[MsDoe]

Hello!

While I've never personally posted here specifically, I'm usually on the other end of help threads like this, so unfortunately, this is something that's legitimately serious and probably not something that has a quick fix.

I recently got a piece of adware that, while annoying, was nothing spectacular; however, this didn't last for long. The adware was elusive and difficult to remove, so I decided that I would deal with it later. Unfortunately, this adware operated by opening referral links and then clicking on the contents within them through some sort of clickjacking, which resulted in it clicking on an infected ad which then made the adware malicious via an "update"​. Things rapidly deteriorated from here, and the following symptoms arose:

 

-Somehow, it displayed a fake login screen over my real one. This was used to capture the auth key from my fingerprint scanner, which was subsequently used to automatically log into the laptop every boot, as well as privilege-escalate itself into creating a superuser account

 

-After this, it created a local proxy server and began re-routing all of my traffic through it. This also disabled HTTPS, although it was sneaky about it- https seems to be disabled on all outbound connections out of the proxy, but the connection is "secure" while it connects to the proxy itself. This SSL stripping resulted browsers incorrectly stating that connections were secure, when they were in fact not (this could be verified because websites that enforce SSL connections would not allow me to connect, and thank god they did because otherwise I would not have caught this). This proxy was managed via registry keys, again with the super-user access it had gained control to earlier

 

-Programs with auto-generated names began running and inserting themselves as startup items. Deleting these programs caused them to be created again somewhere random on my drive, including administrator-access-only locations. I have literally no idea what these programs are doing, as they seem to consume no resources. I think they're used to re-install any missing components of the core of the malware, but I'm not certain.

 

-Generalized, trashware adware was then installed, although this wasn't too hard to snuff out because the majority of the schlock came with uninstallers as they were semi-legit programs

 

-Finally, and this is what puts the nail in the coffin of all of this:

It completely disabled ALL antimalware as well as ALL software that could be used to determine what was happening. The following programs cannot run:

Hijack This
​Malwarebytes (and Chameleon)

Procmon
​Hitman Pro
rKill

Any name-brand antimalware software

Additionally, these programs cannot run in safe mode either.

I was finally able to make a very, very old version of procmon run, which let me inspect what was happening with the programs shutting off. It seems like the process starts, it launches successfully, and then almost immediately after that the main thread of the program is axed by something internally (not a regular application close, the thread is just terminated /w no indicator of how it was terminated and no error code).

 

The latter issue, as well as the auto-sign in, are present in safe mode.

 

Semi-successful scans included Windows Defender full scan, which picked up on some less malicious adware and malware, and a semi-broken install of Sophos (it couldn't fully fully complete install and failed right at the end, although I was able to still scan) which got rid of the thing that was causing the proxy server to be spawned. 

 

My final try was with the Sophos Bootable CD, which successfully scans my boot record and partition table, but then goes on to scan 0 files and finish instantly. 

 

On top of this, I cannot use the windows "fresh start" button (it does nothing).

 

pls help

​If you need any more information, please feel free to ask for it. Also, if fixes are 'dangerous' in that incorrectly executing them could result in a bricked system if I mess up, fire away. I just want to fix this.

Edited by MsDoe, 16 October 2017 - 04:23 PM.

[Advertisements]

Hi

Welcome

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

• Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
• First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
• Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
• Please read ALL instructions carefully and perform the steps fully and in the order they are written.
• If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
• Continue to read and follow my instructions until I tell you that your machine is clean.
• If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
• Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary.

Let's begin...
 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Make sure that under Optional Scans, there is a checkmark on Addition.txt.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The tool will also produce another log (Addition.txt ). Please attach this to your reply.

 

[JSntgRvr]

Hi

Welcome

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

• Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
• First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
• Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
• Please read ALL instructions carefully and perform the steps fully and in the order they are written.
• If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
• Continue to read and follow my instructions until I tell you that your machine is clean.
• If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
• Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary.

