:40 - 01663904 _____ (Malwarebytes) C:\Users\User\Desktop\JRT.exe
2017-03-23 19:32 - 2017-03-23 19:32 - 00002742 _____ C:\Users\User\Desktop\AdwCleaner[C0].txt
2017-03-23 19:29 - 2017-03-23 19:29 - 00002580 _____ C:\Users\User\Documents\AdwCleaner[S0].txt
2017-03-23 19:24 - 2017-03-23 19:30 - 00000000 ____D C:\AdwCleaner
2017-03-23 19:24 - 2017-03-23 19:24 - 04031440 _____ C:\Users\User\Downloads\adwcleaner_6.044.exe
2017-03-22 23:40 - 2017-03-22 23:40 - 00018298 _____ C:\ComboFix.txt
2017-03-22 23:14 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2017-03-22 23:14 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2017-03-22 23:14 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-03-22 23:14 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-03-22 23:14 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-03-22 23:14 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2017-03-22 23:14 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2017-03-22 23:14 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2017-03-22 23:13 - 2017-03-22 23:40 - 00000000 ____D C:\Qoobox
2017-03-22 23:12 - 2017-03-22 23:38 - 00000000 ____D C:\Windows\erdnt
2017-03-22 23:12 - 2017-03-22 23:12 - 05659269 ____R (Swearware) C:\Users\User\Downloads\ComboFix.exe
2017-03-22 21:12 - 2017-03-23 19:38 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-22 21:12 - 2017-03-23 19:38 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-22 21:12 - 2017-03-23 19:32 - 00082208 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-22 21:12 - 2017-03-22 22:43 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-22 21:11 - 2017-03-23 19:38 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-22 21:11 - 2017-03-22 21:11 - 57131432 _____ (Malwarebytes ) C:\Users\User\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-22 21:11 - 2017-03-22 21:11 - 00001827 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-22 21:11 - 2017-03-22 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-22 21:11 - 2017-03-22 21:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-22 21:11 - 2017-03-22 21:11 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-22 21:11 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-22 19:47 - 2016-12-23 02:28 - 00307432 _____ (COMODO) C:\Windows\system32\iseguard64.dll
2017-03-22 19:47 - 2016-12-23 02:28 - 00235696 _____ (COMODO) C:\Windows\SysWOW64\iseguard32.dll
2017-03-22 19:47 - 2016-12-23 02:28 - 00049312 _____ (COMODO) C:\Windows\system32\Drivers\isedrv.sys
2017-03-22 19:46 - 2017-03-22 19:47 - 00000000 ____D C:\Program Files (x86)\Comodo
2017-03-22 19:46 - 2017-03-22 19:46 - 00002110 _____ C:\Users\Public\Desktop\Comodo Dragon.lnk
2017-03-22 19:46 - 2017-03-22 19:46 - 00000000 ____D C:\Users\User\AppData\Local\Comodo
2017-03-22 19:46 - 2017-03-22 19:46 - 00000000 ____D C:\Users\User\AppData\Local\Chromium
2017-03-22 19:46 - 2017-03-22 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2017-03-22 19:44 - 2017-03-22 19:44 - 05456576 _____ (COMODO) C:\Users\User\Downloads\cav_installer.exe
2017-03-22 19:42 - 2017-03-22 19:42 - 05552688 _____ ( ) C:\Users\User\Downloads\sscsetupcatus300.exe
2017-03-22 19:38 - 2017-03-22 19:38 - 00000000 ____D C:\Users\User\Downloads\backups
2017-03-22 19:35 - 2017-03-22 19:35 - 00388608 _____ (Trend Micro Inc.) C:\Users\User\Downloads\HijackThis.exe
2017-03-22 19:19 - 2017-03-22 19:19 - 73804768 _____ (COMODO) C:\Users\User\Downloads\cispremium_only_installer (4).exe
2017-03-22 18:16 - 2017-03-22 18:16 - 03449312 _____ (AVG Technologies CZ, s.r.o.) C:\Users\User\Downloads\Antivirus_Free_1894 (1).exe
2017-03-22 18:06 - 2017-03-22 18:06 - 00001008 _____ C:\Users\Public\Desktop\AVG.lnk
2017-03-22 18:06 - 2017-03-22 18:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-03-22 18:04 - 2017-03-22 21:58 - 00000000 ____D C:\ProgramData\Avg
2017-03-22 18:04 - 2017-03-22 21:58 - 00000000 ____D C:\Program Files (x86)\AVG
2017-03-22 18:04 - 2017-03-22 21:54 - 00000000 ____D C:\Users\User\AppData\Local\AvgSetupLog
