Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep getting message about threat blocked by Avast


  • Please log in to reply
19 replies to this topic

#1 rinn81

rinn81

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 30 December 2016 - 12:19 PM

Hello.  For the last month or so, I have noticed several alerts coming up on my work computer from Avast (the free version which is what my employer has chosen to have us use for virus protection) saying that it has blocked a threat that is always targeting C:\Windows\System32\regsvr32.exe.  The object has varied.  The infections noted were HTML:Script-inf or URL:Mal for the three I took a picture of (I'm not sure if other messages had been any other types of infections.  My operating system is Windows 7 and I was using Firefox for my internet browsing.  A few months ago I got an alert twice to update Firefox but when I clicked on the link, it was blocked so I stopped clicking on it, realizing that it may not have been genuine.  I deleted Firefox yesterday and today am using Internet Explorer but I just had another threat blocked message come up.  I have pictures of three of the alerts but can't figure out how to attach them to this message.  I am very careful with what websites I visit and don't open suspicious emails.  To my knowledge, no one else has been on my computer but I can't completely rule out that possibility.  After the alerts come up, Avast always recommends running Smart Scan which I do and it always comes up clean.  Am in infected somewhere?  Is there a way to stop having these threats coming in?  Thank you so much for your help.



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:42 AM

Posted 30 December 2016 - 12:24 PM

Zemana Deep Scan.
 

  • Right click on Zemana and run as admin.
  • Click the Cog/Sproket Wheel, at the top right of Zemana
  • Select Advanced - I have read the warning and wish to proceed.
  • Place a tick next to Detect Suspicious (Root CA) Certificates.
  • Then click the house icon in Zemana.
  • Then hit your start button at the lower left hand corner of your desktop.
  • Then left click on Computer.
  • Drag Local Disk C: Into the area of Zemana that reads Drag and drop files here to scan them.
  • oHw0QqX.png
  • Once the scan has completed click graph icon on the top right of the programs User interface.
  • Double click to open the latest log-file.
  • Copy it to your clipboard.
  • Post the log here in your next reply.

 

 

Security Check Scan.

 

  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please post that log here in your next post.

 

MiniToolBox Scan.

 

Please download MINITOOLBOX and run it.

Checkmark following boxes:



Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go post the result.

 

9-Lab Scan.

 

  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Install the program onto your computer, then right click the icon  run as administrator.
  • Update the program and then run a full scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean 
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.

 

 

 

 

 

 

Adware Removal Tool Scan.

 

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

 

 

LOr0Gd7.png

 

Hit Ok.

 

sYFsqHx.png

 

Hit next make sure to leave all items checked, for removal.

 

8NcZjGc.png

 

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.



#3 rinn81

rinn81
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 30 December 2016 - 01:58 PM

Zemana AntiMalware 2.70.2.262 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/12/30
Operating System       : Windows 7 32-bit
Processor              : 2X Pentium® Dual-Core CPUE5300 @ 2.60GHz
BIOS Mode              : Legacy
CUID                   : 12ACB5B65602124E126562
Scan Type              : Custom Scan
Duration               : 82m 23s
Scanned Objects        : 285887
Detected Objects       : 3
Excluded Objects       : 0
Read Level             : Normal
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

c3556.lnk
Status             : Scanned
Object             : NE->c:\users\sv 2\appdata\local\c0ddb\c3556.lnk
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Trojan:Win32/Kovter.B!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

4e69c.lnk
Status             : Scanned
Object             : NE->c:\users\sv 2\appdata\roaming\microsoft\windows\start menu\programs\startup\4e69c.lnk
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Trojan:Win32/Kovter.A!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

firefox-patch.js
Status             : Scanned
Object             : %userprofile%\downloads\firefox-patch.js
MD5                : 4DC22397230EB8022945F75F9423C24D
Publisher          : -
Size               : 3891
Version            : -
Detection          : Trojan:Generic/Fitzia.A!Teei
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\firefox-patch.js
                Reference - C:\Users\SV 2\AppData\Roaming\Microsoft\Windows\Recent\firefox-patch.lnk



#4 rinn81

rinn81
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 30 December 2016 - 02:09 PM

SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 30.12.2016 13:04:02
Path starting: C:\Users\SV 2\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: SV 2
VersionXML: 3.67is-25.12.2016
___________________________________________________________________________

