Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop still having network issues after scanners


  • This topic is locked This topic is locked
8 replies to this topic

#1 calenatar

calenatar

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 27 August 2014 - 12:31 AM

Started with http://www.bleepingcomputer.com/forums/t/545874/network-issues-after-malware-removal/

 

something seems to be interfering with the network adapters.

 

Log as follows

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611
Run by USER at 1:23:31 on 2014-08-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3893.2578 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\ComboFix\CF5151.3XE
C:\Windows\System32\svchost.exe -k swprv
C:\ComboFix\CF5151.3XE
C:\ComboFix\NIRKMD.3XE
C:\Windows\system32\wbem\wmiprvse.exe
C:\ComboFix\pev.3XE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://speedial.com/?f=1&a=spd_cmi_14_22_ie&cd=2XzuyEtN2Y1L1Qzu0CyEtCyB0F0E0CyB0B0C0BtB0Azy0F0DtN0D0Tzu0SzzzztBtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzyyCtAzzyEtDtAtG0EyCyE0EtGyByCyEyCtG0AtA0EtDtGtByCtB0B0AtAyE0AyD0A0CtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtC0DyBtDyB0DyDtGyByB0EtAtG0Czy0B0BtG0EtByEzztGyE0BtC0DtCyC0F0BtByCzy0F2Q&cr=1289741491&ir=
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://speedial.com/?f=1&a=spd_cmi_14_22_ie&cd=2XzuyEtN2Y1L1Qzu0CyEtCyB0F0E0CyB0B0C0BtB0Azy0F0DtN0D0Tzu0SzzzztBtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzyyCtAzzyEtDtAtG0EyCyE0EtGyByCyEyCtG0AtA0EtDtGtByCtB0B0AtAyE0AyD0A0CtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtC0DyBtDyB0DyDtGyByB0EtAtG0Czy0B0BtG0EtByEzztGyE0BtC0DtCyC0F0BtByCzy0F2Q&cr=1289741491&ir=
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: saVernet: {D4E0E4B8-B029-96EE-8A15-0AC12008E11E} - C:\ProgramData\saVernet\TK5I4q.dll
uRun: [GoogleChromeAutoLaunch_5F84849B2B55F3FB722B227E29B35DDB] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\USER\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1 205.171.2.226
TCP: Interfaces\{096E4AE1-A9B3-49E4-9D03-67B95B153338} : DHCPNameServer = 192.168.0.1 205.171.2.226
TCP: Interfaces\{096E4AE1-A9B3-49E4-9D03-67B95B153338}\2456C6B696E6F5E4F575962756C6563737F5341364142324 : DHCPNameServer = 192.168.3.1
TCP: Interfaces\{096E4AE1-A9B3-49E4-9D03-67B95B153338}\3456E647572797C496E6B673430333 : DHCPNameServer = 192.168.0.1 205.171.2.226
TCP: Interfaces\{096E4AE1-A9B3-49E4-9D03-67B95B153338}\47E65616C6 : DHCPNameServer = 192.168.0.1 205.171.2.226
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://speedial.com/?f=1&a=spd_cmi_14_22_ie&cd=2XzuyEtN2Y1L1Qzu0CyEtCyB0F0E0CyB0B0C0BtB0Azy0F0DtN0D0Tzu0SzzzztBtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzyyCtAzzyEtDtAtG0EyCyE0EtGyByCyEyCtG0AtA0EtDtGtByCtB0B0AtAyE0AyD0A0CtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtC0DyBtDyB0DyDtGyByB0EtAtG0Czy0B0BtG0EtByEzztGyE0BtC0DtCyC0F0BtByCzy0F2Q&cr=1289741491&ir=
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: saVernet: {D4E0E4B8-B029-96EE-8A15-0AC12008E11E} - C:\ProgramData\saVernet\TK5I4q.x64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 NMgamingmsFltr;USB Optical Mouse;C:\Windows\System32\drivers\NMgamingms.sys [2009-7-24 11264]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-8-26 239616]
S2 AVGIDSAgent;AVGIDSAgent;"C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" --> C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [?]
S2 avgwd;AVG WatchDog;"C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" --> C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2009-8-20 2175264]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-5-6 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 globalUpdatem;globalUpdate Update Service (globalUpdatem);C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-5-30 68608]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-1 1255736]
S4 htfmboczez64;htfmboczez64;C:\Program Files\003\htfmboczez64.exe run options=01110010030000000000000000000000 sourceguid=0866B8A9-2E46-422F-947B-2C563F566A0E --> C:\Program Files\003\htfmboczez64.exe run options=01110010030000000000000000000000 sourceguid=0866B8A9-2E46-422F-947B-2C563F566A0E [?]
.
=============== Created Last 30 ================
.
2014-08-27 05:20:18    --------    d-s---w-    C:\ComboFix
2014-08-27 05:02:05    76232    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5B94D7B8-660D-4BD7-9A84-5D28EAA7C6DF}\offreg.dll
2014-08-27 03:58:52    97792    ----a-w-    C:\Windows\System32\RTNUninst64.dll
2014-08-27 03:58:52    67584    ----a-w-    C:\Windows\System32\RtNicProp64.dll
2014-08-27 03:58:52    239616    ----a-w-    C:\Windows\System32\drivers\Rt64win7.sys
2014-08-27 03:58:52    --------    d-----w-    C:\Program Files (x86)\Realtek
2014-08-26 15:22:30    98816    ----a-w-    C:\Windows\sed.exe
2014-08-26 15:22:30    256000    ----a-w-    C:\Windows\PEV.exe
2014-08-26 15:22:30    208896    ----a-w-    C:\Windows\MBR.exe
.
==================== Find3M  ====================
.
2014-08-26 15:38:58    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-14 17:56:21    310    ----a-w-    C:\Windows\SysWow64\ff.bin
2014-08-14 17:56:07    552    ----a-w-    C:\Windows\SysWow64\schtasks.bin
.
============= FINISH:  1:23:41.91 ===============
 

