Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Audio Ads Playing In Background


  • This topic is locked This topic is locked
7 replies to this topic

#1 Bennys

Bennys

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 21 January 2015 - 01:45 AM

All steps taken to try and resolve issue can be found at https://www.bleepingcomputer.com/forums/t/563549/audio-ads-playing-in-background/.

 

Audio ads play in background at seemingly random times. Whenever the ads play multiple instances of the Iexplorer.exe (you cant see any internet explorer windows) process are found running and sometimes taking up 100k plus memory while playing audio ads.

 

I will attach 2 sets of DDS logs one for when no audio ads are playing (after computer restart) and another for after the audio ads play.

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:55 PM

Posted 21 January 2015 - 09:57 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 Bennys

Bennys
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 21 January 2015 - 04:54 PM

DID NOT POST THE FRST LOG - WILL POST CORRECT ONE IN NEW POST

Attached Files


Edited by Bennys, 22 January 2015 - 04:25 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:55 PM

Posted 22 January 2015 - 08:33 AM

You posted and attached also the Addition.txt file.

I need to see the FRST log as well. Please post it.

#5 Bennys

Bennys
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 22 January 2015 - 04:25 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Chris (administrator) on CW-PC on 21-01-2015 13:48:14
Running from C:\Users\Chris\Desktop
Loaded Profiles: Chris (Available profiles: Chris)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5383\Battle.net.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_257_ActiveX.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1232528 2014-10-22] (Highresolution Enterprises)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-17] (AVAST Software)
HKU\S-1-5-21-1071244695-3159041632-2631919941-1001\...\Run: [Gadwin PrintScreen (64-bit)] => C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen64.exe [14439584 2014-10-15] (Gadwin Systems)
HKU\S-1-5-21-1071244695-3159041632-2631919941-1001\...\MountPoints2: {31ac0d31-c3a8-11e3-81be-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-04-15] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKLM -> {54713EE6-0AD8-4B99-A02D-8803DA998DCB} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {54713EE6-0AD8-4B99-A02D-8803DA998DCB} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1071244695-3159041632-2631919941-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKU\S-1-5-21-1071244695-3159041632-2631919941-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\04rm9ygh.default
FF DefaultSearchEngine: Wikipedia (en)
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: HTTPS-Everywhere - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\04rm9ygh.default\Extensions\https-everywhere@eff.org [2015-01-15]
FF Extension: NoScript - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\04rm9ygh.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-14]
FF Extension: Adblock Plus - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\04rm9ygh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-14]
FF Extension: Greasemonkey - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\04rm9ygh.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-08-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-13]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-09-19] (AMD) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-17] (AVAST Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R2 hasplms; C:\Windows\system32\hasplms.exe [4609928 2013-08-01] (SafeNet Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-11] (SurfRight B.V.)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-17] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-17] ()
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331328 2013-08-01] (SafeNet Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-21 13:48 - 2015-01-21 13:48 - 00013664 _____ () C:\Users\Chris\Desktop\FRST.txt
2015-01-21 13:46 - 2015-01-21 13:48 - 00000000 ____D () C:\FRST
2015-01-21 11:57 - 2015-01-21 11:57 - 02126848 _____ (Farbar) C:\Users\Chris\Desktop\FRST64.exe
2015-01-20 22:41 - 2015-01-20 22:41 - 00016577 _____ () C:\Users\Chris\Desktop\DDS_After_Ads.txt
2015-01-20 22:41 - 2015-01-20 22:41 - 00013166 _____ () C:\Users\Chris\Desktop\Attach_After_Ads.txt
2015-01-20 22:41 - 2015-01-20 22:41 - 00013164 _____ () C:\Users\Chris\Desktop\Attach_No_Ads.txt
2015-01-20 22:37 - 2015-01-20 22:37 - 00015937 _____ () C:\Users\Chris\Desktop\DDS_No_Ads.txt
2015-01-20 21:27 - 2015-01-20 22:18 - 00013166 _____ () C:\Users\Chris\Desktop\attach.txt
2015-01-20 21:27 - 2015-01-20 22:17 - 00016577 _____ () C:\Users\Chris\Desktop\dds.txt
2015-01-20 21:26 - 2015-01-20 21:26 - 00688992 ____R (Swearware) C:\Users\Chris\Downloads\dds.com
2015-01-20 16:07 - 2015-01-20 16:07 - 00239078 _____ () C:\Users\Chris\Downloads\photo.php
2015-01-19 12:27 - 2015-01-19 12:27 - 00082656 _____ () C:\Users\Chris\Documents\AutoRuns.txt
2015-01-19 12:24 - 2015-01-19 12:24 - 00511633 _____ () C:\Users\Chris\Desktop\Autoruns.zip
2015-01-19 12:24 - 2014-09-11 08:57 - 00593080 _____ (Sysinternals - www.sysinternals.com) C:\Users\Chris\Desktop\autoruns.exe
2015-01-19 08:42 - 2015-01-19 08:42 - 00000000 ____D () C:\Windows\pss
2015-01-18 16:55 - 2015-01-18 16:55 - 00659968 _____ () C:\Users\Chris\Downloads\MicrosoftFixit50195.msi
2015-01-18 13:01 - 2015-01-18 13:01 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\9-lab
2015-01-18 13:00 - 2015-01-18 13:00 - 00000936 _____ () C:\Users\Public\Desktop\Removal Tool.lnk
2015-01-18 13:00 - 2015-01-18 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
