Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Thunk_32.exe Twain.dll Client's 32-bit Thunking Service


  • This topic is locked This topic is locked
11 replies to this topic

#1 monkeybastard

monkeybastard

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 08 June 2013 - 11:37 PM

***Please note, I made an error in my thread title, it is called Twunk_32.exe not Thunk.

 

Please help.

 

I had a Microsoft pop up message appear stating that the Twain.dll Client's 32-Bit Thunking Server had quit working. At the same time I had noticed my computer was not operating as efficiently as normal. I checked my processes and spotted one called Twunk_32.exe with a description of Twain.dll Client's 32-bit Thunking Service. It is running twice and using all of the CPU. If I stop each of the processes they fire right back up almost immediately. I tried doing a Malwarebytes scan and it did not pick up anything. I've since noticed using Windows Explorer that google searches are redirecting to different websites. Can you please help me remove this.

 

I have also spotted at times in the processes one called Rundll32 which comes and goes. But it does not appear at this time so I have no details to share.

 

Thank you

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16483  BrowserJavaVersion: 10.17.2
Run by Katrina at 1:03:26 on 2013-06-09
#Option MBR scan  is disabled.
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.2.1033.18.3061.1678 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Windows\system32\IoctlSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\twunk_32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\twunk_32.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=5081016
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Adobe CSS5.1 Manager] c:\users\katrina\appdata\local\39464522-ad4f-4571-93c0-a52d26b1c577ad\adfcadbcad.exe
uRunOnce: [Adobe CSS5.1 Manager] c:\users\katrina\appdata\local\39464522-ad4f-4571-93c0-a52d26b1c577ad\adfcadbcad.exe
uRunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f
uRunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f
uRunOnce: [adawarebp_DATA_FOLDER] cmd.exe /c rmdir "c:\programdata\Ad-Aware Browsing Protection" /s /q
uRunOnce: [adawarebp_INSTALL_FOLDER] cmd.exe /c rmdir "c:\users\katrina\appdata\local\adawarebp" /s /q
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Search Protection] c:\programdata\search protection\SearchProtection.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204
Trusted Zone: dell.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxp://mail.sl.on.ca/dwa85W.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {CEF002D2-5A9F-4656-AA41-85DA2534ACBD} - hxxp://mail.sl.on.ca/dwa85W.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3BDE4973-E216-49DA-B452-7533FCEFB2E3} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{462E90A3-F282-4B71-8C4C-3735F27E94D5} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{88081765-6F37-4B4A-BD57-744685396726} : DHCPNameServer = 64.71.255.198 64.71.255.253
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\katrina\appdata\roaming\mozilla\firefox\profiles\0qkdyf64.default\
FF - prefs.js: browser.search.defaulturl - hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_0&ent=hp&u=3DDA67605801F9A2FB596A51B3C93503
FF - prefs.js: browser.search.selectedEngine - SecureSearch
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2009-07-16 14:13; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-6-8 13560]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-10-16 73728]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-5-2 161048]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2009-3-2 40448]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-10-16 111616]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-11-25 541800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2008-7-7 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-12-4 174592]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-06-09 01:53:22    41584    ----a-w-    c:\windows\system32\drivers\gfiark.sys
2013-06-09 00:51:50    --------    d-----w-    c:\users\katrina\appdata\local\adawarebp
2013-06-09 00:19:58    --------    d-----w-    c:\users\katrina\appdata\roaming\LavasoftStatistics