2017-03-22 18:04 - 2017-03-22 18:04 - 00000392 ____H C:\Windows\Tasks\AVG EUpdate Task.job
2017-03-22 18:04 - 2017-03-22 18:04 - 00000000 ____D C:\Users\User\AppData\Local\Avg
2017-03-22 18:03 - 2017-03-22 18:04 - 03449312 _____ (AVG Technologies CZ, s.r.o.) C:\Users\User\Downloads\Antivirus_Free_1894.exe
2017-03-22 18:02 - 2017-03-22 23:04 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2017-03-22 18:01 - 2017-03-22 18:02 - 73804768 _____ (COMODO) C:\Users\User\Downloads\cispremium_only_installer (3).exe
2017-03-22 18:01 - 2017-03-22 18:01 - 73804768 _____ (COMODO) C:\Users\User\Downloads\cispremium_only_installer (2).exe
2017-03-22 17:55 - 2017-03-22 17:55 - 73804768 _____ (COMODO) C:\Users\User\Downloads\cispremium_only_installer (1).exe
2017-03-22 17:55 - 2017-03-22 17:55 - 00000000 ____D C:\ProgramData\Comodo Downloader
2017-03-22 17:54 - 2017-03-22 19:47 - 00000000 ____D C:\ProgramData\Comodo
2017-03-22 17:54 - 2017-03-22 17:54 - 73804768 _____ (COMODO) C:\Users\User\Downloads\cispremium_only_installer.exe
2017-03-22 17:54 - 2017-03-22 17:54 - 00000000 ____D C:\ProgramData\Shared Space
2017-03-15 14:23 - 2017-03-15 14:23 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-03-08 10:52 - 2017-03-08 10:52 - 00000000 ___SD C:\Users\User\AppData\LocalLow\Temp
2017-03-07 21:18 - 2017-03-08 18:36 - 00000000 ____D C:\Users\User\Desktop\pics
2017-02-28 21:08 - 2017-02-28 21:08 - 00398408 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-23 19:41 - 2014-04-19 14:08 - 01316194 _____ C:\Windows\ntbtlog.txt
2017-03-23 19:36 - 2009-07-14 00:45 - 00028528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-23 19:36 - 2009-07-14 00:45 - 00028528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-23 19:31 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-22 23:34 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2017-03-22 21:58 - 2014-07-15 20:42 - 00000000 ____D C:\Program Files\Google
2017-03-22 21:58 - 2012-10-17 01:46 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-22 21:52 - 2012-10-17 01:46 - 00000000 ____D C:\Users\User\AppData\Local\Google
2017-03-22 21:51 - 2012-10-16 23:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-03-22 21:51 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-03-22 21:48 - 2016-12-19 10:41 - 00002035 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-03-22 19:24 - 2009-07-14 00:45 - 00015360 _____ C:\Windows\system32\umstartup.etl
2017-03-21 17:52 - 2012-10-17 01:56 - 00548928 _____ C:\Windows\system32\Drivers\aswsp.sys
2017-03-21 09:39 - 2012-10-21 21:34 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2017-03-15 09:09 - 2017-02-09 14:15 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-03-14 08:43 - 2014-07-15 19:34 - 00337592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-03-10 22:05 - 2016-12-19 18:17 - 00003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1464657108
2017-03-10 11:03 - 2012-10-17 01:56 - 00548928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.149013303512401
2017-02-28 21:08 - 2016-12-19 10:40 - 00032088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-02-28 21:08 - 2014-07-15 19:37 - 00162528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-02-28 21:08 - 2014-07-15 19:37 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-02-28 21:08 - 2014-07-15 19:34 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-02-28 21:08 - 2012-10-17 01:56 - 00993608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-02-28 21:08 - 2012-10-17 01:56 - 00126600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-02-28 21:08 - 2012-10-17 01:56 - 00100640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-02-28 21:07 - 2017-02-09 14:15 - 00334600 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-02-28 21:07 - 2017-02-09 14:15 - 00309272 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-02-28 21:07 - 2017-02-09 14:15 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-02-28 21:07 - 2017-02-09 14:15 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-02-27 22:34 - 2009-07-14 01:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-26 22:17 - 2013-05-09 19:00 - 00000000 ____D C:\Program Files\Dl_cats