2015-01-18 13:00 - 2015-01-18 13:00 - 00000000 ____D () C:\ProgramData\9-lab
2015-01-18 13:00 - 2015-01-18 13:00 - 00000000 ____D () C:\Program Files\9-lab
2015-01-18 12:59 - 2015-01-18 12:59 - 06003400 _____ () C:\Users\Chris\Downloads\rmtool-setup-x64.exe
2015-01-17 21:15 - 2015-01-17 21:15 - 00000000 ____D () C:\ProgramData\Sophos
2015-01-17 21:15 - 2015-01-17 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-01-17 21:15 - 2015-01-17 21:15 - 00000000 ____D () C:\Program Files (x86)\Sophos
2015-01-17 21:05 - 2015-01-17 21:05 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-17 21:05 - 2015-01-17 21:05 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-17 21:05 - 2015-01-17 21:05 - 00001966 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-17 21:02 - 2015-01-17 21:02 - 00000764 _____ () C:\Users\Chris\Desktop\JRT.txt
2015-01-17 20:39 - 2015-01-17 20:39 - 02186752 _____ () C:\Users\Chris\Desktop\adwcleaner_4.108.exe
2015-01-17 20:32 - 2015-01-17 20:32 - 00448512 _____ (OldTimer Tools) C:\Users\Chris\Downloads\TFC.exe
2015-01-17 18:38 - 2015-01-17 18:59 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-17 18:34 - 2015-01-17 18:59 - 00000000 ____D () C:\Users\Chris\Desktop\mbar
2015-01-17 18:23 - 2015-01-17 18:24 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Chris\Downloads\mbar-1.08.2.1001.exe
2015-01-15 19:39 - 2015-01-15 19:42 - 34324222 _____ () C:\Users\Chris\Downloads\torbrowser-install-4.0.3_en-US.exe
2015-01-15 16:36 - 2014-12-12 16:47 - 00620176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-01-15 16:34 - 2014-12-13 02:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-15 16:34 - 2014-12-13 02:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-15 16:34 - 2014-12-13 02:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-15 16:34 - 2014-12-13 02:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-15 16:34 - 2014-12-13 02:08 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-01-15 16:34 - 2014-12-13 02:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-15 16:34 - 2014-12-13 02:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-15 16:34 - 2014-12-13 02:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-15 16:34 - 2014-12-13 02:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-15 16:34 - 2014-12-13 02:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-15 16:34 - 2014-12-13 02:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-15 16:34 - 2014-12-13 02:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-15 16:34 - 2014-12-13 02:08 - 02897824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-01-15 16:34 - 2014-12-13 02:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2015-01-15 16:34 - 2014-12-13 02:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2015-01-15 16:34 - 2014-12-13 02:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-01-15 16:34 - 2014-12-13 02:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-15 16:34 - 2014-12-13 02:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-15 16:34 - 2014-12-13 02:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-15 16:34 - 2014-12-13 02:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-15 16:34 - 2014-12-13 02:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-01-15 16:34 - 2014-12-13 02:08 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-01-15 16:34 - 2014-12-13 02:08 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-01-15 16:34 - 2014-12-13 02:08 - 00391488 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-01-15 16:34 - 2014-12-13 02:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-01-15 16:34 - 2014-12-13 02:08 - 00346944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-01-15 16:34 - 2014-12-13 02:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-01-15 16:34 - 2014-12-13 02:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-01-15 16:34 - 2014-12-13 02:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-01-15 16:34 - 2014-10-09 09:02 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-01-15 16:34 - 2014-10-09 09:02 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-01-15 16:34 - 2014-10-08 23:17 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2015-01-11 16:04 - 2015-01-11 16:04 - 00002438 _____ () C:\Windows\system32\.crusader
2015-01-11 15:54 - 2015-01-11 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-01-11 15:54 - 2015-01-11 15:54 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-11 15:53 - 2015-01-11 16:05 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-11 15:47 - 2015-01-11 15:51 - 11225840 _____ (SurfRight B.V.) C:\Users\Chris\Downloads\HitmanPro_x64.exe
2015-01-11 15:41 - 2015-01-11 15:41 - 00000000 __SHD () C:\found.000
2015-01-11 15:19 - 2015-01-20 21:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-11 15:18 - 2015-01-17 18:34 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-11 15:18 - 2015-01-11 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-11 15:18 - 2015-01-11 15:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-11 15:18 - 2015-01-11 15:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-11 15:18 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-11 15:18 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-11 15:14 - 2015-01-11 15:17 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Chris\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-11 15:06 - 2015-01-11 15:06 - 00000000 ____D () C:\Windows\ERUNT
2015-01-11 15:03 - 2015-01-11 15:03 - 01707939 _____ (Thisisu) C:\Users\Chris\Downloads\JRT.exe
2015-01-11 14:51 - 2015-01-17 23:24 - 00000000 ____D () C:\AdwCleaner
2015-01-11 14:24 - 2015-01-11 14:24 - 00000000 ____D () C:\Users\Chris\AppData\Local\WorldofTanks
2015-01-11 14:19 - 2015-01-11 14:19 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\QuickScan
