Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gameharbor.org virus


  • This topic is locked This topic is locked
6 replies to this topic

#1 RitsuT

RitsuT

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 11 September 2014 - 12:37 AM

Hi.

 

I whenever i start my pc the website gameharbor.org pops up. I checked the answer at this topic http://www.bleepingcomputer.com/forums/t/547663/gameharbororg-spyware/. But the solution did not solve the problem.

 

I my pc with frst like the guy did and then used the fixlist, but it did not work. Can someone please help me?

 

Thanks for Reading.

 

 

This is the log i got the first time i used frst scan.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Poyan (administrator) on KYOU on 11-09-2014 07:16:07
Running from C:\Users\Poyan\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

 

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKU\S-1-5-21-2486235572-1616634865-2212172251-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1939136 2014-08-28] (Valve Corporation)
HKU\S-1-5-21-2486235572-1616634865-2212172251-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-2486235572-1616634865-2212172251-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-2486235572-1616634865-2212172251-1001\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=SE&userid=b086c5b9-025c-44c0-a712-bf5ddf34132f&searchtype=ds&q={searchTerms}&installDate=25/06/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv-SE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAF03499BB092CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {F0320816-41D9-49DD-B2F3-8E7B0AE32796} http://afupd1.afreeca.com:9091/AFC/AFCStarter.cab
Tcpip\Parameters: [DhcpNameServer] 46.239.89.102

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.0.1.5 -> C:\Program Files (x86)\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: application/AFCStarter -> C:\Windows\Downloaded Program Files\npAFCStarter.dll (© AfreecaTV)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-20]

