Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PCKeeper & Apps slow to load


  • This topic is locked This topic is locked
6 replies to this topic

#1 TechieMomma

TechieMomma

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 18 November 2015 - 07:16 AM

Hi there,

 

I am running Win7 Ultimate and I've obviously got some sort of adware, the PCKeeper site pops up randomly in firefox, and in both firefox and chrome ads are just whizzing by my adblock plus all of a sudden.  I can't find any new plugins or extensions in either one that I haven't a. install myself and b. had for months. 

 

I was in the midst of trying to find and get rid of whatever the adware was when my computer rebooted in the middle of the night and since that reboot my apps are so. slow. to. start.   At first I thought they weren't starting at all because the first ones I usually open which are the memory sucks (firefox/thunderbird/hangouts) would light up in the taskbar and then disappear.  I tried to open a couple of times, and tried chrome as well, but when I went to task manager to investigate they were open but had very small memory footprints (2,000kb or less) and were just hanging there.  If I close and reopen a couple of times or start chrome after trying to start firefox they start slowly creeping up at about a mb or two per second until they build up enough steam to open. Once started apps are mostly responsive again. My computer is old but it got about a hundred times slower after that reboot.

 

I've run malwarebytes, security essentials scanner, adwcleaner and taken care of anything it found, but the problem is persistent.  Any help would be really appreciated.  It's been years since I've had something that wasn't easily taken care of.  I'm way behind in what the current tools are,  and the only pckeeper thread I could find here was kind of cut off in the middle.

 

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-11-2015
Ran by Sara (administrator) on MAI-PC (18-11-2015 03:29:27)
Running from C:\Users\Sara\Downloads
Loaded Profiles: Sara (Available Profiles: Sara & PermissionsTest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Core Temp\Core Temp.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
(Stardock Corporation) C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Don HO don.h@free.fr) C:\Users\Sara\Downloads\Setups\Notepad-Plus-Plus\notepad++.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Firefox Developer Edition\firefox.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWXConfigManager.exe
(Mozilla Corporation) C:\Program Files (x86)\Firefox Developer Edition\plugin-container.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-06] (Apple Inc.)
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1091568 2015-03-02] (Highresolution Enterprises)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\WindowBlinds\fast64.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1350210079-2480061043-60131931-1000\...\Run: [CursorFX] => C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe [670896 2015-01-23] (Stardock Corporation)
HKU\S-1-5-21-1350210079-2480061043-60131931-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
IFEO\notepad.exe: [Debugger] C:\Windows\NotepadStarter.exe
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sara\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sara\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sara\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sara\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sara\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sara\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sara\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sara\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sara\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sara\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sara\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sara\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sara\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sara\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sara\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sara\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{BC60CC22-20C4-4490-BE92-1B72ACA16849}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{BC60CC22-20C4-4490-BE92-1B72ACA16849}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1350210079-2480061043-60131931-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1350210079-2480061043-60131931-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1350210079-2480061043-60131931-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKU\S-1-5-21-1350210079-2480061043-60131931-1000 -> {E7D15226-FD9F-4A0C-BC57-510564E81E9B} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-01-18] (Siber Systems Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO-x32: No Name -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> No File
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-01-18] (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-17] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-29] (Adobe Systems Incorporated)
BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-17] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-29] (Adobe Systems Incorporated)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-01-18] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-29] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-01-18] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-1350210079-2480061043-60131931-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: osf - No CLSID Value

FireFox:
========
FF ProfilePath: C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\vakh215d.dev-edition-default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.yahoo.com/?fr=yset_ff_syc_oracle&type=orcl_hpset
FF Session Restore: -> is enabled.
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1350210079-2480061043-60131931-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Sara\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1350210079-2480061043-60131931-1000: @talk.google.com/O1DPlugin -> C:\Users\Sara\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1350210079-2480061043-60131931-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Sara\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-24] (Google Inc.)
FF Plugin HKU\S-1-5-21-1350210079-2480061043-60131931-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Sara\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-24] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Sara\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Sara\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\vakh215d.dev-edition-default\searchplugins\yahoo-ysp.xml [2015-07-14]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\vakh215d.dev-edition-default\extensions\adblockpopups@jessehakanen.net.xpi [2015-05-31]
FF Extension: HostAdmin - C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\vakh215d.dev-edition-default\extensions\{bd54afa8-b14a-4d7a-aecf-37e34e882796} [2015-05-31]
FF Extension: Save File to - C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\vakh215d.dev-edition-default\extensions\savefileto@mozdev.org.xpi [2015-05-31]
FF Extension: FireFTP - C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\vakh215d.dev-edition-default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-06-06]
FF Extension: ADB Helper - C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\vakh215d.dev-edition-default\Extensions\adbhelper@mozilla.org [2015-11-12]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\vakh215d.dev-edition-default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-09-01]
FF Extension: Valence - C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\vakh215d.dev-edition-default\Extensions\fxdevtools-adapters@mozilla.org [2015-10-20]
FF Extension: IP Address and Domain Information - C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\vakh215d.dev-edition-default\Extensions\jid0-jJRRRBMgoShUhb07IvnxTBAl29w@jetpack.xpi [2015-05-29]
FF Extension: Session Manager - C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\vakh215d.dev-edition-default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2015-10-30]
FF Extension: Password Exporter - C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\vakh215d.dev-edition-default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2015-05-28]
FF Extension: Adblock Plus - C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\vakh215d.dev-edition-default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-24]
FF Extension: DownThemAll! - C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\vakh215d.dev-edition-default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-01-20] [not signed]
FF Extension: Theme Font & Size Changer - C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\vakh215d.dev-edition-default\Extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}.xpi [2015-11-17]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-07-18] [not signed]
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Firefox Developer Edition\firefox.exe