2015-01-11 14:18 - 2015-01-11 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-11 14:16 - 2015-01-11 14:16 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\tricomfi
2015-01-11 14:13 - 2015-01-11 14:13 - 00000000 ____D () C:\Program Files (x86)\download Manager
2015-01-11 14:12 - 2015-01-11 14:12 - 00000000 ____D () C:\Program Files (x86)\turbodiagnosis
2015-01-08 14:02 - 2015-01-08 14:02 - 00609813 _____ () C:\Users\Chris\Downloads\Spy-3.2.4-release.zip
2015-01-04 16:11 - 2015-01-04 16:11 - 01054052 _____ () C:\Users\Chris\Downloads\GatherMate2-1.33.3.zip
2015-01-04 16:11 - 2015-01-04 16:11 - 00380302 _____ () C:\Users\Chris\Downloads\GatherMate2_Data-v24.7.zip
2015-01-04 16:07 - 2015-01-04 16:07 - 00296830 _____ () C:\Users\Chris\Downloads\Routes-v1.5.0.zip
2015-01-04 16:07 - 2015-01-04 16:07 - 00296830 _____ () C:\Users\Chris\Downloads\Routes-v1.5.0(1).zip
2015-01-04 12:32 - 2015-01-04 12:32 - 00025292 _____ () C:\Users\Chris\Downloads\AckisRecipeList_Engineering-6.0.3.2.zip
2015-01-04 10:52 - 2015-01-04 10:52 - 00022664 _____ () C:\Users\Chris\Downloads\AckisRecipeList_Alchemy-6.0.3.1(1).zip
2015-01-04 10:50 - 2015-01-04 10:50 - 00769513 _____ () C:\Users\Chris\Downloads\AckisRecipeList-3.0.12.zip
2015-01-04 10:50 - 2015-01-04 10:50 - 00000000 ____D () C:\Users\Chris\Downloads\AckisRecipeList-3.0.12
2015-01-04 10:25 - 2015-01-04 10:25 - 00022664 _____ () C:\Users\Chris\Downloads\AckisRecipeList_Alchemy-6.0.3.1.zip
2015-01-03 12:12 - 2015-01-03 12:15 - 00033522 _____ () C:\Users\Chris\Downloads\SwynGuildPromoter_3.01.04.zip
2015-01-02 10:35 - 2015-01-02 10:35 - 00248669 _____ () C:\Users\Chris\Downloads\Auctionator_0322.zip
2015-01-01 23:05 - 2015-01-01 23:05 - 00076887 _____ () C:\Users\Chris\Downloads\AskMrRobot-v19.zip
2015-01-01 00:43 - 2015-01-01 00:43 - 00389987 _____ () C:\Users\Chris\Downloads\Recount-v6.0.3f_release.zip
2014-12-30 23:41 - 2014-12-30 23:41 - 01144816 _____ () C:\Users\Chris\Downloads\MogIt-3.4.0.zip
2014-12-26 05:10 - 2014-12-26 05:10 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-26 04:59 - 2015-01-21 03:21 - 00004946 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for CW-PC-Chris CW-PC
2014-12-26 04:52 - 2014-12-26 05:02 - 00000102 _____ () C:\Users\Chris\Desktop\clean.bat
2014-12-26 04:49 - 2014-12-26 04:49 - 00638888 _____ (Oracle Corporation) C:\Users\Chris\Downloads\jxpiinstall(3).exe
2014-12-23 05:42 - 2014-12-23 05:42 - 00144018 _____ () C:\Users\Chris\Downloads\BankStack-v35.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-21 13:48 - 2014-04-14 01:08 - 00000000 ____D () C:\Users\Chris\AppData\Local\Battle.net
2015-01-21 13:23 - 2014-10-22 15:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-21 10:59 - 2014-12-19 09:20 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2015-01-21 10:12 - 2014-04-13 23:46 - 01151616 _____ () C:\Windows\WindowsUpdate.log
2015-01-21 10:01 - 2014-04-13 23:03 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-20 21:25 - 2009-07-13 20:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-20 21:25 - 2009-07-13 20:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-20 21:17 - 2014-04-13 23:26 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-20 21:17 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-20 21:17 - 2009-07-13 20:51 - 00042568 _____ () C:\Windows\setupact.log
2015-01-20 21:16 - 2014-04-13 23:46 - 00000000 ____D () C:\Users\Chris
2015-01-20 16:47 - 2014-04-13 22:54 - 00135166 _____ () C:\Windows\PFRO.log
2015-01-18 14:08 - 2014-07-31 10:01 - 00000000 ____D () C:\Windows\AutoKMS
2015-01-17 23:27 - 2014-07-31 10:01 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-01-17 21:05 - 2014-04-23 14:33 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-17 21:05 - 2014-04-13 23:03 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-17 21:05 - 2014-04-13 23:03 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-17 21:05 - 2014-04-13 23:03 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-17 21:05 - 2014-04-13 23:03 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2015-01-17 21:05 - 2014-04-13 23:03 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-17 21:05 - 2014-04-13 23:03 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-01-17 21:05 - 2014-04-13 23:03 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-17 20:44 - 2014-04-13 23:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-16 21:54 - 2014-12-09 16:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-15 16:40 - 2014-04-13 23:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-13 14:48 - 2014-04-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-01-13 12:23 - 2014-10-22 15:19 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 12:23 - 2014-04-14 01:16 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-13 12:23 - 2014-04-14 01:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-11 15:49 - 2014-04-21 06:43 - 00000000 ____D () C:\Users\Chris\AppData\Local\Microsoft Help
2015-01-11 15:35 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-11 14:57 - 2010-01-15 09:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-08 17:40 - 2014-12-17 20:06 - 00000000 ____D () C:\Users\Chris\Desktop\TSM-DT
2014-12-31 10:00 - 2014-04-13 22:56 - 00000544 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2014-12-26 04:58 - 2014-09-06 14:21 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-26 04:56 - 2014-04-13 23:09 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-26 04:55 - 2014-09-06 14:22 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-26 04:55 - 2014-09-06 14:22 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-26 04:55 - 2014-09-06 14:22 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-26 04:55 - 2014-09-06 14:22 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