Let's begin...
 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Make sure that under Optional Scans, there is a checkmark on Addition.txt.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The tool will also produce another log (Addition.txt ). Please attach this to your reply.

 

[MsDoe]

•  
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The tool will also produce another log (Addition.txt ). Please attach this to your reply.

 

 

I'm pretty shocked that ran, it couldn't run earlier when I tried. Attached are the requested logs.

 

They were too large to include in the post body, so I have put them on a free file host that does not require me to log in as to not compromise my accounts. I can verify that this host is reputable, although it you would like to double check, it's fairly well-used so a google search should back that up.

 

FRST.txt:

https://my.mixtape.moe/sodqfx.txt

Addition.txt:

https://my.mixtape.moe/vssltt.txt

[JSntgRvr]

• Highlight the entire content of the quote box below.

Start::
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [403128 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [403128 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-309477652-37544927-3454752482-1001\...\Run: [IBW1A2708X5AS5O] => "C:\Program Files\DZWWF7UDRB\DZWWF7UDR.exe"
HKU\S-1-5-21-309477652-37544927-3454752482-1001\...\Run: [2009818] => "C:\Users\mrsma\AppData\Roaming\gv3n4er30fi\pd0yxmtmtm2.exe" /VERYSILENT
HKU\S-1-5-21-309477652-37544927-3454752482-1001\...\Run: [WLYJUTFVJLHSTHI] => "C:\Program Files (x86)\ShutdownTime\UOQRT.exe"
S2 srcsrv; C:\WINDOWS\src_srv\winsrcsrv_ext.exe [X] <==== ATTENTION
HKLM-x32\...\Run: [AnonymizerGadget] => "C:\Users\mrsma\AppData\Roaming\AGData\bin\AnonymizerLauncher.exe" /S /startup --ppapi-flash-path=./pepflashplayer.dll /source:1687 /subsource: <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
S2 srcsrv; C:\WINDOWS\src_srv\winsrcsrv_ext.exe [X] <==== ATTENTION
S1 4f93695c425d4f3900652ca28d50f928; C:\WINDOWS\system32\drivers\4f93695c425d4f3900652ca28d50f928.sys [84400 2017-10-12] (P5FDLX) <==== ATTENTION
AnonymizerGadget (HKU\S-1-5-21-309477652-37544927-3454752482-1001\...\AnonymizerGadget) (Version: 1 - Jetico lim) <==== ATTENTION
SearchAwesome (HKLM\...\afca750e1ab324ef27b172491251c8ad) (Version: 13.14.1.54 (i1.0) - SearchAwesome) <==== ATTENTION
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Shortcut: C:\Users\mrsma\Projects\portalkit-pro\packages\Doxygen.1.8.13\tools\Generate Docs.lnk -> C:\Projects\Portalkit Pro\packages\Doxygen.1.8.13\tools\GenerateDocs.bat (No File)
2017-10-16 14:29 - 2017-10-16 14:29 - 000148992 _____ () \\?\C:\Users\mrsma\AppData\Local\Temp\66ED.tmp.node
2017-10-16 14:29 - 2017-10-16 14:29 - 000148992 _____ () \\?\C:\Users\mrsma\AppData\Local\Temp\66ED.tmp.node
C:\WINDOWS\system32\drivers\4f93695c425d4f3900652ca28d50f928.sys
C:\Users\mrsma\AppData\Roaming\gv3n4er30fi
C:\WINDOWS\src_srv
C:\Users\mrsma\AppData\Roaming\AGData\bin\AnonymizerLauncher.exe
C:\Program Files (x86)\ShutdownTime
C:\Program Files\DZWWF7UDRB
C:\WINDOWS\system32\Drivers\dwaoruyb.sys
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

• Right click on the highlighted text and select Copy.
• Start FRST (FRST64) with Administrator privileges
• Press the Fix button. FRST will process the lines copied above from the clipboard.
• When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.