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Adblock Plus) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-22]
CHR Extension: (Google Docs Offline) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (Yahoo Web) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihfmmedoddijgnhkgfgnkeohkpbipol [2015-11-17]
CHR Extension: (Google Hangouts) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-11-09]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-02-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR HKU\S-1-5-21-1350210079-2480061043-60131931-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Sara\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-02-14]
CHR HKU\S-1-5-21-1350210079-2480061043-60131931-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apache2; C:\WampDeveloper\Components\Apache\bin\httpd.exe [22016 2013-12-21] (Apache Software Foundation) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S3 Mysql5; C:\WampDeveloper\Config\Mysql\my.ini [5506 2015-01-09] () [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175752 2015-06-23] (Sandboxie Holdings, LLC)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R3 TermService; C:\Windows\System32\termsrv.dll [683520 2015-01-22] (Microsoft Corporation) [File not signed]
S3 vncserver; C:\Program Files\RealVNC\VNC Server\vncservice.exe [639808 2014-11-28] (RealVNC Ltd)
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 WindowBlinds; C:\Program Files (x86)\Stardock\WindowBlinds\wbsrv.exe [89600 2013-05-16] (Stardock Corporation) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
S3 massfilter_brcm; C:\Windows\system32\drivers\massfilter_brcm.sys [20232 2012-06-07] (Handset Incorporated)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 nuvotoncir; C:\Windows\System32\DRIVERS\nuvotoncir.sys [48128 2009-08-31] (Nuvoton Technology Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [190088 2015-06-23] (Sandboxie Holdings, LLC)
U5 UnlockerDriver5; C:\Users\Sara\Downloads\Stardock Customization Software Pack 2014 (windows 8 Addons) [danhuk]\Stardock WindowBlinds 8.00\Setup\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 ALCXWDM; system32\drivers\RTKVAC64.SYS [X]
R3 ALSysIO; \??\C:\Users\Sara\AppData\Local\Temp\ALSysIO64.sys [X]
S3 cpuz134; \??\C:\Users\Sara\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



==================== Files in the root of some directories =======

2015-06-08 15:40 - 2015-06-08 15:39 - 16341076 _____ () C:\Program Files (x86)\X-TaskCoach_1.4.2_rev1.zip
2015-01-01 11:23 - 2015-10-29 20:12 - 0000132 _____ () C:\Users\Sara\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-09-30 22:40 - 2015-11-17 22:21 - 0001386 ___SH () C:\Users\Sara\AppData\Roaming\systemMK.$dk
2015-05-09 10:31 - 2015-05-09 10:35 - 0008704 ___SH () C:\Users\Sara\AppData\Roaming\Thumbs.db
2015-04-17 04:21 - 2015-04-17 04:21 - 0033193 _____ () C:\Users\Sara\AppData\Roaming\UserTile.png
2015-06-07 00:57 - 2015-06-07 00:57 - 0000600 _____ () C:\Users\Sara\AppData\Roaming\winscp.rnd
2015-01-01 11:43 - 2015-06-05 16:31 - 0001456 _____ () C:\Users\Sara\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-12-30 16:10 - 2014-11-27 14:14 - 0005632 _____ () C:\Users\Sara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-29 21:40 - 2015-01-02 04:01 - 0015983 _____ () C:\Users\Sara\AppData\Local\HWVendorDetection.log
2015-01-18 20:13 - 2015-11-17 23:52 - 0000600 _____ () C:\Users\Sara\AppData\Local\PUTTY.RND
2014-12-27 13:50 - 2015-05-26 11:39 - 0007624 _____ () C:\Users\Sara\AppData\Local\resmon.resmoncfg
2014-12-30 16:10 - 2014-11-16 16:50 - 0000000 _____ () C:\Users\Sara\AppData\Local\{B09D62C6-20A0-47EC-BBCA-427DF726B3C9}
2015-05-21 13:46 - 2015-05-21 13:46 - 0000000 _____ () C:\Users\Sara\AppData\Local\{DA992AE5-E950-4A39-A860-3C23357EC9C7}
2015-04-11 17:32 - 2015-04-11 17:32 - 0740775 _____ () C:\ProgramData\AndyDrivers.zip
2014-12-29 22:11 - 2014-12-29 22:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-02-05 23:11 - 2015-02-05 23:13 - 0000614 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\Users\Sara\g2ax_customer_downloadhelper_win32_x86.exe
C:\Users\Sara\g2ax_expert_downloadhelper_win32_x86.exe


