Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to connect to network


  • This topic is locked This topic is locked
21 replies to this topic

#1 luie620

luie620

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:42 PM

Posted 17 February 2012 - 02:56 PM

I've been trying to help a friend fix her computer. I seem to be stuck and can't figure it out.

I scanned it with AVG and the only infection that shows up is Trojan horse BackDoor.Generic14.BZSZ. I also scanned with Malwarebytes Anti-Malware and quite a bit more infected files showed up. It crashes whenever I try to repair anything. The computer is running Windows 7 32bit. The only obvious symptoms I can see is it's not able to connect to any network.

Any help would be appreciated!

DDS and GMER logs have been attached.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Maria Valdes at 14:16:42 on 2012-02-17
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.1050 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG2012\avgui.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
BHO: PriceGong Plugin: {1631550f-191d-4826-b069-d9439253d926} - c:\program files\pricegong\2.2.0\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [UpdatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\blu-ray disc suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\blu-ray disc suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
TCP: Interfaces\{AA29A4A9-1117-4031-91D0-07DF257A5A41} : DhcpNameServer = 167.206.245.129 167.206.245.130
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2011/04/12 14:43:20];c:\program files\cyberlink\powerdvd8\000.fcl [2009-11-20 87536]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-8 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-8 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-18 1343400]
.
=============== Created Last 30 ================
.
2012-02-17 18:11:47 -------- d-----w- c:\users\maria valdes\appdata\roaming\Malwarebytes
2012-02-17 18:11:38 -------- d-----w- c:\programdata\Malwarebytes
2012-02-17 18:11:37 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-17 18:11:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-12-11 00:44:14 826880 ----a-w- c:\users\maria valdes\appdata\roaming\4193.tmp
2011-12-10 23:04:27 819200 ----a-w- c:\users\maria valdes\appdata\roaming\25D9.tmp
2011-12-10 23:04:20 826880 ----a-w- c:\users\maria valdes\appdata\roaming\48B.tmp
.
============= FINISH: 14:17:12.63 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:42 AM

Posted 22 February 2012 - 03:04 PM

Hello luie620,

Welcome to the forum and apologies for the delay. If the issue is not resolved yet please update me on the current of the condition.

#3 luie620

luie620
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:42 PM

Posted 23 February 2012 - 02:11 PM

No worries!

I'll be honest with you...I haven't touched it since my original post. Been too busy to keep getting stuck.

Any thoughts?

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:42 AM

Posted 23 February 2012 - 02:15 PM

The system is infected with ZeroAccess and the latest version of this infection requires special treatment.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#5 luie620

luie620
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:42 PM

Posted 23 February 2012 - 04:18 PM

Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 23-02-2012
Ran by SYSTEM at 2012-02-23 16:15:25
Running from F:\
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-09-23] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2009-09-23] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2009-09-23] (Intel Corporation)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM\...\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-12-04] (CyberLink)
HKLM\...\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [91432 2009-07-16] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [50472 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe [75048 2009-11-20] (cyberlink)
HKLM\...\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2010-01-11] (CyberLink Corp.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421160 2011-03-07] (Apple Inc.)
HKLM\...\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash [467240 2008-12-14] (Cisco Systems, Inc.)
HKLM\...\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [642856 2008-12-12] (Cisco Systems, Inc.)
HKLM\...\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" [2415456 2011-10-24] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [460872 2012-01-13] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 167.206.245.129 167.206.245.130

================================ Services (Whitelisted) ==================

2 AVGIDSAgent; "C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe" [4433248 2011-10-12] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files\AVG\AVG2012\avgwdsvc.exe" [192776 2011-08-02] (AVG Technologies CZ, s.r.o.)
2 RichVideo; "C:\Program Files\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-07] ()