Other log is attached as instructed. Thanks a ton guys. Appreciate the time/experience you donate

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:25 PM

Posted 30 August 2014 - 07:57 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 calenatar

calenatar
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 31 August 2014 - 12:38 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/31/2014
Scan Time: 1:14:52 PM
Logfile: mwblog.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.03.04.09
Rootkit Database: v2014.02.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: USER

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 238659
Time Elapsed: 5 min, 46 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

# AdwCleaner v3.308 - Report created 31/08/2014 at 13:01:35
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : USER - USER-PC
# Running from : C:\Users\USER\Desktop\adwcleaner_3.308.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : globalUpdatem
[#] Service Deleted : htfmboczez64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\ProgramData\saVernet
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiDefMedia
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[!] Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\HiDefMedia
Folder Deleted : C:\Program Files (x86)\System Optimizer Pro
Folder Deleted : C:\Program Files\003
Folder Deleted : C:\Program Files\HomeTab
Folder Deleted : C:\USERs\USER\AppData\Local\genienext
Folder Deleted : C:\USERs\USER\AppData\Local\globalUpdate
Folder Deleted : C:\USERs\USER\AppData\Local\Mobogenie
Folder Deleted : C:\USERs\USER\AppData\Local\WordLayers
Folder Deleted : C:\USERs\USER\AppData\LocalLow\HomeTab
Folder Deleted : C:\USERs\USER\AppData\LocalLow\Mysearchdial
Folder Deleted : C:\USERs\USER\AppData\LocalLow\SimplyTech
Folder Deleted : C:\USERs\USER\AppData\Roaming\Activeris
Folder Deleted : C:\USERs\USER\AppData\Roaming\SimplyTech
Folder Deleted : C:\USERs\USER\AppData\Roaming\Systweak
Folder Deleted : C:\USERs\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
Folder Deleted : C:\USERs\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Deleted : C:\USERs\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
Folder Deleted : C:\USERs\USER\Documents\Mobogenie
Folder Deleted : C:\USERs\USER\Documents\Optimizer Pro
File Deleted : C:\Windows\System32\sasnative64.exe
File Deleted : C:\USERs\USER\daemonprocess.txt
File Deleted : C:\USERs\USER\AppData\Local\AnyProtectScannerSetup.exe
File Deleted : C:\USERs\USER\AppData\Roaming\aps.scan.quick.results
File Deleted : C:\USERs\USER\AppData\Roaming\aps.scan.results
File Deleted : C:\USERs\USER\AppData\Roaming\aps.uninstall.scan.results

***** [ Scheduled Tasks ] *****

Task Deleted : Advanced System Protector_startup
Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA
Task Deleted : RegClean Pro