2013-06-09 00:19:11    --------    d-----w-    c:\programdata\Downloaded Installations
2013-06-09 00:19:03    --------    d-----w-    c:\programdata\Ad-Aware Browsing Protection
2013-06-09 00:16:34    13560    ----a-w-    c:\windows\system32\drivers\gfibto.sys
2013-06-08 22:27:08    215475    ----a-w-    c:\windows\oem_uninst.exe
2013-06-08 22:26:17    --------    d-----w-    c:\program files\DLLSuite
2013-06-07 06:29:49    60872    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{446c3962-d554-4523-973d-cf69c03d8dd8}\offreg.dll
2013-06-07 06:25:29    7016152    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{446c3962-d554-4523-973d-cf69c03d8dd8}\mpengine.dll
2013-06-07 03:22:47    --------    d-----w-    c:\users\katrina\appdata\local\39464522-ad4f-4571-93c0-a52d26b1c577ad
2013-06-07 01:08:06    --------    d-----r-    c:\users\katrina\Dropbox
2013-06-07 01:06:14    --------    d-----w-    c:\program files\Dropbox
2013-06-07 01:05:11    --------    d-----w-    c:\users\katrina\appdata\roaming\Dropbox
2013-06-02 20:05:34    --------    d-----w-    c:\users\katrina\appdata\roaming\AnvSoft
2013-06-02 20:05:00    --------    d-----w-    c:\program files\AnvSoft
2013-06-02 20:00:51    --------    d-----w-    c:\users\katrina\appdata\roaming\AVS4YOU
2013-06-02 19:59:30    24576    ----a-w-    c:\windows\system32\msxml3a.dll
2013-06-02 19:59:30    1700352    ----a-w-    c:\windows\system32\GdiPlus.dll
2013-06-02 19:59:30    --------    d-----w-    c:\programdata\AVS4YOU
2013-06-02 19:59:30    --------    d-----w-    c:\program files\common files\AVSMedia
2013-06-02 19:59:30    --------    d-----w-    c:\program files\AVS4YOU
2013-06-02 19:38:51    70656    --sh--w-    c:\windows\system32\yv12vfw.dll
2013-06-02 19:38:51    32256    --sh--w-    c:\windows\system32\AVSredirect.dll
2013-06-02 19:38:50    70656    --sh--w-    c:\windows\system32\i420vfw.dll
2013-06-02 19:38:39    --------    d-----w-    c:\program files\AviSynth 2.5
2013-06-02 19:37:13    327749    ----a-w-    c:\windows\system32\drvc.dll
2013-06-02 19:37:10    --------    d-----w-    c:\program files\eRightSoft
2013-06-02 19:36:49    --------    d-----w-    c:\users\katrina\appdata\local\SwvUpdater
2013-05-23 07:10:32    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-05-22 19:51:35    638328    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-05-22 19:51:34    37376    ----a-w-    c:\windows\system32\cdd.dll
2013-05-22 19:51:14    2049024    ----a-w-    c:\windows\system32\win32k.sys
.
==================== Find3M  ====================
.
2013-05-21 20:28:27    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-21 20:28:27    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-02 06:06:08    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-04 22:11:34    1800704    ----a-w-    c:\windows\system32\jscript9.dll
2013-04-04 22:02:59    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-04-04 22:02:17    1129472    ----a-w-    c:\windows\system32\wininet.dll
2013-04-04 21:58:51    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-04-04 21:57:45    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-04-04 18:50:32    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-03-19 01:04:22    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-03-19 01:04:05    861088    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-03-19 01:04:04    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-03-11 13:25:50    3603816    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25:50    3551080    ----a-w-    c:\windows\system32\ntoskrnl.exe
2005-07-14 16:31:20    32256    --sh--w-    c:\windows\system32\AVSredirect.dll
2004-01-25 04:00:00    70656    --sh--w-    c:\windows\system32\i420vfw.dll
2004-01-25 04:00:00    70656    --sh--w-    c:\windows\system32\yv12vfw.dll
.
============= FINISH:  1:03:37.07 ===============
 

 

Attached Files


Edited by monkeybastard, 09 June 2013 - 12:05 AM.


BC AdBot (Login to Remove)

 


#2 monkeybastard

monkeybastard
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 10 June 2013 - 08:12 PM

I think I may have solved this on my own by following some of the other instructions in similar type threads.

 

I saved all the log files in case anybody decides they might want to double check my work.

 

Thank you.