========================== Drivers (Whitelisted) =============

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [134736 2011-07-10] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [23120 2011-07-10] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [24272 2011-07-10] (AVG Technologies CZ, s.r.o. )
3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [16720 2011-10-04] (AVG Technologies CZ, s.r.o. )
1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [230608 2011-10-07] (AVG Technologies CZ, s.r.o.)
1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [40016 2011-08-08] (AVG Technologies CZ, s.r.o.)
0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-09-13] (AVG Technologies CZ, s.r.o.)
1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [295248 2011-07-10] (AVG Technologies CZ, s.r.o.)
3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
3 pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [47360 2011-04-12] (VSO Software)
3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
3 VSTHWBS2; C:\Windows\System32\DRIVERS\VSTBS23.SYS [266752 2009-07-13] (Conexant Systems, Inc.)
3 VST_DPV; C:\Windows\System32\DRIVERS\VSTDPV3.SYS [980992 2009-07-13] (Conexant Systems, Inc.)
3 winachsf; C:\Windows\System32\DRIVERS\VSTCNXT3.SYS [661504 2009-07-13] (Conexant Systems, Inc.)
2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl [87536 2009-11-20] (CyberLink Corp.)
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-02-23 16:15 - 2012-02-23 16:15 - 0000000 ____D C:\FRST
2012-02-23 12:57 - 2012-02-23 12:57 - 0000342 ____A C:\Windows\PFRO.log
2012-02-17 10:11 - 2012-02-17 10:11 - 0001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-02-17 10:11 - 2012-02-17 10:11 - 0000000 ____D C:\Users\Maria Valdes\AppData\Roaming\Malwarebytes
2012-02-17 10:11 - 2012-02-17 10:11 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-02-17 10:11 - 2012-02-17 10:11 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-02-17 10:11 - 2012-02-17 10:11 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-02-17 10:11 - 2011-12-10 12:24 - 0020464 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

