Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

I can't get rid of play-bar.net on my Firefox

 
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal
View previous topic :: View next topic  
Author Message
hectordob
Newbie


Joined: 13 Oct 2016
Last Visit: 19 Oct 2016
Posts: 6
Location: Barcelona

PostPosted: Fri Oct 14, 2016 9:24 am    Post subject: I can't get rid of play-bar.net on my Firefox Reply with quote

Dear Spyware Warriors,

I have get infected by some malware that is affecting my main browser, Mozilla Firefox, and I can't get rid of it. It causes 2 issues:

1. After I google anything, a search bar appears on top of the browser, and if I use it I see that it first goes to a play-bar.net url and then takes me to some publicity website. Here you can see a screenshot: https://drive.google.com/open?id=0B-oZCdrqlR4BXzB5akp3ZmQybms

2. I can hide it with the X on its right. But whenever I'm browsing anywebsite, I notice there is a transparent layer on top of the whole content, and wherever I click what I'm doing is opening a new tab with publicity. After that, I can click buttons and use normally the browser.

I have Windows 10, and I have tried these things already, in this order:
- Uninstalling Mozilla Firefox
- Doing complete scannings with Windows Defender, Malwarebytes anti-malware and addwcleaner. All of them found few things and deleted them.
- Restart, and installing Firefox again.
- I've checked the path that you can see in the properties of Firefox icon, there's no website or anything else after "C:\Program Files (x86)\Mozilla Firefox"

Could you give me some advice to finally get rid of this?

Thank you very much!

Hector
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 07 May 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Sat Oct 15, 2016 2:57 am    Post subject: Reply with quote

Hi and welcome to Spyware Warrior Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!
Note: If you haven't done so already, please read this topic Things to know before you post where the conditions for receiving help here are explained.
Quote:
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Next.

I need you to run further scans for me.
Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.


First please Disable any Antivirus you have active, as shown in This topic.
Note: Don't forget to re-enable it after the scan.

Next please download zoek.exe and save it to your desktop.
  • Close any open browsers.
  • Right click on zoek.exe and select " Run as administrator " to run it.
  • Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up.
  • Click the More Options button below the large panel and check the box:

    • Auto Clean

  • Click on Run script button
  • Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  • Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

    Note: It will also create a log in the C:\ directory named "zoek-results.log"

Next.

Please download FRST ... by Farbar, from the link below and save it to your Desktop.

For 32 bit Systems

For 64 bit Systems
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • The first time the tool is run, it will create another log... Addition.txt.
  • Please post the content of the Addition.txt in your next reply.

Logs/Information to Post in your Next Reply
  • zoek-results.log
  • FRST.txt and Addition.txt contents.
  • Please give me an update on your computers performance.

_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
hectordob
Newbie


Joined: 13 Oct 2016
Last Visit: 19 Oct 2016
Posts: 6
Location: Barcelona

PostPosted: Sun Oct 16, 2016 1:26 pm    Post subject: Reply with quote

Thanks a lot for your help Cypher!

I've done what you said. I don't think it's the normal thing to happen, but after running zoek.exe it didn't show any finish message or anything, it seemed to be still running and it wouldn't close, if I tried it said it was running and that the window would close on its own when finished... but nothing seemed to be going on, after more than 1 hour of aparent inactivity I restarted the computer. The log file was already created.

I haven't noticed any change on my computer's performance.

These are the logs:

[DELETED (incomplete logs)]


Last edited by hectordob on Mon Oct 17, 2016 10:23 am; edited 1 time in total
Back to top
View user's profile Send private message
hectordob
Newbie


Joined: 13 Oct 2016
Last Visit: 19 Oct 2016
Posts: 6
Location: Barcelona

PostPosted: Sun Oct 16, 2016 1:27 pm    Post subject: Reply with quote

[DELETED (duplicated post)]

Last edited by hectordob on Mon Oct 17, 2016 10:28 am; edited 2 times in total
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 07 May 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Mon Oct 17, 2016 5:14 am    Post subject: Reply with quote

Hi hectordob,
Quote:
Thanks a lot for your help Cypher!

You're welcome.
FRST.txt you posted is incomplete, it has been cut off by the forum post size limiter.
Please post the full FRST.txt.