Chrome:
=======
CHR HomePage: Default -> EEF4FCF8ECCC4198037BC89854078A6B7FBD137F275416AC9AF999905A31CC2E
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> F3CC68179B1238765B61FB542E0BB3725B1A9E457FD266F6C4F1D9070EAFCA80
CHR DefaultSearchURL: Default -> B4F3D36DB86026EEE46EE2CE72C4059EB657CA77B6BA54F5E5D343F35DE12EDA
CHR Profile: C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Dokument) - C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-14]
CHR Extension: (Google Drive) - C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-14]
CHR Extension: (YouTube) - C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-14]
CHR Extension: (uTorrentControl_v6) - C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp [2013-09-14]
CHR Extension: (Sök på Google) - C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-14]
CHR Extension: (Google Wallet) - C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-14]
CHR Extension: (Gmail) - C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-14]
CHR HKCU\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Poyan\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-05-22]
CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Poyan\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-05-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-04] (AVAST Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-23] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-04] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-25] (DT Soft Ltd)
S3 IAMTVE; C:\Windows\system32\drivers\IAMTVE.sys [43416 2010-11-30] (Intel Corporation)
S3 IAMTXPE; C:\Windows\system32\drivers\IAMTXPE.sys [51096 2010-11-30] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [23832 2011-12-02] (Intel Corporation)
S3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [46568 2013-03-14] ()
S3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [15416 2009-05-14] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 Tdsshbecr; C:\Windows\System32\DRIVERS\shbecr.sys [50176 2008-09-23] (Todos Data System AB)
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 07:16 - 2014-09-11 07:16 - 00012951 _____ () C:\Users\Poyan\Downloads\FRST.txt
2014-09-11 07:16 - 2014-09-11 07:16 - 00000000 ____D () C:\FRST
2014-09-11 07:15 - 2014-09-11 07:15 - 02105856 _____ (Farbar) C:\Users\Poyan\Downloads\FRST64.exe
2014-09-08 21:21 - 2014-09-08 21:21 - 00018734 _____ () C:\Users\Poyan\Downloads\k-on-sakuragaoka-girls-high-school-song-rock-version.mid
2014-09-08 21:20 - 2014-09-08 21:20 - 00006324 _____ () C:\Users\Poyan\Downloads\k-on-sakuragaoka-girls-high-school-song (1).mid
2014-09-08 20:54 - 2014-09-08 20:54 - 00008726 _____ () C:\Users\Poyan\Downloads\k-on-movie-singing.mid
2014-09-08 20:54 - 2014-09-08 20:54 - 00007138 _____ () C:\Users\Poyan\Downloads\k-on-no-thank-you-tv-size (1).mid
2014-09-08 20:53 - 2014-09-08 20:53 - 00020553 _____ () C:\Users\Poyan\Downloads\love-live-school-idol-project-start-dash (2).mid
2014-09-08 20:53 - 2014-09-08 20:53 - 00020553 _____ () C:\Users\Poyan\Downloads\love-live-school-idol-project-start-dash (1).mid
2014-08-31 23:01 - 2014-08-31 23:01 - 00233528 _____ () C:\Users\Poyan\Downloads\[BakaBT.176975v2] Love Live Music Collection [FLAC].torrent
2014-08-30 13:22 - 2014-08-30 13:22 - 00020553 _____ () C:\Users\Poyan\Downloads\love-live-school-idol-project-start-dash.mid
2014-08-30 13:22 - 2014-08-30 13:22 - 00007138 _____ () C:\Users\Poyan\Downloads\k-on-no-thank-you-tv-size.mid
2014-08-30 13:22 - 2014-08-30 13:22 - 00006324 _____ () C:\Users\Poyan\Downloads\k-on-sakuragaoka-girls-high-school-song.mid
2014-08-27 11:57 - 2014-08-27 11:57 - 00000053 _____ () C:\Users\Poyan\Downloads\Log1.log
2014-08-27 11:55 - 2014-08-27 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BankID säkerhetsprogram
2014-08-27 11:55 - 2014-08-27 11:55 - 00000000 ____D () C:\Program Files (x86)\BankID
2014-08-27 11:49 - 2014-08-27 11:50 - 12137400 _____ () C:\Users\Poyan\Downloads\BankID_installation_6_0_1 (3).exe
2014-08-27 11:49 - 2014-08-27 11:49 - 12137400 _____ () C:\Users\Poyan\Downloads\BankID_installation_6_0_1.exe
2014-08-27 11:49 - 2014-08-27 11:49 - 12137400 _____ () C:\Users\Poyan\Downloads\BankID_installation_6_0_1 (2).exe
2014-08-27 11:49 - 2014-08-27 11:49 - 12137400 _____ () C:\Users\Poyan\Downloads\BankID_installation_6_0_1 (1).exe
2014-08-27 01:33 - 2014-08-27 01:33 - 00019728 _____ () C:\Users\Poyan\Downloads\[FFF] Love Live! [BD][720p-AAC].torrent
2014-08-26 11:11 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-26 11:11 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-26 11:11 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-26 11:11 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-26 11:11 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-26 11:11 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-26 11:11 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-26 11:11 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-26 11:11 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-26 11:11 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-26 11:11 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-26 11:11 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-26 11:11 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-26 11:11 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-25 23:54 - 2014-08-25 23:54 - 00766448 _____ () C:\Users\Poyan\Downloads\No Laughing Earth Defense Force 24 - Full Version.ass
2014-08-24 14:18 - 2014-08-24 14:18 - 00000000 ___RD () C:\Users\Poyan\Google Drive
2014-08-21 22:21 - 2014-08-21 22:21 - 00000000 ____D () C:\Windows\46ED2B6485C74E1F920CA555B21F2E4C.TMP
2014-08-17 12:27 - 2014-08-17 12:27 - 02745702 _____ () C:\Users\Poyan\Downloads\12756 SCANDAL - Shunkan Sentimental (TV Size).osz
2014-08-17 12:17 - 2014-08-17 12:17 - 03487577 _____ () C:\Users\Poyan\Downloads\163680 u's - Sore wa Bokutachi no Kiseki (TV Size).osz
2014-08-17 12:10 - 2014-08-17 12:10 - 07551723 _____ () C:\Users\Poyan\Downloads\12818 eufonius - Reflectia (Full Ver.).osz
2014-08-17 12:08 - 2014-08-17 12:08 - 04924957 _____ () C:\Users\Poyan\Downloads\23953 eufonius - Reflectia (TV Size) (2).osz
2014-08-17 12:08 - 2014-08-17 12:08 - 04924957 _____ () C:\Users\Poyan\Downloads\23953 eufonius - Reflectia (TV Size) (1) (1).osz
2014-08-17 12:07 - 2014-08-17 12:08 - 04924957 _____ () C:\Users\Poyan\Downloads\23953 eufonius - Reflectia (TV Size) (1).osz
2014-08-17 12:05 - 2014-08-17 12:05 - 03555561 _____ () C:\Users\Poyan\Downloads\137586 Iguchi Yuka - Grow Slowly (TV Size) (1).osz
2014-08-14 23:14 - 2014-08-14 23:14 - 00051924 _____ () C:\Users\Poyan\Downloads\fire-emblem-theme.mus
2014-08-14 23:13 - 2014-08-14 23:13 - 00008123 _____ () C:\Users\Poyan\Downloads\Yozakura Quartet - JUST TUNE.mid
2014-08-12 19:52 - 2014-08-12 19:52 - 02823537 _____ () C:\Users\Poyan\Downloads\41487 Kami Nomi zo Shiri-tai - Ai no Yokan (TV Size).osz
2014-08-12 19:03 - 2014-08-12 19:03 - 09739372 _____ () C:\Users\Poyan\Downloads\4171 The Children - Zettai love x love Sengen!!.osz
2014-08-12 19:03 - 2014-08-12 19:03 - 02980071 _____ () C:\Users\Poyan\Downloads\85361 Ogura Yui - Baby Sweet Berry Love (TV Size).osz
2014-08-12 19:02 - 2014-08-12 19:03 - 11732278 _____ () C:\Users\Poyan\Downloads\9481 Haruka Tomatsu & Sayuri Yahagi - ...Cchae!.osz

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 07:16 - 2014-09-11 07:16 - 00012951 _____ () C:\Users\Poyan\Downloads\FRST.txt
2014-09-11 07:16 - 2014-09-11 07:16 - 00000000 ____D () C:\FRST
2014-09-11 07:15 - 2014-09-11 07:15 - 02105856 _____ (Farbar) C:\Users\Poyan\Downloads\FRST64.exe
2014-09-11 06:47 - 2013-09-03 20:56 - 00000992 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-11 06:14 - 2013-06-20 21:54 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-11 06:09 - 2009-07-14 06:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-11 06:09 - 2009-07-14 06:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-11 06:07 - 2013-09-03 20:56 - 00000988 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-11 06:07 - 2013-06-20 15:59 - 02071969 _____ () C:\Windows\WindowsUpdate.log
2014-09-11 06:02 - 2013-06-18 14:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-11 06:02 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-11 06:02 - 2009-07-14 06:51 - 00110457 _____ () C:\Windows\setupact.log
2014-09-11 00:05 - 2013-06-21 18:39 - 00000000 ____D () C:\Users\Poyan\AppData\Roaming\Synthesia
2014-09-10 23:50 - 2014-03-31 23:57 - 00002158 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-10 18:38 - 2014-08-10 20:41 - 00000000 ____D () C:\Program Files (x86)\osu!
2014-09-10 18:19 - 2013-06-20 22:21 - 00000000 ____D () C:\Users\Poyan\AppData\Roaming\uTorrent
2014-09-08 21:21 - 2014-09-08 21:21 - 00018734 _____ () C:\Users\Poyan\Downloads\k-on-sakuragaoka-girls-high-school-song-rock-version.mid
2014-09-08 21:20 - 2014-09-08 21:20 - 00006324 _____ () C:\Users\Poyan\Downloads\k-on-sakuragaoka-girls-high-school-song (1).mid
2014-09-08 20:54 - 2014-09-08 20:54 - 00008726 _____ () C:\Users\Poyan\Downloads\k-on-movie-singing.mid
2014-09-08 20:54 - 2014-09-08 20:54 - 00007138 _____ () C:\Users\Poyan\Downloads\k-on-no-thank-you-tv-size (1).mid
2014-09-08 20:53 - 2014-09-08 20:53 - 00020553 _____ () C:\Users\Poyan\Downloads\love-live-school-idol-project-start-dash (2).mid
2014-09-08 20:53 - 2014-09-08 20:53 - 00020553 _____ () C:\Users\Poyan\Downloads\love-live-school-idol-project-start-dash (1).mid
2014-09-06 23:27 - 2014-02-07 19:26 - 00000000 ____D () C:\Users\Poyan\Documents\My Games
2014-08-31 23:01 - 2014-08-31 23:01 - 00233528 _____ () C:\Users\Poyan\Downloads\[BakaBT.176975v2] Love Live Music Collection [FLAC].torrent
2014-08-30 13:22 - 2014-08-30 13:22 - 00020553 _____ () C:\Users\Poyan\Downloads\love-live-school-idol-project-start-dash.mid
2014-08-30 13:22 - 2014-08-30 13:22 - 00007138 _____ () C:\Users\Poyan\Downloads\k-on-no-thank-you-tv-size.mid
2014-08-30 13:22 - 2014-08-30 13:22 - 00006324 _____ () C:\Users\Poyan\Downloads\k-on-sakuragaoka-girls-high-school-song.mid
2014-08-29 14:29 - 2013-10-26 20:57 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-08-29 14:27 - 2013-10-26 20:55 - 00000000 ____D () C:\Users\Poyan\AppData\Local\Battle.net
2014-08-29 14:27 - 2013-10-26 20:55 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-08-27 12:01 - 2014-06-16 18:09 - 00000000 ____D () C:\Users\Poyan\AppData\Roaming\BankID
2014-08-27 12:01 - 2013-06-20 21:18 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-27 11:57 - 2014-08-27 11:57 - 00000053 _____ () C:\Users\Poyan\Downloads\Log1.log
2014-08-27 11:55 - 2014-08-27 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BankID säkerhetsprogram
2014-08-27 11:55 - 2014-08-27 11:55 - 00000000 ____D () C:\Program Files (x86)\BankID
2014-08-27 11:50 - 2014-08-27 11:49 - 12137400 _____ () C:\Users\Poyan\Downloads\BankID_installation_6_0_1 (3).exe
2014-08-27 11:49 - 2014-08-27 11:49 - 12137400 _____ () C:\Users\Poyan\Downloads\BankID_installation_6_0_1.exe
2014-08-27 11:49 - 2014-08-27 11:49 - 12137400 _____ () C:\Users\Poyan\Downloads\BankID_installation_6_0_1 (2).exe
2014-08-27 11:49 - 2014-08-27 11:49 - 12137400 _____ () C:\Users\Poyan\Downloads\BankID_installation_6_0_1 (1).exe
2014-08-27 01:33 - 2014-08-27 01:33 - 00019728 _____ () C:\Users\Poyan\Downloads\[FFF] Love Live! [BD][720p-AAC].torrent
2014-08-26 23:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-25 23:54 - 2014-08-25 23:54 - 00766448 _____ () C:\Users\Poyan\Downloads\No Laughing Earth Defense Force 24 - Full Version.ass
2014-08-24 14:18 - 2014-08-24 14:18 - 00000000 ___RD () C:\Users\Poyan\Google Drive
2014-08-24 14:18 - 2013-06-20 16:04 - 00000000 ____D () C:\Users\Poyan
2014-08-21 22:21 - 2014-08-21 22:21 - 00000000 ____D () C:\Windows\46ED2B6485C74E1F920CA555B21F2E4C.TMP
2014-08-21 22:19 - 2013-06-18 14:17 - 00437603 _____ () C:\Windows\DirectX.log
2014-08-17 12:27 - 2014-08-17 12:27 - 02745702 _____ () C:\Users\Poyan\Downloads\12756 SCANDAL - Shunkan Sentimental (TV Size).osz
2014-08-17 12:17 - 2014-08-17 12:17 - 03487577 _____ () C:\Users\Poyan\Downloads\163680 u's - Sore wa Bokutachi no Kiseki (TV Size).osz
2014-08-17 12:10 - 2014-08-17 12:10 - 07551723 _____ () C:\Users\Poyan\Downloads\12818 eufonius - Reflectia (Full Ver.).osz
2014-08-17 12:08 - 2014-08-17 12:08 - 04924957 _____ () C:\Users\Poyan\Downloads\23953 eufonius - Reflectia (TV Size) (2).osz
2014-08-17 12:08 - 2014-08-17 12:08 - 04924957 _____ () C:\Users\Poyan\Downloads\23953 eufonius - Reflectia (TV Size) (1) (1).osz
2014-08-17 12:08 - 2014-08-17 12:07 - 04924957 _____ () C:\Users\Poyan\Downloads\23953 eufonius - Reflectia (TV Size) (1).osz
2014-08-17 12:05 - 2014-08-17 12:05 - 03555561 _____ () C:\Users\Poyan\Downloads\137586 Iguchi Yuka - Grow Slowly (TV Size) (1).osz
2014-08-14 23:14 - 2014-08-14 23:14 - 00051924 _____ () C:\Users\Poyan\Downloads\fire-emblem-theme.mus
2014-08-14 23:13 - 2014-08-14 23:13 - 00008123 _____ () C:\Users\Poyan\Downloads\Yozakura Quartet - JUST TUNE.mid
2014-08-14 20:47 - 2014-01-31 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-12 20:24 - 2014-05-18 20:34 - 00000000 ____D () C:\Users\Poyan\AppData\Roaming\TS3Client
2014-08-12 19:52 - 2014-08-12 19:52 - 02823537 _____ () C:\Users\Poyan\Downloads\41487 Kami Nomi zo Shiri-tai - Ai no Yokan (TV Size).osz
2014-08-12 19:03 - 2014-08-12 19:03 - 09739372 _____ () C:\Users\Poyan\Downloads\4171 The Children - Zettai love x love Sengen!!.osz
2014-08-12 19:03 - 2014-08-12 19:03 - 02980071 _____ () C:\Users\Poyan\Downloads\85361 Ogura Yui - Baby Sweet Berry Love (TV Size).osz
2014-08-12 19:03 - 2014-08-12 19:02 - 11732278 _____ () C:\Users\Poyan\Downloads\9481 Haruka Tomatsu & Sayuri Yahagi - ...Cchae!.osz

