Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Startup Repair After Spyware Doctor


  • This topic is locked This topic is locked
36 replies to this topic

#1 eleckson

eleckson

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 28 September 2012 - 01:14 PM

Hey there guys, I was getting a message from my Mcafee about having a trojan called "C:/Assembly/GAC_Desktop_x64.ini" I believe, and also an x32 variant. It asked for me to restart to remove it, and this didn't work. I'm thinking this is the cause of all the redirects I've been getting on my web browsers. Ran a full Malwarebytes scan as I usually do, and a full Mcafee scan. Malwarebytes found no infections and Mcafee found the trojans but couldn't remove them. I downloaded and ran PC tools Spyware Doctor (full version) and it found the trojans, plus about 20 or so other infections (about 6 were high-risk) and among them were the GAC_Desktop trojans. All seemed well and when it prompted to reboot after the spyware removal, I clicked yes. After this, when it tried to reboot, I got the Startup Repair tool which automatically started "attempting repairs" and has been running for a couple hours now. I've read similar stories on the forum and all the fixes provided are specific to that user, so I'm hoping someone can help me out as well! It'd be greatly appreciated. I've got a Dell R15 laptop with Windows 7 64-bit if it helps.

Edited by eleckson, 28 September 2012 - 01:15 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:23 AM

Posted 28 September 2012 - 01:18 PM

Stop the startup repair by restarting the PC

Press F8 on bootup

Select REPAIR YOUR COMPUTER

Click on REPAIR

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Can you get to this screen?

#3 eleckson

eleckson
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 28 September 2012 - 01:34 PM

Thank you for the swift response, yes I can and am currently on the System Recovery Options screen.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:23 AM

Posted 28 September 2012 - 01:39 PM

Click on system restore

Restore to a previous point.Let me know if you're able to boot after system restore

#5 eleckson

eleckson
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 28 September 2012 - 02:42 PM

It is currently restoring, but I forgot to mention and feel I should add that just before the Spyware Doctor scan, I also ran Regfix Free which found Nearly 700 registry errors, but was only able to correct about 30 since I don't have the full version. A restore point was made just prior to this though, which I am now restoring to.

#6 eleckson

eleckson
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 28 September 2012 - 03:53 PM

After the restore I rebooted and it froze on the black screen with the windows logo and "starting" under it. I then tried to boot in safe mode and it took me back to the startup repair screen from before.

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:23 AM

Posted 28 September 2012 - 05:48 PM

I hope you can enter COMMAND PROMPT using recovery console.

Let me ask a malware response team member to assist you

#8 eleckson

eleckson
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 28 September 2012 - 05:58 PM

Ah me too, I appreciate that!

#9 eleckson

eleckson
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 28 September 2012 - 06:08 PM

I was able to enter Command Prompt in the recovery console as well.

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,315 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:23 AM

Posted 28 September 2012 - 11:13 PM

:welcome:

Lets give it a try. You will need a USB Flash drive.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 eleckson

eleckson
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 28 September 2012 - 11:36 PM

Thanks a Ton! Here's what I got.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2012
Ran by SYSTEM at 28-09-2012 21:30:57
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1890088 2010-03-17] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3179288 2010-01-06] (Dell Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207350 2011-01-25] ()
HKLM\...\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" [2306448 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-17] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [x]
HKLM-x32\...\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [x]
HKLM-x32\...\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [x]
HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1535112 2012-09-12] (McAfee, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-07-11] (Nullsoft, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [ISTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI [2673624 2012-06-22] (PC Tools)
HKU\Kayshot\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation)
HKU\Kayshot\...\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\Kayshot\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1353080 2012-08-04] (Valve Corporation)
HKU\Kayshot\...\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED [6380400 2012-05-26] (BitTorrent, Inc.)
HKU\Kayshot\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [1022352 2012-07-01] (BitTorrent, Inc.)
HKU\Kayshot\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4786048 2012-07-08] (SUPERAntiSpyware.com)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3557F32B-E08B-4CBF-828D-EF530BDBAECD}: [NameServer]208.67.222.222
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\EZ VHS Converter Monitor.lnk
ShortcutTarget: EZ VHS Converter Monitor.lnk -> C:\Program Files (x86)\ION\EZ Video Converter\MediaTVMonitor.exe (ADS Corp.)
Startup: C:\Users\Kayshot\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

