Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

V9 removal assistance


  • This topic is locked This topic is locked
11 replies to this topic

#1 owd66

owd66

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 14 June 2013 - 12:28 PM

I have V9 (and who knows what eles) and need some help making it go away.  Where do I begin?


Edited by hamluis, 14 June 2013 - 01:42 PM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 owd66

owd66
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 14 June 2013 - 01:15 PM

Security Check report

 

 Results of screen317's Security Check version 0.99.64 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 CCleaner    
 Adobe Flash Player 9 Flash Player out of Date!
 Adobe Reader 10.1.7 Adobe Reader out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 10%
````````````````````End of Log``````````````````````
 

********************************************************************************************************************************************

 

FSS Log

 

Farbar Service Scanner Version: 13-06-2013
Ran by John (administrator) on 14-06-2013 at 13:44:27
Running from "C:\Users\John\Desktop"
Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-06-12 09:11] - [2013-05-08 01:38] - 1293672 ____A (Microsoft Corporation) D32FDAC73FCD76B85389C39BC1087F2A

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-06-12 09:11] - [2013-05-13 00:45] - 0140288 ____A (Microsoft Corporation) 3897DFF247D9ED0006190349DE264E14

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

***************************************************************************************************************************

 

MiniTool Box Report Log

 

MiniToolBox by Farbar  Version:21-04-2013
Ran by John (administrator) on 14-06-2013 at 13:47:09
Running from "C:\Users\John\Downloads"
Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Atheros AR9285 802.11b/g/n WiFi Adapter = Wireless Network Connection (Connected)
Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20) = Local Area Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : John-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : cinci.rr.com

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : cinci.rr.com
   Description . . . . . . . . . . . : Atheros AR9285 802.11b/g/n WiFi Adapter
   Physical Address. . . . . . . . . : 90-4C-E5-B5-8A-5B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a121:2946:d7b:b767%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.103(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, June 14, 2013 8:05:47 AM
   Lease Expires . . . . . . . . . . : Saturday, June 15, 2013 12:24:49 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 227560677
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-0D-6F-E1-00-26-9E-DC-5F-3B
   DNS Servers . . . . . . . . . . . : 209.18.47.61
                                       209.18.47.62
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
   Physical Address. . . . . . . . . : 00-26-9E-DC-5F-3B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.cinci.rr.com:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : cinci.rr.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:1052:1ba2:9ff4:35cd(Preferred)
   Link-local IPv6 Address . . . . . : fe80::1052:1ba2:9ff4:35cd%12(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    google.com
Addresses:  2607:f8b0:4009:803::1008
   74.125.225.67
   74.125.225.68
   74.125.225.69
   74.125.225.70
   74.125.225.71
   74.125.225.72
   74.125.225.73
   74.125.225.78
   74.125.225.64
   74.125.225.65
   74.125.225.66

Pinging google.com [74.125.225.135] with 32 bytes of data:
Reply from 74.125.225.135: bytes=32 time=19ms TTL=54
Reply from 74.125.225.135: bytes=32 time=21ms TTL=54

Ping statistics for 74.125.225.135:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 19ms, Maximum = 21ms, Average = 20ms
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    yahoo.com
Addresses:  98.138.253.109
   98.139.183.24
   206.190.36.45

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=89ms TTL=49
Reply from 206.190.36.45: bytes=32 time=90ms TTL=49

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 89ms, Maximum = 90ms, Average = 89ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...90 4c e5 b5 8a 5b ......Atheros AR9285 802.11b/g/n WiFi Adapter
 10...00 26 9e dc 5f 3b ......Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
  1...........................Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.103     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.103    281
    192.168.1.103  255.255.255.255         On-link     192.168.1.103    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.103    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.103    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.103    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 12     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 12     58 2001::/32                On-link
 12    306 2001:0:9d38:953c:1052:1ba2:9ff4:35cd/128
                                    On-link