Some content of TEMP:
====================
C:\Users\Poyan\AppData\Local\Temp\AFCUpdater.exe
C:\Users\Poyan\AppData\Local\Temp\bitool.dll
C:\Users\Poyan\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Poyan\AppData\Local\Temp\nvStInst.exe
C:\Users\Poyan\AppData\Local\Temp\nvstlink.exe
C:\Users\Poyan\AppData\Local\Temp\QuickShare1.exe
C:\Users\Poyan\AppData\Local\Temp\Silverlight.exe
C:\Users\Poyan\AppData\Local\Temp\SmartbarExeInstaller.exe
C:\Users\Poyan\AppData\Local\Temp\tbuTo0.dll
C:\Users\Poyan\AppData\Local\Temp\ubi97FB.tmp.exe
C:\Users\Poyan\AppData\Local\Temp\ubiE1FB.tmp.exe
C:\Users\Poyan\AppData\Local\Temp\ubiED04.tmp.exe
C:\Users\Poyan\AppData\Local\Temp\uttBD08.tmp.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-07 11:36

==================== End Of Log ============================

 

 



BC AdBot (Login to Remove)

 


m

#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:07 AM

Posted 11 September 2014 - 04:41 AM

Hi,

you cannot take a fixlist that was provided for somebody else. They're specific for each case.


Step 1

Please download this attached Attached File  fixlist.txt   372bytes   143 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#3 RitsuT

RitsuT
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 11 September 2014 - 03:53 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Poyan at 2014-09-11 20:24:09 Run:3
Running from C:\Users\Poyan\Downloads\Ny mapp
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2486235572-1616634865-2212172251-1001\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=SE&userid=b086c5b9-025c-44c0-a712-bf5ddf34132f&searchtype=ds&q={searchTerms}&installDate=25/06/2013
EmptyTemp:
*****************

HKU\S-1-5-21-2486235572-1616634865-2212172251-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
EmptyTemp: => Removed 35.3 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

 

Here is the log after the ESET scan.