==================== Services (Whitelisted) ===================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 Browser Defender Update Service; "C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe" [575448 2012-06-22] (Threat Expert Ltd.)
2 DellDigitalDelivery; "C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" [173056 2012-08-02] (Dell Products, LP.)
2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [326704 2010-10-15] ()
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-11] (McAfee, Inc.)
3 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [220528 2010-08-30] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-11] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-11] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-11] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-11] (McAfee, Inc.)
3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [383608 2012-08-25] (McAfee, Inc.)
4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-11] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-11] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [237920 2012-06-22] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218320 2012-06-22] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [177144 2012-06-22] (McAfee, Inc.)
2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [202048 2010-09-07] ()
4 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-11] (McAfee, Inc.)
2 sdAuxService; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [402368 2012-06-22] (PC Tools)
2 sdCoreService; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [1118680 2012-06-22] (PC Tools)
2 CLKMSVC10_9EC60124; "C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe" /svc [x]

==================== Drivers (Whitelisted) =====================

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [69672 2012-06-22] (McAfee, Inc.)
3 ffusb2audio; C:\Windows\System32\Drivers\ffusb2audio.sys [59224 2011-09-22] (Focusrite Audio Engineering Limited.)
3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
3 MBOXMINI; C:\Windows\System32\DRIVERS\AvidMboxMini.sys [421680 2012-02-23] (Avid)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [169320 2012-06-22] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [300392 2012-06-22] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [513456 2012-06-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [752672 2012-06-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [335784 2012-06-22] (McAfee, Inc.)
3 PCTBD; C:\Windows\System32\Drivers\PCTBD64.sys [85224 2012-06-22] (PC Tools)
0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [426616 2012-04-23] (PC Tools)
0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [453896 2012-02-28] (PC Tools)
0 pctEFA; C:\Windows\System32\drivers\pctEFA64.sys [1096176 2012-02-28] (PC Tools)
1 pctgntdi; \??\C:\Windows\System32\drivers\pctgntdi64.sys [341200 2012-06-22] (PC Tools)
3 pctplsg; \??\C:\Windows\System32\drivers\pctplsg64.sys [92928 2012-06-22] (PC Tools)
1 PCTSD; C:\Windows\System32\Drivers\PCTSD64.sys [251560 2012-06-22] (PC Tools)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SeratoUsb; C:\Windows\System32\Drivers\SeratoUsb.sys [50808 2010-11-22] (Cristalink Ltd)
0 Tpkd; C:\Windows\SysWow64\Drivers\Tpkd.sys [72608 2006-10-05] (PACE Anti-Piracy, Inc.)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-11-02] ()
3 VCR2PC; C:\Windows\System32\DRIVERS\0140_ION.sys [301504 2008-09-22] (Trident Multimedia Technologies Co.,Ltd)
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