Some files in TEMP:
====================
C:\Users\Sara\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjdn8lm.dll
C:\Users\Sara\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Sara\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Sara\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Sara\AppData\Local\Temp\ose00000.exe
C:\Users\Sara\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Sara\AppData\Local\Temp\sqlite3.dll
C:\Users\Sara\AppData\Local\Temp\wlsetup-web-1.exe
C:\Users\Sara\AppData\Local\Temp\wlsetup-web.exe
C:\Users\Sara\AppData\Local\Temp\ytb.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-11 02:36

==================== End of FRST.txt ============================

Attached Files


Edited by TechieMomma, 18 November 2015 - 07:23 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:41 PM

Posted 20 November 2015 - 11:46 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program in bold via the Control Panel > Programs and Features applet.
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )

====

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\WindowBlinds\fast64.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
IFEO\notepad.exe: [Debugger] C:\Windows\NotepadStarter.exe
GroupPolicyScripts: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1350210079-2480061043-60131931-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: No Name -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> No File
BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
Toolbar: HKU\S-1-5-21-1350210079-2480061043-60131931-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: osf - No CLSID Value
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 ALCXWDM; system32\drivers\RTKVAC64.SYS [X]
R3 ALSysIO; \??\C:\Users\Sara\AppData\Local\Temp\ALSysIO64.sys [X]
S3 cpuz134; \??\C:\Users\Sara\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
CustomCLSID: HKU\S-1-5-21-1350210079-2480061043-60131931-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Sara\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
Task: {86FD54A7-1541-4A5C-B169-B074F5F0F4DA} - System32\Tasks\{B1569DC9-821B-4A0E-97E4-A5CF41D7C98F} => pcalua.exe -a C:\Users\Sara\Downloads\jxpiinstall.exe -d C:\Users\Sara\Downloads
Task: {B060A098-680C-4321-BA75-21C11B4F40C1} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-12-04] (@ByELDI)
Task: {DCC3635C-A918-4672-BD20-4CA3538BCFAC} - \AdobeAAMUpdater-1.0-Mai-PC-Sara -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:8FAE08A5
C:\Program Files\KMSpico
C:\Users\Sara\Downloads\jxpiinstall.exe
C:\Users\Sara\g2ax_customer_downloadhelper_win32_x86.exe
C:\Users\Sara\g2ax_expert_downloadhelper_win32_x86.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#3 TechieMomma

TechieMomma
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 23 November 2015 - 12:24 AM

Thanks for the reply, but no can do.  Thanks to a little dispute about a key purchased from a trusted partner that did not work, and they didn't want to replace it.  Regardless, that's been there over a year and these problems have been here for about a week.  I tried safe mode with networking and everything seems to start up much quicker.  As I said earlier the machine itself starts fine, but the apps take forever.  They are getting hinky now also, i.e. I won't be able to click on anything in a window, but if I minimize it and bring it back up it's clickable again.  I have grub2 on here, I'm going to test my Linux partition tonight or tomorrow as soon as I can and test to see if it's better there or if it might be hardware.  Any other ideas from anyone would be really appreciated. 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:41 PM

Posted 23 November 2015 - 08:33 AM

It's your call.

No other helper will reply to this topic.

If you need help start a new topic. Someone else will take it.

#5 TechieMomma

TechieMomma
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 23 November 2015 - 10:28 AM

Seriously?  Because I don't want to do one thing you're bailing completely.  Thanks for all your help.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:41 PM

Posted 24 November 2015 - 07:28 AM

Do the suggested fix. I'm not here to destroy your system but to try to solve your problem.

If anything goes wrong with the fix you will have a restore point that the tool will create when run.

===


Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:41 PM

Posted 30 November 2015 - 09:51 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users