I also need you to post the DDS Attach.txt contents.
Please post this log in full two, you might need to post the logs in separate posts to fit them all in.
Please check that all of the logs are included this time.
_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
hectordob
Newbie


Joined: 13 Oct 2016
Last Visit: 19 Oct 2016
Posts: 6
Location: Barcelona

PostPosted: Mon Oct 17, 2016 9:53 am    Post subject: Reply with quote

Hi Cypher!

I'm sorry, I didn't notice the log was incomplete. I have deleted them to save visual space in the previous posts.

I didn't notice either that I posted it twice, I guess it happened because I did a first attemp and I got an error, and then I posted it again.

Here I'll try again to post the whole content of FRST.txt:


[DELETED (incomplete log)]


Last edited by hectordob on Mon Oct 17, 2016 10:27 am; edited 3 times in total
Back to top
View user's profile Send private message
hectordob
Newbie


Joined: 13 Oct 2016
Last Visit: 19 Oct 2016
Posts: 6
Location: Barcelona

PostPosted: Mon Oct 17, 2016 10:17 am    Post subject: Reply with quote

Hi again Cypher,

Sorry, it's cut again. I see that I'd need 3 whole posts to put the content of the file FRST.txt. Let me know if you'd like me to do it! You can also see it in the following link:
https://docs.google.com/document/d/1GqFuhyJmyeGemqRuBneVDnhv7tqSHJJ9n5cCKNolYC0/edit?usp=sharing

Cypher wrote:
I also need you to post the DDS Attach.txt contents.


I'm not sure if you meant Addition.txt, which you asked first and got cut too, or if it's something else. Please, excuse my ignorance Embarassed

I post Addition.txt here, it fits:


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2016
Ran by mamarracher (16-10-2016 22:39:04)
Running from C:\Users\mamarracher\Desktop
Windows 10 Home Version 1607 (X64) (2016-10-02 12:51:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2839040868-3184564014-1576588851-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2839040868-3184564014-1576588851-503 - Limited - Disabled)
Invitado (S-1-5-21-2839040868-3184564014-1576588851-501 - Limited - Disabled)
mamarracher (S-1-5-21-2839040868-3184564014-1576588851-1001 - Administrator - Enabled) => C:\Users\mamarracher

