Why Is My Malwarebytes Log Empty?

Dell / Inspiron one 2320
March 8, 2015 at 08:03:30
Specs: Windows 7 Home Premium, 3.3 GHz / 4001 MB
I ran the trial version of Malwarebytes and was pleased with the results: No malware, just some PUP's as shown here:

http://i440.photobucket.com/albums/...

However, when I click the View Detailed Log button, the log is empty, as if no scan has been run:

http://i440.photobucket.com/albums/...

I checked the FAQ at the Malwarebytes site and didn't find anything related to empty logs, but I'm wondering if perhaps the trail version doesn't create them.

Any thoughts?

message edited by DerbyDad03


See More: Why Is My Malwarebytes Log Empty?

Report •


#1
March 8, 2015 at 09:07:56
On my Premium MAM version 2.0.4.1028, I access my History Log by clicking History on the top menu bar and again clicking on the right pane for Application logs. Scanning History logs are one of the Application logs. Mine are also empty. Empty logs mean no malwares were detected and what action were executed. Does your trailware version have the same settings?

i_Xp/Vista/W7User

message edited by XpUser


Report •

#2
March 8, 2015 at 09:53:32
Just an aside. You can still run MWB free version once the trial expires. It is also possible to end the trial.

Always pop back and let us know the outcome - thanks


Report •

#3
March 8, 2015 at 10:01:40
I figured it out...

The Log appears to remain empty until you take action on the items found.

After I ran the Threat scan, the Results window appeared with a list of 14 PUP entries. Before quarantining them, I clicked the View Detailed Report link. The only entries in the "detailed" report were these:

Scan Type: Threat
Result: Completed

There was no date, no time, no counts, no OS listed...nothing but blank fields and zeros for all entries except the 2 noted above.

It wasn't until after I clicked Quarantine All that the Detailed Report was updated and all of the fields were filled in. Only then did the Scan Log appear in the History section.

I expected View Detailed Report to give me some more information about the items found to help me decide what I wanted to do with them. I guess that's not the way it works.

message edited by DerbyDad03


Report •

Related Solutions

#4
March 8, 2015 at 13:57:56
"I figured it out..." You will not be clean yet, think of it like a cancer, until you remove it all!!!

Here are the next 2 steps, there will be more steps needed after I see the results of these logs.

Run them in this order.

Step 1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#5
March 8, 2015 at 16:21:59
As requested...Thanks!

# AdwCleaner v4.111 - Logfile created 08/03/2015 at 18:20:52
# Updated 18/02/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Dave1 - MyComp
# Running from : C:\Users\Dave1\Downloads\AdwCleaner(1).exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v36.0.1 (x86 en-US)