• Please close your security software to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete, depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
• Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

• XP users: Double click the AdwCleaner icon to start the program.
• Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  You will see the following console:

• Click the Scan button and wait for the scan to finish.
• After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
• Click the Clean button.
• Everything checked will be moved to Quarantine.
• When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

• On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

[MsDoe]

Attached is FixLog.txt. Unfortunately, the other programs that you requested I run instantly close, just like all other antimalware services, so I was only able to follow the first step.

https://my.mixtape.moe/jvelar.txt

 

[JSntgRvr]

We will need to run the fix in the Recovery Environment.

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Please also download the attached file [attachment=86101:Fixlist.txt] and save it in the same location the FRST64 is saved in the flash drive.

Insert the USB drive in the infected computer.

Boot to the Recovery Console's Command prompt.

Entry points into the Windows Recovery Environment (WinRE).

You can access WinRE features through the Boot Options menu, which can be launched from Windows in a few different ways:

• Option 1: From the login screen, click Shutdown, then hold down the Shift key while selecting Restart.
• Option 2: In Windows 10, select Start > Settings > Update & security > Recovery > under Advanced Startup, click Restart now.
• Option 3: Boot to recovery media.
• Option 4: Use a hardware recovery button (or button combination) configured by the OEM (Computer Manufacturer).

After any of these actions is performed, all user sessions are signed off and the Boot Options menu is displayed. The PC will restart into the WinRE and the selected feature is launched.

On the boot options, select Troubleshooting > Advanced Options > Command prompt.

Once in the Command Prompt:

• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press the Fix button.
• It will make a log (Fixlog.txt) in the flash drive. Please copy and paste it to your reply.

 

Upon restart, attempt the applications suggested above.

 

[MsDoe]

This time the scan ran very quickly, to the point that I fear something didn't function correctly. Additionally, I still am unfortunately not able to run those programs.

Are there variants of those programs that you know of that I could load into a USB linux install, and then scan the drive externally?

Attached is the output FixLog.txt

https://my.mixtape.moe/vaioeu.txt

Although it has not functioned yet, I do really appreciate your help. I would like to avoid having to reinstall Windows if at all possible.

Edited by MsDoe, 17 October 2017 - 05:25 PM.

[JSntgRvr]

Lets try this fix.

Please download the attached file [attachment=86102:Fixlist.txt]  and save it in the same location the FRST64 is saved in the flash drive.

Insert the USB drive in the infected computer.

Boot to the Recovery Console's Command prompt.

Entry points into the Windows Recovery Environment (WinRE).

You can access WinRE features through the Boot Options menu, which can be launched from Windows in a few different ways:

• Option 1: From the login screen, click Shutdown, then hold down the Shift key while selecting Restart.
• Option 2: In Windows 10, select Start > Settings > Update & security > Recovery > under Advanced Startup, click Restart now.
• Option 3: Boot to recovery media.
• Option 4: Use a hardware recovery button (or button combination) configured by the OEM (Computer Manufacturer).

After any of these actions is performed, all user sessions are signed off and the Boot Options menu is displayed. The PC will restart into the WinRE and the selected feature is launched.

On the boot options, select Troubleshooting > Advanced Options > Command prompt.

Once in the Command Prompt:

• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press the Fix button.
• It will make a log (Fixlog.txt) in the flash drive. Please copy and paste it to your reply.

 

Upon restart, attempt the JRT and AdwCleaner applications suggested above.

 

[MsDoe]

Fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-10-2017
Ran by SYSTEM (17-10-2017 19:16:37) Run:3
Running from D:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
C:\Windows\System32\Drivers\dwanquxa.sys
*****************

C:\Windows\System32\Drivers\dwanquxa.sys => moved successfully

==== End of Fixlog 19:16:37 ====

After this, the other programs were finally able to run.

Results from those:

 

JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Pro x64 
Ran by mrsma (Administrator) on Tue 10/17/2017 at 19:18:51.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1
Successfully deleted: C:\Users\Public\asr.dat (File) 



Registry: 2 

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\4f93695c425d4f3900652ca28d50f928 (Registry Key) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SSSvc (Registry Key) 




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/17/2017 at 19:20:14.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner[C0].txt

# AdwCleaner 7.0.3.1 - Logfile created on Wed Oct 18 02:25:48 2017
# Updated on 2017/29/09 by Malwarebytes 
# Running on Windows 10 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\mrsma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
Deleted: C:\Users\All Users\Documents\XMUpdate
Deleted: C:\Users\Public\Documents\XMUpdate
Deleted: C:\\Users\Public\Documents\XMUpdate


***** [ Files ] *****

Deleted: C:\Windows\SysNative\drivers\wfcre.sys


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted: AGProxyCheck


***** [ Registry ] *****

Deleted: [Key] - HKU\S-1-5-21-309477652-37544927-3454752482-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\AnonymizerGadget
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AnonymizerGadget
Deleted: [Key] - HKLM\SOFTWARE\mbs_install
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchy
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{24F5E422-6A70-4FAA-8CAD-E23D5DC1DAE6}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD0688A5-FC8B-4E93-A485-CBF606A56D49}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\DMunversion
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|AnonymizerGadget
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HiJackThis.exe
Deleted: [Key] - HKU\S-1-5-21-309477652-37544927-3454752482-1001\Software\WajIEnhance
Deleted: [Key] - HKCU\Software\WajIEnhance
Deleted: [Key] - HKLM\SOFTWARE\SrcAAAesom Browser Enhancer
Deleted: [Key] - HKLM\SOFTWARE\betterads
Deleted: [Key] - HKLM\SOFTWARE\betterads
Deleted: [Key] - HKU\S-1-5-21-309477652-37544927-3454752482-1001\Software\MICROSOFT\wewewe
Deleted: [Key] - HKCU\Software\MICROSOFT\wewewe
Deleted: [Key] - HKU\S-1-5-21-309477652-37544927-3454752482-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\BlockAdsPro
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\BlockAdsPro
Deleted: [Key] - HKU\S-1-5-21-309477652-37544927-3454752482-1001\Software\Microsoft\BigTime
Deleted: [Key] - HKCU\Software\Microsoft\BigTime
Deleted: [Key] - HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b
Deleted: [Key] - HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [3351 B] - [2017/10/18 2:24:33]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

Not to put the cart before the horse, but it seems like everything is working again! We'll see if that's the actual case, but my computer no longer signs itself in, and all anti-malware functions once more (I have not run any, but I was able to run some non-intrusive programs that were previously blocked entirely).

 

Might I ask what exactly it was that was managing to kill my programs like that? I'm actually extremely curious, since it seemed to somehow be able to ID what every single program that could threaten it was, even if the program was really obscure. Was it just going based off of whether or not the program was trying to access the registry keys that it inhabited? That would explain why some system monitoring software didn't launch.

Edited by MsDoe, 17 October 2017 - 08:33 PM.

[JSntgRvr]

Not to put the cart before the horse, but it seems like everything is working again! We'll see if that's the actual case, but my computer no longer signs itself in, and all anti-malware functions once more (I have not run any, but I was able to run some non-intrusive programs that were previously blocked entirely).

Might I ask what exactly it was that was managing to kill my programs like that? I'm actually extremely curious, since it seemed to somehow be able to ID what every single program that could threaten it was, even if the program was really obscure. Was it just going based off of whether or not the program was trying to access the registry keys that it inhabited? That would explain why some system monitoring software didn't launch.

 

Lots of  research hours. I believe your system was hit by the Smartservice rootkit. Very difficult to detect as it is randomize named.

One more scan:

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.

• Once the program has fully updated, Proceed with the Scan options and select "Threat Scan".

• The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below.

• After a scan has been executed, scan results are displayed.

• Put a checkmark on all detected and click on "Quarantine Selected"

• Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.

You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.

[JSntgRvr]

How is it doing?

[JSntgRvr]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.