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
AIMP (HKLM-x32\...\AIMP) (Version: v4.01.1705, 19.03.2016 - AIMP DevTeam)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
ASUS HiPost (HKLM-x32\...\{04768366-F421-4BA5-8423-B84F644B5249}) (Version: 1.0.6 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.13.0004 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0041 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.95 - ICEpower a/s)
Avast SecureLine for Asustek (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.239.3 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink PhotoDirector 5 (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6515 - CyberLink Corp.)
CyberLink PhotoDirector 5 (Version: 5.0.5.6515 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.4010.0 - CyberLink Corp.) Hidden
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 12.4.22 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.45.1 - Dropbox, Inc.) Hidden
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.81.5243 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Grand Theft Auto V_R.G. Mechanics_is1) (Version: - R.G. Mechanics, ProZorg_tm)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.11 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1169 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4300 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Malwarebytes Anti-Malware versión 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.44 - mIRC Co. Ltd.)
Mozilla Firefox 49.0.1 (x86 es-ES) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 es-ES)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1 - Mozilla)
NVIDIA Graphics Driver 353.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.84 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.7167.2060 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7167.2060 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.7167.2060 - Microsoft Corporation) Hidden
OpenTTD 1.6.1 (HKLM-x32\...\OpenTTD) (Version: 1.6.1 - OpenTTD)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panel de control de NVIDIA 369.09 (Version: 369.09 - NVIDIA Corporation) Hidden
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.3.875.080715 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31213 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0273 - REALTEK Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SimCity 4 Deluxe (HKLM-x32\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version: - )
Skype Empresarial Básico 2016 - es-es (HKLM\...\SkypeforBusinessEntryRetail - es-es) (Version: 16.0.7167.2060 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{27A9512F-B284-490A-97B7-40713556476D}) (Version: 7.21.0.159 - Skype Technologies S.A.)
Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2839040868-3184564014-1576588851-1001\...\Spotify) (Version: 1.0.39.157.g674ae377 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tixati (HKLM-x32\...\tixati) (Version: - )
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.1 - Tweaking.com)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.2.524 - ASUS Cloud Corporation)
Windows Driver Package - ASUS (AsusSGDrv) Mouse (10/06/2015 8.0.0.23) (HKLM\...\DA2E0A005E6CD7900733D89DA6D9F31585E338DF) (Version: 10/06/2015 8.0.0.23 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.2 - ASUS)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2839040868-3184564014-1576588851-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\mamarracher\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2839040868-3184564014-1576588851-1001_Classes\CLSID\{7B901B1C-1210-4C6D-B66C-2028783DAE2A}\InprocServer32 -> C:\Users\mamarracher\AppData\Local\SkypePlugin\7.21.0.159\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2839040868-3184564014-1576588851-1001_Classes\CLSID\{8A00ACF3-DBA4-4858-8D6D-9C818926FD72}\localserver32 -> C:\Users\mamarracher\AppData\Local\SkypePlugin\7.21.0.159\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2839040868-3184564014-1576588851-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\mamarracher\AppData\Local\SkypePlugin\7.21.0.159\EdgeCalling.exe (Skype Technologies S.A.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00D328D5-1451-4ECD-B6C0-DAF5EE3C0043} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-07-30] (Realtek Semiconductor)
Task: {03D16DE8-198C-4C39-91A4-C0B464EE7E04} - \avast! SL Update -> No File <==== ATTENTION
Task: {0DC08D4A-A137-4766-B754-2262359354D6} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-07-30] (Dropbox, Inc.)
Task: {1A11A112-761B-4DBB-9337-81809438E977} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {2F0E6A53-1BC8-47CE-A8C8-5A996759EE9C} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {2F283A5D-22E3-4BE9-BCA0-3EA0238A6E8A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-09-05] (Microsoft Corporation)
Task: {3158784C-2D14-4F73-8BD7-4BE07DB35EF3} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-07-30] (Realtek Semiconductor)
Task: {420C4145-AAAA-4ADF-A81A-266B415BAEB4} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-07-30] (Dropbox, Inc.)
Task: {453697D3-9CE3-4CAF-A596-A1FDD52CFE7C} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-14] (ASUSTek Computer Inc.)
Task: {7A04F51A-D393-4B22-8EEE-BD6D745F8A83} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {7A709D74-12CC-4B6A-B254-558B24FB7AF4} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {7D610E90-703C-4840-A714-F01AE0F1E092} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {7FA8B20A-5EA6-4D9F-9D48-E484944DDE78} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-09-05] (Microsoft Corporation)
Task: {827796D0-5CFB-4E17-B955-9743720E92DD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {832427B9-0AB9-4298-85A8-5A6BF68482E8} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {8635570C-B4A2-4A38-B741-F9E5045DD177} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2015-08-25] (ASUS)
Task: {8E13F865-047B-4E43-857A-EAC27BF3E45D} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {98787DF4-450B-45F2-AE0F-DBD87A0A4F1F} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-10-22] (AsusTek)
Task: {A0973051-0352-4CDA-B856-67A560D4E5BD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-17] (Google Inc.)
Task: {AEDF4791-3A1C-4683-A3C2-8725AC2D5F25} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-25] (ASUSTek Computer Inc.)
Task: {BF7564D8-CEF7-49D4-950D-54C09805E0A3} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {DB2E8A3A-81DF-4365-893A-5B53D146ED33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-17] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\mamarracher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://web-start.org/?ssid=1475863962&a=1024132&src=sh&uuid=c8210d63-f9d5-4f98-96e0-654fbc3b57f4,1475863923250"
ShortcutWithArgument: C:\Users\mamarracher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://web-start.org/?ssid=1475863962&a=1024132&src=sh&uuid=c8210d63-f9d5-4f98-96e0-654fbc3b57f4,1475863923250"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://web-start.org/?ssid=1475863962&a=1024132&src=sh&uuid=c8210d63-f9d5-4f98-96e0-654fbc3b57f4,1475863923250"