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nhjnmokdaalmckkikjklibeakholpham
Key Deleted : HKLM\SOFTWARE\Classes\AppID\HomeTab.DLL
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateJumpFlip_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateJumpFlip_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilJumpFlip_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilJumpFlip_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SOFTWARE\Classes\soavernet.soavernet
Key Deleted : HKLM\SOFTWARE\Classes\soavernet.soavernet.1.3
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3FC27B34-0C19-49DA-875E-1875DDD4A6B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4E0E4B8-B029-96EE-8A15-0AC12008E11E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4E0E4B8-B029-96EE-8A15-0AC12008E11E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4E0E4B8-B029-96EE-8A15-0AC12008E11E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4E0E4B8-B029-96EE-8A15-0AC12008E11E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4E0E4B8-B029-96EE-8A15-0AC12008E11E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D4E0E4B8-B029-96EE-8A15-0AC12008E11E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4E0E4B8-B029-96EE-8A15-0AC12008E11E}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\ClickConnect
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\HomeTab
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\simplytech
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\simplytech
Key Deleted : HKCU\Software\AppDataLow\Software\Supra Savings
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\mysearchdial
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnyProtect
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Key Deleted : [x64] HKLM\SOFTWARE\suprasavings
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16611

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl []
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v34.0.1847.137

[ File : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [16088 octets] - [31/08/2014 13:00:24]
AdwCleaner[S0].txt - [13381 octets] - [31/08/2014 13:01:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13442 octets] ##########
 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-08-2014
Ran by USER (administrator) on USER-PC on 31-08-2014 13:06:02
Running from C:\Users\USER\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-10-12] (RealNetworks, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1391300846-1153730341-855040980-1000\...\Run: [GoogleChromeAutoLaunch_5F84849B2B55F3FB722B227E29B35DDB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-05-07] (Google Inc.)
Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBCD2FF968A46CE01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-12]
CHR Extension: (Google Search) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-12]
CHR Extension: (Google Wallet) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-12]
CHR Extension: (Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DcomLaunch; C:\Windows\system32\rpcss.dll [520192 2010-11-20] (Microsoft Corporation) [File not signed]
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2175264 2009-08-20] (IObit)
R2 RpcSs; C:\Windows\system32\rpcss.dll [520192 2010-11-20] (Microsoft Corporation) [File not signed]
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-17] (Dell Inc.) [File not signed]
S2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [X]
S2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-31 13:06 - 2014-08-31 13:06 - 00007968 _____ () C:\Users\USER\Desktop\FRST.txt
2014-08-31 13:05 - 2014-08-31 13:06 - 00000000 ____D () C:\FRST
2014-08-31 13:00 - 2014-08-31 13:04 - 00000000 ____D () C:\AdwCleaner
2014-08-31 12:59 - 2014-08-30 14:03 - 02103808 _____ (Farbar) C:\Users\USER\Desktop\FRST64.exe
2014-08-31 12:59 - 2014-08-30 14:03 - 01364531 _____ () C:\Users\USER\Desktop\adwcleaner_3.308.exe
2014-08-27 01:26 - 2014-08-27 01:26 - 00016170 _____ () C:\ComboFix.txt
2014-08-27 00:00 - 2014-08-27 00:00 - 00000000 ____D () C:\Windows\System32\Tasks\USER-PC
2014-08-26 23:59 - 2014-08-26 23:59 - 00005084 _____ () C:\Windows\DPINST.LOG
2014-08-26 23:58 - 2014-08-26 23:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-26 23:58 - 2014-08-26 23:58 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-08-26 23:58 - 2009-08-21 00:05 - 00239616 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-08-26 23:58 - 2009-07-22 18:24 - 00097792 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2014-08-26 23:58 - 2009-03-05 14:54 - 00067584 _____ () C:\Windows\system32\RtNicProp64.dll
2014-08-26 11:22 - 2014-08-27 01:26 - 00000000 ____D () C:\Qoobox
2014-08-26 11:22 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-26 11:22 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-26 11:22 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-26 11:22 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-26 11:22 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-26 11:22 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-26 11:22 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-26 11:22 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-26 11:21 - 2014-08-26 11:32 - 00000000 ____D () C:\Windows\erdnt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-31 13:06 - 2014-08-31 13:06 - 00007968 _____ () C:\Users\USER\Desktop\FRST.txt
2014-08-31 13:06 - 2014-08-31 13:05 - 00000000 ____D () C:\FRST
2014-08-31 13:05 - 2013-10-12 11:12 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-31 13:05 - 2009-08-20 00:08 - 00240616 _____ () C:\Windows\PFRO.log
2014-08-31 13:05 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-31 13:05 - 2009-07-14 00:51 - 00036159 _____ () C:\Windows\setupact.log
2014-08-31 13:04 - 2014-08-31 13:00 - 00000000 ____D () C:\AdwCleaner
2014-08-31 13:04 - 2013-10-12 11:12 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-31 13:02 - 2013-05-01 11:10 - 01695034 _____ () C:\Windows\WindowsUpdate.log
2014-08-31 13:02 - 2009-07-14 00:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-31 13:02 - 2009-07-14 00:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-30 14:03 - 2014-08-31 12:59 - 02103808 _____ (Farbar) C:\Users\USER\Desktop\FRST64.exe
2014-08-30 14:03 - 2014-08-31 12:59 - 01364531 _____ () C:\Users\USER\Desktop\adwcleaner_3.308.exe
2014-08-27 01:26 - 2014-08-27 01:26 - 00016170 _____ () C:\ComboFix.txt
2014-08-27 01:26 - 2014-08-26 11:22 - 00000000 ____D () C:\Qoobox
2014-08-27 01:25 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-27 00:16 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-27 00:00 - 2014-08-27 00:00 - 00000000 ____D () C:\Windows\System32\Tasks\USER-PC
2014-08-27 00:00 - 2009-08-20 04:23 - 00068535 _____ () C:\Windows\bcmwl.log
2014-08-27 00:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-08-27 00:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\sl-SI
2014-08-27 00:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\sk-SK
2014-08-27 00:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\lt-LT
2014-08-27 00:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\he-IL
2014-08-27 00:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\bg-BG
2014-08-27 00:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-08-27 00:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Help
2014-08-26 23:59 - 2014-08-26 23:59 - 00005084 _____ () C:\Windows\DPINST.LOG
2014-08-26 23:59 - 2009-08-20 04:23 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Wireless
2014-08-26 23:59 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\th-TH
2014-08-26 23:59 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\ro-RO
2014-08-26 23:59 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\lv-LV
2014-08-26 23:59 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\hr-HR
2014-08-26 23:59 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\et-EE
2014-08-26 23:58 - 2014-08-26 23:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-26 23:58 - 2014-08-26 23:58 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-08-26 11:38 - 2009-08-20 00:02 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-26 11:33 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-08-26 11:32 - 2014-08-26 11:21 - 00000000 ____D () C:\Windows\erdnt
2014-08-26 11:31 - 2009-08-20 04:37 - 00000000 ____D () C:\ProgramData\ProductData
2014-08-26 11:29 - 2009-07-13 22:34 - 58458112 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-08-26 11:29 - 2009-07-13 22:34 - 14155776 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-08-26 11:29 - 2009-07-13 22:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-08-26 11:29 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-08-26 11:29 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-08-26 11:28 - 2009-07-13 22:34 - 44040192 _____ () C:\Windows\system32\config\COMPONENTS.bak
2014-08-14 13:56 - 2014-06-02 21:18 - 00000310 _____ () C:\Windows\SysWOW64\ff.bin
2014-08-14 13:56 - 2014-06-02 21:15 - 00000552 _____ () C:\Windows\SysWOW64\schtasks.bin