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2014-07-13 20:06
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by User (23-03-2017 19:49:14)
Running from C:\Users\User\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-10-17 03:07:40)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4235655529-2770116333-402950571-500 - Administrator - Disabled)
Guest (S-1-5-21-4235655529-2770116333-402950571-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4235655529-2770116333-402950571-1003 - Limited - Enabled)
User (S-1-5-21-4235655529-2770116333-402950571-1000 - Administrator - Enabled) => C:\Users\User
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}) (Version: 1.5.17.05094 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.05094 - Alcor Micro Corp.) Hidden
AMD Catalyst Install Manager (HKLM\...\{914F7627-B645-9895-F723-BAEAAC865E75}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.2.2288 - AVAST Software)
AVG (HKLM\...\AvgZen) (Version: 1.162.2.62416 - AVG Technologies)
AVG (Version: 1.162.1 - AVG Technologies) Hidden
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 52.15.25.663 - Comodo)
Dell Photo AIO Printer 942 (HKLM\...\Dell Photo AIO Printer 942) (Version:  - Dell, Inc.)
Dell V520 Series Uninstaller (HKLM\...\Dell V520 Series) (Version:  - Dell, Inc.)
FMW 1 (Version: 1.172.2 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.1.404762.41 - Comodo)
Linksys Connect (HKLM-x32\...\Linksys Connect) (Version: 1.5.15287.0 - Linksys LLC)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
SafeZone Stable 3.55.2393.590 (x32 Version: 3.55.2393.590 - Avast Software) Hidden
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0FF68D3A-D668-4058-B6CF-9DDFA0054C67} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B2DC192A-4F99-4F65-9D4D-6064A6A85FFB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D708366D-CDFB-4A03-BFA2-077306C8F46B} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-02-28] (AVAST Software)
Task: {EA05BC5C-9544-491E-A346-74DCB36441D5} - System32\Tasks\AVAST Software\Avast settings backup
Task: {EB4FBC82-165D-4607-8307-128BADE6223B} - System32\Tasks\SafeZone scheduled Autoupdate 1464657108 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-03] (Avast Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\AVG EUpdate Task.job => C:\Program Files (x86)\AVG\Setup\avgsetupx.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\395fbb84ca74fb25\Comodo Dragon.lnk -> C:\Program Files (x86)\Comodo\Dragon\dragon.exe (Comodo) -> --profile-directory=Default
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-03-22 17:58 - 2016-09-06 12:00 - 05197312 _____ () C:\Users\User\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2017-03-22 17:58 - 2016-09-06 12:00 - 00147456 _____ () C:\Users\User\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
e"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4235655529-2770116333-402950571-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
MSCONFIG\startupreg: AvgUi => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
MSCONFIG\startupreg: DKab1err => "C:\Program Files\Dell\ErrorApp\DKab1err.exe"
MSCONFIG\startupreg: DKADGmon => "C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe"
MSCONFIG\startupreg: DLBUCATS => rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\DLBUtime.dll,RunDLLEntry
MSCONFIG\startupreg: dlbumon.exe => "C:\Program Files (x86)\Dell Photo AIO Printer 942\dlbumon.exe"
MSCONFIG\startupreg: IseUI => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: MemoryCardManager => "C:\Program Files (x86)\Dell Photo AIO Printer 942\memcard.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{79A19AF1-84B7-4DA4-87CA-7AC2CC8A8FA2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4193C3F3-D597-444C-AFDA-8CDC26FBB16A}] => (Allow) C:\Windows\SysWOW64\dlbucoms.exe
FirewallRules: [{F5387607-47A8-4447-B9E9-5E7D3493482E}] => (Allow) C:\Windows\SysWOW64\dlbucoms.exe
