Win 64 Patched A Removal

Welcome to Major Geeks!​

Rescan with HitmanPro

• When it finds services.exe - Virus, allow it to Replace by clicking the down arrow next to the detection and choosing Replace.
• Leave any other detections alone (Ignore them).
• Afterwards, click the Next button.
• HitmanPro may want to reboot the PC in order for the changes to take affect, please do so.

Now uninstall the below old versions of software:
Java(TM) 6 Update 31

Please download OTM by Old Timer and save it to your Desktop.

• Right-click OTM.exe and select Run as administrator to run it.
• Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
  (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
  the code box

Code:

:Processes
explorer.exe
 
:Files
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\SysNative\drivers\80351099.sys
C:\Windows\TEMP\*.tmp
C:\Users\Andrew\AppData\Local\Temp\*.tmp
C:\Windows\installer\{bf361cf8-1c97-c9e5-53ad-912a36c52fb2}\L
C:\Windows\installer\{bf361cf8-1c97-c9e5-53ad-912a36c52fb2}\U
C:\Windows\installer\{bf361cf8-1c97-c9e5-53ad-912a36c52fb2}
C:\$Recycle.Bin\S-1-5-21-1577607178-939590972-3871880810-1000\$I8MOOY1.exe
C:\$Recycle.Bin\S-1-5-21-1577607178-939590972-3871880810-1000\$I8Q9ASA.exe
C:\$Recycle.Bin\S-1-5-21-1577607178-939590972-3871880810-1000\$IDX6VC9.exe
C:\$Recycle.Bin\S-1-5-21-1577607178-939590972-3871880810-1000\$ISVP2VX.exe
C:\$Recycle.Bin\S-1-5-21-1577607178-939590972-3871880810-1000\$R8MOOY1.exe
C:\$Recycle.Bin\S-1-5-21-1577607178-939590972-3871880810-1000\$R8Q9ASA.exe
C:\$Recycle.Bin\S-1-5-21-1577607178-939590972-3871880810-1000\$RDX6VC9.exe
C:\$Recycle.Bin\S-1-5-21-1577607178-939590972-3871880810-1000\$RSVP2VX.exe
C:\$Recycle.Bin\S-1-5-21-1577607178-939590972-3871880810-1000\$R16E8UV\Desktop.ini
 
:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DA0C53CF-BFC3-4CEC-B1F8-7918F0E3DEB5}]
:Commands
[purity]
[EmptyTemp]
[start explorer]

[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
  ) and choose Paste.
• Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
• If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
• Close OTM.

Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
this log file to your next message.

After reboot and when you are back in Windows, run another scan with HitmanPro and then attach the latest hitmanpro.zip log See: HOW TO: Attach Items To Your Post.

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista or Win7, make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

Now attach the below log:

• the C:\_OTM\MovedFiles log
• the the new Hitman Pro log log
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Next time I ask for one, shutdown AVG first. However let's do the below first since we need to repair the services.exe problem a different way. The below is not a fix. It is a scan to help us prepare the next fix.

Please do the below so that we can boot to System Recovery Options to run a scan.

For 32-bit (x86) systems download Farbar Recovery Scan Tool and save it to a flash drive.
For 64-bit (x64) systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please attach this file to your next reply. (See: How to attach)

 

In the first image there is a line with F8 Boot Menu on it. Did you try that option?

 

So you are saying on the screen where it tells you to press F8 to get to the Boot Menu, it does not go to the Boot Menu?

Let's also try another tool to collect some data. We may also be able to use this tool to fix your problem but we need the scan results first.


Please download OTL by OldTimer.

• Save it to your desktop.
• Right mouse click on the OTL icon on your desktop and select Run as Administrator
• Check the "Scan All Users" checkbox.
• Check the "Standard Output".
• Change the setting of "Drivers" and "Services" to "All"
• Copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.
  
  Code:

  activex
  netsvcs
  drives
  

• Now click the http://img171.imageshack.us/img171/2405/runscanotl.png button.
• One report will be created:
  • OTL.txt <-- Will be opened
• Attach OTL.txt to your next message. (How to attach)

 

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=15179
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)

After clicking Fix, exit HJT.

Now shut down your protection software (antivirus, antispyware...etc) to avoid possible conflicts.