-\\ Google Chrome v40.0.2214.93


*************************

AdwCleaner[R0].txt - [8113 bytes] - [07/01/2014 21:59:35]
AdwCleaner[R1].txt - [1063 bytes] - [09/01/2014 00:40:06]
AdwCleaner[R2].txt - [1120 bytes] - [09/01/2014 01:00:11]
AdwCleaner[R3].txt - [3351 bytes] - [08/03/2015 00:02:58]
AdwCleaner[R4].txt - [1205 bytes] - [08/03/2015 18:18:42]
AdwCleaner[S0].txt - [7115 bytes] - [07/01/2014 22:00:33]
AdwCleaner[S1].txt - [1129 bytes] - [09/01/2014 00:40:52]
AdwCleaner[S2].txt - [3420 bytes] - [08/03/2015 00:05:38]
AdwCleaner[S3].txt - [1133 bytes] - [08/03/2015 18:20:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1192 bytes] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Home Premium x64
Ran by Dave1 on Sun 03/08/2015 at 18:34:53.52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\Dave1\AppData\Roaming\pcdr"
Successfully deleted: [Folder] "C:\Program Files (x86)\qualitink"
Successfully deleted: [Empty Folder] C:\Users\Dave1\appdata\local\{07041507-0AF6-44CA-A5CF-CDB652878DC3}
Successfully deleted: [Empty Folder] C:\Users\Dave1\appdata\local\{287E0637-58E3-4AA0-B24A-001DE739AF97}
Successfully deleted: [Empty Folder] C:\Users\Dave1\appdata\local\{599AC251-5306-4579-B369-F380D974F309}
Successfully deleted: [Empty Folder] C:\Users\Dave1\appdata\local\{5B86C4F5-6732-48E3-B80B-B6398EF48350}
Successfully deleted: [Empty Folder] C:\Users\Dave1\appdata\local\{604118B9-D386-479A-90D8-56765453A1C3}
Successfully deleted: [Empty Folder] C:\Users\Dave1\appdata\local\{82B738FF-1051-4505-A494-498DFCF123F9}
Successfully deleted: [Empty Folder] C:\Users\Dave1\appdata\local\{870017E0-A67C-4D1E-B494-D83E06F16F05}
Successfully deleted: [Empty Folder] C:\Users\Dave1\appdata\local\{8D46EA1C-69A4-407C-A5A4-47C3EB470D4B}
Successfully deleted: [Empty Folder] C:\Users\Dave1\appdata\local\{A5CFD672-BE19-46A1-A7B8-80464FBC7BFA}
Successfully deleted: [Empty Folder] C:\Users\Dave1\appdata\local\{A74DDA27-2817-4975-83ED-484A6B90813E}
Successfully deleted: [Empty Folder] C:\Users\Dave1\appdata\local\{B0CDE0A1-A324-4F7F-9608-9336FB942169}
Successfully deleted: [Empty Folder] C:\Users\Dave1\appdata\local\{BCF9E760-A877-40A5-871A-80AEB8D94887}
Successfully deleted: [Empty Folder] C:\Users\Dave1\appdata\local\{BD1B0DBB-B2D0-48A2-A871-21D02D245D3C}
Successfully deleted: [Empty Folder] C:\Users\Dave1\appdata\local\{BF35D391-23FA-48C5-94D3-A66B1FB1286B}
Successfully deleted: [Empty Folder] C:\Users\Dave1\appdata\local\{C8C8B1BF-212B-40CC-B46F-7F740E3A02B9}
Successfully deleted: [Empty Folder] C:\Users\Dave1\appdata\local\{D9CA9D82-0669-4F94-A36D-F8A093783C31}
Successfully deleted: [Empty Folder] C:\Users\Dave1\appdata\local\{ED5FA905-B856-4DA1-A4F2-6C24F31361FD}
Successfully deleted: [Empty Folder] C:\Users\Dave1\appdata\local\{F18FCC33-1CA6-4C6C-942C-89ED38E325E9}
Successfully deleted: [Empty Folder] C:\Users\Dave1\appdata\local\{F226E60A-CDDD-4511-ABDA-5AF8C0CEED75}
Successfully deleted: [Empty Folder] C:\Users\Dave1\appdata\local\{F77A858D-8BB1-4593-ADD6-AE0A5F85B1FE}

~~~ FireFox

Emptied folder: C:\Users\Dave1\AppData\Roaming\mozilla\firefox\profiles\t4jtaxxg.default\minidumps [10 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/08/2015 at 18:40:01.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

message edited by DerbyDad03


Report •

#6
March 8, 2015 at 16:25:31
Step 3: Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif

Report •

#7
March 8, 2015 at 18:51:59
Links to files are below:

Quick note: Your response related to running Farbar did not indicate whether my AV software should be disabled or not. I disabled it just to be sure.

FRST.txt

http://www49.zippyshare.com/v/2yHA9...

Addition.txt

http://www49.zippyshare.com/v/QWfzB...

Click Here Before Posting Data or VBA Code ---> How To Post Data or Code.


Report •

#8
March 8, 2015 at 19:06:56
"I disabled it just to be sure"
Good thinking, can't go wrong then.

Copy & Paste the text below ( starting closeprocesses: ), save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

closeprocesses:
emptytemp:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3336096367-2047195771-1593570663-1075\...\MountPoints2: {7147a44c-d108-11e2-be6d-08edb9680666} - H:\setup.exe -a
HKU\S-1-5-21-3336096367-2047195771-1593570663-1075\...\MountPoints2: {99615842-d58b-11e2-bcc6-08edb9680666} - E:\setup.exe -a
HKU\S-1-5-21-3336096367-2047195771-1593570663-1075\...\MountPoints2: {b443d32f-708d-11e4-89d7-08edb9680666} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3336096367-2047195771-1593570663-1075\...\MountPoints2: {b452e11d-f341-11e3-a890-08edb9680666} - E:\VZW_Software_upgrade_assistant.exe
SearchScopes: HKLM -> {7F195D8F-4C8B-4D41-97E3-EEF096CE1070} URL = http://www.bing.com/search?q={searc...
SearchScopes: HKLM-x32 -> {7F195D8F-4C8B-4D41-97E3-EEF096CE1070} URL = http://www.bing.com/search?q={searc...
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3336096367-2047195771-1593570663-1075 -> {7F195D8F-4C8B-4D41-97E3-EEF096CE1070} URL =
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
R2 Everything; C:\Program Files (x86)\Everything\Everything.exe [1048576 2014-08-05] () [File not signed] <==== ATTENTION
S2 vToolbarUpdater17.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [X]
S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () <==== ATTENTION (zero size file/folder)
S3 MWAC; \??\C:\Windows\SysWOW64\drivers\ [0 ] () <==== ATTENTION (zero size file/folder)
C:\Users\Dave\AppData\Local\Temp\gert0.exe
C:\Users\Dave\AppData\Local\Temp\oi_{01EEEC41-C33A-41A9-97BB-0DD509C706FF}.exe
C:\Users\Dave1\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpb_mo2w.dll
C:\Users\Dave1\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Dave1\AppData\Local\Temp\Quarantine.exe
C:\Users\Dave1\AppData\Local\Temp\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
C:\Users\Dave1\AppData\Local\Temp\sqlite3.dll
C:\Users\Lisa\AppData\Local\Temp\ConfigurationWizard.exe

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.

message edited by Johnw