Windows 7(6.1.7601) Service Pack 1 (x86) HomePremium Lang: English(0409)
Installation date OS: 09.03.2014 08:51:20
LicenseStatus: Windows® 7, HomePremium edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
SystemDrive: C: FS: [NTFS] Capacity: [465.7 Gb] Used: [49.1 Gb] Free: [416.6 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.18537
User Account Control enabled
Automatically download and schedule installation
Date install updates: 2016-12-14 21:46:17
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2007 v.12.0.6612.1000
---------------------------- [ Antivirus_WMI ] ----------------------------
avast! Antivirus (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (disabled and up to date)
avast! Antivirus (enabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Avast Free Antivirus v.11.2.2262
-------------------------- [ SecurityUtilities ] --------------------------
Zemana AntiMalware v.2.70.262
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft Silverlight v.5.1.50901.0
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 111 v.8.0.1110.14 Warning! Download Update
Uninstall old version and install new one (jre-8u112-windows-i586.exe).
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 24 ActiveX v.24.0.0.186
Adobe Flash Player 24 NPAPI v.24.0.0.186
Adobe Acrobat Reader DC v.15.020.20042
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files\Internet Explorer\iexplore.exe v.11.0.9600.18538
------------------ [ AntivirusFirewallProcessServices ] -------------------
Avast Antivirus (avast! Antivirus) - The service is running
C:\Program Files\AVAST Software\Avast\AvastSvc.exe v.11.2.2738.0
C:\Program Files\AVAST Software\Avast\avastui.exe v.11.2.2738.17
Windows Defender (WinDefend) - The service has stopped
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files\Zemana AntiMalware\ZAM.exe v.0.0.0.0
---------------------------- [ UnwantedApps ] -----------------------------
TypeFaster Typing Tutor Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and Malwarebytes AdwCleaner. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
----------------------------- [ End of Log ] ------------------------------



#5 rinn81

rinn81
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 30 December 2016 - 02:16 PM

MiniToolBox by Farbar  Version: 17-06-2016
Ran by SV 2 (administrator) on 30-12-2016 at 13:14:22
Running from "C:\Users\SV 2\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Model: G41M-ES2L Manufacturer: Gigabyte Technology Co., Ltd.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

N300 Micro USB WiFi Adapter - N300MA = Wireless Network Connection (Connected)
Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) = Local Area Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : SV2-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : attlocal.net

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : N300 Micro USB WiFi Adapter - N300MA
   Physical Address. . . . . . . . . : 44-94-FC-28-1C-06
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2602:30a:2c2e:cbb0:205b:172c:d3c3:2f08(Preferred)
   Temporary IPv6 Address. . . . . . : 2602:30a:2c2e:cbb0:c80a:d3be:4ec5:9d1(Preferred)
   Link-local IPv6 Address . . . . . : fe80::205b:172c:d3c3:2f08%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.83(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, December 30, 2016 8:35:26 AM
   Lease Expires . . . . . . . . . . : Saturday, December 31, 2016 10:17:26 AM
   Default Gateway . . . . . . . . . : fe80::3eea:4fff:fe07:2921%13
                                       192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
   Physical Address. . . . . . . . . : 00-24-1D-BA-4B-63
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.attlocal.net:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{8B9372CA-9073-4F99-B645-89F93730C1FB}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  homeportal
Address:  192.168.1.254

Name:    google.com
Addresses:  2607:f8b0:4009:809::200e
   216.58.216.238

Pinging google.com [2607:f8b0:4009:809::200e] with 32 bytes of data:
Reply from 2607:f8b0:4009:809::200e: time=29ms
Reply from 2607:f8b0:4009:809::200e: time=31ms

Ping statistics for 2607:f8b0:4009:809::200e:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 29ms, Maximum = 31ms, Average = 30ms
Server:  homeportal
Address:  192.168.1.254

Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
   2001:4998:44:204::a7
   2001:4998:c:a06::2:4008
   206.190.36.45
   98.139.183.24
   98.138.253.109

Pinging yahoo.com [2001:4998:44:204::a7] with 32 bytes of data:
Reply from 2001:4998:44:204::a7: time=62ms
Reply from 2001:4998:44:204::a7: time=39ms

Ping statistics for 2001:4998:44:204::a7:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 39ms, Maximum = 62ms, Average = 50ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...44 94 fc 28 1c 06 ......N300 Micro USB WiFi Adapter - N300MA
 11...00 24 1d ba 4b 63 ......Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.83     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.83    281
     192.168.1.83  255.255.255.255         On-link      192.168.1.83    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.83    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.83    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.83    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13    281 ::/0                     fe80::3eea:4fff:fe07:2921
  1    306 ::1/128                  On-link
 13     33 2602:30a:2c2e:cbb0::/64  On-link
 13    281 2602:30a:2c2e:cbb0:205b:172c:d3c3:2f08/128
                                    On-link
 13    281 2602:30a:2c2e:cbb0:c80a:d3be:4ec5:9d1/128
                                    On-link
 13    281 fe80::/64                On-link
 13    281 fe80::205b:172c:d3c3:2f08/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/30/2016 09:20:17 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (12/30/2016 08:51:06 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 11.0.9600.18538 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1520

Start Time: 01d262abc5b9dc4f

Termination Time: 30

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (12/30/2016 08:36:35 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2016 09:07:19 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (12/29/2016 08:37:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/28/2016 11:39:32 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (12/28/2016 08:50:50 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2016 10:57:33 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (12/27/2016 10:07:54 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/26/2016 02:40:41 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

System errors:
=============
Error: (12/30/2016 12:28:29 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (12/30/2016 10:03:05 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (12/30/2016 08:36:04 AM) (Source: Service Control Manager) (User: )
Description: The Windows Agent Maintenance Service service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (12/30/2016 08:36:04 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Agent Maintenance Service service to connect.

Error: (12/29/2016 12:34:32 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (12/29/2016 12:22:00 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (12/29/2016 12:16:27 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (12/29/2016 12:14:25 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (12/29/2016 12:09:39 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (12/29/2016 11:07:51 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM\...\{AC76BA86-0804-1033-1959-001824205020}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.2.2262 - AVAST Software)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Compuscore for the ICAP (HKLM\...\Compuscore for the ICAP) (Version:  - )
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8100 Basic Device Software (HKLM\...\{70346586-8976-4EAC-BB34-22CD2F936FEC}) (Version: 28.0.1321.0 - Hewlett-Packard Co.)
HP Officejet Pro 8100 Help (HKLM\...\{F80C8BC5-F15E-41AE-80BB-7BF670B56BA2}) (Version: 28.0.0 - Hewlett Packard)
HP Support Assistant (HKLM\...\{56D27851-B9A6-430F-875A-E2D7A3802C7B}) (Version: 8.3.50.9 - HP Inc.)
HP Support Solutions Framework (HKLM\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.5.32.203 - HP Inc.)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java Auto Updater (HKLM\...\{4A03706F-666A-4037-7777-5F2748764D10}) (Version: 2.8.111.14 - Oracle Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
On Networks N300MA (HKLM\...\{426673D5-5853-4B0C-A0CD-01EF434D64F7}) (Version: 1.1.0.1 - On Networks)
SafeZone Stable 1.48.2066.101 (HKLM\...\SafeZone 1.48.2066.101) (Version: 1.48.2066.101 - Avast Software) Hidden
TypeFaster Typing Tutor (HKLM\...\TypeFaster) (Version:  - )
Uninstall Samsung Printer Software (HKLM\...\TotalUninstaller) (Version: 4.0.0.13 - Samsung Electronics CO., LTD.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Agent (HKLM\...\{E4ABD056-5C50-4DBB-94F7-A4E42EDDBF6A}) (Version: 10.2.10350 - N-able Technologies)
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.70.262 - Zemana Ltd.)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 78%
Total physical RAM: 2716.49 MB
Available physical RAM: 591.81 MB
Total Virtual: 5431.31 MB
Available Virtual: 2709.63 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:416.58 GB) NTFS
3 Drive e: (RIN) (Removable) (Total:7.51 GB) (Free:7.04 GB) FAT32
4 Drive s: () (Network) (Total:916.62 GB) (Free:916.57 GB)

========================= Users: ========================================

User accounts for \\SV2-PC

Administrator            Guest                    SV 2                    

**** End of log ****



#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:42 AM

Posted 30 December 2016 - 02:32 PM

Uninstall these programs with Geek Uninstaller.

 

 

HP Support Assistant (HKLM\...\{56D27851-B9A6-430F-875A-E2D7A3802C7B}) (Version: 8.3.50.9 - HP Inc.)
HP Support Solutions Framework (HKLM\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.5.32.203 - HP Inc.)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden

 

Clean up temp files and reduce startup load with CCleaner.
 

  • Download CCleaner from here.
  • After install Click Options.
  • Go to monitoring.
  • Uncheck All Monitoring items.
  • Go to advanced -- Click close program after cleaning.
  • Go to settings -- click run ccleaner when the computer starts.
  • Now that you have ccleaner installed and set-up:
  • Open the program.
  • Go to Tools
  • Go to Startup
  • Now double click each item. To Disable.
  • Leave only your antivirus enabled.
  • Then disable All items in your scheduled task as well.
  • Unless they are related to windows defender.Or your antivirus.
  • Reboot the machine.

 

Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.
 

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

JRT Scan.


Please download Junkware Removal Tool and save it on your desktop.





  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

ZHP Scan.

Please download Zhp Cleaner  to your desktop.  Right Click the icon and select run as administrator.

 

 

 

2. Once you have started the program, you will need to click the scanner button.

3CUv7go.png

The program will close all open browsers!

3. Once the scan is completed, the you will want to click the Repair button.

Ci04cxv.png

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

 

Disable IPV6


Instructions here.
 

  1. Hit start
  2. Control Panel
  3. Network & Internet
  4. NetWork & Sharing Center
  5. Change Adapter Settings.
  6. Right Click Your Connection
  7. Select Properties
  8. Un-Check Ipv6
  9. Hit ok.

Sdy7oFH.png



Reset Host File

 

  • Click here to download RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.
  • Click on Restaurer, then click OK at the prompt.
  • This will restore the default host file.
  • Next Click on Creer Un Rapport.
  • This will open a logfile, post that in your next reply.

Change some settings.


Use this tool to remove the Tunnel adapters.




Disable Computer Browser Service



1. Press the Windows + R key at the same time, a Run Window will appear
2. Type or copy and paste Services.msc hit enter.
3. Scroll to the Computer Browser Service
4. Right-Click Computer Browser Service and choose Stop the service.
5. Right Click Computer Browser Service again select Properties.
6. Change the Startup type to disabled.

Uh8lcOJ.png
7. Hit Apply then Ok.


Uninstall Netbt Driver.


1. Press the Windows + R key at the same time, a Run Window will appear.
2. Now enter or copy and paste devmgmt.msc in the Run Window and click on OK
3. Click on View and select Show Hidden Devices


pEaOQt9.png


4. Then click on and unfold Non-Plug and Play Driver

NmvnIVR.png

5. Then find NET BT, Right-click the device and choose to Uninstall the Driver.
6. Reboot your device when asked.




Hit enter after each command below.




1. Open Start and type cmd, then right-click Command Prompt and choose Run as Administrator
2. Once Command Prompt has started enter the following command. nbtstat -R
3. Wait for that command to complete, a new line will appear, now enter the following command. nbtstat -RR
4 Wait for that command to complete, a new line will appear, now enter the following command. Shutdown – R


Disable netbios over tcpip.



Windows key & r at the same time.
Type or copy and paste ncpa.cpl hit enter.
Right click your connection hit properties.
Select internet protocol version 4 then properties.
Select Advanced, then Wins tab.
Put a tick next to Disable Net Bios over TCPIP.




Use DNS Jumper to set your dns to google dns.



Dns Jumper Download

 

 

 

Now reboot your computer, and tell me how things are running.



#7 rinn81

rinn81
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 30 December 2016 - 03:10 PM

9 lab didn't give a report because no threats were detected.



#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:42 AM

Posted 30 December 2016 - 03:23 PM

Are you sure that 9-Labn updated?

 

The database should be the same as in the picture below....

 

3QE0jIh.png

 

So long as you are sure that the program updated, then move onto the next steps.


Edited by InadequateInfirmity, 30 December 2016 - 03:24 PM.


#9 rinn81

rinn81
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 30 December 2016 - 03:27 PM

[-] Deleted ->> File ->> C:\Users\SV 2\Appdata\Local\Microsoft\Internet Explorer\DOMStore\L7BPG8XB\gamingwonderland[1].xml
[-] Deleted ->> File ->> C:\Users\SV 2\Appdata\Local\Microsoft\Internet Explorer\DOMStore\X57BHRQP\www.searchtudo[1].xml
[-] Deleted ->> File ->> C:\Users\SV 2\Appdata\Local\Microsoft\Internet Explorer\DOMStore\XI32T3DH\mypcbackup[1].xml
[-] Deleted ->> File ->> C:\Users\SV 2\Appdata\Local\Microsoft\Internet Explorer\DOMStore\XI32T3DH\startgo123[1].xml
[-] Deleted ->> File ->> C:\Users\SV 2\AppData\Local\Microsoft\Internet Explorer\DOMStore\L7BPG8XB\astromenda[1].xml
[-] Deleted ->> Registry Key ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\astromenda.com
[-] Deleted ->> Registry Key ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\chumsearch.com
[-] Deleted ->> Registry Key ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\driverupdate.net
[-] Deleted ->> Registry Key ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\gamingwonderland.com
[-] Deleted ->> Registry Key ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\istartpageing.com
[-] Deleted ->> Registry Key ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\jimbrie.com
[-] Deleted ->> Registry Key ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\myemailxp.com
[-] Deleted ->> Registry Key ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\mypcbackup.com
[-] Deleted ->> Registry Key ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\mysearch.com
[-] Deleted ->> Registry Key ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\myway.com
[-] Deleted ->> Registry Key ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\onlinemapfinder.com
[-] Deleted ->> Registry Key ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\reimageplus.com
[-] Deleted ->> Registry Key ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\safesear.ch
[-] Deleted ->> Registry Key ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\search.mysearch.com
[-] Deleted ->> Registry Key ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\searchtudo.com
[-] Deleted ->> Registry Key ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\startgo123.com
[-] Deleted ->> Registry Key ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\wemakeitsafer.com
[-] Deleted ->> Registry Key ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.home.tb.ask.com
[-] Deleted ->> Registry Key ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.onlinemapfinder.com
 