============ 3 Months Modified Files and Folders ===============

2012-02-23 13:05 - 2011-12-12 21:04 - 0001634 ____A C:\Windows\setupact.log
2012-02-23 13:05 - 2011-04-12 11:38 - 1602973696 __ASH C:\hiberfil.sys
2012-02-23 13:05 - 2009-07-13 20:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-02-23 12:57 - 2012-02-23 12:57 - 0000342 ____A C:\Windows\PFRO.log
2012-02-17 12:16 - 2011-04-12 08:44 - 1676762 ____A C:\Windows\WindowsUpdate.log
2012-02-17 12:16 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\NDF
2012-02-17 11:17 - 2009-07-13 20:34 - 0017168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-02-17 11:17 - 2009-07-13 20:34 - 0017168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-02-17 11:03 - 2011-12-12 15:36 - 0003713 ____A C:\CD3rdPartyWrapper.log
2012-02-17 10:11 - 2012-02-17 10:11 - 0001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-02-17 10:11 - 2012-02-17 10:11 - 0000000 ____D C:\Users\Maria Valdes\AppData\Roaming\Malwarebytes
2012-02-17 10:11 - 2012-02-17 10:11 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-02-17 10:11 - 2012-02-17 10:11 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-02-17 10:11 - 2012-02-17 10:11 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-02-17 10:09 - 2011-04-12 08:54 - 0726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-01-02 17:11 - 2011-04-12 08:46 - 0000000 ____D C:\users\Maria Valdes
2012-01-02 17:11 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\config\TxR
2012-01-02 17:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\DriverStore
2012-01-02 17:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\registration
2011-12-24 18:23 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\AppCompat
2011-12-24 17:50 - 2011-05-30 14:47 - 0000000 ____D C:\Users\Maria Valdes\AppData\Local\ElevatedDiagnostics
2011-12-12 21:08 - 2011-12-12 21:08 - 0012108 ____A C:\Users\Maria Valdes\Documents\art history kat.docx
2011-12-12 21:04 - 2011-12-12 21:04 - 0000000 ____A C:\Windows\setuperr.log
2011-12-12 15:38 - 2011-10-22 08:01 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2011-12-12 15:38 - 2011-10-22 07:58 - 0000000 ____D C:\Users\All Users\MFAData
2011-12-12 15:38 - 2011-10-22 07:58 - 0000000 ____D C:\ProgramData\MFAData
2011-12-12 08:47 - 2011-12-12 08:20 - 0000000 ____D C:\Users\Maria Valdes\AppData\Roaming\AVG
2011-12-12 08:44 - 2011-12-08 12:25 - 0000000 ____D C:\Windows\Minidump
2011-12-12 08:22 - 2009-07-13 20:52 - 0000000 ____D C:\Windows\Downloaded Program Files
2011-12-12 08:19 - 2011-12-12 08:19 - 0001100 ____A C:\Users\Maria Valdes\Desktop\AVG PC Tuneup 2011.lnk
2011-12-12 08:19 - 2011-10-22 08:01 - 0000000 ____D C:\Program Files\AVG
2011-12-11 17:12 - 2011-12-11 12:27 - 0016526 ____A C:\Users\Maria Valdes\Desktop\essay 4.docx
2011-12-11 15:15 - 2011-12-11 13:48 - 0012876 ____A C:\Users\Maria Valdes\Desktop\essay7.docx
2011-12-11 13:37 - 2011-12-11 12:56 - 0016198 ____A C:\Users\Maria Valdes\Desktop\essay6.docx
2011-12-11 12:50 - 2011-12-11 12:32 - 0013116 ____A C:\Users\Maria Valdes\Desktop\essay5.docx
2011-12-11 12:33 - 2011-12-11 12:33 - 0000000 ___HD C:\$AVG
2011-12-10 20:55 - 2011-12-10 20:55 - 0023112 ____A C:\Users\Maria Valdes\Documents\Katherine Valdes final paper fall 1.docx
2011-12-10 20:51 - 2011-12-10 15:15 - 0023125 ____A C:\Users\Maria Valdes\Documents\Katherine Valdes final paper fall.docx
2011-12-10 18:44 - 2011-12-10 18:44 - 0010827 ____A C:\Windows\System32\hs_err_pid4768.log
2011-12-10 16:44 - 2011-12-10 15:04 - 0826880 ____A (Arcsoft, Inc.) C:\Users\Maria Valdes\AppData\Roaming\4193.tmp
2011-12-10 15:21 - 2011-10-22 08:01 - 0000000 ____D C:\Users\All Users\AVG2012
2011-12-10 15:21 - 2011-10-22 08:01 - 0000000 ____D C:\ProgramData\AVG2012
2011-12-10 15:15 - 2011-12-10 15:15 - 0000162 ___AH C:\Users\Maria Valdes\Documents\~$therine Valdes final paper fall.docx
2011-12-10 15:13 - 2011-12-10 15:13 - 0017892 ____A C:\Users\Maria Valdes\Documents\Katherine_Valdes[1][1] (Autosaved).docx
2011-12-10 15:04 - 2011-12-10 15:04 - 0826880 ____A (Arcsoft, Inc.) C:\Users\Maria Valdes\AppData\Roaming\48B.tmp
2011-12-10 15:04 - 2011-12-10 15:04 - 0819200 ____A (Arcsoft, Inc.) C:\Users\Maria Valdes\AppData\Roaming\25D9.tmp
2011-12-10 14:16 - 2011-12-10 14:16 - 0000162 ___AH C:\Users\Maria Valdes\Documents\~$therine Valdes paper 2.docx
2011-12-10 12:24 - 2012-02-17 10:11 - 0020464 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-10 06:04 - 2011-12-10 06:04 - 0010978 ____A C:\Windows\System32\hs_err_pid5764.log
2011-12-09 05:46 - 2011-12-09 05:46 - 0000000 ____D C:\Users\Maria Valdes\AppData\Roaming\TeamViewer
2011-12-09 05:42 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\ModemLogs
2011-12-08 10:43 - 2011-12-05 13:57 - 0000000 __SHD C:\Config.Msi
2011-12-06 14:49 - 2011-04-12 10:53 - 0000000 ____D C:\Users\Maria Valdes\Tracing
2011-12-05 14:12 - 2011-12-05 14:12 - 0000000 ____D C:\Users\Maria Valdes\AppData\Local\{6FB2DFF6-81F0-40AC-8C7E-5809F97ADBAE}
2011-12-05 14:12 - 2011-04-12 10:47 - 0000000 ____D C:\Users\Maria Valdes\AppData\Local\Windows Live
2011-12-05 13:59 - 2011-12-05 13:59 - 0001989 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2011-12-05 13:59 - 2011-12-05 13:59 - 0000000 ____D C:\Program Files\Common Files\Adobe
2011-12-05 13:59 - 2011-04-12 09:38 - 0000000 ____D C:\Users\All Users\Adobe
2011-12-05 13:59 - 2011-04-12 09:38 - 0000000 ____D C:\ProgramData\Adobe
2011-12-05 13:59 - 2011-04-12 09:38 - 0000000 ____D C:\Program Files\Adobe
2011-12-04 18:43 - 2011-12-04 18:43 - 0001264 __ASH C:\Users\Maria Valdes\AppData\Local\sbxqak2c1fil7vra5uhk2v617y7h
2011-12-04 18:43 - 2011-12-04 18:43 - 0001264 __ASH C:\Users\All Users\sbxqak2c1fil7vra5uhk2v617y7h
2011-12-04 18:43 - 2011-12-04 18:43 - 0001264 __ASH C:\ProgramData\sbxqak2c1fil7vra5uhk2v617y7h
2011-12-04 15:21 - 2011-04-12 11:03 - 0000000 ____D C:\Users\Maria Valdes\Documents\jessi
2011-12-01 19:37 - 2011-12-01 19:37 - 0014252 ____A C:\Users\Maria Valdes\Documents\Katherine Valdes =].docx
2011-11-30 12:09 - 2011-11-30 12:02 - 0035328 ____A C:\Users\Maria Valdes\Documents\Melissa Nale1.doc
2011-11-30 11:28 - 2011-11-30 11:28 - 0033792 ____A C:\Users\Maria Valdes\Documents\Melissa Nales.doc
2011-11-30 11:24 - 2011-11-30 11:23 - 0016790 ____A C:\Users\Maria Valdes\Documents\Melissa Nales.docx


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 20%
Total physical RAM: 2038.29 MB
Available physical RAM: 1630.06 MB
Total Pagefile: 2038.29 MB
Available Pagefile: 1632.35 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.31 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:395.31 GB) NTFS
3 Drive f: (FLASH DRIVE) (Removable) (Total:0.48 GB) (Free:0.47 GB) FAT
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 488 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 465 GB 101 MB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 465 GB Healthy

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 488 MB 116 KB

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FLASH DRIVE FAT Removable 488 MB Healthy



==========================================================

Last Boot: 2011-12-25 12:03

======================= End Of Log ==========================

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:42 AM

Posted 23 February 2012 - 04:34 PM

Please download Attached File  fixlist.txt   1.35KB   8 downloads
Save it to your flash drive.
Boot to System Recovery Options, select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

#7 luie620

luie620
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:42 PM

Posted 23 February 2012 - 05:43 PM

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 23-02-2012
Ran by SYSTEM at 2012-02-23 17:41:10 R:1
Running from F:\

==============================================

C:\Users\Maria Valdes\AppData\Local\sbxqak2c1fil7vra5uhk2v617y7h moved successfully.
C:\Users\All Users\sbxqak2c1fil7vra5uhk2v617y7h moved successfully.
C:\ProgramData\sbxqak2c1fil7vra5uhk2v617y7h not found.
permissions for C:\Windows\$NtUninstallKB53011$ restored successfully
C:\Windows\$NtUninstallKB53011$\2853922056\@ moved successfully.
C:\Windows\$NtUninstallKB53011$\2853922056\bckfg.tmp moved successfully.
C:\Windows\$NtUninstallKB53011$\2853922056\cfg.ini moved successfully.
C:\Windows\$NtUninstallKB53011$\2853922056\Desktop.ini moved successfully.
C:\Windows\$NtUninstallKB53011$\2853922056\keywords moved successfully.
C:\Windows\$NtUninstallKB53011$\2853922056\kwrd.dll moved successfully.
C:\Windows\$NtUninstallKB53011$\2853922056\L\xadqgnnk moved successfully.
C:\Windows\$NtUninstallKB53011$\2853922056\lsflt7.ver moved successfully.
C:\Windows\$NtUninstallKB53011$\2853922056\U\00000001.@ moved successfully.
C:\Windows\$NtUninstallKB53011$\2853922056\U\00000002.@ moved successfully.
C:\Windows\$NtUninstallKB53011$\2853922056\U\00000004.@ moved successfully.
C:\Windows\$NtUninstallKB53011$\2853922056\U\80000000.@ moved successfully.
C:\Windows\$NtUninstallKB53011$\2853922056\U\80000004.@ moved successfully.
C:\Windows\$NtUninstallKB53011$\2853922056\U\80000032.@ moved successfully.