 

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=70613d929e999840bd8dd131c8e1d71a
# engine=20112
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-11 08:48:56
# local_time=2014-09-11 10:48:56 (+0100, Västeuropa, sommartid)
# country="Sweden"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 479551 174889026 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 81024 162098386 0 0
# scanned=269379
# found=15
# cleaned=0
# scan_time=7654
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
sh=29274A418819B26EB50A5A268E301D3E779A6952 ft=1 fh=f147a226b1f08d88 vn="a variant of Win32/Packed.VMProtect.ABD trojan" ac=I fn="C:\Program Files (x86)\DreadOut\steam_api64.dll"

sh=459D269930FF8F1C3EF50E389B8395890030702B ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\Users\Poyan\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx"
sh=2B9A1340BEC2FE2694C333ACD77F0E12EF9550D1 ft=1 fh=fcbeb3ad261a92d1 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\APISupport\APISupport.dll"
sh=675526C1B3CB27C6635233B62EDB8ECEEBFE1556 ft=1 fh=8382eeac10eb278f vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe"
sh=C0114483C9E2C1271B0D594AB6A6BF1E4F383D63 ft=1 fh=e2607344a0894545 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\plugins\ChromeApiPlugin.dll"
sh=1867142971E46CEFBDC91D1C32BDDB89B9CC2FCB ft=1 fh=bed49cb1acf2aab9 vn="Win32/DownWare.L potentially unwanted application" ac=I fn="C:\Users\Poyan\Downloads\DTLite4471-0333.exe"
sh=44A315AAA7F006AE8342751A3D01D3E0E2BD41E6 ft=1 fh=e23e3184587da44d vn="Win32/Somoto.A potentially unwanted application" ac=I fn="C:\Users\Poyan\Local Settings\Application Data\Bundled software uninstaller\bi_client.exe"
sh=CCA3E254FECCAA98D24DEC59BCDCEC0873E0F574 ft=1 fh=9488151c8a252837 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll"
sh=88C93B64EFF1E0016D33FD9D04C0CF9AC4FEDC48 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Patcher.BS potentially unsafe application" ac=I fn="F:\$RECYCLE.BIN\S-1-5-21-2746131627-1072193184-3144114574-1000\$RPBBKQJ\foxit\FoxIt PDF Pro Pack.rar"
sh=1926919FD91DB79C6548B1235DE77E054FCBDCE0 ft=1 fh=53eb8208011a6b18 vn="a variant of Win32/HackTool.Patcher.BS potentially unsafe application" ac=I fn="F:\$RECYCLE.BIN\S-1-5-21-2746131627-1072193184-3144114574-1000\$RPBBKQJ\foxit\FoxIt PDF Pro Pack\Foxit Reader Pro 2.3.2008.2825 - Olexijl\patch.exe"
sh=2C16CF7AF335A0943C5973070050474E2565691B ft=1 fh=dbab1590fe63551b vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="F:\1\ccleaner\ccsetup319.exe"
sh=637873911E90D77C571E3A07338D9EF4AA6C0CF6 ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.Themida potentially unwanted application" ac=I fn="F:\Higurashi VN\Higurashi no Naku Koro ni (chapter 1-4).zip"
sh=AE90E2832851B99DEB9B5ED3983D6ED7F142E876 ft=1 fh=c54d754bb1dd37b6 vn="a variant of Win32/Packed.Themida potentially unwanted application" ac=I fn="F:\Higurashi VN\Higurashi no Naku Koro ni (chapter 1-4)\BGI.exe"
sh=FE43478645D4023F4193179BAB956EA8465F8ECE ft=0 fh=0000000000000000 vn="Win32/HackTool.Patcher.A potentially unsafe application" ac=I fn="F:\Kanon Visual Novel\KanonEnglishPatch.rar"

 

 

Thanks for helping me! Really nice of you.
 


Edited by RitsuT, 11 September 2014 - 03:54 PM.


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:07 AM

Posted 11 September 2014 - 04:20 PM

Ok, it's looking good. :)

My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!

#5 RitsuT

RitsuT
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 11 September 2014 - 04:30 PM

Thanks alot! Just wondering, that website what is it and also what is this fixlist thing? : )


Edited by RitsuT, 11 September 2014 - 04:45 PM.


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:07 AM

Posted 11 September 2014 - 05:14 PM

I don't know anything about this website except that people don't like it to open at startup. :)
The fixlist (in short) contains instructions for FRST on what registry entries and files to manipulate to fix the infections.

#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:07 AM

Posted 19 September 2014 - 02:58 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users