FirewallRules: [{D206DC75-CA0B-4991-9375-037D3679934B}] => (Allow) C:\Windows\System32\dlbucoms.exe
FirewallRules: [{1D63A48B-F669-436A-B036-F329BB51CD5A}] => (Allow) C:\Windows\System32\dlbucoms.exe
FirewallRules: [{6F83B2BE-E460-4172-A055-07EF1FE0ED66}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlbupswx.exe
FirewallRules: [{644ABCBD-C876-48B3-BBB8-0D09BA9B5B04}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlbupswx.exe
FirewallRules: [{05BC34FE-11AF-4388-B473-3352422264E2}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 942\DLBUmon.exe
FirewallRules: [{E4CD938A-08C8-46FF-978E-A4ABDAEB46E9}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 942\DLBUmon.exe
FirewallRules: [{F9A10A79-46C1-40E8-A689-04C6B24B8426}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 942\DLBUaiox.exe
FirewallRules: [{3412B659-E302-40E4-AA6B-040409833CC2}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 942\DLBUaiox.exe
FirewallRules: [{6BC6F259-543F-4B9B-8C49-4E6C946920FE}] => (Allow) C:\Program Files (x86)\Dell\PSU\dkpsu.exe
FirewallRules: [{02EE9E74-FD15-4F8A-9D59-3574B9B66E15}] => (Allow) C:\Program Files (x86)\Dell\PSU\dkpsu.exe
FirewallRules: [{B10BD56E-6BA7-4F0C-8A39-3337D11C9BED}] => (Allow) C:\Program Files (x86)\Dell\WirelessSetup\DKwpss.exe
FirewallRules: [{EB2F576E-0627-4DC4-92CA-5D3CC13CD7C8}] => (Allow) C:\Program Files (x86)\Dell\WirelessSetup\DKwpss.exe
FirewallRules: [{66DBB36A-7AE1-4F3D-A22E-B904BB747984}] => (Allow) C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe
FirewallRules: [{16589374-3387-43A9-8080-4803814A2BBB}] => (Allow) C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe
FirewallRules: [{96F5352E-30CD-455A-86E7-EB5DEAA3EF76}] => (Allow) C:\Program Files (x86)\Dell V520 Series\DKADGlscn.exe
FirewallRules: [{6EEC87F0-2EB8-4043-A492-C63346779F88}] => (Allow) C:\Program Files (x86)\Dell V520 Series\DKADGlscn.exe
FirewallRules: [{947D5B71-CF68-4B84-BE3B-2BE6158019BC}] => (Allow) C:\Program Files (x86)\Dell V520 Series\DKabscw.dll
FirewallRules: [{21E5AF8B-E071-434B-A7C7-34ADEC7E2302}] => (Allow) C:\Program Files (x86)\Dell V520 Series\DKabscw.dll
FirewallRules: [{A1F04003-EBA7-4C9F-B319-4D91CD16B9D3}] => (Allow) C:\Program Files (x86)\Dell\NetworkTwain\DKZZZ_32__bc.dll
FirewallRules: [{60DC354C-8759-4E79-AA8D-3D7EC14091A4}] => (Allow) C:\Program Files (x86)\Dell\NetworkTwain\DKZZZ_32__bc.dll
FirewallRules: [{5C7C0C03-0F11-463C-B5CA-7BA608D5EFDC}] => (Allow) C:\Program Files (x86)\Dell\NetworkTwain\DKzzz_32serv.dll
FirewallRules: [{B7D74916-F6F2-424E-AE37-C98469B25A69}] => (Allow) C:\Program Files (x86)\Dell\NetworkTwain\DKzzz_32serv.dll
FirewallRules: [TCP Query User{F395845A-07AF-4241-9541-A74A51020EA1}C:\program files (x86)\dell v520 series\dkadgmon.exe] => (Block) C:\program files (x86)\dell v520 series\dkadgmon.exe
FirewallRules: [UDP Query User{245C2A2C-057F-45CD-A621-6EFA1B86243F}C:\program files (x86)\dell v520 series\dkadgmon.exe] => (Block) C:\program files (x86)\dell v520 series\dkadgmon.exe
FirewallRules: [{D812FCFC-3214-492D-835D-47539B64B2FA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{18221D36-F14C-4FE2-92AF-AC91213B3E4A}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561_0\SZBrowser.exe
FirewallRules: [{34EC49AF-2E94-46CE-AC9C-61E844B24703}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590\SZBrowser.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: Broadcom NetLink ™ Fast Ethernet
Description: Broadcom NetLink ™ Fast Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: k57nd60a
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Network Controller
Description: Network Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: avast! Revert
Description: avast! Revert
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: avast! VM Monitor
Description: avast! VM Monitor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/23/2017 07:42:41 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\User\AppData\Local\Temp\jrt\CreateRestorePoint.exe  "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x8007043c).
 