Files to move or delete:
====================
C:\Users\Chris\jagex_cl_oldschool_LIVE.dat
C:\Users\Chris\jagex_cl_runescape_LIVE_BETA.dat
C:\Users\Chris\random.dat


Some content of TEMP:
====================
C:\Users\Chris\AppData\Local\Temp\Quarantine.exe
C:\Users\Chris\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 16:44

==================== End Of Log ============================



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:55 PM

Posted 23 January 2015 - 09:48 AM




Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM -> {54713EE6-0AD8-4B99-A02D-8803DA998DCB} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {54713EE6-0AD8-4B99-A02D-8803DA998DCB} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1071244695-3159041632-2631919941-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-1071244695-3159041632-2631919941-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
tricomfi (HKLM-x32\...\{74f1e872-8d6f-4cc7-58d6-c60d8dfe43ed}) (Version: 1.0.0 - estdemin) <==== ATTENTION!
CustomCLSID: HKU\S-1-5-21-1071244695-3159041632-2631919941-1001_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\tricomfi\tivesen.dll () <==== ATTENTION
C:\Users\Chris\AppData\Roaming\tricomfi

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:55 PM

Posted 29 January 2015 - 10:49 AM

Are you still with me?

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:55 PM

Posted 03 February 2015 - 10:59 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users