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-02 15:09 - 2016-10-02 15:09 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-02 14:20 - 2016-08-01 14:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-01-28 16:18 - 2015-07-20 21:19 - 00121560 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter ONLY\BTDevMgr.exe
2015-05-19 11:11 - 2015-05-19 11:11 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
2016-01-28 16:42 - 2014-04-14 20:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-10-02 15:09 - 2016-10-02 15:09 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-02 14:58 - 2016-10-02 14:58 - 00959168 _____ () C:\Users\mamarracher\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-07-28 01:27 - 2016-07-28 01:27 - 00402520 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-10-02 15:09 - 2016-10-02 15:09 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-10-11 20:06 - 2016-10-05 11:35 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-10-11 20:06 - 2016-10-05 11:21 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-10-11 20:06 - 2016-10-05 11:13 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-10-11 20:06 - 2016-10-05 11:13 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-10-11 20:06 - 2016-10-05 11:13 - 02424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-10-11 20:06 - 2016-10-05 11:14 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-10-14 18:32 - 2016-10-14 18:32 - 00055808 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11609.1001.26.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2016-10-02 15:36 - 2016-10-02 15:38 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.190.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-10-02 15:36 - 2016-10-02 15:38 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.190.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-10-02 15:36 - 2016-10-02 15:39 - 35250688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.190.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2015-08-25 11:40 - 2015-08-25 11:40 - 00027648 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-08-25 11:40 - 2015-08-25 11:40 - 00124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2016-01-28 16:13 - 2015-10-03 04:24 - 00012080 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-02 14:58 - 2016-10-02 14:58 - 00679624 _____ () C:\Users\mamarracher\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2016-10-05 21:40 - 2016-09-25 05:47 - 01805416 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\libglesv2.dll
2016-10-05 21:40 - 2016-09-25 05:47 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\libegl.dll
2015-09-19 01:34 - 2015-09-19 01:34 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2839040868-3184564014-1576588851-1001\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 13:04 - 2015-07-10 13:02 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2839040868-3184564014-1576588851-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\mamarracher\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 87.216.1.65 - 87.216.1.66
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: Asus WebStorage Windows Service => 2
MSCONFIG\Services: ASUSGiftBoxDekstop => 2
MSCONFIG\Services: GamesAppIntegrationService => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: SecureLine => 2
HKLM\...\StartupApproved\StartupFolder: => "avast! SecureLine.lnk"
HKLM\...\StartupApproved\Run32: => "WebStorage"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-2839040868-3184564014-1576588851-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2839040868-3184564014-1576588851-1001\...\StartupApproved\Run: => "Spotify Web Helper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C4CC8CC7-B6AE-44A7-A2BC-16CB0AE781B9}] => (Block) C:\users\mamarracher\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{D1B2A719-4894-441E-ABAE-85EE514BD118}] => (Block) C:\users\mamarracher\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{69FFE7FD-1D44-41D3-ADEB-1FB4CCCDD670}C:\users\mamarracher\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\mamarracher\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [TCP Query User{37F459DB-0100-4BCA-B45D-E005E643B7A1}C:\users\mamarracher\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\mamarracher\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{8AFC337A-3850-4B57-9A64-B658B998D52B}] => (Block) %ALLUSERSPROFILE%\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
FirewallRules: [{351F72C6-A5F7-4EA0-8F85-225BA645B905}] => (Block) %ALLUSERSPROFILE%\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
FirewallRules: [{6CB06352-BCF9-4444-B5D1-4BEF3DFCA879}] => (Block) %ALLUSERSPROFILE%\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
FirewallRules: [{6812076D-8B01-451A-8E83-F4D56C8427B4}] => (Block) %ALLUSERSPROFILE%\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
FirewallRules: [{F41EAF18-DA73-4876-93B0-7F6961084A4D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{03CCA74C-D733-4264-9044-A02C1D74BF32}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{003F8584-A235-4955-91A7-A7C027478D30}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{7A5F8C7B-E75F-4B21-9A2F-3F293AA9F2A8}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{71E5345F-43AE-4EC4-9F29-B2ACA4E89899}] => (Block) %ALLUSERSPROFILE%\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
FirewallRules: [{BF39F0AD-B524-4C3E-AD1C-490F5C2A179F}] => (Block) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{306280F2-84C6-43A0-B12B-A7B67E916576}] => (Block) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{4883893D-48A0-43B6-B35F-9E29AEFD08C5}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [TCP Query User{1B7994F0-ACAC-4D86-B091-B7DB1B229BAF}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{CA1D93DD-0DBF-4FF9-A226-22BB81E1DBFF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{3D11AD2E-AA14-472F-8FD2-C798654AF39E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C759BAED-994E-4C18-8737-FB1D382C27A8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{6917EDA3-E2AF-4CED-8624-EF69EA6131C4}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{3F4D6263-59FE-4436-990E-16CFC7EF4B3A}] => (Block) C:\users\mamarracher\appdata\roaming\spotify\spotify.exe
FirewallRules: [{ACF11764-7AA5-4639-9C33-8F4AE9A20243}] => (Block) C:\users\mamarracher\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{804EB527-FB99-4EA4-B00F-7313AA41415C}C:\users\mamarracher\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mamarracher\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{A0FCA013-CCDB-4A81-868D-4A08C4E7D689}C:\users\mamarracher\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mamarracher\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{0ACED7B5-D098-4563-A48A-62203E9A41A9}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{57FD6498-6E25-4317-8F6A-9B2358ECAB38}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{CB6AA123-4089-4E67-B0D1-6719F25950B0}C:\program files\tixati\tixati.exe] => (Block) C:\program files\tixati\tixati.exe
FirewallRules: [TCP Query User{6FC1550A-AE16-4125-A5F4-62170D389828}C:\program files\tixati\tixati.exe] => (Block) C:\program files\tixati\tixati.exe
FirewallRules: [{4C92F50E-6EB8-4825-B11A-F4DCAB296BD3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6F056B76-E4AE-4E7B-AAA4-773A5B9E0A8F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E406DB7F-3979-4AF5-8E8F-9C7DEA78BC77}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

