Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef Virus Computer Reboot 60 Secs


  • Please log in to reply
3 replies to this topic

#1 The IT Bunch

The IT Bunch

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 30 July 2012 - 04:38 AM

Hi Everyone

I have a Lenovo Laptop running Windows 7 Pro x64
It is infected with Sirefef
I have used FRST64 to get the txt files
They will be posted below
Please help right the fixlist.txt

Regards
Michael Tiemann
The IT Bunch

BC AdBot (Login to Remove)

 


#2 The IT Bunch

The IT Bunch
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 30 July 2012 - 04:42 AM

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 30-07-2012 19:08:08
Running from G:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-07] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-11-17] (Lenovo)
HKLM\...\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2011-11-17] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-11-17] (Lenovo(beijing) Limited)
HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [170264 2012-02-14] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [398616 2012-02-14] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [440600 2012-02-14] (Intel Corporation)
HKLM\...\Run: [nseapc] "C:\Windows\System32\rundll32.exe" "C:\Users\Scott.AAS\AppData\Roaming\nseapc.dll",Resize [424448 2012-07-26] ()
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2011-11-17] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Panda Controller Client] "C:\Program Files (x86)\Panda Software\AVTC\PSCtrlC.exe" [152896 2010-07-16] (Panda Security)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1391272 2012-01-02] (Ask)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-02] (Malwarebytes Corporation)
HKU\Scott.AAS\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17355912 2012-05-02] (Skype Technologies S.A.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\..\Interfaces\{A5D41FC9-8768-432F-8940-1E6A691F43EE}: [NameServer]192.168.1.100,8.8.4.4
Tcpip\..\Interfaces\{E27CC28F-9E87-4475-91F2-3C840B7B32F8}: [NameServer]10.143.147.147 10.143.147.148

==================== Services (Whitelisted) ======

2 M4-Service; C:\Users\Scott.AAS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FTUTKREV\M4-Service.exe [1007472 2012-05-10] ()
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-02] (Malwarebytes Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 Panda Software Controller; "C:\Program Files (x86)\Panda Software\AVTC\PsCtrlS.exe" [325440 2011-01-13] (Panda Security)
3 PavReport; "C:\Program Files (x86)\Panda Software\Panda Administrator 3\PavReport\PavReport.exe" [926976 2010-03-04] (Panda Security, S.L.)
2 PavSrv; C:\Program Files (x86)\Panda Software\AVTC\PavSrvX86.exe [313152 2010-07-14] (Panda Security, S.L.)
3 PMShellSrv; C:\Program Files (x86)\Panda Software\AVTC\PSKMsSvc.exe [67120 2007-01-15] (Panda Software International)
2 PsImSvc; C:\Program Files (x86)\Panda Software\AVTC\PsImSvc.exe [107328 2010-06-25] (Panda Security S.L.)
2 PskSvc; C:\Program Files (x86)\Panda Software\AVTC\PskSvc.exe [27968 2010-08-16] (Panda Software International)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)
2 uvnc_service; "C:\Program Files (x86)\UltraVNC\WinVNC.exe" -service [1830856 2009-07-09] (UltraVNC)
2 Windows Agent Maintenance Service; "C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\AgentMaint.exe" [28672 2012-03-29] (N-able Technologies)
2 Windows Agent Service; "C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe" [217088 2012-03-29] (N-able Technologies)