Report •

#9
March 8, 2015 at 20:02:32
I hope everything is OK....

The script ran through a few "Deleting Temporary files: (various file paths)" steps but has been sitting at:

Deleting temporary files: C:\users\Dave1\AppData\Local\MOZILLA\FIREFOX\PROFILES

for well over 15 minutes. I still hear some minor disk activity, but not near as much as I did earlier. The green progress bar is not moving.

BTW...getting late. I have to get some sleep for work tomorrow.

message edited by DerbyDad03


Report •

#10
March 8, 2015 at 20:08:53
"BTW...getting late. I have to get some sleep for work tomorrow"
Off to bed with you, either leave it running or stop it.

I'm here.
http://www.timeanddate.com/worldclo...


Report •

#11
March 8, 2015 at 20:19:10
We're 12 hours and a couple of miles apart.

It's still just sitting at the same spot. I can stop it and restart it if you would like or I can let it sit. Which would you prefer?

Either way, can we continue this clean-up tomorrow evening US-EST (your morning-ish)?


message edited by DerbyDad03


Report •

#12
March 8, 2015 at 20:22:43
BTW...my kids did some Soap Box Derby racing in Perth many years ago.

Of course, it was this Perth:

http://www.beautifulperth.com/

message edited by DerbyDad03


Report •

#13
March 8, 2015 at 20:23:22
"It's still just sitting at the same spot"
Sounds stuck.
Open Task Manager & End Task.

"Either way, can we continue this clean-up tomorrow evening US-EST (your morning-ish)?"
That's best, otherwise you will be falling asleep at the mouse.


Report •

#14
March 8, 2015 at 20:26:08
Very nice Perth, didn't know about that one.

Report •

#15
March 8, 2015 at 20:35:21
OK, I End Tasked the heck out it and then re-ran FRST64.

It paused briefly at that same path and then continued and finished very quickly.

It then asked for a reboot which I acknowledged. Here is the fixlog.txt text, then I gotta hit the rack. Thanks for your help so far...we'll continue tomorrow.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-03-2015 03
Ran by Dave1 at 2015-03-08 23:24:44 Run:2
Running from C:\Users\Dave1\Desktop
Loaded Profiles: Dave1 (Available profiles: Dave & Lisa & Dave1)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
closeprocesses:
emptytemp:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3336096367-2047195771-1593570663-1075\...\MountPoints2: {7147a44c-d108-11e2-be6d-08edb9680666} - H:\setup.exe -a
HKU\S-1-5-21-3336096367-2047195771-1593570663-1075\...\MountPoints2: {99615842-d58b-11e2-bcc6-08edb9680666} - E:\setup.exe -a
HKU\S-1-5-21-3336096367-2047195771-1593570663-1075\...\MountPoints2: {b443d32f-708d-11e4-89d7-08edb9680666} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3336096367-2047195771-1593570663-1075\...\MountPoints2: {b452e11d-f341-11e3-a890-08edb9680666} - E:\VZW_Software_upgrade_assistant.exe
SearchScopes: HKLM -> {7F195D8F-4C8B-4D41-97E3-EEF096CE1070} URL = http://www.bing.com/search?q={searc...
SearchScopes: HKLM-x32 -> {7F195D8F-4C8B-4D41-97E3-EEF096CE1070} URL = http://www.bing.com/search?q={searc...
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3336096367-2047195771-1593570663-1075 -> {7F195D8F-4C8B-4D41-97E3-EEF096CE1070} URL =
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
R2 Everything; C:\Program Files (x86)\Everything\Everything.exe [1048576 2014-08-05] () [File not signed] <==== ATTENTION
S2 vToolbarUpdater17.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [X]
S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () <==== ATTENTION (zero size file/folder)
S3 MWAC; \??\C:\Windows\SysWOW64\drivers\ [0 ] () <==== ATTENTION (zero size file/folder)
C:\Users\Dave\AppData\Local\Temp\gert0.exe
C:\Users\Dave\AppData\Local\Temp\oi_{01EEEC41-C33A-41A9-97BB-0DD509C706FF}.exe
C:\Users\Dave1\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpb_mo2w.dll
C:\Users\Dave1\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Dave1\AppData\Local\Temp\Quarantine.exe
C:\Users\Dave1\AppData\Local\Temp\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
C:\Users\Dave1\AppData\Local\Temp\sqlite3.dll
C:\Users\Lisa\AppData\Local\Temp\ConfigurationWizard.exe
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKU\S-1-5-21-3336096367-2047195771-1593570663-1075\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7147a44c-d108-11e2-be6d-08edb9680666} => Key not found.
HKCR\CLSID\{7147a44c-d108-11e2-be6d-08edb9680666} => Key not found.
HKU\S-1-5-21-3336096367-2047195771-1593570663-1075\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99615842-d58b-11e2-bcc6-08edb9680666} => Key not found.
HKCR\CLSID\{99615842-d58b-11e2-bcc6-08edb9680666} => Key not found.
HKU\S-1-5-21-3336096367-2047195771-1593570663-1075\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b443d32f-708d-11e4-89d7-08edb9680666} => Key not found.
HKCR\CLSID\{b443d32f-708d-11e4-89d7-08edb9680666} => Key not found.
HKU\S-1-5-21-3336096367-2047195771-1593570663-1075\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b452e11d-f341-11e3-a890-08edb9680666} => Key not found.
HKCR\CLSID\{b452e11d-f341-11e3-a890-08edb9680666} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F195D8F-4C8B-4D41-97E3-EEF096CE1070} => Key not found.
HKCR\CLSID\{7F195D8F-4C8B-4D41-97E3-EEF096CE1070} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{7F195D8F-4C8B-4D41-97E3-EEF096CE1070} => Key not found.
HKCR\Wow6432Node\CLSID\{7F195D8F-4C8B-4D41-97E3-EEF096CE1070} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-21-3336096367-2047195771-1593570663-1075\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F195D8F-4C8B-4D41-97E3-EEF096CE1070} => Key not found.
HKCR\CLSID\{7F195D8F-4C8B-4D41-97E3-EEF096CE1070} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Value not found.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Value not found.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => Key not found.
Chrome HomePage not detected.
Chrome StartupUrls not detected.
Everything => Service not found.
vToolbarUpdater17.2.0 => Service not found.
MWAC => Service not found.
MWAC => Service not found.
"C:\Users\Dave\AppData\Local\Temp\gert0.exe" => File/Directory not found.
"C:\Users\Dave\AppData\Local\Temp\oi_{01EEEC41-C33A-41A9-97BB-0DD509C706FF}.exe" => File/Directory not found.
"C:\Users\Dave1\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpb_mo2w.dll" => File/Directory not found.
"C:\Users\Dave1\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Dave1\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\Dave1\AppData\Local\Temp\SAMSUNG_USB_Driver_for_Mobile_Phones.exe" => File/Directory not found.
"C:\Users\Dave1\AppData\Local\Temp\sqlite3.dll" => File/Directory not found.
"C:\Users\Lisa\AppData\Local\Temp\ConfigurationWizard.exe" => File/Directory not found.
EmptyTemp: => Removed 1.3 GB temporary data.


The system needed a reboot.

==== End of Fixlog 23:25:06 ====

message edited by DerbyDad03


Report •

#16
March 8, 2015 at 22:37:00
Something going on, fixlist wasn't able to fix anything.

Run RogueKiller
http://www.softpedia.com/get/Securi...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
User Guide
http://www.adlice.com/softwares/rog...
Official tutorial
http://www.adlice.com/softwares/rog...
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
If RogueKiller won't run, open IE & turn off SmartScreen Filter.
http://windows.microsoft.com/en-AU/...
Download & SAVE to your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"

For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
Anything that is not checked, leave it unchecked.
Click on "Delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop.
Exit/Close RogueKiller.
When completed make sure to re-enable your antivirus.


Report •

#17
March 9, 2015 at 06:56:19
re: "Something going on, fixlist wasn't able to fix anything."

What do you think might be going on? Virus? System settings? Something else?

I won't be home for another 7 hours so I will run RogueKiller then.

Before I do that, do you think it makes sense to restart the system and run FRST64 one more time to see if fixlist can do what it was supposed to? When it hung up last night, I didn't do a restart before running it again, I just End Tasked it and re-ran it. Could that have anything to do with the fact that it didn't fix anything?

If you suggest a re-run of FRST64, do you want to see the fixlist log first or should I run RogueKiller also and send both logs?

Just so you have all of the details, when I re-ran FRST64 after it hung up last night, it completed in a matter of seconds, maybe 10-15, maybe even less. Does that sound normal or is that too fast?

In addition, restarts on the machine have been taking a long time recently, sometimes well over 2 minutes until the system is fully stable. Even Avast has been notifying me that my system is taking too long to restart, but it wants me to spend $20 to clean it. It does that thing where the desktop icons are generic, then slowly change to the correct icons, then flash back to generic, etc. After the restart requested by FRST64 it took a fairly long time for the system to finally settle down and all disk activity to stop. I didn't time it, but it was probably well over a minute.

Click Here Before Posting Data or VBA Code ---> How To Post Data or Code.


Report •

#18
March 9, 2015 at 07:02:08
I will stick to RogueKiller at this stage, I get the feeling we need to uncover more layers of nasties.

Report •

#19
March 9, 2015 at 07:13:28
My bedtime now, other questions you had, will fall into place as we progress.

I have to memorize all my posts & as you can appreciate, it gets harder the further we progress, so I have to stay focused.


Report •

#20
March 9, 2015 at 18:52:35
Sorry for the delay...wife's car had brake problems. I had to replace a leaky caliper so she could safely get to work tomorrow.

Here's is the RogeKiller report:

RogueKiller V10.5.2.0 [Mar 9 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/rog...
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dave1 [Administrator]
Started from : C:\Users\Dave1\Desktop\RogueKiller.exe
Mode : Delete -- Date : 03/09/2015 21:50:35

¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] UA.exe(3036) -- C:\Users\Dave1\AppData\Roaming\VERIZON\UA_ar\UA.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 12 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3336096367-2047195771-1593570663-1075\Software\Microsoft\Windows\CurrentVersion\Run | DellSystemDetect : C:\Users\Dave1\AppData\Local\Apps\2.0\0HTH8TC5.382\NM7E2Z4T.R0D\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe [7] -> Deleted
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3336096367-2047195771-1593570663-1075\Software\Microsoft\Windows\CurrentVersion\Run | DellSystemDetect : C:\Users\Dave1\AppData\Local\Apps\2.0\0HTH8TC5.382\NM7E2Z4T.R0D\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe -> ERROR [2]
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2391DCA3-3EF2-4111-8988-DE30B37339E3} | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2391DCA3-3EF2-4111-8988-DE30B37339E3} | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2391DCA3-3EF2-4111-8988-DE30B37339E3} | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] \\iolo System Checkup -- C:\ProgramData\iolo\scustask.lnk (/toaster) -> Deleted
[Suspicious.Path] \\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} -- "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" (/silent $(Arg0)) -> Deleted

¤¤¤ Files : 1 ¤¤¤
[Suspicious.Startup][File] Verizon Wireless Software Utility Application for Android – Samsung.lnk -- C:\Users\Dave1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk -> Deleted

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST31000524AS +++++
--- User ---
[MBR] 1756e086e39b272278a164e53e352649
[BSP] 4b2151e6a1d836113b559b3338e34e54 : HP MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_03092015_214956.log

message edited by DerbyDad03


Report •

#21
March 9, 2015 at 19:02:18
Thanks, going to make sure you are 100% malware clean.