• Double-click OTL.exe to run. (Vista/7 right-click and select Run as Administrator)
• Copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.

Code:

:OTL
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0B4227B4
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2012/10/23 19:59:52 | 000,004,608 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
[2012/10/23 19:59:52 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini
 
:Files
C:\Windows\System32\services.exe | C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe /replace
C:\MGlogs.zip

:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}]
:Commands
[PURITY]
[EMPTYTEMP] 
[EMPTYFLASH]
[REBOOT]

• Now click the http://img3.imageshack.us/img3/407/otlrunfix.png button.
• If the fix needed a reboot please do it.
• Click the OK button (upon reboot).
• When OTL is finished, Notepad will open. Close Notepad.
• A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
• Attach this log to your next message. (See: How to attach)

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista or Win7, make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

Now attach the below log:

• the log from OTL
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

No just skip it and continue with the rest of the instructions

 

Based on your last MGlog.zip, OTL failed to replace the infected services.exe file. Thus you are still infected. The OTL log did say it needed to reboot to replace it. Did you reboot immediately after running OTL? Was the new MGlog.zip obtained after a reboot?

 

Okay then get a new log the same way and attach it.

 

Your log is very incomplete. You need to have all protection disable and then run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

• C:\MGlogs.zip

 

Attach whatever is currently in MGlogs.zip. The uninstall AVG, reboot your PC and then try running C:\MGtools\GetLogs.bat again and see what happens this time. If it runs, attach the new log. If it does not run, tell me what happens.

 

Yes you are still infected. We will need to use a more powerful tool to get this fixed.


Now download and save a copy of combofix.exe and save it directly onto your Desktop folder.

• Then right click on it and select Run As Administrator. Do not disturb it by clicking in the window that opens or it may stall.
• After it finishes, it may reboot your PC. Attach the C:\combofix.txt log that it creates.
• If after running Combofix you discover none of your programs will open up because you receive the following error: Illegal operation attempted on a registry key that has been marked for deletion then you will need to reboot your computer which will normally fix this problem.

 

Now we need to use ComboFix to replace the infected services.exe file.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

If after running Combofix you discover none of your programs will open up because you recieve the following error: Illegal operation attempted on a registry key that has been marked for deletion then you will need to reboot your computer which will normally fix this problem.

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista or Win7, make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )



Now attach the below log:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Yes it is. Combofix shows that. I had a type in the last fix. I have now corrected the typo. Please rerun that fix taking care to recreate a new CFScript.txt file for the corrected fix.

 

Okay I needed the whole fix including GetLogs.bat to be run as I also need the new MGlogs.zip. Does not look like ComboFix was able to fix this either. You may be approaching having to reinstall. But I have a few more things to try first. I just need the new MGlogs.zip to continue.

Also I just want to warn you now, my next fix will begin with uninstalling AVG as there is a good chance it is also getting in our way.

 

Okay based on this log, ComboFix is definitely not running properly.

Please uninstall ALL of AVG now and then reboot your PC. After reboot continue with the below which will be a slightly different ComboFix script. We will also download the current version since the one you have may be expiring soon.

Okay so now delete the current ComboFix.exe file that you have and get a new copy >> combofix.exe and save to your Desktop.


Now we need to use ComboFix again

• If it is not on your Desktop, the below will not work.

[*]Open Notepad and copy/paste the text in the below quote box into it:
[/LIST]

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

If after running Combofix you discover none of your programs will open up because you recieve the following error: Illegal operation attempted on a registry key that has been marked for deletion then you will need to reboot your computer which will normally fix this problem.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

There are some more AVG left overs to remove. Some of these problems with left overs and not being able to uninstall it are due to the fact that you are inappropriately using MSconfig to control startup processes and services. Very bad idea.




Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

If after running Combofix you discover none of your programs will open up because you recieve the following error: Illegal operation attempted on a registry key that has been marked for deletion then you will need to reboot your computer which will normally fix this problem.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

That's strange. Nothing in the fix should have impacted your internet connection unless somehow it is related to removing AVG. If you power down your PC and restart after a few minutes is there any change.