========================== Drivers (Whitelisted) =============

2 AmFSM; C:\Windows\System32\DRIVERS\amm6460.sys [65608 2010-07-14] (Panda Security, S.L.)
3 massfilter; C:\Windows\System32\Drivers\massfilter.sys [11776 2010-06-09] (MBB Incorporated)
3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [24904 2012-07-02] (Malwarebytes Corporation)
3 vodafone_K3805-z_dc_enum; C:\Windows\System32\Drivers\vodafone_K3805-z_dc_enum.sys [75776 2010-03-01] (Vodafone)
3 ZTEusbvoice; C:\Windows\System32\Drivers\ZTEusbvoice.sys [121344 2010-04-30] (ZTE Incorporated)
3 ZTEusbwwan; C:\Windows\System32\Drivers\ZTEusbwwan.sys [235520 2010-06-09] (ZTE Incorporated)
3 BcmSqlStartupSvc; [x]
2 CLKMSVC10_3A60B698; [x]
2 CLKMSVC10_C3B3B687; [x]
2 DriverService; [x]
2 iATAgentService; [x]
2 idealife Update Service; [x]
3 IGRS; [x]
2 IviRegMgr; [x]
2 nvUpdatusService; [x]
2 Oasis2Service; [x]
2 PCCarerService; [x]
2 ReadyComm.DirectRouter; [x]
2 RichVideo; [x]
2 RtLedService; [x]
2 SeaPort; [x]
2 SoftwareService; [x]
3 SQLWriter; [x]
2 Stereo Service; [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-29 22:18 - 2012-07-29 22:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0C67604F95B93F9E
2012-07-29 22:15 - 2012-07-29 22:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5F3D7BB9D99299CE
2012-07-29 16:01 - 2012-07-29 16:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9C029DC1B52049C4
2012-07-29 15:59 - 2012-07-29 16:01 - 04721417 ____A (Swearware) C:\Users\administrator\Downloads\ComboFix.exe
2012-07-29 15:59 - 2012-07-29 15:59 - 00023909 ____A C:\Users\administrator\Downloads\FRST.txt
2012-07-29 15:58 - 2012-07-29 15:58 - 00000000 ____D C:\FRST
2012-07-29 15:57 - 2012-07-29 15:58 - 01438391 ____A (Farbar) C:\Users\administrator\Downloads\FRST64.exe
2012-07-29 15:42 - 2012-07-29 15:43 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-29 15:42 - 2012-07-29 15:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-29 15:38 - 2012-07-29 15:43 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-29 15:31 - 2012-07-29 15:34 - 12621696 ____A (Microsoft Corporation) C:\Users\administrator\Downloads\mseinstall (1).exe
2012-07-29 15:08 - 2012-07-29 15:08 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-29 15:08 - 2012-07-29 15:08 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-29 15:08 - 2012-07-29 15:08 - 00000000 ____D C:\Users\administrator\AppData\Roaming\Malwarebytes
2012-07-29 15:08 - 2012-07-29 15:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-29 15:08 - 2012-07-02 19:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-29 15:07 - 2012-07-29 15:08 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\administrator\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-29 15:07 - 2012-07-29 15:08 - 10288512 ____A (Microsoft Corporation) C:\Users\administrator\Downloads\mseinstall.exe
2012-07-26 20:06 - 2012-07-26 20:06 - 00424448 ____A C:\Users\Scott.AAS\AppData\Roaming\nseapc.dll
2012-07-26 20:06 - 2012-07-26 20:06 - 00000000 ____D C:\Users\All Users\0C1CFB0B0072EC0D9D24EC9CF875EF60
2012-07-24 17:06 - 2012-07-24 18:40 - 00000000 ____D C:\Users\Scott.AAS\Desktop\tarong bag house test reports
2012-07-24 05:10 - 2012-07-24 05:10 - 00000000 ____D C:\Users\Scott.AAS\Documents\Youcam
2012-07-24 05:10 - 2012-07-24 05:10 - 00000000 ____D C:\Users\Scott.AAS\AppData\Roaming\CyberLink
2012-07-24 05:10 - 2012-07-24 05:10 - 00000000 ____D C:\Users\Scott.AAS\AppData\Local\CyberLink
2012-07-23 22:25 - 2012-07-23 22:45 - 00000000 ____D C:\Users\Scott.AAS\AppData\Local\Windows Live
2012-07-23 22:24 - 2012-07-23 22:26 - 00000000 ____D C:\Users\Scott.AAS\AppData\Local\{103C1594-66D5-430C-83CD-4658899A0D9E}
2012-07-23 22:24 - 2012-07-23 22:25 - 00000000 ____D C:\Users\Scott.AAS\AppData\Local\{838CF209-7527-41A8-8DA1-9FD351BB0F53}
2012-07-17 22:32 - 2012-07-17 22:33 - 00000000 ____D C:\Users\Scott.AAS\Desktop\visy
2012-07-17 22:24 - 2012-07-17 22:24 - 00000000 ____D C:\Users\Scott.AAS\Desktop\ENVIRONMENTAL MANAGEMENT SYSTEM
2012-07-12 18:10 - 2012-07-12 18:10 - 00000000 ____D C:\Program Files (x86)\Ask.com
2012-07-12 18:04 - 2012-07-12 18:04 - 00000219 ____A C:\Users\Scott.AAS\Documents\directPrinting.properties
2012-07-12 18:03 - 2012-07-12 18:03 - 00000000 ____D C:\Windows\Sun
2012-07-12 18:03 - 2012-07-12 18:03 - 00000000 ____D C:\Users\All Users\Sun
2012-07-12 17:59 - 2012-07-12 17:59 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-07-12 17:59 - 2012-07-12 17:59 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-07-12 17:59 - 2012-07-12 17:59 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-07-12 17:59 - 2012-07-12 17:59 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-07-12 17:59 - 2012-07-12 17:59 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-07-12 17:59 - 2012-07-12 17:59 - 00000000 ____D C:\Users\All Users\Ask
2012-07-12 17:59 - 2012-07-12 17:59 - 00000000 ____D C:\Program Files (x86)\Java
2012-07-11 20:35 - 2012-07-11 20:35 - 00280352 ____A C:\Windows\Minidump\071212-18938-01.dmp
2012-07-11 05:06 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 05:02 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 05:02 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 05:02 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 05:02 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 05:02 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 05:02 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 05:02 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 05:02 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 05:02 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 05:02 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 05:02 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 05:02 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 05:02 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 05:02 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 05:02 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 05:02 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 05:02 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 05:02 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 05:02 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 05:02 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 05:02 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 05:02 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 05:02 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 05:02 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 05:02 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 05:02 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 05:02 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 05:02 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 16:33 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 16:33 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 16:33 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 16:33 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 16:33 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 16:33 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 16:33 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 16:33 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 16:33 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 16:33 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 16:33 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 16:33 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 16:33 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 16:33 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 16:33 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 16:33 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 16:33 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 16:33 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 16:33 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-08 21:12 - 2012-07-16 04:14 - 00023711 ____A C:\Users\Scott.AAS\Desktop\Copy of 2013 Corp Timesheet Exp Alloc Calculator.xlsx