 11    281 fe80::/64                On-link
 12    306 fe80::/64                On-link
 12    306 fe80::1052:1ba2:9ff4:35cd/128
                                    On-link
 11    281 fe80::a121:2946:d7b:b767/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/14/2013 01:38:36 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
BackupEngine::LoopThroughTheDirectory() error adding file. Error code -18002 msg  file open  failed

Error: (06/14/2013 01:38:36 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
Unable to open the file C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Vendor Letters , fopen() returned Error Code 13

Error: (06/14/2013 01:38:36 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
BackupEngine::LoopThroughTheDirectory() error adding file. Error code -18002 msg  file open  failed

Error: (06/14/2013 01:38:36 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
Unable to open the file C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Other Names Letters , fopen() returned Error Code 13

Error: (06/14/2013 01:38:36 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
BackupEngine::LoopThroughTheDirectory() error adding file. Error code -18002 msg  file open  failed

Error: (06/14/2013 01:38:36 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
Unable to open the file C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Invoice Letters , fopen() returned Error Code 13

Error: (06/14/2013 01:38:36 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
BackupEngine::LoopThroughTheDirectory() error adding file. Error code -18002 msg  file open  failed

Error: (06/14/2013 01:38:36 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
Unable to open the file C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Estimate Letters , fopen() returned Error Code 13

Error: (06/14/2013 01:38:36 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
BackupEngine::LoopThroughTheDirectory() error adding file. Error code -18002 msg  file open  failed

Error: (06/14/2013 01:38:36 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
Unable to open the file C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Employee Letters , fopen() returned Error Code 13

System errors:
=============
Error: (06/14/2013 08:05:37 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (06/14/2013 08:05:37 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (06/14/2013 07:48:57 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (06/14/2013 07:48:57 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (06/13/2013 04:21:35 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (06/13/2013 04:21:35 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (06/13/2013 09:18:51 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (06/13/2013 09:02:17 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (06/12/2013 10:54:26 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (06/12/2013 02:41:57 PM) (Source: atikmdag) (User: )
Description: Display is not active

Microsoft Office Sessions:
=========================
Error: (06/14/2013 01:38:36 PM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro 2010BackupEngine::LoopThroughTheDirectory() error adding file. Error code -18002 msg  file open  failed

Error: (06/14/2013 01:38:36 PM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro 2010Unable to open the file C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Vendor Letters , fopen() returned Error Code 13

Error: (06/14/2013 01:38:36 PM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro 2010BackupEngine::LoopThroughTheDirectory() error adding file. Error code -18002 msg  file open  failed

Error: (06/14/2013 01:38:36 PM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro 2010Unable to open the file C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Other Names Letters , fopen() returned Error Code 13

Error: (06/14/2013 01:38:36 PM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro 2010BackupEngine::LoopThroughTheDirectory() error adding file. Error code -18002 msg  file open  failed

Error: (06/14/2013 01:38:36 PM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro 2010Unable to open the file C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Invoice Letters , fopen() returned Error Code 13

Error: (06/14/2013 01:38:36 PM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro 2010BackupEngine::LoopThroughTheDirectory() error adding file. Error code -18002 msg  file open  failed

Error: (06/14/2013 01:38:36 PM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro 2010Unable to open the file C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Estimate Letters , fopen() returned Error Code 13

Error: (06/14/2013 01:38:36 PM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro 2010BackupEngine::LoopThroughTheDirectory() error adding file. Error code -18002 msg  file open  failed

Error: (06/14/2013 01:38:36 PM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro 2010Unable to open the file C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\QuickBooks Letter Templates\Employee Letters , fopen() returned Error Code 13