3 mfeavfk01; [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-09-28 21:30 - 2012-09-28 21:30 - 00000000 ____D C:\FRST
2012-09-27 21:18 - 2012-09-27 21:18 - 00002253 ____A C:\Users\Public\Desktop\PC Tools Internet Security.lnk
2012-09-27 21:18 - 2012-09-27 21:18 - 00002253 ____A C:\Users\All Users\Desktop\PC Tools Internet Security.lnk
2012-09-27 20:50 - 2012-06-22 13:39 - 02267096 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
2012-09-27 20:50 - 2012-06-22 13:39 - 01689560 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
2012-09-27 20:50 - 2012-06-22 13:39 - 00149464 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
2012-09-27 20:50 - 2012-06-22 13:39 - 00085224 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD64.sys
2012-09-27 20:50 - 2012-06-22 13:38 - 00767960 ____A C:\Windows\BDTSupport.dll
2012-09-27 20:50 - 2012-06-22 12:43 - 00003488 ____A C:\Windows\UDB.zip
2012-09-27 20:50 - 2012-06-22 12:43 - 00000882 ____A C:\Windows\RegSDImport.xml
2012-09-27 20:50 - 2012-06-22 12:43 - 00000879 ____A C:\Windows\RegISSImport.xml
2012-09-27 20:50 - 2012-06-22 12:43 - 00000131 ____A C:\Windows\IDB.zip
2012-09-27 20:49 - 2012-09-27 20:49 - 00000000 ____D C:\Program Files (x86)\PC Tools
2012-09-27 20:49 - 2012-06-22 17:35 - 00092928 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg64.sys
2012-09-27 20:49 - 2012-06-22 17:33 - 00014808 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix64.sys
2012-09-27 20:49 - 2012-06-22 17:29 - 00341200 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi64.sys
2012-09-27 20:49 - 2012-06-22 17:29 - 00145464 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter64.sys
2012-09-27 20:44 - 2012-09-28 10:48 - 02358989 ____A C:\Windows\System32\Drivers\Cat.DB
2012-09-27 20:44 - 2012-06-22 17:35 - 00251560 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-09-27 20:44 - 2012-04-23 14:36 - 00426616 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore64.sys
2012-09-27 20:44 - 2012-02-28 13:43 - 01096176 ____A (PC Tools) C:\Windows\System32\Drivers\pctEFA64.sys
2012-09-27 20:44 - 2012-02-28 13:43 - 00453896 ____A (PC Tools) C:\Windows\System32\Drivers\pctDS64.sys
2012-09-27 19:38 - 2012-09-28 13:33 - 00000000 ____D C:\Program Files (x86)\Promosoft Corporation
2012-09-27 19:38 - 2012-09-27 20:54 - 00000710 ____A C:\Windows\Tasks\Free Registry Fix.job
2012-09-27 19:38 - 2012-09-27 19:38 - 00001486 ____A C:\Users\Public\Desktop\Free Registry Fix.lnk
2012-09-27 19:38 - 2012-09-27 19:38 - 00001486 ____A C:\Users\All Users\Desktop\Free Registry Fix.lnk
2012-09-27 19:38 - 2012-09-27 19:38 - 00000000 ____D C:\Users\Kayshot\Local Settings\Promosoft Corporation
2012-09-27 19:38 - 2012-09-27 19:38 - 00000000 ____D C:\Users\Kayshot\Local Settings\Application Data\Promosoft Corporation
2012-09-27 19:38 - 2012-09-27 19:38 - 00000000 ____D C:\Users\Kayshot\AppData\Local\Promosoft Corporation
2012-09-27 19:37 - 2012-09-27 20:49 - 00000000 ____D C:\Users\All Users\PC Tools
2012-09-27 19:37 - 2012-09-27 20:49 - 00000000 ____D C:\Users\All Users\Application Data\PC Tools
2012-09-27 19:37 - 2012-09-27 19:37 - 02947816 ____A (Promosoft Corporation) C:\Users\Kayshot\Downloads\frf_demo2.exe
2012-09-27 19:37 - 2012-09-27 19:37 - 00000000 ____D C:\Users\Kayshot\Application Data\TestApp
2012-09-27 19:37 - 2012-09-27 19:37 - 00000000 ____D C:\Users\Kayshot\AppData\Roaming\TestApp
2012-09-26 16:28 - 2012-04-20 18:40 - 00196440 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\HipShieldK.sys