#3 nasdaq

nasdaq

  • Malware Response Team
  • 17,183 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:27 AM

Posted 11 June 2013 - 09:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Lets give it a good check if you want.

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
  • ===

    Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

    Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
  • ===

    thisisujrt.gif Please download
    Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
  • ===

    Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
    Link 1
    Link 2

    IMPORTANT !!! Save ComboFix.exe to your Desktop

    1. Close any open browsers.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    3. Do not install any other programs until this if fixed.


    How to : Disable Anti-virus and Firewall...
    http://www.bleepingcomputer.com/forums/topic114351.html

    Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
  • Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

    Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

    Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
    ===

    Third party programs if not up to date can be the cause of infiltration an infection.

    Please run this security check for my review.

    Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • ===

    Please paste the logs in your next reply DO NOT ATTACH THEM.
    Let me know what problem persists.


#4 monkeybastard

monkeybastard
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 11 June 2013 - 11:59 AM

Hello nasdaq. Thank you for reviewing this with me.

 

Following is the Rogue Killer log:

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Katrina [Admin rights]
Mode : Remove -- Date : 06/11/2013 12:23:16
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9250827AS +++++
--- User ---
[MBR] 274e2d48b1de91947f32f65994d19bba
[BSP] 32913c31cce9e5ae3fbce4a9cd321f11 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20561920 | Size: 225874 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 483153920 | Size: 2559 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_06112013_02d1223.txt >>
RKreport[1]_S_06112013_02d1214.txt ; RKreport[2]_D_06112013_02d1223.txt
 


Edited by monkeybastard, 11 June 2013 - 12:05 PM.


#5 monkeybastard

monkeybastard
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 11 June 2013 - 12:02 PM

Following is the AdwCleaner log:

 

# AdwCleaner v2.303 - Logfile created 06/11/2013 at 12:27:20
# Updated 08/06/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Katrina - KATRINA-PC
# Boot Mode : Normal
# Running from : C:\Users\Katrina\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKLM\Software\PIP

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Katrina\AppData\Roaming\Mozilla\Firefox\Profiles\0qkdyf64.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2338 octets] - [10/06/2013 11:28:18]
AdwCleaner[R2].txt - [999 octets] - [11/06/2013 12:25:21]
AdwCleaner[S1].txt - [2122 octets] - [10/06/2013 11:28:41]
AdwCleaner[S2].txt - [935 octets] - [11/06/2013 12:27:20]

########## EOF - C:\AdwCleaner[S2].txt - [994 octets] ##########
 



Following is the Junkware Removal Tool log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista ™ Home Premium x86
Ran by Katrina on 11-Jun-2013 at 12:34:44.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Katrina\AppData\Roaming\mozilla\firefox\profiles\0qkdyf64.default\prefs.js

user_pref("extensions.tweaktube.addit.remoteInstallItems", "{ \"software\": {\"35\": {\"id\": \"35\",\"title\": \"ConnectBar\",\"type\": \"XPI\",\"url\": \"hxxp://connectbar.n



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11-Jun-2013 at 12:36:07.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Following is the ComboFix log:

 

ComboFix 13-06-08.02 - Katrina 1-Jun-2013  12:45:48.3.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.2.1033.18.3061.1967 [GMT -4:00]
Running from: c:\users\Katrina\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-11 to 2013-06-11  )))))))))))))))))))))))))))))))
.
.
2013-06-11 16:54 . 2013-06-11 16:54    --------    d-----w-    c:\users\Katrina\AppData\Local\temp
2013-06-11 16:54 . 2013-06-11 16:54    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-06-10 15:36 . 2013-06-10 15:36    --------    d-----w-    c:\windows\ERUNT
2013-06-10 15:36 . 2013-06-11 16:34    --------    d-----w-    C:\JRT
2013-06-10 00:16 . 2013-06-10 00:16    --------    d-----w-    c:\program files\Enigma Software Group
2013-06-10 00:14 . 2013-06-10 00:37    --------    d-----w-    c:\windows\E89498D814304A2BA76A4A71326981E9.TMP
2013-06-10 00:14 . 2013-06-10 00:14    --------    d-----w-    c:\program files\Common Files\Wise Installation Wizard
2013-06-09 01:53 . 2013-04-11 15:06    41584    ----a-w-    c:\windows\system32\drivers\gfiark.sys
2013-06-09 00:19 . 2013-06-09 00:49    --------    d-----w-    c:\users\Katrina\AppData\Roaming\LavasoftStatistics
2013-06-09 00:19 . 2013-06-09 00:19    --------    d-----w-    c:\programdata\Downloaded Installations
2013-06-09 00:16 . 2013-06-09 00:42    13560    ----a-w-    c:\windows\system32\drivers\gfibto.sys
2013-06-08 22:27 . 2013-06-08 22:27    215475    ----a-w-    c:\windows\oem_uninst.exe
2013-06-08 22:26 . 2013-06-08 22:26    --------    d-----w-    c:\program files\DLLSuite
2013-06-07 03:22 . 2013-06-10 16:08    --------    d-----w-    c:\users\Katrina\AppData\Local\39464522-ad4f-4571-93c0-a52d26b1c577ad
2013-06-07 01:08 . 2013-06-07 03:09    --------    d-----r-    c:\users\Katrina\Dropbox
2013-06-07 01:06 . 2013-06-07 01:06    --------    d-----w-    c:\program files\Dropbox
2013-06-07 01:05 . 2013-06-07 03:15    --------    d-----w-    c:\users\Katrina\AppData\Roaming\Dropbox
2013-06-02 20:05 . 2013-06-02 20:05    --------    d-----w-    c:\users\Katrina\AppData\Roaming\AnvSoft
2013-06-02 20:05 . 2013-06-02 20:05    --------    d-----w-    c:\program files\AnvSoft
2013-06-02 20:00 . 2013-06-02 20:00    --------    d-----w-    c:\users\Katrina\AppData\Roaming\AVS4YOU
2013-06-02 19:59 . 2013-06-02 20:01    --------    d-----w-    c:\program files\Common Files\AVSMedia
2013-06-02 19:59 . 2013-06-02 20:01    --------    d-----w-    c:\program files\AVS4YOU
2013-06-02 19:59 . 2013-06-02 20:00    --------    d-----w-    c:\programdata\AVS4YOU
2013-06-02 19:59 . 2012-03-23 23:59    1700352    ----a-w-    c:\windows\system32\GdiPlus.dll
2013-06-02 19:59 . 2012-03-23 23:59    24576    ----a-w-    c:\windows\system32\msxml3a.dll
2013-06-02 19:38 . 2005-07-14 16:31    32256    --sh--w-    c:\windows\system32\AVSredirect.dll
2013-06-02 19:38 . 2004-01-25 04:00    70656    --sh--w-    c:\windows\system32\yv12vfw.dll
2013-06-02 19:38 . 2004-01-25 04:00    70656    --sh--w-    c:\windows\system32\i420vfw.dll
2013-06-02 19:38 . 2013-06-02 19:50    --------    d-----w-    c:\program files\AviSynth 2.5
2013-06-02 19:37 . 2004-07-02 05:00    327749    ----a-w-    c:\windows\system32\drvc.dll
2013-06-02 19:37 . 2013-06-06 23:51    --------    d-----w-    c:\program files\eRightSoft
2013-05-23 07:10 . 2013-05-05 19:12    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-05-22 19:51 . 2013-04-15 14:20    638328    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-05-22 19:51 . 2013-04-13 10:56    37376    ----a-w-    c:\windows\system32\cdd.dll
2013-05-22 19:51 . 2013-04-09 01:36    2049024    ----a-w-    c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-10 18:00 . 2013-03-19 01:05    788896    ----a-w-    c:\windows\system32\deployJava1.dll
2013-06-10 18:00 . 2013-03-19 01:05    866720    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-05-21 20:28 . 2012-05-09 13:44    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-21 20:28 . 2012-02-02 21:41    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 06:06 . 2011-03-25 22:13    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-24 02:50 . 2013-04-24 02:50    45056    ----a-r-    c:\users\Katrina\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2013-04-04 18:50 . 2010-07-24 21:45    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2005-07-14 16:31    32256    --sh--w-    c:\windows\System32\AVSredirect.dll
2004-01-25 04:00    70656    --sh--w-    c:\windows\System32\i420vfw.dll
2004-01-25 04:00    70656    --sh--w-    c:\windows\System32\yv12vfw.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17    130736    ----a-w-    c:\users\Katrina\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17    130736    ----a-w-    c:\users\Katrina\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17    130736    ----a-w-    c:\users\Katrina\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 20:28]
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-24 17:23]
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-24 17:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: dell.com
Trusted Zone: dell.com\www
TCP: DhcpNameServer = 192.168.1.1
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxp://mail.sl.on.ca/dwa85W.cab
DPF: {CEF002D2-5A9F-4656-AA41-85DA2534ACBD} - hxxp://mail.sl.on.ca/dwa85W.cab
FF - ProfilePath - c:\users\Katrina\AppData\Roaming\Mozilla\Firefox\Profiles\0qkdyf64.default\
FF - prefs.js: browser.search.defaulturl - hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_0&ent=hp&u=3DDA67605801F9A2FB596A51B3C93503
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - ExtSQL: !HIDDEN! 2009-07-16 14:13; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-11 12:54
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3532)
c:\users\Katrina\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
c:\program files\Common Files\Nero\Lib\MediaLibraryNSE.dll
.
Completion time: 2013-06-11  12:56:21
ComboFix-quarantined-files.txt  2013-06-11 16:56
.
Pre-Run: 65,847,685,120 bytes free
Post-Run: 65,711,878,144 bytes free
.
- - End Of File - - 92FF8705F3473BA6D29B22D8B593105B
CDB4DE4BBD714F152979DA2DCBEF57EB
 



#6 monkeybastard

monkeybastard
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 11 June 2013 - 12:03 PM

Following is the Security Check log:

 

 Results of screen317's Security Check version 0.99.64  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner (remove only)   
 Java 7 Update 21  
 Adobe Flash Player     11.7.700.202  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (21.0)
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 11 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 17,183 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:27 AM

Posted 11 June 2013 - 12:56 PM

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

Please let me know what problem persists.

#8 monkeybastard

monkeybastard
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 11 June 2013 - 01:31 PM

I had removed Adobe Reader yesterday using Revo Uninstaller and replaced Adobe with FoxIt Reader.

 

I'm not sure why Security Check is picking up Adobe Reader because it no longer appears in my programs list.

 

I find Adobe Reader a nusance and a drain on the performance of my laptop so I thought I would give FoxIt Reader a try as an alternative.

 

My computer seems to be working well at the moment.

 

Did you notice any additional issues that need to be resolved from these logs I provided?


Edited by monkeybastard, 11 June 2013 - 01:31 PM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 17,183 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:27 AM

Posted 12 June 2013 - 07:32 AM

I'm not sure why Security Check is picking up Adobe Reader because it no longer appears in my programs list.

Possibly due to some registry entry that are still present. Nothing to worry about.

===

Total Fragmentation on Drive C: 11 % Defragment your hard drive soon! (Do NOT defrag if SSD!)

If your hard drive is not a Solid State Drive you should defrag it when you know you will not need the computer for a few hours.
===

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#10 monkeybastard

monkeybastard
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 13 June 2013 - 01:16 PM

I guess I am back on track. Computer is functioning much better, thank you for having a look at things.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 17,183 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:27 AM

Posted 14 June 2013 - 09:49 AM

Glad we could help.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 17,183 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:27 AM

Posted 14 June 2013 - 09:49 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users