Some content of TEMP:
====================
C:\Users\USER\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll
[2010-11-20 23:24] - [2010-11-20 23:24] - 0520192 ____A (Microsoft Corporation) 20A83C838D80BDB9B3DDB62EA7186A7B

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-27 01:52

==================== End Of Log ============================

 

 

Computer seems to run fine except for network activity. there's no ipv4 or ipv6 activity on wireless or wired connections whatsoever. though the wireless finds networks broadcasting ssid's and the wired connection shows the icon as connected when plugged in. just no transmission of data.

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:25 PM

Posted 01 September 2014 - 06:49 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [X]
S2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
Task: {3EA738B6-C398-4F1B-806F-3CEE1577D868} - System32\Tasks\Browser Updater\Browser Updater => C:\Program Files (x86)\HomeTab\WRemoteUpdate.exe <==== ATTENTION
Task: {97076E58-825A-45CC-B490-EF480F2CCC50} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\HomeTab\WHomepageDefender.exe <==== ATTENTION
Task: {A26248A7-97FC-4351-BDC0-4104FA177BE6} - System32\Tasks\SystemSockets\SystemSockets => C:\Program Files (x86)\HomeTab\WConnectorSockets.exe <==== ATTENTION
cmd: ipconfig /flushdns
cmd: ipconfig /release
cmd: ipconfig /renew
REBOOT:

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

Now is the computer running now?

#5 calenatar

calenatar
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 01 September 2014 - 05:08 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-08-2014
Ran by USER at 2014-09-01 18:00:31 Run:1
Running from C:\Users\USER\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [X]
S2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
Task: {3EA738B6-C398-4F1B-806F-3CEE1577D868} - System32\Tasks\Browser Updater\Browser Updater => C:\Program Files (x86)\HomeTab\WRemoteUpdate.exe <==== ATTENTION
Task: {97076E58-825A-45CC-B490-EF480F2CCC50} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\HomeTab\WHomepageDefender.exe <==== ATTENTION
Task: {A26248A7-97FC-4351-BDC0-4104FA177BE6} - System32\Tasks\SystemSockets\SystemSockets => C:\Program Files (x86)\HomeTab\WConnectorSockets.exe <==== ATTENTION
cmd: ipconfig /flushdns
cmd: ipconfig /release
cmd: ipconfig /renew
REBOOT:

End
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
AVGIDSAgent => Service deleted successfully.
avgwd => Service deleted successfully.
catchme => Service deleted successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3EA738B6-C398-4F1B-806F-3CEE1577D868}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EA738B6-C398-4F1B-806F-3CEE1577D868}" => Key deleted successfully.
C:\Windows\System32\Tasks\Browser Updater\Browser Updater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Updater\Browser Updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{97076E58-825A-45CC-B490-EF480F2CCC50}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97076E58-825A-45CC-B490-EF480F2CCC50}" => Key deleted successfully.
C:\Windows\System32\Tasks\ProtectedSearch\Protected Search => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProtectedSearch\Protected Search" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A26248A7-97FC-4351-BDC0-4104FA177BE6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A26248A7-97FC-4351-BDC0-4104FA177BE6}" => Key deleted successfully.
C:\Windows\System32\Tasks\SystemSockets\SystemSockets => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemSockets\SystemSockets" => Key deleted successfully.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  ipconfig /release =========


Windows IP Configuration

The operation failed as no adapter is in the state permissible for
this operation.

========= End of CMD: =========


=========  ipconfig /renew =========


Windows IP Configuration

The operation failed as no adapter is in the state permissible for
this operation.

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog ====

 

 

 

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Reader XI  
 Google Chrome 34.0.1847.131  
 Google Chrome 34.0.1847.137  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

 

Computer seems to run fine outside of the network issue still. starts up quickly, isnt showing performance issues, no resource spikes, just no network connectivity whatsoever



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:25 PM

Posted 02 September 2014 - 07:35 AM


Refer to this Microsoft page.
http://support.microsoft.com/kb/299357

Select Fix it for me.

Click the Fix it button for Windows 7.

When complete restart the computer normally.

If that fails continue with the instructions on the same page to "Let me fix it myself"
Again make sure you are in the Windows 7 section.

Restart the computer and test the internet connection.
===

If all fails

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

Download this program to your desktop.
Tweaking.com - Windows Repair
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/


Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark the following option only.
13 - Repair Winsock & DNS Cache.

01 - Reset Registry Permissions
02 - Reset File Permissions
03 - Reset Service permissions
04 - Register System Files
05 - Repair WMI
06 - Repair Windows Firewall
07 - Repair Internet Explorer
08 - Repair MDAC & MS Jet
09 - Repair Hosts File
10 - Remove Policies Set By Infections
11 - Repair Start menu icons Removed by Infections
12 - Repair Icons
13 - Repair Winsock & DNS Cache
14 - Remove Temp Files
15 - Repair Proxy Settings
16 - Unhide Non System Files
17 - Repair Windows Updates
18 - Repair CD/DVD Missing/Not Working
19 - Repair Volume Shawdow Volume Copy Service
20 - Repair Windows Sidebar / Gadgets
21 - Repair MSI (Windows Installer)
22 - Repair Windows Snipping Tool
23 - Repair File Associatesions
24 - Repair Windows Safe Mode
25 - Repair Print Spooler
26 - Restore Important Windows Services
27 - Set Windows Services to Default Startup
28 - Repair Windows 8 App Store
29 - Repair Windows 8 Component Store
30 - Repair Windows 8 COM+ Unmarsharler
  • Checkmark Restart System When Finished option
  • click the Start button
  • System should restart after repair
Restart the computer and test again.


Keep me posted.

p.s.
If the Fix it for me does not solve the problem you can run this last tool instead of trying to fix it yourself.

#7 calenatar

calenatar
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 02 September 2014 - 11:43 AM

still not working. neither the fix, nor the tool solved it.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:25 PM

Posted 03 September 2014 - 07:42 AM



I suggest you start a new topic in the Networking forum http://www.bleepingcomputer.com/forums/forum21.html

An expert should be able to help your better than I can.
This is not my forte.

I will leave this topic open.
Keep me posted.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:25 PM

Posted 09 September 2014 - 08:58 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users