=========================== Installed Programs ============================

7-Zip 9.22beta
Add or Remove Adobe Creative Suite 3 Master Collection (Version: 1.0)
Adobe After Effects CS3 Presets (Version: 8)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe BridgeTalk Plugin CS3 (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe Digital Editions 2.0 (Version: 2.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Extension Manager CS3 (Version: 1.8)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.228)
Adobe Flash Player 9 ActiveX (Version: 9.0.45.0)
Adobe Flash Player 9 Plugin (Version: 9.0.45.0)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Illustrator CS3 (Version: 13.0)
Adobe InDesign CS3 (Version: 5.0)
Adobe InDesign CS3 Icon Handler (Version: 5.0)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe MotionPicture Color Files (Version: 1.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Reader X (10.1.7) (Version: 10.1.7)
Adobe Setup (Version: 1.0)
Adobe SING CS3 (Version: 0.1)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe Video Profiles (Version: 1.0)
Adobe WAS CS3 (Version: 1.0)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP DVA Panels CS3 (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
AHV content for Acrobat and Flash (Version: 1)
Business Contact Manager for Microsoft Outlook 2010 (Version: 4.0.11308.0)
CCleaner (Version: 4.02)
CorelDRAW Graphics Suite X4 - Capture (Version: 14.2)
CorelDRAW Graphics Suite X4 - Content (Version: 14.2)
CorelDRAW Graphics Suite X4 - Draw (Version: 14.2)
CorelDRAW Graphics Suite X4 - Extra Content (Version: 14.2)
CorelDRAW Graphics Suite X4 - Filters (Version: 14.2)
CorelDRAW Graphics Suite X4 - FontNav (Version: 14.2)
CorelDRAW Graphics SUite X4 - ICA (Version: 14.2)
CorelDRAW Graphics Suite X4 - IPM (Version: 14.2)
CorelDRAW Graphics Suite X4 - Lang BR (Version: 14.2)
CorelDRAW Graphics Suite X4 - Lang EN (Version: 14.2)
CorelDRAW Graphics Suite X4 - Lang ES (Version: 14.2)
CorelDRAW Graphics Suite X4 - Lang FR (Version: 14.2)
CorelDRAW Graphics Suite X4 - PP (Version: 14.2)
CorelDRAW Graphics Suite X4 - VBA (Version: 14.2)
CorelDRAW Graphics Suite X4 (Version: 14.2)
CorelDRAW® Graphics Suite X4
CorelDRAW® Graphics Suite X4 - Extra Content
CorelDRAW® Graphics Suite X4 - Windows Shell Extension
CorelDRAW® Graphics Suite X4 - Windows Shell Extension (Version: 1.1)
CutStudio
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Defraggler (Version: 2.14)
Dropbox (Version: 2.0.22)
EPSON Scan
EPSON WorkForce 500 Series Printer Uninstall
H&R Block Deluxe + Efile + State 2011 (Version: 11.05.7102)
magicJack (Version: 2.0.6073.4252)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (Version: 3.5.30730.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Setup Support Files  (Version: 10.1.2531.0)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010) (Version: 4.0.11308.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
PDF Settings (Version: 1.0)
QuickBooks (Version: 20.0.4017.807)
QuickBooks Pro 2010 (Version: 20.0.4017.807)
Roland CAMM-1 DRIVER [GX-300] (Version: 1.08.0000)
Roland CAMM-1PRO Manual
Roland VersaWorks (Version: 3.1.0.0)
SAGE Online (Version: 9.0.0)
SAGEim (Version: 1.00.0000)
Service Pack 1 for SQL Server 2008 (KB968369) (Version: 10.1.2531.0)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0)
Synaptics Pointing Device Driver (Version: 15.0.17.4)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Visual Basic for Applications ® Core - English (Version: 6.4.99.69)
Visual Basic for Applications ® Core (Version: 6.4.99.69)

========================= Devices: ================================

Name: Internet Access Server
Description: Internet Access Server
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 3580.2 MB
Available physical RAM: 2256.49 MB
Total Pagefile: 7674.49 MB
Available Pagefile: 6284.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1951.29 MB

========================= Partitions: =====================================

1 Drive c: (Drive) (Fixed) (Total:465.45 GB) (Free:414.19 GB) NTFS

========================= Users: ========================================

User accounts for \\JOHN-PC

Administrator            Guest                    John                    

**** End of log ****

*****************************************************************************************************

 

MBAM Log

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.14.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16618
John :: JOHN-PC [administrator]

6/14/2013 1:49:32 PM
mbam-log-2013-06-14 (13-49-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212207
Time elapsed: 9 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

*************************************************************************************************************************



#3 owd66

owd66
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 14 June 2013 - 01:20 PM

MBR

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-06-14 14:05:42
-----------------------------
14:05:42.922    OS Version: Windows 6.1.7601 Service Pack 1
14:05:42.922    Number of processors: 1 586 0x602
14:05:42.922    ComputerName: JOHN-PC  UserName: John
14:05:44.030    Initialize success
14:06:36.332    AVAST engine defs: 13053101
14:09:05.085    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:09:05.085    Disk 0 Vendor: SAMSUNG_HN-M500MBB 2AR10001 Size: 476940MB BusType: 11
14:09:05.319    Disk 0 MBR read successfully
14:09:05.319    Disk 0 MBR scan
14:09:05.459    Disk 0 Windows 7 default MBR code
14:09:05.459    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          313 MB offset 63
14:09:05.522    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       476623 MB offset 642600
14:09:05.600    Disk 0 scanning sectors +976768065
14:09:05.756    Disk 0 scanning C:\Windows\system32\drivers
14:09:30.404    Service scanning
14:09:53.351    Service MpKsl12912979 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4261EB05-4CAE-4092-ABA5-FDBC24A977FF}\MpKsl12912979.sys **LOCKED** 32
14:10:28.763    Modules scanning
14:10:42.834    Disk 0 trace - called modules:
14:10:43.037    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys dxgkrnl.sys atikmdag.sys dxgmms1.sys watchdog.sys
14:10:43.037    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860ffaa0]
14:10:43.037    3 CLASSPNP.SYS[8c59e59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85c54030]
14:10:43.895    AVAST engine scan C:\Windows
14:10:49.855    AVAST engine scan C:\Windows\system32
14:17:13.047    AVAST engine scan C:\Windows\system32\drivers
14:17:38.428    AVAST engine scan C:\Users\John
14:18:08.068    Disk 0 MBR has been saved successfully to "C:\Users\John\Desktop\MBR.dat"
14:18:08.068    The log file has been saved successfully to "C:\Users\John\Desktop\aswMBR.txt"

 



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 8,993 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:17 AM

Posted 19 June 2013 - 12:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/498048 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 owd66

owd66
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 19 June 2013 - 02:47 PM

When I open Internet Explorer (IE10) the browser does not go to the defined home page, instead it redirects to V9.com.  I have not done anything since posting my original post.

 

Windows 7 home premium, 32 bit.  I DO NOT have windows cd/dvd

 

 

DDS LOG

 

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.10.9200.16614
Run by John at 15:36:55 on 2013-06-19
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3580.1940 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Windows\Explorer.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\SAGE\SAGEim\SAGEim.exe
C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\QBUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uDefault_Page_URL = hxxp://en.v9.com/?utm_source=b&utm_medium=smt&from=smt&uid=SAMSUNGXHN-M500MBB_S2R7JR0B900152&ts=1370049355
mDefault_Page_URL = hxxp://en.v9.com/?utm_source=b&utm_medium=smt&from=smt&uid=SAMSUNGXHN-M500MBB_S2R7JR0B900152&ts=1370049355
mStart Page = hxxp://en.v9.com/?utm_source=b&utm_medium=smt&from=smt&uid=SAMSUNGXHN-M500MBB_S2R7JR0B900152&ts=1370049355
uInternet Settings,ProxyOverride = *.local
mCustomizeSearch = hxxp://search.v9.com/web/?utm_source=b&utm_medium=smt&from=smt&uid=SAMSUNGXHN-M500MBB_S2R7JR0B900152&ts=3539001
mSearchAssistant = hxxp://search.v9.com/web/?utm_source=b&utm_medium=smt&from=smt&uid=SAMSUNGXHN-M500MBB_S2R7JR0B900152&ts=3539001
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
uRun: [cdloader] "c:\users\john\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe  startup
StartupFolder: c:\users\john\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\john\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\maximi~1.lnk - d:\max7\MxSetup.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks 2013\QBW32.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\sageim.lnk - c:\program files\sage\sageim\SAGEim.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{FB41435C-6439-41CC-8624-0DC715841647} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{FB41435C-6439-41CC-8624-0DC715841647}\7544240214962707F62747 : DhcpNameServer = 192.168.200.1
TCP: Interfaces\{FB41435C-6439-41CC-8624-0DC715841647}\C696E6B6379737 : DhcpNameServer = 192.168.17.25 192.168.17.26
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - c:\program files\intuit\quickbooks 2013\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R1 MpKsl478fff25;MpKsl478fff25;c:\programdata\microsoft\microsoft antimalware\definition updates\{d3938f8d-3507-4f79-9ddb-b1940f2e5d38}\MpKsl478fff25.sys [2013-6-19 29904]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2013-5-10 65640]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 100328]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2012-8-18 1248256]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2012-9-20 30785672]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-9-23 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-9-23 1343400]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-31 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);c:\program files\microsoft sql server\mssql10.mssmlbiz\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2013-06-19 19:31:37 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d3938f8d-3507-4f79-9ddb-b1940f2e5d38}\MpKsl478fff25.sys
2013-06-19 16:56:11 -------- d-----w- c:\program files\common files\Nuance
2013-06-19 16:55:41 -------- d-----w- c:\programdata\Nuance
2013-06-19 12:49:55 7068072 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d3938f8d-3507-4f79-9ddb-b1940f2e5d38}\mpengine.dll
2013-06-18 11:58:54 7068072 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-06-15 14:40:02 724464 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{18a61d22-5e75-40d9-a662-1972e86b92ef}\gapaengine.dll
2013-06-14 12:01:31 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-14 12:01:31 218112 ----a-w- c:\program files\internet explorer\sqmapi.dll
2013-06-14 11:55:07 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-06-14 11:55:07 108032 ----a-w- c:\program files\internet explorer\jsdebuggeride.dll
2013-06-14 11:55:03 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-06-14 11:55:01 257536 ----a-w- c:\program files\internet explorer\ieproxy.dll
2013-06-14 11:55:00 235520 ----a-w- c:\program files\internet explorer\IEShims.dll
2013-06-14 11:54:57 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-14 11:54:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-14 11:54:51 817664 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-06-14 11:54:48 770648 ----a-w- c:\program files\internet explorer\iexplore.exe
2013-06-14 11:54:48 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-06-12 13:11:52 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 13:11:48 903168 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 13:11:48 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 13:11:48 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 13:11:48 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 13:11:47 43008 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 13:11:42 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-12 13:11:41 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 13:11:40 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-01 01:16:29 -------- d-----w- c:\programdata\eSafe
2013-06-01 01:15:02 -------- d-----w- c:\users\john\appdata\roaming\eIntaller
.
==================== Find3M  ====================
.
2013-06-19 16:45:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-19 16:45:23 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-18 13:53:37 952 --sha-w- c:\programdata\KGyGaAvL.sys
2013-06-01 01:16:19 773712 ----a-w- c:\windows\system32\msvcr100.dll
2013-06-01 01:16:19 420944 ----a-w- c:\windows\system32\msvcp100.dll
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-12 13:45:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18:40 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18:40 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14:06 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 18:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 15:37:25.43 ===============
 

 

 



#6 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 19 June 2013 - 08:31 PM

Hi  owd66

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

White Warrior
 



#7 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 21 June 2013 - 08:13 PM

Hello owd66 and welcome.

To start you need to set a restore point. name it something you will recognize.

To create a new Restore Point
Go here and follow the directions.

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

NOTE:
If you get a message that you must reboot the computer before starting deletion, please do so.
At reboot, only AdwCleaner will run and you can only click on the "Delete" button.
When the deletion is done, AdwCleaner will reboot the computer again and open the logfile.

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
    • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
    • Click on the Scan button.
    • When the scan is complete, click OK, then click the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked and then click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes when done.
  • Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

    -- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

I need you to post:
ADWCleaner log
Junk Remover log
MBAM log

How's the computer running now?

White Warrior
 



#8 owd66

owd66
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 22 June 2013 - 11:05 AM

ADW, JRT & MBAM as requested.  No more divert to V9, thanks.  Machine seems to be running much faster.

 

 

 

# AdwCleaner v2.303 - Logfile created 06/22/2013 at 10:57:11
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : John - JOHN-PC
# Boot Mode : Normal
# Running from : C:\Users\John\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\END
File Disinfected : C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
File Disinfected : C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