Read this to better understand why not to use MSconfig: Dealing with Startup Process


Also run the below since AVG was still showing as installed:

AVG Remover

 

Hmm! That's strange. Removing AVG should not impact this, but looking at your logs now and comparing to an early log, I see the below network interface items missing

Do you see this in Device Manager and do they have yellow exclamations on them showing a problem with the hardware?

 

Are you looking at Device Manager?? Open Control Panel and look for Device Manager in the list and if found double click it to run it.

If you do not see Device Manager in Control panel double click the System icon. Then when this opens, look to the left side and you should find a Device Manager link to click on. When you get Device Manager open, find the Network adapters line and click the plus sign next to it to expand the list and see all the details.

A third way to open Device Manager ( if the above to not work for you ) is the below:

1. Click on the Windows 7 Start button.
2. Type the following command in the search box and then hit the Enter key:
   devmgmt.msc

 

Okay let's just get a new log from a new version of MGtools. This is not looking good. There does not seem to be anything we can fix. And while you say the devices are in device manager, they are not showing up as being installed in your logs. They may need to have the drivers reinstalled.


Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista or Win7, make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )


Now attach the below log:

• C:\MGlogs.zip

 

Do you have protection software disabled including your firewall?

 

Please boot into safe mode and try running it. If that does not work then please run the below but run from Normal Boot mode


Please download OTL by OldTimer.

• Save it to your desktop.
• Double click on the OTL icon on your desktop. (If running Vista or Win7 right-click and select Run as Administrator)
• Check the "Scan All Users" checkbox.
• Check the "Standard Output".
• Change the setting of "Drivers" and "Services" to "All"
• Copy the text in the code box below and paste it into the Customs Scans/Fixes text-field.
  
  Code:

  activex
  netsvcs
  drives
  %systemdrive%\*.*
  %systemdrive%\MGtools\*.*
  %systemroot%\*. /mp /s
  [/LIST]

  • Now click the Run Scan button.
  • Two reports will be created:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Attach both OTL.txt and Extras.txt to your next message. (See how to attach)

 

I'm not seeing anything wrong. The only thing I can think of is that AVG2013 did not get fully removed properly per last logs, and also possibly some other software that could impact network settings could be having an effect. Like Peerblock and Hotspot Shield. Cna you uninstall these? Also check to see if you notice anything from AVG running. I did see signs of AVG in your last logs prior to me asking you to run AVG Remover.

I would like to see a full new log from MGtools so let's see if we can get to run. Make sure that UAC is still disabled and do the below.


Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista or Win7, make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

Now attach the below log:

• C:\MGlogs.zip

 

Okay there are still a few leftovers from AVG, but at this point I don't think they are really going to be cause of the problem with no connection. I still come back to what I posted in message #37 where I indicated a couple of your network devices are not working properly as they are not even showing up. So no matter what it states in Device Manager about them working properly, they cannot be. You need to check to see if you can reinstall the drivers for the below

Anchorfree HSS Adapter
Linksys Wireless-N USB Network Adapter WUSB300N #6
Realtek PCIe GBE Family Controller

As these are the items that user to be showing in your early logs like the below:

Code:

Checking ipconfig 
Windows IP Configuration
   Host Name . . . . . . . . . . . . : Andrew-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : charter.com
Ethernet adapter Bluetooth Network Connection:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection* 24:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hshld.com
   Description . . . . . . . . . . . : Anchorfree HSS Adapter
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wireless Network Connection 6:
   Connection-specific DNS Suffix  . : charter.com
   Description . . . . . . . . . . . : Linksys Wireless-N USB Network Adapter WUSB300N #6
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a1db:78e1:c438:8f7e%17(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.11(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, October 08, 2012 8:26:50 PM
   Lease Expires . . . . . . . . . . : Monday, October 08, 2012 9:34:09 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 520100088
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-75-24-2D-00-18-F8-A8-53-A7
   DNS Servers . . . . . . . . . . . : 71.9.127.107
                                       68.190.192.35
                                       24.205.224.36
   NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 12:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.charter.com:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

And now they they do not show at all. What shows is only the following.

Code:

Checking ipconfig 
Windows IP Configuration
   Host Name . . . . . . . . . . . . : Andrew-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Bluetooth Network Connection:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.charter.com:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{69198D80-0668-43C1-BC0D-9DB0B01DA05D}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes