Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

vista security / redirect virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 philwdavies

philwdavies

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 24 April 2010 - 07:54 AM

A few months back, my laptop got a virus that made fake security programs pop up on my computer - vista antivirus and numerous other names (different every time I got it). I read various websites and managed to remove it (or so I thought)
Two days ago, the virus came again (or prob never actually got removed properly). I tried to remove it in the same way, but it now keeps coming back. On top of this, I have a further problem, which I assume is related to this. When I click on google links, I am often redirected to a totally different website to the link, different each time and consisting of various adverts.
The problem has not totally shut down my computer; I am writing to you on it now. This means I could try all the fixes I could find, including the ones from your website, but nothing is working. Malware bytes doesn't find anything when I scan. The vista antivirus problem only comes sometimes, so right now it is not showing itself, whereas the redirect problem is always there.
I followed your guide for what reports to forward to you step by step, and although I managed to run the first couple of scans / logs, my computer will not let me run GMER software. Every time I try to run it, the computer shuts down and restarts - I assume this is part of the virus. The DDS log is below, and the attatch.txt attached, please please help me get rid of this horrible thing!


DDS (Ver_10-03-17.01) - NTFSx86
Run by Phil at 8:54:21.43 on 24/04/2010
Internet Explorer: 8.0.6001.18904
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.747 [GMT 1:00]

SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\BUFFALO\Encrdisk\ENCRDLG.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Windows\system32\igfxext.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\Aware.exe
C:\Users\Phil\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Program Files\SMART Technologies\SMART Board Drivers\Marker.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\MsnVane.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Users\Phil\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.co.uk/ig?hl=en
mStart Page = hxxp://en.uk.acer.yahoo.com
mDefault_Page_URL = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
uRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe
uRun: [Skytel] Skytel.exe
uRun: [RtHDVCpl] RtHDVCpl.exe
uRun: [PLFSet] rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Symantec PIF AlertEng] c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll
uRun: [LManager] c:\progra~1\launch~1\LManager.exe
uRun: [EPSON Stylus SX200 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiefe.exe /fu "c:\windows\temp\E_S99C2.tmp" /EF "HKCU"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [{1F1CC264-C1B1-D3B0-45E7-DD5E952C1834}] c:\users\phil\appdata\roaming\etosbe\zipi.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1100470.exe -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.30729; Tablet PC 2.0)" -"http://www.quizville.com/mathGames/fractionsDecimalsAndPercents/percentsClick(easy).html"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Wireless Manager] "c:\program files\virgin broadband wireless\Wireless Manager.exe" startup
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [PLFSet] rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting
mRun: [SMART Board Service] c:\program files\smart technologies\smart board drivers\SMARTBoardService.exe
mRun: [SMART SNMP Agent] c:\program files\smart technologies\smart board drivers\SMARTSNMPAgent.exe -e
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DelayShred] c:\progra~1\mcafee\mshr\shrcl.exe /p7 /q c:\users\phil\appdata\local\temp\vbe.sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\fdyb1lug\info-awc[1].sh! c:\users\phil\appdata\local\temp\hsperfdata_phil.sh! c:\users\phil\appdata\local\temp\e4j384f.sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\i9ukbo6m\browse[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\i9ukbo6m\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\7b26dz7l\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\e5zx1r0y\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\epnut235\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\enyodlt2\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\chmvmzwe\info-awc[1].sh! c:\users\phil\appdata\local\temp\e4j621e.sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\gpfselt3\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\3f50qnsd\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\enu5q2am\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\xawpfhas\info-awc[1].sh! c:\users\phil\appdata\local\temp\e4j5d0d.sh! c:\users\phil\appdata\local\temp\e4j162e.sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\emj936pc\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\cj7tty0h\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\n9iq9bnm\_page_recommend[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\wrkjit25\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\gglxy0ah\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\fq3dqz34\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\xnuvshtw\_page_recommend[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\o4d3zvpv\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\2l80xg35\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\aru7d1mv\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\22lilflm\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\jj0v2dp2\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\qzsuu56w\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\d2ib3624\_page_recommend[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\m6a3qee3\_page_recommend[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\z54tlj0c\_page_recommend[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\m0kslq58\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\m6a3qee3\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\z54tlj0c\sminstrumentation[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\d2ib3624\smappdata[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\m0kslq58\smsyncmessage[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\z54tlj0c\smregistry[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\m6a3qee3\smuicontainer[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\m6a3qee3\smsystemdata[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\d2ib3624\smversion1[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\m6a3qee3\smclientdb[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\z54tlj0c\smsubscriptiondata[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\m0kslq58\syncmessage[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\d2ib3624\smutils[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\z54tlj0c\smproviderenum[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\z54tlj0c\smversionmgr[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\d2ib3624\_page_recommend[2].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\d2ib3624\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\xo5qq6p6\details[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\xo5qq6p6\_page_recommend[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\m0kslq58\newfcr[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\d2ib3624\600x60_partyplanner[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\xo5qq6p6\728x100_sexyandfunny[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\c83cwqlt\adbritenew[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\c1rx5l9m\piclist[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\c1rx5l9m\redirectiframe[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\c83cwqlt\history_manager[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\xo5qq6p6\10[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\c83cwqlt\_page_recommend[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\xo5qq6p6\piclist[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\m0kslq58\_page_recommend[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\m6a3qee3\blank[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\xo5qq6p6\history_manager[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\c83cwqlt\page5e[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\z54tlj0c\10[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\c1rx5l9m\_page_recommend[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\c1rx5l9m\index[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\d2ib3624\redirectiframe[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\m0kslq58\default[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\m6a3qee3\history_manager[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\rsarnjdr\nav[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\m0kslq58\menu[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\c1rx5l9m\marketview[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\m0kslq58\blank[9].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\d2ib3624\blank[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\c1rx5l9m\soccer_betfair_com[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\rsarnjdr\navbar[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\c1rx5l9m\subnav[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\c83cwqlt\blank[1].sh! "c:\users\phil\appdata\local\temp\smart technologies\smart notebook\tempfiles.sh!" "c:\users\phil\appdata\local\temp\smart technologies\smart notebook\notebookcrashrecovery\notebook\images.sh!" "c:\users\phil\appdata\local\temp\smart technologies\smart notebook\notebookcrashrecovery\notebook.sh!" "c:\users\phil\appdata\local\temp\smart technologies\smart notebook\notebookcrashrecovery.sh!" "c:\users\phil\appdata\local\temp\smart technologies\smart notebook.sh!" "c:\users\phil\appdata\local\temp\smart technologies.sh!" c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\m6a3qee3\pound_sign[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\3ii2568i\_page_recommend[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\3ii2568i\ad_300[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\9h04dbbs\3122430[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\sr9rvc8s\addgroup[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\3ii2568i\10[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\lff0s1tz\redirectiframe[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\sr9rvc8s\history_manager[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\sr9rvc8s\sh08[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\sr9rvc8s\_page_recommend[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\lff0s1tz\blank[2].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\sr9rvc8s\blank[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\3ii2568i\soccer_betfair_com[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\sr9rvc8s\subnav[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\9h04dbbs\nav[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\3ii2568i\marketview[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\lff0s1tz\header[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\9h04dbbs\marketview[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\lff0s1tz\menu[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\lff0s1tz\minigames[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\sr9rvc8s\navbar[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\lff0s1tz\dataframe[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\3ih13o3f\sadie_s5-068[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\lff0s1tz\10[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\x2so55en\samantha-stone_s1-157[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\sr9rvc8s\sh09[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\x2so55en\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\9h04dbbs\_page_recommend[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\2rf39bjk\payandconditions;kw=;pos=mputop;sz=300x250;tile=1;ord=7050[1].SH!
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logitech setpoint.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\smart board tools.lnk - c:\program files\smart technologies\smart board drivers\SMARTBoardTools.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - c:\microgaming\poker\ladbrokesmpp\MPPoker.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\siteadvisor\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\siteadvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\phil\appdata\roaming\mozilla\firefox\profiles\huafepvt.default\
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mpcstar\codecs\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\mpcstar\codecs\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\virgin broadband\advisor\nprpspa.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 SecureLockWare_EncryptFilterDriver;SecureLockWare Encryption Filter driver;c:\windows\system32\drivers\ENCRFIL.SYS [2009-3-20 725120]
R0 SecureLockWare_EncryptFilterDriver2;SecureLockWare Encryption Filter driver Ver.2;c:\windows\system32\drivers\SLWFIL.SYS [2009-3-20 725248]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-27 214664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-11-14 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-11-14 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\virusscan\mcshield.exe [2008-11-14 144704]
R2 Realtek11nSU;Realtek11nSU;c:\program files\realtek\11n usb wireless lan utility\RtlService.exe [2010-4-10 40960]
R2 SecureLockWare_InputPassword;SecureLockWare Service;c:\program files\buffalo\encrdisk\encrdlg.exe -service_execute --> c:\program files\buffalo\encrdisk\ENCRDLG.exe -Service_Execute [?]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\virusscan\mcsysmon.exe [2008-11-14 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-11-14 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-11-14 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-11-14 40552]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\drivers\SMARTMouseFilterx86.sys [2009-9-17 11048]
R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\drivers\SMARTVHidMini2000x86.sys [2009-9-17 14120]
R3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\drivers\SMARTVTabletPCx86.sys [2009-9-17 13440]
S2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe -service --> c:\windows\system32\dlbkcoms.exe -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-16 135664]
S2 ProfSvc Notice Service;User Profile Service ProfSvc Notice Service;c:\windows\system32\advapi32c.exe srv --> c:\windows\system32\advapi32c.exe srv [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-8 179712]
S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2009-8-19 15872]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-8-25 21504]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-11-14 34248]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192su.sys [2010-4-10 528896]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2008-9-24 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2008-9-24 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2008-9-24 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [2008-9-24 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [2008-9-24 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [2008-9-24 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [2008-9-24 97704]
S3 SCPMp50;SCPMp50 NDIS Protocol Driver;c:\windows\system32\drivers\scpmp50.sys [2006-11-28 28224]
S3 SCPSp50;SCPSp50 NDIS Protocol Driver;c:\windows\system32\drivers\scpsp50.sys [2006-11-28 27072]
S3 WSVD;WSVD;c:\windows\system32\drivers\wsvd.sys [2008-8-22 80744]

=============== Created Last 30 ================

2010-04-23 23:21:13 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-04-23 23:21:04 0 d-----w- c:\program files\SUPERAntiSpyware
2010-04-23 23:21:03 0 d-----w- c:\users\phil\appdata\roaming\SUPERAntiSpyware.com
2010-04-23 23:19:21 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-04-21 19:19:54 0 d-----w- c:\windows\system32\MpEngineStore
2010-04-21 19:07:29 0 d-----w- c:\programdata\avG
2010-04-17 09:18:07 0 d-----w- c:\program files\directx
2010-04-16 10:49:46 0 d-----w- c:\users\phil\appdata\roaming\Malwarebytes
2010-04-16 10:02:56 0 d-----w- c:\program files\Hobbyist Software
2010-04-16 09:37:43 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-16 09:37:42 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-16 09:37:41 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-16 09:37:36 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-04-16 09:37:35 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-04-16 09:37:30 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-16 09:37:10 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-16 09:37:09 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-16 09:36:51 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-16 09:36:50 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-16 09:36:49 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 10:26:52 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 10:26:49 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-10 09:43:11 0 d-----w- c:\program files\Cisco
2010-04-10 09:42:27 528896 ----a-r- c:\windows\system32\drivers\rtl8192su.sys
2010-04-10 09:42:26 614400 ------r- c:\windows\Rtlihvs.dll
2010-04-10 09:42:26 380928 ------r- c:\windows\RtlUI2.exe
2010-04-10 09:42:26 188416 ------r- c:\windows\RTLExtUI.dll
2010-04-10 09:42:25 614400 ------r- c:\windows\system32\Rtlihvs.dll
2010-04-10 09:42:24 380928 ------r- c:\windows\system32\RtlUI2.exe
2010-04-10 09:42:23 188416 ------r- c:\windows\system32\RTLExtUI.dll
2010-04-10 09:42:12 451072 ----a-w- c:\windows\system32\ISSRemoveSP.exe
2010-04-09 12:56:22 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-06 15:53:16 0 d-----w- c:\program files\iPod
2010-04-06 15:53:04 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-06 15:53:04 0 d-----w- c:\program files\iTunes
2010-04-06 15:45:02 0 d-----w- c:\program files\Bonjour

==================== Find3M ====================

2010-04-24 07:47:05 5216 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-04-10 09:42:30 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-10 09:42:30 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-04-10 09:42:30 143360 ----a-w- c:\windows\inf\infstor.dat
2010-03-29 23:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 23:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-24 21:41:48 103472 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05:14 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 16:19:05 171788 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-12 10:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 10:32:56 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-01-25 12:00:35 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00:35 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00:35 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00:22 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58:52 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21:20 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21:20 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21:18 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21:18 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2009-11-15 00:02:19 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-10-11 11:55:02 262144 ----a-w- c:\program files\Uninstall Ask Toolbar.dll
2008-08-27 22:13:51 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-10-27 14:45:53 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2007-10-31 00:12:58 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 8:56:53.00 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:28 AM

Posted 29 April 2010 - 12:51 AM

Hi,

Try to run GMER by having just sections option checked. Post the report & fresh dds logs.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:28 AM

Posted 08 May 2010 - 03:54 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users