============ 3 Months Modified Files ========================

2012-07-30 01:05 - 2012-01-28 00:38 - 04293723 ____A C:\FaceProv.log
2012-07-30 01:04 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-30 01:03 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-30 01:03 - 2009-07-13 20:51 - 00059720 ____A C:\Windows\setupact.log
2012-07-30 01:02 - 2011-11-17 09:08 - 00000786 ____A C:\Windows\System32\fastboot.set
2012-07-29 23:04 - 2011-11-17 08:52 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-29 22:28 - 2012-07-29 22:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CB15D28BFFC523C3
2012-07-29 22:28 - 2009-07-13 21:13 - 00788178 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-29 22:18 - 2012-07-29 22:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0C67604F95B93F9E
2012-07-29 22:15 - 2012-07-29 22:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5F3D7BB9D99299CE
2012-07-29 22:15 - 2011-11-17 08:52 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-29 16:01 - 2012-07-29 16:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9C029DC1B52049C4
2012-07-29 16:01 - 2012-07-29 15:59 - 04721417 ____A (Swearware) C:\Users\administrator\Downloads\ComboFix.exe
2012-07-29 15:59 - 2012-07-29 15:59 - 00023909 ____A C:\Users\administrator\Downloads\FRST.txt
2012-07-29 15:58 - 2012-07-29 15:57 - 01438391 ____A (Farbar) C:\Users\administrator\Downloads\FRST64.exe
2012-07-29 15:46 - 2009-07-13 20:45 - 00026448 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-29 15:46 - 2009-07-13 20:45 - 00026448 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-29 15:43 - 2012-07-29 15:38 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-29 15:43 - 2011-11-17 08:22 - 01204420 ____A C:\Windows\WindowsUpdate.log
2012-07-29 15:42 - 2012-02-02 00:01 - 00802264 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-29 15:39 - 2009-07-13 21:08 - 00032622 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-29 15:36 - 2012-04-15 17:15 - 00000112 ____A C:\Windows\System32\config\netlogon.ftl
2012-07-29 15:34 - 2012-07-29 15:31 - 12621696 ____A (Microsoft Corporation) C:\Users\administrator\Downloads\mseinstall (1).exe
2012-07-29 15:19 - 2010-11-20 19:47 - 00038070 ____A C:\Windows\PFRO.log
2012-07-29 15:08 - 2012-07-29 15:08 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-29 15:08 - 2012-07-29 15:07 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\administrator\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-29 15:08 - 2012-07-29 15:07 - 10288512 ____A (Microsoft Corporation) C:\Users\administrator\Downloads\mseinstall.exe
2012-07-26 20:06 - 2012-07-26 20:06 - 00424448 ____A C:\Users\Scott.AAS\AppData\Roaming\nseapc.dll
2012-07-16 04:14 - 2012-07-08 21:12 - 00023711 ____A C:\Users\Scott.AAS\Desktop\Copy of 2013 Corp Timesheet Exp Alloc Calculator.xlsx
2012-07-12 18:04 - 2012-07-12 18:04 - 00000219 ____A C:\Users\Scott.AAS\Documents\directPrinting.properties
2012-07-12 17:59 - 2012-07-12 17:59 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-07-12 17:59 - 2012-07-12 17:59 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-07-12 17:59 - 2012-07-12 17:59 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-07-12 17:59 - 2012-07-12 17:59 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-07-12 17:59 - 2012-07-12 17:59 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-07-11 20:35 - 2012-07-11 20:35 - 00280352 ____A C:\Windows\Minidump\071212-18938-01.dmp
2012-07-11 20:35 - 2012-01-28 01:38 - 624414778 ____A C:\Windows\MEMORY.DMP
2012-07-11 16:17 - 2009-07-13 20:45 - 00363328 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 05:03 - 2012-02-01 22:22 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-02 19:46 - 2012-07-29 15:08 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-24 15:43 - 2012-06-24 15:43 - 00280352 ____A C:\Windows\Minidump\062512-16582-01.dmp
2012-06-11 19:08 - 2012-07-11 05:06 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-10 16:33 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 16:33 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-10 16:33 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 16:33 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 16:33 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 16:33 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 16:33 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 16:33 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-05 15:01 - 2012-06-05 15:01 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-06-05 14:58 - 2012-06-05 14:58 - 00944264 ____A (Skype Technologies S.A.) C:\Users\Scott.AAS\Downloads\SkypeSetup.exe
2012-06-02 14:19 - 2012-06-18 15:01 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-18 15:01 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-18 15:01 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-18 15:01 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-18 15:01 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-18 15:01 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-18 15:01 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 04:49 - 2012-07-11 05:02 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 05:02 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 05:02 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 05:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-11 05:02 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-11 05:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-11 05:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-11 05:02 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 05:02 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 05:02 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 05:02 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 05:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 05:02 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 05:02 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-11 05:02 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 05:02 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 05:02 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 05:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 05:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 05:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-11 05:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 05:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 05:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 05:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 05:02 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 05:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 05:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 05:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-10 16:33 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 16:33 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 16:33 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 16:33 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 16:33 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 21:19 - 2012-06-18 15:00 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-01 21:15 - 2012-06-18 15:00 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 20:40 - 2012-07-10 16:33 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 16:33 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 16:33 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 16:33 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-16 19:52 - 2012-05-16 19:52 - 00280352 ____A C:\Windows\Minidump\051712-18766-01.dmp
2012-05-04 03:06 - 2012-06-13 22:17 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 22:17 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 22:17 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe


ZeroAccess:
C:\Windows\Installer\{49e87d28-d02a-e5c2-6c5a-583864d9359d}
C:\Windows\Installer\{49e87d28-d02a-e5c2-6c5a-583864d9359d}\@

ZeroAccess:
C:\Users\Scott.AAS\AppData\Local\{49e87d28-d02a-e5c2-6c5a-583864d9359d}
C:\Users\Scott.AAS\AppData\Local\{49e87d28-d02a-e5c2-6c5a-583864d9359d}\@
C:\Users\Scott.AAS\AppData\Local\{49e87d28-d02a-e5c2-6c5a-583864d9359d}\L
C:\Users\Scott.AAS\AppData\Local\{49e87d28-d02a-e5c2-6c5a-583864d9359d}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 8135.86 MB
Available physical RAM: 7320.11 MB
Total Pagefile: 8134.06 MB
Available Pagefile: 7306.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:421.81 GB) (Free:230.84 GB) NTFS
2 Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:25.93 GB) NTFS
3 Drive f: (Apr 17 2012) (CDROM) (Total:4.38 GB) (Free:4.37 GB) UDF
4 Drive g: (Lexar) (Removable) (Total:7.46 GB) (Free:7.43 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB
Disk 1 Online 7656 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 200 MB 1024 KB
Partition 2 Primary 421 GB 201 MB
Partition 0 Extended 28 GB 422 GB
Partition 4 Logical 28 GB 422 GB
Partition 3 OEM 14 GB 451 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y NTFS Partition 200 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 421 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D LENOVO NTFS Partition 28 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 12
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 LENOVO_PART NTFS Partition 14 GB Healthy Hidden

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7655 MB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G Lexar FAT32 Removable 7655 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-17 16:37

======================= End Of Log ==========================

Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-30 19:10:48
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2012-07-30 01:04] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

#3 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:07:21 PM

Posted 01 August 2012 - 02:30 PM

Hello and welcome to Bleeping Computer!

I am D-FRED-BROWN and I will be helping you. :)

See if you can boot into Safe Mode by pressing F8 as the system boots. Then, please follow the instructions below.


Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.


----------Step 1----------------
I know you've already run TDSSKiller before, but please run it one more time so we have an up-to-date idea of what may be remaining on the computer.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Skip is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: Do not choose Cure or Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


----------Step 3----------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 4----------------
In your next reply, please include the following:
  • TDSSKiller's logfile
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt
After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#4 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:07:21 PM

Posted 05 August 2012 - 03:41 PM

(bump)

Are you still with me? If your problems still persist, let me know and we'll go about fixing them. :wink:
If not, please let me know so I can close this topic.

-DFB
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users