02-10-2016 15:05:13 Removed ASUS GIFTBOX Desktop
05-10-2016 22:47:34 Windows Update
08-10-2016 18:08:54 Removed Dropbox 25 GB
09-10-2016 19:47:12 Removed Ableton Live 9 Suite

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/16/2016 10:32:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAMARRACHER)
Description: No se pudo activar la aplicación Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App debido al error: -2144927141. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

Error: (10/16/2016 08:40:36 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina QueryFullProcessImageNameW. HR = 0x80070006, Controlador no válido.
.


Operación:
Ejecutando operación asincrónica

Contexto:
Estado actual: DoSnapshotSet

Error: (10/16/2016 08:40:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Error en Servicios de cifrado mientras se procesaba el objeto "System Writer" de la llamada OnIdentity().

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:
Acceso denegado.
.

Error: (10/16/2016 08:37:33 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "c:\program files\cyberlink\photodirector5\kernel\ces\CES_CacheAgent.exe.Manifest".
No se encontró el ensamblado dependiente PDR.X,type="win32",version="1.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.

Error: (10/16/2016 08:37:33 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "c:\program files\cyberlink\photodirector5\kernel\ces\CES_AudioCacheAgent.exe.Manifest".
No se encontró el ensamblado dependiente PDR.X,type="win32",version="1.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.

Error: (10/14/2016 12:06:20 AM) (Source: DbxSvc) (EventID: 270) (User: )
Description: Filter Unload failed with: (-2145452013) El sistema no puede encontrar el filtro especificado.

Error: (10/13/2016 01:27:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SearchUI.exe, versión: 10.0.14393.321, marca de tiempo: 0x57f4c5cf
Nombre del módulo con errores: SearchUI.exe, versión: 10.0.14393.321, marca de tiempo: 0x57f4c5cf
Código de excepción: 0x80000003
Desplazamiento de errores: 0x00000000001f679f
Identificador del proceso con errores: 0x4b8
Hora de inicio de la aplicación con errores: 0x01d224e0418da278
Ruta de acceso de la aplicación con errores: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Ruta de acceso del módulo con errores: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Identificador del informe: 36c0575a-1aeb-4730-8b68-14091def9473
Nombre completo del paquete con errores: Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy
Identificador de aplicación relativa del paquete con errores: CortanaUI

Error: (10/12/2016 05:18:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "c:\program files\cyberlink\photodirector5\kernel\ces\CES_CacheAgent.exe.Manifest".
No se encontró el ensamblado dependiente PDR.X,type="win32",version="1.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.

Error: (10/12/2016 05:18:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "c:\program files\cyberlink\photodirector5\kernel\ces\CES_AudioCacheAgent.exe.Manifest".
No se encontró el ensamblado dependiente PDR.X,type="win32",version="1.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.

Error: (10/12/2016 05:14:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SearchUI.exe, versión: 10.0.14393.321, marca de tiempo: 0x57f4c5cf
Nombre del módulo con errores: SearchUI.exe, versión: 10.0.14393.321, marca de tiempo: 0x57f4c5cf
Código de excepción: 0x80000003
Desplazamiento de errores: 0x00000000001f679f
Identificador del proceso con errores: 0x4f0
Hora de inicio de la aplicación con errores: 0x01d2249b5fc5b668
Ruta de acceso de la aplicación con errores: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Ruta de acceso del módulo con errores: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Identificador del informe: 8654bdee-d590-4908-8697-ffe972483895
Nombre completo del paquete con errores: Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy
Identificador de aplicación relativa del paquete con errores: CortanaUI


System errors:
=============
Error: (10/16/2016 10:35:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Servicio de plataforma de dispositivos conectados se cerró con el siguiente error:
Error no especificado

Error: (10/16/2016 10:33:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
y APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (10/16/2016 10:33:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
y APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (10/16/2016 10:33:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
y APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-1Cool en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (10/16/2016 10:33:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio SecDrv no pudo iniciarse debido al siguiente error:
Se ha bloqueado la descarga de este controlador

Error: (10/16/2016 10:33:10 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\WINDOWS\SysWow64\drivers\SECDRV.SYS

Error: (10/16/2016 10:32:14 PM) (Source: DCOM) (EventID: 10010) (User: MAMARRACHER)
Description: El servidor App.AppXryc2qd338f5728r9gzzazav8206ba77s.mca no se registró con DCOM dentro del tiempo de espera requerido.

Error: (10/16/2016 08:50:04 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: El servicio PEVSystemStart ha sido marcado como servicio interactivo. Sin embargo, el sistema está configurado para no permitir servicios interactivos. Este servicio puede tener un funcionamiento incorrecto.

Error: (10/16/2016 08:50:04 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: El servicio PEVSystemStart ha sido marcado como servicio interactivo. Sin embargo, el sistema está configurado para no permitir servicios interactivos. Este servicio puede tener un funcionamiento incorrecto.

Error: (10/16/2016 08:50:04 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: El servicio PEVSystemStart ha sido marcado como servicio interactivo. Sin embargo, el sistema está configurado para no permitir servicios interactivos. Este servicio puede tener un funcionamiento incorrecto.


CodeIntegrity:
===================================
Date: 2016-10-15 16:38:35.853
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-15 16:38:32.815
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-12 17:58:22.943
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-12 17:58:20.002
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-10 20:53:29.186
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-10 20:53:27.117
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-09 13:35:44.462
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-09 13:35:39.047
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-07 22:00:33.132
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-07 22:00:29.555
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 25%
Total physical RAM: 8059.3 MB
Available physical RAM: 5965.61 MB
Total Virtual: 9339.3 MB
Available Virtual: 7271 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:371.85 GB) (Free:172.1 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:558.91 GB) (Free:430.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C39C20EC)

Partition: GPT.

==================== End of Addition.txt ============================
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 07 May 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Tue Oct 18, 2016 2:01 am    Post subject: Reply with quote

Hi hectordob,
Well done getting those logs posted.
We need to run a fix, once done let me know if the problem your having is still present.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.

    • Copy and Paste the following script into Notepad, Do not include the word Code:

    Code:

    (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
    SearchScopes: HKU\S-1-5-21-2839040868-3184564014-1576588851-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2839040868-3184564014-1576588851-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\1409973887.cfg [2016-10-07] <==== ATTENTION
    Task: {03D16DE8-198C-4C39-91A4-C0B464EE7E04} - \avast! SL Update -> No File <==== ATTENTION
    HKU\S-1-5-21-2839040868-3184564014-1576588851-1001\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION
    C:\Users\mamarracher\AppData\Local\Temp\7za.exe
    C:\Users\mamarracher\AppData\Local\Temp\AutoRun.exe
    C:\Users\mamarracher\AppData\Local\Temp\AutoRunGUI.dll
    C:\Users\mamarracher\AppData\Local\Temp\DaS_21.exe
    C:\Users\mamarracher\AppData\Local\Temp\hijackthis.exe
    C:\Users\mamarracher\AppData\Local\Temp\ISL AlwaysOn Connect_ISLLight_1475858768_41.exe
    C:\Users\mamarracher\AppData\Local\Temp\NirCmd.exe
    C:\Users\mamarracher\AppData\Local\Temp\PEVZ.EXE
    C:\Users\mamarracher\AppData\Local\Temp\remove.exe
    C:\Users\mamarracher\AppData\Local\Temp\sed.exe
    C:\Users\mamarracher\AppData\Local\Temp\shortcut.exe
    C:\Users\mamarracher\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\mamarracher\AppData\Local\Temp\swreg.exe
    C:\Users\mamarracher\AppData\Local\Temp\swxcacls.exe
    C:\Users\mamarracher\AppData\Local\Temp\wget.exe
    C:\Users\mamarracher\AppData\Local\Temp\zoek-delete.exe

    Hosts:
    EmptyTemp:
    CMD: ipconfig /flushdns

  • Save it next to FRST.exe on your Desktop as filename fixlist.txt
  • NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.

Logs/Information to Post in your Next Reply
  • Fixlog.txt
  • Please give me an update on your computers performance.

_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
hectordob
Newbie


Joined: 13 Oct 2016
Last Visit: 19 Oct 2016
Posts: 6
Location: Barcelona

PostPosted: Tue Oct 18, 2016 11:55 am    Post subject: Reply with quote

Hi Cypher!

It's done! You have fixed it! Very Happy
I can't make that bar appear anymore, so I guess it's solved for good.

I'm very grateful for your help. Also curious to know what happened, I assume that the first logs you asked me allowed you to identify and locate the issue, and then you gave me something like an script which fixed it by deleting some undesirable files... am I close?

However, thank you very much!!

Here is the Fixlog.txt content:

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by mamarracher (18-10-2016 20:58:17) Run:1
Running from C:\Users\mamarracher\Desktop
Loaded Profiles: mamarracher (Available Profiles: mamarracher)
Boot Mode: Normal
==============================================

fixlist content:
*****************
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
SearchScopes: HKU\S-1-5-21-2839040868-3184564014-1576588851-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2839040868-3184564014-1576588851-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\1409973887.cfg [2016-10-07] <==== ATTENTION
Task: {03D16DE8-198C-4C39-91A4-C0B464EE7E04} - \avast! SL Update -> No File <==== ATTENTION
HKU\S-1-5-21-2839040868-3184564014-1576588851-1001\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION
C:\Users\mamarracher\AppData\Local\Temp\7za.exe
C:\Users\mamarracher\AppData\Local\Temp\AutoRun.exe
C:\Users\mamarracher\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\mamarracher\AppData\Local\Temp\DaS_21.exe
C:\Users\mamarracher\AppData\Local\Temp\hijackthis.exe
C:\Users\mamarracher\AppData\Local\Temp\ISL AlwaysOn Connect_ISLLight_1475858768_41.exe
C:\Users\mamarracher\AppData\Local\Temp\NirCmd.exe
C:\Users\mamarracher\AppData\Local\Temp\PEVZ.EXE
C:\Users\mamarracher\AppData\Local\Temp\remove.exe
C:\Users\mamarracher\AppData\Local\Temp\sed.exe
C:\Users\mamarracher\AppData\Local\Temp\shortcut.exe
C:\Users\mamarracher\AppData\Local\Temp\SkypeSetup.exe
C:\Users\mamarracher\AppData\Local\Temp\swreg.exe
C:\Users\mamarracher\AppData\Local\Temp\swxcacls.exe
C:\Users\mamarracher\AppData\Local\Temp\wget.exe
C:\Users\mamarracher\AppData\Local\Temp\zoek-delete.exe

Hosts:
EmptyTemp:
CMD: ipconfig /flushdns
*****************

[3252] C:\Windows\Temp\DPTF\esif_assist_64.exe => process closed successfully.
HKU\S-1-5-21-2839040868-3184564014-1576588851-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2839040868-3184564014-1576588851-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
C:\Program Files (x86)\mozilla firefox\1409973887.cfg => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{03D16DE8-198C-4C39-91A4-C0B464EE7E04}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03D16DE8-198C-4C39-91A4-C0B464EE7E04}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avast! SL Update" => key removed successfully
"HKU\S-1-5-21-2839040868-3184564014-1576588851-1001\Software\Classes\regfile" => key removed successfully
C:\Users\mamarracher\AppData\Local\Temp\7za.exe => moved successfully
C:\Users\mamarracher\AppData\Local\Temp\AutoRun.exe => moved successfully
C:\Users\mamarracher\AppData\Local\Temp\AutoRunGUI.dll => moved successfully
C:\Users\mamarracher\AppData\Local\Temp\DaS_21.exe => moved successfully
C:\Users\mamarracher\AppData\Local\Temp\hijackthis.exe => moved successfully
C:\Users\mamarracher\AppData\Local\Temp\ISL AlwaysOn Connect_ISLLight_1475858768_41.exe => moved successfully
C:\Users\mamarracher\AppData\Local\Temp\NirCmd.exe => moved successfully
C:\Users\mamarracher\AppData\Local\Temp\PEVZ.EXE => moved successfully
C:\Users\mamarracher\AppData\Local\Temp\remove.exe => moved successfully
C:\Users\mamarracher\AppData\Local\Temp\sed.exe => moved successfully
C:\Users\mamarracher\AppData\Local\Temp\shortcut.exe => moved successfully
C:\Users\mamarracher\AppData\Local\Temp\SkypeSetup.exe => moved successfully
C:\Users\mamarracher\AppData\Local\Temp\swreg.exe => moved successfully
C:\Users\mamarracher\AppData\Local\Temp\swxcacls.exe => moved successfully
C:\Users\mamarracher\AppData\Local\Temp\wget.exe => moved successfully
C:\Users\mamarracher\AppData\Local\Temp\zoek-delete.exe => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 36600866 B
Java, Flash, Steam htmlcache => 19155994 B
Windows/system/drivers => 2723650 B
Edge => 167465 B
Chrome => 67838754 B
Firefox => 386423601 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 46954 B
mamarracher => 191654729 B

RecycleBin => 0 B
EmptyTemp: => 672 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:58:43 ====
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 07 May 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Wed Oct 19, 2016 1:30 am    Post subject: Reply with quote

Hi hectordob,
Quote:
It's done! You have fixed it!
I can't make that bar appear anymore

Excellent Big Thumb Up
Quote:
curious to know what happened, I assume that the first logs you asked me allowed you to identify and locate the issue, and then you gave me something like an script which fixed it by deleting some undesirable files... am I close?

You assumed correctly Wink
The logs you posted let us identify the problem, then we ran a script to remove the offending entries.
Quote:
However, thank you very much!!

You're most welcome.

As your problem appears to be resolved you should be good to go.
Lets tidy up and remove the tools we used to clean your computer.

Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check the following boxes then click on Run.

    • Remove disinfection tools

  • All tools we used to clean your computer should be gone now.
  • You can now delete any tools/logs we used if they remain on your computer.

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
hectordob
Newbie


Joined: 13 Oct 2016
Last Visit: 19 Oct 2016
Posts: 6
Location: Barcelona

PostPosted: Wed Oct 19, 2016 1:16 pm    Post subject: Reply with quote

Hi Cypher,

Everything done Very Happy

Thanks a lot once more!! You have made me happier these days!!
Everything is good now in my computer Clap Man

Have a great day!
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 07 May 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Thu Oct 20, 2016 2:02 am    Post subject: Reply with quote

Hi hectordob,
Quote:
Thanks a lot once more!!

It's my pleasure, glad we could help Wink


I will go ahead and close this topic, Good luck and stay safe.

Quote:
As your Malware issues appear to be resolved, this topic is now closed.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group