Error: (03/23/2017 07:41:22 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\User\AppData\Local\Temp\jrt\CreateRestorePoint.exe  "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x8007043c).
 
Error: (03/23/2017 07:39:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/23/2017 07:32:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/23/2017 07:24:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/23/2017 07:11:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/23/2017 06:38:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/23/2017 06:23:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/23/2017 06:18:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/23/2017 06:01:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.
 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
.
 
 
System errors:
=============
Error: (03/23/2017 07:48:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (03/23/2017 07:48:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (03/23/2017 07:48:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (03/23/2017 07:48:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (03/23/2017 07:48:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (03/23/2017 07:48:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (03/23/2017 07:47:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (03/23/2017 07:47:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (03/23/2017 07:47:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (03/23/2017 07:47:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
 
CodeIntegrity:
===================================
  Date: 2017-03-23 19:31:06.850
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-23 19:10:09.988
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-23 18:22:01.226
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-23 18:16:39.128
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-23 17:24:58.741
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-22 23:41:41.142
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-22 22:49:21.535
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-22 22:30:26.642
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-22 22:23:21.018
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-22 21:59:07.267
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II N970 Quad-Core Processor
Percentage of memory in use: 23%
Total physical RAM: 3838.17 MB
Available physical RAM: 2918.49 MB
Total Virtual: 7674.55 MB
Available Virtual: 6799.96 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:297.99 GB) (Free:243.53 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 5DD334C7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 


#4 satchfan

satchfan

  • Malware Response Team
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:28 PM

Posted 24 March 2017 - 05:19 AM

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4235655529-2770116333-402950571-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKU\S-1-5-21-4235655529-2770116333-402950571-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
S3 aswHdsKe; \??\C:\Windows\system32\drivers\aswHdsKe.sys [X]
S3 athr; system32\DRIVERS\athrx.sys [X]
AVG (Version: 1.162.1 - AVG Technologies) Hidden
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

===================================================

Uninstall programs

Please uninstall these programs:

AVG
Comodo Dragon
Internet Security Essentials


================================================

Please run FRST again in normal mode and make sure there is a checkmark next to "Addition.txt" before you hit ‘Scan’.

Logs to include with next post:

New Frst.txt
New Addition.txt


Thanks

Satchfan


Edited by satchfan, 24 March 2017 - 05:23 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 Abbey77

Abbey77
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 26 March 2017 - 05:42 PM

Thank you so much for your help! Between what you suggested and a few other things I read about online and tried out, the computer seems to be back to normal now.

#6 satchfan

satchfan

  • Malware Response Team
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:28 PM

Posted 27 March 2017 - 01:32 AM

Glad things are better but please post the logs I asked for so that I can check all has gone. As I said in my introduction, "absence of symptoms does not mean that everything is clear".

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 satchfan

satchfan

  • Malware Response Team
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:28 PM

Posted 29 March 2017 - 05:50 AM

Hi Abbey77

It has been a couple of days since I asked for new logs to be sure all is now clear.

If I do not hear from you within 24 hours I'll assume that all is now OK and close this topic as ‘solved’.

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#8 satchfan

satchfan

  • Malware Response Team
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:28 PM

Posted 30 March 2017 - 07:14 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users