2012-09-24 17:23 - 2012-09-24 17:24 - 00002681 ____A C:\Users\Kayshot\Desktop\MidGranularReeseEdit.nki
2012-09-24 17:23 - 2012-09-24 17:23 - 00000000 ____D C:\Users\Kayshot\Desktop\MidGranularReeseEdit Samples
2012-09-23 23:08 - 2012-09-23 23:08 - 09573296 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-09-18 14:01 - 2012-09-28 12:03 - 00014630 ____A C:\Windows\PFRO.log
2012-09-18 14:01 - 2012-09-18 14:01 - 503975438 ____A C:\Windows\MEMORY.DMP
2012-09-18 14:01 - 2012-09-18 14:01 - 00262144 ____A C:\Windows\Minidump\091812-21294-01.dmp
2012-09-18 00:54 - 2012-09-18 00:54 - 00000497 ____A C:\Users\Kayshot\Desktop\Desktop.lnk
2012-09-17 19:17 - 2012-09-27 20:54 - 00001176 ____A C:\Windows\setupact.log
2012-09-17 19:17 - 2012-09-17 19:17 - 00000000 ____A C:\Windows\setuperr.log
2012-09-17 18:21 - 2012-09-28 13:33 - 00000000 ____D C:\Program Files\CCleaner
2012-09-17 18:20 - 2012-09-17 18:20 - 03927560 ____A (Piriform Ltd) C:\Users\Kayshot\Downloads\ccsetup322.exe
2012-09-16 01:51 - 2012-09-16 01:51 - 00000000 ____A C:\Windows\SysWOW64\sho445D.tmp
2012-09-15 02:04 - 2012-09-28 13:33 - 00000000 __HDC C:\Users\All Users\Application Data\{2CD82595-0327-40C7-ADBC-62745295C2B1}
2012-09-15 02:04 - 2012-09-28 13:33 - 00000000 __HDC C:\Users\All Users\{2CD82595-0327-40C7-ADBC-62745295C2B1}
2012-09-15 02:04 - 2012-09-15 02:04 - 00001011 ____A C:\Users\Public\Desktop\Reaktor 5.lnk
2012-09-15 02:04 - 2012-09-15 02:04 - 00001011 ____A C:\Users\All Users\Desktop\Reaktor 5.lnk
2012-09-14 23:48 - 2012-09-28 13:33 - 00000000 __HDC C:\Users\All Users\Application Data\{A9158F4E-7914-4019-808A-D4D4993E9958}
2012-09-14 23:48 - 2012-09-28 13:33 - 00000000 __HDC C:\Users\All Users\{A9158F4E-7914-4019-808A-D4D4993E9958}
2012-09-14 23:48 - 2012-09-14 23:48 - 00001016 ____A C:\Users\Public\Desktop\Kontakt 5.lnk
2012-09-14 23:48 - 2012-09-14 23:48 - 00001016 ____A C:\Users\All Users\Desktop\Kontakt 5.lnk
2012-09-14 23:44 - 2012-09-28 13:33 - 00000000 __HDC C:\Users\All Users\Application Data\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2012-09-14 23:44 - 2012-09-28 13:33 - 00000000 __HDC C:\Users\All Users\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2012-09-14 23:44 - 2012-09-14 23:44 - 00001061 ____A C:\Users\Public\Desktop\Service Center.lnk
2012-09-14 23:44 - 2012-09-14 23:44 - 00001061 ____A C:\Users\All Users\Desktop\Service Center.lnk
2012-09-13 21:10 - 2012-09-13 21:10 - 00000000 ____D C:\Users\All Users\iZotope
2012-09-13 21:10 - 2012-09-13 21:10 - 00000000 ____D C:\Users\All Users\Application Data\iZotope
2012-09-10 00:15 - 2011-02-04 18:24 - 00019000 ____A (Novation DMS Ltd.) C:\Windows\System32\nvnusbaudio_coinst.dll
2012-09-09 15:24 - 2012-09-10 00:15 - 00000000 ____D C:\Program Files\Focusrite
2012-09-09 15:24 - 2012-09-09 15:24 - 01336210 ____A (Focusrite Audio Engineering Ltd. ) C:\Users\Kayshot\Downloads\saffire-6-usb1.exe
2012-09-09 15:24 - 2011-09-22 20:05 - 00059224 ____A (Focusrite Audio Engineering Limited.) C:\Windows\System32\Drivers\ffusb2audio.sys
2012-09-09 15:24 - 2011-09-22 20:05 - 00021336 ____A (Focusrite Audio Engineering Limited.) C:\Windows\System32\ffusb2audio_coinst.dll
2012-09-08 02:17 - 2012-09-08 02:17 - 23755885 ____A (Igor Pavlov) C:\Users\Kayshot\Downloads\tor-browser-2.2.38-2_en-US.exe
2012-09-07 02:39 - 2012-09-07 02:39 - 00000000 ____A C:\Windows\SysWOW64\shoEE33.tmp
2012-08-31 13:07 - 2012-08-31 13:07 - 00022260 ____A C:\Users\Kayshot\My Documents\Bass.rns
2012-08-31 13:07 - 2012-08-31 13:07 - 00022260 ____A C:\Users\Kayshot\Documents\Bass.rns

==================== 3 Months Modified Files ==================

2012-09-28 12:03 - 2012-09-18 14:01 - 00014630 ____A C:\Windows\PFRO.log
2012-09-28 11:08 - 2012-03-30 14:41 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-28 10:48 - 2012-09-27 20:44 - 02358989 ____A C:\Windows\System32\Drivers\Cat.DB
2012-09-27 21:18 - 2012-09-27 21:18 - 00002253 ____A C:\Users\Public\Desktop\PC Tools Internet Security.lnk
2012-09-27 21:18 - 2012-09-27 21:18 - 00002253 ____A C:\Users\All Users\Desktop\PC Tools Internet Security.lnk
2012-09-27 21:03 - 2009-07-13 23:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-27 21:03 - 2009-07-13 23:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-27 20:54 - 2012-09-27 19:38 - 00000710 ____A C:\Windows\Tasks\Free Registry Fix.job
2012-09-27 20:54 - 2012-09-17 19:17 - 00001176 ____A C:\Windows\setupact.log
2012-09-27 20:54 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-27 19:38 - 2012-09-27 19:38 - 00001486 ____A C:\Users\Public\Desktop\Free Registry Fix.lnk
2012-09-27 19:38 - 2012-09-27 19:38 - 00001486 ____A C:\Users\All Users\Desktop\Free Registry Fix.lnk
2012-09-27 19:37 - 2012-09-27 19:37 - 02947816 ____A (Promosoft Corporation) C:\Users\Kayshot\Downloads\frf_demo2.exe
2012-09-26 20:51 - 2012-04-06 01:16 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-26 20:51 - 2012-04-06 01:16 - 00001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-24 17:24 - 2012-09-24 17:23 - 00002681 ____A C:\Users\Kayshot\Desktop\MidGranularReeseEdit.nki
2012-09-23 23:08 - 2012-09-23 23:08 - 09573296 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-09-23 23:08 - 2012-03-30 14:41 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-23 23:08 - 2011-05-28 14:31 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-18 14:01 - 2012-09-18 14:01 - 503975438 ____A C:\Windows\MEMORY.DMP
2012-09-18 14:01 - 2012-09-18 14:01 - 00262144 ____A C:\Windows\Minidump\091812-21294-01.dmp
2012-09-18 00:54 - 2012-09-18 00:54 - 00000497 ____A C:\Users\Kayshot\Desktop\Desktop.lnk
2012-09-17 19:17 - 2012-09-17 19:17 - 00000000 ____A C:\Windows\setuperr.log
2012-09-17 18:20 - 2012-09-17 18:20 - 03927560 ____A (Piriform Ltd) C:\Users\Kayshot\Downloads\ccsetup322.exe
2012-09-16 01:51 - 2012-09-16 01:51 - 00000000 ____A C:\Windows\SysWOW64\sho445D.tmp
2012-09-15 02:47 - 2011-11-07 17:17 - 00000016 ____A C:\Windows\SysWOW64\w3data.vss
2012-09-15 02:47 - 2011-11-07 17:17 - 00000016 ____A C:\Windows\SysWOW64\msvcsv60.dll
2012-09-15 02:47 - 2011-11-07 17:17 - 00000016 ____A C:\Windows\msocreg32.dat
2012-09-15 02:04 - 2012-09-15 02:04 - 00001011 ____A C:\Users\Public\Desktop\Reaktor 5.lnk
2012-09-15 02:04 - 2012-09-15 02:04 - 00001011 ____A C:\Users\All Users\Desktop\Reaktor 5.lnk
2012-09-14 23:48 - 2012-09-14 23:48 - 00001016 ____A C:\Users\Public\Desktop\Kontakt 5.lnk
2012-09-14 23:48 - 2012-09-14 23:48 - 00001016 ____A C:\Users\All Users\Desktop\Kontakt 5.lnk
2012-09-14 23:44 - 2012-09-14 23:44 - 00001061 ____A C:\Users\Public\Desktop\Service Center.lnk
2012-09-14 23:44 - 2012-09-14 23:44 - 00001061 ____A C:\Users\All Users\Desktop\Service Center.lnk