#10 rinn81

rinn81
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 30 December 2016 - 04:02 PM

Updated 9 lab again to match your pic - still nothing found.  I think I finished all the tests from your first response and will now begin the send set of things.  Thank you so much for all of your help!  Very appreciated and hopefully you get some good lunch to take care of you being so hungry soon ;)



#11 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:42 AM

Posted 30 December 2016 - 04:09 PM

hopefully you get some good lunch to take care of you being so hungry soon ;)

 

Lol... Just the family version of a Full Metal Jacket Scene.... :whistle:



#12 rinn81

rinn81
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 30 December 2016 - 04:29 PM

Time to go home.  I'll have to finish all of this Monday.  I'll update how things are running then.  Happy New Year!



#13 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:42 AM

Posted 30 December 2016 - 04:37 PM

Same to you, and grab your free 6 months of Adguard....



#14 rinn81

rinn81
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 02 January 2017 - 04:36 PM

Update: Started work 2 hours ago and immediately started received messages about blocked threats so I'm started over with your original suggestions from Friday.  :(


Edited by rinn81, 02 January 2017 - 04:41 PM.


#15 rinn81

rinn81
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 02 January 2017 - 06:12 PM

# AdwCleaner v6.041 - Logfile created 02/01/2017 at 16:53:42
# Updated on 16/12/2016 by Malwarebytes
# Database : 2017-01-02.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X86)
# Username : SV 2 - SV2-PC
# Running from : C:\Users\SV 2\Downloads\adwcleaner_6.041.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

 

***** [ Folders ] *****

 

***** [ Files ] *****

[-] File deleted: C:\Users\SV 2\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZL5N8TOZ\www.alwaysastrology[1].xml
[-] File deleted: C:\Users\SV 2\AppData\Local\Microsoft\Internet Explorer\DOMStore\SQKW20GT\search.myway[1].xml
[-] File deleted: C:\Users\SV 2\AppData\Local\Microsoft\Internet Explorer\DOMStore\QQ02HWQD\www.totalrecipesearch[1].xml
[-] File deleted: C:\Users\SV 2\AppData\Local\Microsoft\Internet Explorer\DOMStore\P8CWVL6M\www.onlinemapfinder[1].xml
[-] File deleted: C:\Users\SV 2\AppData\Local\Microsoft\Internet Explorer\DOMStore\MM0O9379\yourtemplatefinder[1].xml
[-] File deleted: C:\Users\SV 2\AppData\Local\Microsoft\Internet Explorer\DOMStore\LWNTGFLW\mywebface[1].xml
[-] File deleted: C:\Users\SV 2\AppData\Local\Microsoft\Internet Explorer\DOMStore\L7BPG8XB\citysearch[1].xml
[-] File deleted: C:\Users\SV 2\AppData\Local\Microsoft\Internet Explorer\DOMStore\L7BPG8XB\www.zwinky[1].xml
[-] File deleted: C:\Users\SV 2\AppData\Local\Microsoft\Internet Explorer\DOMStore\GBOUDA16\myway[1].xml
[-] File deleted: C:\Users\SV 2\AppData\Local\Microsoft\Internet Explorer\DOMStore\87OHRVQF\www.citysearch[1].xml

***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Shortcuts ] *****

 

***** [ Scheduled Tasks ] *****

 

***** [ Registry ] *****

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\alwaysastrology.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\citysearch.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mywebface.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\totalrecipesearch.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.citysearch.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.zwinky.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\yourtemplatefinder.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\zwinky.com
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: HKU\S-1-5-21-2693462431-3156152601-3188983341-1000\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\4yendex.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\azlyrics.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\babylonbee.com

***** [ Web browsers ] *****

 

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3373 Bytes] - [02/01/2017 16:53:42]
C:\AdwCleaner\AdwCleaner[S0].txt - [3550 Bytes] - [02/01/2017 16:52:10]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3519 Bytes] ##########






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users