File Disinfected : C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
File Disinfected : C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\Users\John\AppData\Roaming\eIntaller

***** [Registry] *****

Data Deleted : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://en.v9.com/?utm_source=b&utm_medium=smt&from=smt&uid=SAMSUNGXHN-M500MBB_S2R7JR0B900152&ts=1370049355
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\Software\Desksvc
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\Lucky Savings
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\V9Software

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://en.v9.com/?utm_source=b&utm_medium=smt&from=smt&uid=SAMSUNGXHN-M500MBB_S2R7JR0B900152&ts=1370049355 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - CustomizeSearch] = hxxp://search.v9.com/web/?utm_source=b&utm_medium=smt&from=smt&uid=SAMSUNGXHN-M500MBB_S2R7JR0B900152&ts=3539001 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.v9.com/web/?utm_source=b&utm_medium=smt&from=smt&uid=SAMSUNGXHN-M500MBB_S2R7JR0B900152&ts=3539001 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://en.v9.com/?utm_source=b&utm_medium=smt&from=smt&uid=SAMSUNGXHN-M500MBB_S2R7JR0B900152&ts=1370049355 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://en.v9.com/?utm_source=b&utm_medium=smt&from=smt&uid=SAMSUNGXHN-M500MBB_S2R7JR0B900152&ts=1370049355 --> hxxp://www.google.com

*************************

AdwCleaner[R1].txt - [4603 octets] - [22/06/2013 10:55:56]
AdwCleaner[S1].txt - [3661 octets] - [22/06/2013 10:57:11]

########## EOF - C:\AdwCleaner[S1].txt - [3721 octets] ##########

 

 

**************************************************************************************************************************************

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x86
Ran by John on Sat 06/22/2013 at 11:12:44.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 06/22/2013 at 11:13:57.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

****************************************************************************************************************

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.22.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16618
John :: JOHN-PC [administrator]

6/22/2013 11:24:30 AM
mbam-log-2013-06-22 (11-24-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215064
Time elapsed: 8 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#9 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 23 June 2013 - 10:06 AM

Hello owd66

That's looking good! Your log is clean.
Now, let's do some updates and clean up our mess

Flash Player is out of date.
Go here and update it.

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
Your Adobe Reader is now up to date!

Now we need to clean your restore points as they might be infected.

To Delete All but the Most Recent System Restore Points

Click Start type cleanmgr into the search box and press Enter

Disk Cleanup will open
Select the drive that you want to clean up (usually C) and click OK
NOTE: You will only see this window if you have more than one drive or partition on your computer.
A window will open and calculate how much space you can save.
When it is finished another window will open.
Click the More Options tab.
Click Clean up under the System Restore and Shadow Copies section.
Click Delete to confirm the deletion.
Click OK
A window will ask for confirmation.
Click Delete Files
The files will be deleted and Disk Cleanup will close.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with yes

Delete the Junkware Removal folder from the desktop.

Are there any remaining problems?

White Warrior.
 



#10 owd66

owd66
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 23 June 2013 - 09:21 PM

There doesn't appear to be any remaining problem.

 

Thanks White Warrior

 

OWD66



#11 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 24 June 2013 - 11:06 PM

Hello owd66

That's great to hear that everything is okay.

Now some preventative steps to ensure you don't get infected again:

It is important that you visit http://www.windowsupdate.com regularly.  This will ensure your computer has always the latest security updates available installed on your computer.  If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

You can check your system for out of date software manually, or by using automated tools such as Secunia's Personal Software Inspector. This goes doubly for security applications such as antivirus and other antimalware products based on definition lists, where out of date lists mean no detection of newer malware.

Finally, read this tutorial and follow each of the steps:
http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Happy Surfing.

White Warrior
 



#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 51,217 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:17 AM

Posted 27 June 2013 - 01:42 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


banner.png

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users