What time is it in your patch.


Report •

#22
March 9, 2015 at 19:03:26
Download ComboFix onto your Desktop & then run. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT.
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
NOTE: Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE: ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your Desktop.
Please Note: Once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

Report •

#23
March 9, 2015 at 19:35:46
Time is "Your AM is my PM" We're exactly 12 hours apart.

ComboFix Log can be found at:

http://www65.zippyshare.com/v/9IiW9...

message edited by DerbyDad03


Report •

#24
March 9, 2015 at 19:47:12
I remembered you said earlier, we are 12 hours apart, won't keep you up, shall finish this session with this & resume tomorrow.

Once malware clean, will work on the other aspects.

I'm cleaning my car & will be going out in just over an hour.

Run ESET Online Scanner, Copy and Paste the contents of the log in your reply please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
If your comp is unbootable, or won't let you download, you will have to download ESET from a good computer, put it on a flash/thumb/pen/usb drive & run it from there.
Create a ESET SysRescue CD or USB drive
http://kb.eset.com/esetkb/index?pag...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://kb.eset.com/esetkb/index?pag...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Which web browsers are compatible with ESET Online Scanner?
http://www.nod32.fi/eset-online-sca...
http://kb.eset.com/esetkb/index?pag...
Online Scanner not working
http://kb.eset.com/esetkb/index?pag...
My ESET product detected a threat—what should I do?
http://kb.eset.com/esetkb/index?pag...
Why Would I Ever Need an Online Virus Scanner? I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
http://www.eset.com/home/products/o...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the Desktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...


Report •

#25
March 9, 2015 at 19:59:55
EST is asking a question:

Enable detection of potentially unwanted applications
Disable detection of potentially unwanted applications

How should I answer?

Click Here Before Posting Data or VBA Code ---> How To Post Data or Code.


Report •

#26
March 9, 2015 at 20:03:16
Enable, covers all the bases.
With thousands of variations of malware coming out each day, no one tool can keep up.

Report •

#27
March 9, 2015 at 20:10:16
Running now...will post log when it is complete. Have a nice day!

Click Here Before Posting Data or VBA Code ---> How To Post Data or Code.


Report •

#28
March 9, 2015 at 21:32:51
ESET Log

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6c46d8ef89ad0c46bdabf43732a0413a
# engine=22830
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-10 04:15:52
# local_time=2015-03-10 12:15:52 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=779 16777213 85 72 2458647 189459842 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 177504402 0 0
# scanned=242196
# found=24
# cleaned=24
# scan_time=4225
sh=A2B2D863063AF7010734C31A3D5D7D6B98C1688A ft=1 fh=a4f951e0985114d0 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\CltMngSvc.exe.vir"
sh=126B22D7B2FE0FC571E6D6D0098B0E0D053C0BCC ft=1 fh=89dba07409c55d47 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\SPTool.dll.vir"
sh=FB8A03D4068A1073E5D79D15E476CDB57E84D37A ft=1 fh=69b704a6298a2c3c vn="Win32/Conduit.SearchProtect.Q potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\uninstall.exe.vir"
sh=4BB525AC7501802DCAD3CD6792523F394333DCBA ft=1 fh=01cfd83a591a31e9 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\cltmng.exe.vir"
sh=9E806FEC80206DEE99C9EB4E8943F7A1A5EB9E39 ft=1 fh=b2e1d0d0782bb287 vn="a variant of Win64/Conduit.SearchProtect.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPTool64.exe.vir"
sh=53174BBB13C3281D80B3A9825D37A56A9F4572A9 ft=1 fh=773c21cad11b960a vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC32.dll.vir"
sh=90463B91F85D2C7670D2DCD1A5C74B6E669B76E3 ft=1 fh=5abef56ff11b1760 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=DF8324DDBA322137977BD85FAE44DB554FBA04B9 ft=1 fh=bf2e78c8c3d65358 vn="a variant of Win64/Conduit.SearchProtect.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC64.dll.vir"
sh=10A6A241F0002F39C000BFACBEBD8898C14740BF ft=1 fh=633c4cc62dc594f0 vn="a variant of Win64/Conduit.SearchProtect.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=C1763564137E3835FE687A97FD7EBE83D112508E ft=1 fh=b3ec58eb0d3d3ff0 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\UI\bin\cltmngui.exe.vir"
sh=D99FA9347B3E05EC6A36156323A5D53BE8F9F14F ft=1 fh=e9a3de554c15b3cd vn="Win32/Toolbar.Conduit potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\Toolbar.exe"
sh=A6B0985ABC1E2C02B26045E46506CAAC737DA137 ft=1 fh=121662fb9c8fa164 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Dave\Desktop\Old Firefox Data\bjaosglf.default\extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\Plugins\npConduitFirefoxPlugin.dll"
sh=AEE0B5F1AE8564D7E4CCD032EDF7AD88339BFF4E ft=1 fh=88c3bdc65b0afccf vn="a variant of Win32/Systweak.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Dave\Downloads\Encore_Electronics_ENUTV-4_Driver_Update_10-2013(1).exe"
sh=AEE0B5F1AE8564D7E4CCD032EDF7AD88339BFF4E ft=1 fh=88c3bdc65b0afccf vn="a variant of Win32/Systweak.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Dave\Downloads\Encore_Electronics_ENUTV-4_Driver_Update_10-2013(2).exe"
sh=AEE0B5F1AE8564D7E4CCD032EDF7AD88339BFF4E ft=1 fh=88c3bdc65b0afccf vn="a variant of Win32/Systweak.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Dave\Downloads\Encore_Electronics_ENUTV-4_Driver_Update_10-2013(3).exe"
sh=AEE0B5F1AE8564D7E4CCD032EDF7AD88339BFF4E ft=1 fh=88c3bdc65b0afccf vn="a variant of Win32/Systweak.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Dave\Downloads\Encore_Electronics_ENUTV-4_Driver_Update_10-2013(4).exe"
sh=AEE0B5F1AE8564D7E4CCD032EDF7AD88339BFF4E ft=1 fh=88c3bdc65b0afccf vn="a variant of Win32/Systweak.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Dave\Downloads\Encore_Electronics_ENUTV-4_Driver_Update_10-2013.exe"
sh=A6B0985ABC1E2C02B26045E46506CAAC737DA137 ft=1 fh=121662fb9c8fa164 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Dave1\Desktop\Old Firefox Data\bjaosglf.default\extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\Plugins\npConduitFirefoxPlugin.dll"
sh=AEE0B5F1AE8564D7E4CCD032EDF7AD88339BFF4E ft=1 fh=88c3bdc65b0afccf vn="a variant of Win32/Systweak.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Dave1\Downloads\Encore_Electronics_ENUTV-4_Driver_Update_10-2013(1).exe"
sh=AEE0B5F1AE8564D7E4CCD032EDF7AD88339BFF4E ft=1 fh=88c3bdc65b0afccf vn="a variant of Win32/Systweak.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Dave1\Downloads\Encore_Electronics_ENUTV-4_Driver_Update_10-2013(2).exe"
sh=AEE0B5F1AE8564D7E4CCD032EDF7AD88339BFF4E ft=1 fh=88c3bdc65b0afccf vn="a variant of Win32/Systweak.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Dave1\Downloads\Encore_Electronics_ENUTV-4_Driver_Update_10-2013(3).exe"
sh=AEE0B5F1AE8564D7E4CCD032EDF7AD88339BFF4E ft=1 fh=88c3bdc65b0afccf vn="a variant of Win32/Systweak.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Dave1\Downloads\Encore_Electronics_ENUTV-4_Driver_Update_10-2013(4).exe"
sh=AEE0B5F1AE8564D7E4CCD032EDF7AD88339BFF4E ft=1 fh=88c3bdc65b0afccf vn="a variant of Win32/Systweak.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Dave1\Downloads\Encore_Electronics_ENUTV-4_Driver_Update_10-2013.exe"
sh=6A7D39AB09C869C51EA03027DB2B88D8052A9CDF ft=1 fh=519276e901ee5bc7 vn="Win32/Toolbar.Conduit potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Lisa\Downloads\setupscreenhunterfree.exe"

Click Here Before Posting Data or VBA Code ---> How To Post Data or Code.


Report •

#29
March 10, 2015 at 00:32:17
Update & run Malwarebytes again.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box to Scan for rootkits.
http://i.imgur.com/dZgt1g2.gif
Copy and Paste the contents of the log, in your reply please.

Report •

#30
March 10, 2015 at 14:22:15
Good morning!

Latest Malwarebytes log follows...


Scan Time: 8:11:55 AM
Logfile: Malwarebytes Log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.10.03
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dave1

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 497356
Time Elapsed: 18 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Click Here Before Posting Data or VBA Code ---> How To Post Data or Code.


Report •

#31
March 10, 2015 at 15:27:05
And Good evening to you.

Download the latest version of Farbar and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Run Farbar again please, follow this SS & upload the 2 new logs.
http://i.imgur.com/i3fg3Pf.gif

message edited by Johnw


Report •

#32
March 10, 2015 at 19:35:25

Sorry for the delay. I have a kitchen remodel project going on and spent the evening in the shop working on the cabinet doors. Time tends to slip away when I'm making sawdust.

Here are the 2 logs...

FSRT.txt

http://www23.zippyshare.com/v/Y2AL4...

Addition.txt

http://www23.zippyshare.com/v/xM093...

Click Here Before Posting Data or VBA Code ---> How To Post Data or Code.


Report •

#33
March 10, 2015 at 19:41:15
You & I are on a similar path, I am in the process of laying floorboards on concrete.

Back soon.


Report •

#34
March 10, 2015 at 19:46:40
Oh boy...we could really go off on tangents now!

(I hope you aren't laying the floorboards directly on the concrete.)


message edited by DerbyDad03


Report •

#35
March 10, 2015 at 19:50:22
That's better, nearly clean.

Copy & Paste the text below ( starting closeprocesses: ), save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

closeprocesses:
emptytemp:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3336096367-2047195771-1593570663-1075\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#36
March 10, 2015 at 19:53:54
"Oh boy...we could really go off on tangents now!"
We could, but I have documented the way forward, so my head is clear.

Floorboards are going in on top of a liner that was supplied with them.


Report •

#37
March 10, 2015 at 20:40:09
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-03-2015 01
Ran by Dave1 at 2015-03-10 23:33:00 Run:3
Running from C:\Users\Dave1\Desktop
Loaded Profiles: Dave1 (Available profiles: Dave & Lisa & Dave1)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
closeprocesses:
emptytemp:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3336096367-2047195771-1593570663-1075\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3336096367-2047195771-1593570663-1075\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
catchme => Service deleted successfully.
EmptyTemp: => Removed 112.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog 23:33:09 ====

Click Here Before Posting Data or VBA Code ---> How To Post Data or Code.


Report •

#38
March 10, 2015 at 20:59:01
Run these, in this order.

1: Run Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Wise-D...
http://www.freewarefiles.com/screen...
http://www.wisecleaner.com/download...
http://i.imgur.com/Jecnfvb.gif
http://i.imgur.com/0xHwdom.gif
http://i.imgur.com/JZLYOLf.gif
http://i.imgur.com/4kfaeGW.gif

2: Delete files using Disk Cleanup
http://windows.microsoft.com/en-au/...

3: Run DelFix. Copy & Paste the contents of the log please.
https://toolslib.net/downloads/view...
DelFix is designed to delete all removal tools used during a disinfection.
Indeed, these tools are often updated. It's recommended not to have and use outdated versions on computer.
It's compatible with Windows XP, Vista, 7, 8 in 32 & 64 bits.
Run the tool by right click on the DelFix icon and Run as administrator option.
Make sure that these are checked:
Activate UAC
Remove disinfection tools
Create registry backup
Purge system restore
Reset system settings
Click Run and wait until the tool completes it's work.
All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)


Report •

#39
March 10, 2015 at 21:12:17
These tasks will have to wait until tomorrow. Enjoy the rest of your day. Mine is over.

Click Here Before Posting Data or VBA Code ---> How To Post Data or Code.


Report •

#40
March 10, 2015 at 21:20:31
Thank you, thought it would be.

Have a good day today, after your sleep.


Report •

#41
March 11, 2015 at 14:33:08
I will run the latest cleaners now.

In the meantime, just in case this makes any difference, Windows has made some updates since we started this process. In the spirit of full disclosure, the list of updates can be found here:

http://www14.zippyshare.com/v/Bu6cG...

Click Here Before Posting Data or VBA Code ---> How To Post Data or Code.


Report •

#42
March 11, 2015 at 15:25:59
Status update:

1 - When I ran the MS Disk Cleanup utility, I did not choose the Delete All Files Option. In other words, I did not go into the Control Panel and delete unused programs or delete the Restore Points. I noticed that the DelFix utility deleted the Restore Points, so I figured I would let that utility do it for me.

2 - It does not appear that DelFix deleted Malwarebytes or Wise Disk Cleaner. Was it supposed to?

Here is the log...

# DelFix v10.9 - Logfile created 11/03/2015 at 18:15:26
# Updated 27/02/2015 by Xplode
# Username : Dave1 - NERDIE
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\ComboFix.txt
Deleted : C:\Users\Dave1\Desktop\Addition.txt
Deleted : C:\Users\Dave1\Desktop\AdwCleaner[S3].txt
Deleted : C:\Users\Dave1\Desktop\ComboFix.exe
Deleted : C:\Users\Dave1\Desktop\ComboFixLog.txt
Deleted : C:\Users\Dave1\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\Dave1\Desktop\Fixlog.txt
Deleted : C:\Users\Dave1\Desktop\Fixlog_old.txt
Deleted : C:\Users\Dave1\Desktop\FRST.txt
Deleted : C:\Users\Dave1\Desktop\FRST64.exe
Deleted : C:\Users\Dave1\Desktop\JRT.exe
Deleted : C:\Users\Dave1\Desktop\JRT.txt
Deleted : C:\Users\Dave1\Desktop\RogueKiller.exe
Deleted : C:\Users\Dave1\Downloads\AdwCleaner(1).exe
Deleted : C:\Users\Dave1\Downloads\AdwCleaner.exe
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #512 [Windows Update | 02/07/2015 08:00:10]
Deleted : RP #513 [Windows Update | 02/08/2015 08:00:10]
Deleted : RP #514 [Windows Update | 02/09/2015 08:00:11]
Deleted : RP #515 [Windows Update | 02/10/2015 08:00:11]
Deleted : RP #516 [Windows Update | 02/11/2015 08:00:10]
Deleted : RP #508 [Windows Update | 02/12/2015 03:19:38]
Deleted : RP #509 [Windows Update | 02/12/2015 08:00:24]
Deleted : RP #510 [Windows Update | 02/13/2015 08:00:49]
Deleted : RP #511 [Windows Update | 02/15/2015 08:00:49]
Deleted : RP #512 [Windows Update | 02/16/2015 08:00:21]
Deleted : RP #513 [Windows Update | 02/17/2015 08:00:24]
Deleted : RP #514 [Windows Update | 02/18/2015 08:00:51]
Deleted : RP #515 [Windows Update | 02/19/2015 08:00:41]
Deleted : RP #516 [Windows Update | 02/20/2015 08:00:21]
Deleted : RP #517 [Windows Update | 02/21/2015 08:00:41]
Deleted : RP #518 [Windows Update | 02/22/2015 08:00:25]
Deleted : RP #519 [Windows Update | 02/23/2015 08:00:28]
Deleted : RP #520 [Windows Update | 02/24/2015 08:00:24]
Deleted : RP #521 [Windows Update | 02/25/2015 08:00:41]
Deleted : RP #522 [Windows Update | 02/26/2015 08:00:42]
Deleted : RP #523 [Windows Update | 02/27/2015 08:00:10]
Deleted : RP #524 [Windows Update | 02/28/2015 08:00:41]
Deleted : RP #525 [Windows Update | 03/01/2015 08:00:42]
Deleted : RP #526 [Windows Update | 03/02/2015 08:00:21]
Deleted : RP #527 [Windows Update | 03/03/2015 08:00:50]
Deleted : RP #528 [Windows Update | 03/04/2015 08:00:41]
Deleted : RP #529 [Windows Update | 03/05/2015 08:00:49]
Deleted : RP #530 [Windows Update | 03/06/2015 08:00:42]
Deleted : RP #531 [Windows Update | 03/07/2015 08:00:27]
Deleted : RP #532 [Windows Update | 03/08/2015 08:00:24]
Deleted : RP #533 [Windows Update | 03/09/2015 07:00:21]
Deleted : RP #534 [Windows Update | 03/10/2015 07:00:21]
Deleted : RP #535 [Windows Update | 03/11/2015 07:00:36]
Deleted : RP #536 [Created by Wise Disk Cleaner | 03/11/2015 21:38:49]

New restore point created !

~ Resetting system settings ... OK

Click Here Before Posting Data or VBA Code ---> How To Post Data or Code.


Report •

#43
March 11, 2015 at 15:53:34
"1 - When I ran the MS Disk Cleanup utility, I did not choose the Delete All Files Option"
That's fine, I gave you that info about the MS tool, so you could check to see if there was anything the Wise tool missed, that you wanted to remove.

"I noticed that the DelFix utility deleted the Restore Points, so I figured I would let that utility do it for me"
Perfect, you now have a comp free of nasties in System restore.

"2 - It does not appear that DelFix deleted Malwarebytes or Wise Disk Cleaner. Was it supposed to?"
Nope. They are tools I always keep.

Here is part one of my finish.

In your Farbar Additional logs, do you know about this > Faulty Device Manager Devices
Also > EmptyTemp: => Removed 1.3 GB temporary data.
If you don't have a reason to keep this many temps, you can cut it right back.
Normal use is about 50mb ( That's MB not GB ) for IE & any other browser.

Chrome is not as straight forward.

How to set Google Chrome cache to 50mb max temporary files.
With comps, there is always more than one way to do things, try this way.
Right click on the Google Chrome shortcut > Properties.
Copy & Paste this below after .exe" as per SS ( Screenshot )
NOTE: There is a space after .exe"
http://i.imgur.com/vgkU3X1.gif
--disk-cache-size=50000"
Click > Apply & then OK.

For Java, 100mb should be enough.

message edited by Johnw


Report •

#44
March 11, 2015 at 16:01:14
Part 2.

Here is how a USER got the adware installed, no AV would have prevented USER error. Go to any Malware forum & no matter what AV they have installed, they got infected.

As you can see from your logs, you had stuff installed, that you do not know, how it got installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.

WARNING: CNET Download.com downloads now come bundled with opt-out crapware and toolbars ( Same applies to Softonic & Brothersoft )
http://www.groovypost.com/unplugged...

I use Softpedia & FreewareFiles.com, they make you aware what Ad-supported programs the author of the program has included.
http://win.softpedia.com/index.free...
http://www.freewarefiles.com/new_fi...
Sample pages
http://www.softpedia.com/get/CD-DVD...
First and foremost, extra attention needs to be paid during installation as ImgBurn offers to create desktop shortcuts to third-party apps, as well as install a browser toolbar onto the host computer, which are not required to ensure the smooth running of the app.
SS of above.
http://i.imgur.com/jgGYNsP.gif
http://i.imgur.com/rqSpp1e.gif
This is what ImgBurn tries to install.
http://i.imgur.com/ms4DzE9.gif
http://i.imgur.com/vVkd39a.gif
http://i.imgur.com/rqFVaHs.gif
http://i.imgur.com/sm1T7h6.gif
http://i.imgur.com/vhkKLYo.gif

Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
http://www.softpedia.com/get/System...
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.

You have installed the Premium version, which is a very good & can be run in conjunction with your current Anti-Virus ( AV ) It also ( like Unchecky ) would have alerted you to the adware installs. If you don't want to buy it, do this to avoid the purchase nag screens.
Open Malwarebytes, on the Dashboard, click on ‘End Free Trial’ link which, then will be instantly converted to the free version.
Rootkits: Enabled ( You can disable that now )
Why is scan for rootkit off by default?
https://helpdesk.malwarebytes.org/h...

PS: Nice work in this forum > Click Here Before Posting Data or VBA Code ---> How To Post Data or Code.


Report •

#45
March 11, 2015 at 16:06:22
"In the meantime, just in case this makes any difference, Windows has made some updates since we started this process"
That's Ok, no difference.
Those failed updates, you just keep trying.

Report •

#46
March 11, 2015 at 17:36:26
In your Farbar Additional logs, do you know about this > Faulty Device Manager Devices

This is the Wireless Adaptor for the system. The system is a Dell All-In-One that sit ons a desk, so there is no need for wireless access to the router. It is my understanding (and experience) that wired is faster than wireless and since I have a number of other wireless device in the house, I figured that running the Dell wired just made sense.

Your thoughts?

Also > EmptyTemp: => Removed 1.3 GB temporary data.
If you don't have a reason to keep this many temps, you can cut it right back.
Normal use is about 50mb ( That's MB not GB ) for IE & any other browser.
Chrome is not as straight forward.

I don't use Chrome on this system. It's 99% FireFox and 1% IE for when I remotely into work. I will work on reducing the size of the Temp data space for all browsers.

You have installed the Premium version, which is a very good & can be run in conjunction with your current Anti-Virus ( AV ) It also ( like Unchecky ) would have alerted you to the adware installs. If you don't want to buy it, do this to avoid the purchase nag screens.

I don't know what you are referring to in that paragraph. I've installed the Premium version of what?

One point, in my defense: I'm not pushing back, but I do want to say that I never blindly install applications without un-checking any opt-out options I see. You are much better at reading these logs than I am. Are you able to tell me what "nasties" were installed "accidentally"?

OK, that said, is there anything else I am supposed to do? I'm not sure whether your "finish" posts were instructions for me to do something or if they were mere suggestions and examples.

Click Here Before Posting Data or VBA Code ---> How To Post Data or Code.


Report •

#47
March 11, 2015 at 18:10:52
"Your thoughts?"
Ditto.

"I don't know what you are referring to in that paragraph. I've installed the Premium version of what?
Read the next line.

"I don't use Chrome on this system"
That's fine, it was in the FRST log, a remnant probably.
2015-02-06 08:14 - 2013-05-05 21:07 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

"Are you able to tell me what "nasties" were installed "accidentally"?"
The ones in your link.
http://s440.photobucket.com/user/De...

"I'm not sure whether your "finish" posts were instructions for me to do something or if they were mere suggestions and examples"
The examples show how a user ( maybe you ) approved of the nasties being installed.
It is now up to you, to choose what method you use to make sure you don't install them again.


Report •

#48
March 11, 2015 at 18:31:35
If the nasties were found (and removed) by my first run of Malwarebytes, does that mean that nothing else was found by any of the other tools?

Do you think that all of the work that you have done/had me do will improve the overall performance of the machine, such as the slow log-ons, etc? Are there any performance tools that I can run to check/optimize system settings?

Click Here Before Posting Data or VBA Code ---> How To Post Data or Code.


Report •

#49
March 11, 2015 at 18:45:48
"does that mean that nothing else was found by any of the other tools?"
The other tools removed plenty.

Open CCleaner > Tools > Startup, disable those that you have here, that you don't need at startup, the more you have, the slower your bootup will be.

message edited by Johnw


Report •

#50
March 11, 2015 at 19:23:10
OK...thank you for all of your time and efforts. I really do appreciate it.

Good luck with your floor project. I wish I could be there to help. I have to wear a tie to work but I'd much rather be getting dirty than sitting behind a desk.

Click Here Before Posting Data or VBA Code ---> How To Post Data or Code.


Report •

#51
March 11, 2015 at 19:33:36
Thank you, if you still have any slowness, start a new post please, we will grt more helpers & there is heaps that can be done.

Refer to this post, so helpers know you are clean.


Report •

Ask Question