========= rd C:\Windows\$NtUninstallKB53011$\2853922056\L =========


========= End of CMD: =========


========= rd C:\Windows\$NtUninstallKB53011$\2853922056\U =========


========= End of CMD: =========


========= rd C:\Windows\$NtUninstallKB53011$\2853922056 =========


========= End of CMD: =========


========= rd C:\Windows\$NtUninstallKB53011$\3348177252 =========

The directory name is invalid.

========= End of CMD: =========


========= rd C:\Windows\$NtUninstallKB53011$ =========

The directory is not empty.

========= End of CMD: =========


==== End of Fixlog ====

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:42 AM

Posted 24 February 2012 - 02:18 AM

  • Please download Attached File  fixlist.txt   95bytes   9 downloads
    Save it to your flash drive.
    Boot to System Recovery Options, select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
  • Restart the computer and let it boot normally.
  • Run command Prompt as Administrator. To do that:
    • Go to Start and type cmd.exe in the Search box.
    • It gives you cmd.exe in the upper part. Right-click cmd.exe and select "Run As Administrator".
    • Copy the following command, right-click in the open Command prompt window and select Paste then press Enter:

      netsh winsock reset
  • Restart once more and check internet connection..
  • Please download Farbar Service Scanner and run it on the computer with the issue.
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


#9 luie620

luie620
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:42 PM

Posted 24 February 2012 - 01:35 PM

Hmm...still no internet connection.

Also, when I was running FSS, an AVG alert came up saying something about tdx. I forgot to take note of it. I noticed the FSS log said it was unable to open the tdx registry key. I disabled AVG resident shield and ran it again but it still shows. Of course you would have more of an idea about it than me!

Here are my logs:






Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 23-02-2012
Ran by SYSTEM at 2012-02-24 13:15:10 R:2
Running from F:\

==============================================

C:\Windows\$NtUninstallKB53011$\3348177252 not found.

========= rd C:\Windows\$NtUninstallKB53011$ =========

The directory is not empty.

========= End of CMD: =========


==== End of Fixlog ====






Farbar Service Scanner Version: 22-02-2012
Ran by Maria Valdes (administrator) on 24-02-2012 at 13:27:15
Running from "I:\"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

tdx Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open tdx registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open tdx registry key. The service key does not exist.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys
[2011-07-08 11:55] - [2010-11-20 03:39] - 0074752 ____A () EA7B23F26DF078304DA4B54314B48B07

C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:42 AM

Posted 24 February 2012 - 02:03 PM

Thanks for the feedback. AVG alerted when you run FSS because FSS tried to scan tdx.sys which is patched (infected). Once We replace it you should be able to get connected.

Don't worry about AVG warning or disable AVG resident shield.

Please run Farbar Service Scanner.
Type the following in the edit box after "Search:".

tdx.sys

Click Search Files button and post the log (FSS.txt) it makes to your reply.

#11 luie620

luie620
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:42 PM

Posted 24 February 2012 - 02:14 PM

Here you go:


Farbar Service Scanner Version: 22-02-2012
Ran by Maria Valdes (administrator) on 24-02-2012 at 14:10:45
Microsoft Windows 7 Ultimate Service Pack 1 (X86)

************************************************
======== Search: "tdx.sys" =========

C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys
[2009-07-13 18:12] - [2009-07-13 18:12] - 0074240 ____A (Microsoft Corporation) CB39E896A2A83702D1737BFD402B3542

C:\Windows\System32\drivers\tdx.sys
[2011-07-08 11:55] - [2010-11-20 03:39] - 0074752 ____A () EA7B23F26DF078304DA4B54314B48B07

====== End Of Search ======

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:42 AM

Posted 24 February 2012 - 03:13 PM

Please download Attached File  fix.bat   186bytes   2 downloads
Transfer it to infected computer.
Right-click fix.bat and select "Run as administrator".
Restart the computer and check internet connection.

#13 luie620

luie620
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:42 PM

Posted 24 February 2012 - 03:29 PM

Hmm still not working. In the Network and Sharing Center, it stays stuck on "Identifying..." under "View your active networks."

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:42 AM

Posted 24 February 2012 - 03:41 PM

Please download Attached File  tdx.reg   745bytes   1 downloads
Double-click to run it and allow to merge.
Reboot and check the connection.

Edited by farbar, 24 February 2012 - 03:53 PM.


#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:42 AM

Posted 24 February 2012 - 03:52 PM

I edited the previous post.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users