2012-09-09 15:24 - 2012-09-09 15:24 - 01336210 ____A (Focusrite Audio Engineering Ltd. ) C:\Users\Kayshot\Downloads\saffire-6-usb1.exe
2012-09-08 02:17 - 2012-09-08 02:17 - 23755885 ____A (Igor Pavlov) C:\Users\Kayshot\Downloads\tor-browser-2.2.38-2_en-US.exe
2012-09-07 19:04 - 2011-07-17 20:56 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-07 02:39 - 2012-09-07 02:39 - 00000000 ____A C:\Windows\SysWOW64\shoEE33.tmp
2012-08-31 13:07 - 2012-08-31 13:07 - 00022260 ____A C:\Users\Kayshot\My Documents\Bass.rns
2012-08-31 13:07 - 2012-08-31 13:07 - 00022260 ____A C:\Users\Kayshot\Documents\Bass.rns
2012-08-26 20:54 - 2012-08-26 20:52 - 43864844 ____A C:\Users\Kayshot\Downloads\4-Spor - 1 Up-LFTD002.wav
2012-08-22 12:25 - 2012-08-22 12:25 - 00001978 ____A C:\Users\Public\Desktop\EZ Video Converter.lnk
2012-08-22 12:25 - 2012-08-22 12:25 - 00001978 ____A C:\Users\All Users\Desktop\EZ Video Converter.lnk
2012-08-13 21:54 - 2012-08-13 21:52 - 79381468 ____A C:\Users\Kayshot\Downloads\STE!N - Inspirational.wav
2012-08-08 19:48 - 2012-08-08 19:48 - 00739518 ____A C:\Users\Kayshot\Downloads\untitled folder 2.zip
2012-08-07 19:30 - 2009-07-14 00:08 - 00032598 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-06 17:41 - 2012-08-06 17:41 - 00000021 ____A C:\Users\Kayshot\Application Data\iasna_496F4C99-60CC-4b9e-AC1B-FA060E643C30.dll
2012-08-06 17:41 - 2012-08-06 17:41 - 00000021 ____A C:\Users\Kayshot\AppData\Roaming\iasna_496F4C99-60CC-4b9e-AC1B-FA060E643C30.dll
2012-08-06 17:30 - 2012-08-06 17:30 - 00000001 ____A C:\Windows\SysWOW64\iasna_651EE1C2-3E36-488e-8F00-11EB541FE56B.dll
2012-08-06 17:29 - 2012-08-06 17:29 - 01021974 ____A C:\Users\Kayshot\Downloads\NuGen.Audio.Stereoplacer.VST.v2.2-NEMESiS.rar
2012-07-24 18:05 - 2012-07-24 15:02 - 83443702 ____A C:\Users\Kayshot\Downloads\Cedric Gervais - Molly (Stein Remix).wav
2012-07-12 19:41 - 2012-07-12 19:41 - 00000378 ____A C:\Removable Disk (G) - Shortcut.lnk
2012-07-11 11:40 - 2009-07-13 23:45 - 00323936 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 04:41 - 2011-03-31 13:42 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-09 17:07 - 2009-07-14 00:13 - 00727310 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-08 17:54 - 2012-07-08 17:54 - 00001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-07-08 17:54 - 2012-07-08 17:54 - 00001810 ____A C:\Users\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-07-08 17:49 - 2012-07-08 17:48 - 17246464 ____A (SUPERAntiSpyware.com) C:\Users\Kayshot\Downloads\SUPERAntiSpyware.exe
2012-07-06 22:26 - 2012-07-06 22:25 - 26791544 ____A C:\Users\Kayshot\Downloads\R280657(1).exe
2012-07-06 21:56 - 2012-07-06 21:53 - 56324562 ____A (Realtek Semiconductor Corp.) C:\Users\Kayshot\Downloads\64bit_Vista_Win7_Win8_R270.exe
2012-07-03 23:10 - 2012-07-03 23:10 - 01352435 ____A C:\Users\Kayshot\Downloads\setup_magicdisc.exe
2012-07-03 23:10 - 2012-07-03 23:10 - 00000959 ____A C:\Users\Kayshot\Desktop\MagicDisc.lnk
2012-07-01 19:12 - 2012-03-09 19:36 - 00000949 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-07-01 19:12 - 2012-03-09 19:36 - 00000949 ____A C:\Users\All Users\Desktop\µTorrent.lnk


ZeroAccess:
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\00000004.@
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\1afb2d56
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\201d3dde
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000004.@
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000064.@

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-27 04:59:58
Restore point made on: 2012-09-27 20:01:49

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 3894.68 MB
Available physical RAM: 3142.48 MB
Total Pagefile: 3892.83 MB
Available Pagefile: 3182.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:48.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (Recovery) (Fixed) (Total:14.65 GB) (Free:6.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: () (Removable) (Total:3.72 GB) (Free:1.35 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 3815 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 14 GB 101 MB
Partition 3 Primary 451 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 DELLUTILITY FAT Partition 100 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E Recovery NTFS Partition 14 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 451 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3814 MB 8 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 G FAT32 Removable 3814 MB Healthy

=========================================================

Last Boot: 2012-09-27 04:49

==================== End Of Log =============================

Edited by Orange Blossom, 29 September 2012 - 04:23 AM.
Moved to log forum. ~ OB


#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,315 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:23 AM

Posted 29 September 2012 - 08:58 AM

Run FRST as you did before.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click the Search button and post the log (Search.txt) it will make in the USB drive on your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 eleckson

eleckson
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 29 September 2012 - 11:42 AM

Here we are:


Farbar Recovery Scan Tool (x64) Version: 25-09-2012
Ran by SYSTEM at 2012-09-29 09:23:03
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,315 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:23 AM

Posted 29 September 2012 - 04:26 PM

Download the enclosed file [attachment=130737:fixlist.txt]

Save it next to FRST in the USB drive.

Run FRST as you did before, except that this time around click on the Fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

If successful, attempt to boot in Normal Mode and let me know the outcome.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 eleckson

eleckson
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 29 September 2012 - 04:36 PM

No success on the boot, although I got a BSOD when trying to boot in safe mode instead of safe mode taking me to setup repair. Below is the fixlog.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-09-2012
Ran by SYSTEM at 2012-09-29 14:33:00 Run:1
Running from G:\

==============================================

Could not find C:\Windows\System32\services.exe.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore Value deleted successfully.
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} moved successfully.

==== End of Fixlog ====




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users