Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista 32-bit does not boot


  • This topic is locked This topic is locked
3 replies to this topic

#1 virtualbob

virtualbob

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 30 January 2013 - 11:48 PM

Hello. I have a computer I am working on, a Dell Inspiron 530S running Vista 32-bit Home, that has had Combofix run on it today. I am walking into the middle of this, so unsure if it was a recent (infected?) copy. I was told that Combofix ran to completion, and that is supported by the fact that I found the log file in the root of C:. After running combofix the computer will only partially boot. It gets to a black screen with the cursor displayed (and moveable) but that is all. I have found that I can boot from the Vista CD and get to a command prompt, where I have been able to copy out the combofix.txt file. Also from the Command prompt I ran FRST. I have included the both logs below. Any help that could be provided in getting this computer to boot properly (I understand this may be wishfull thinking!) would be greatly appreciated.

Thank you in advance!


----- Combofix Log, as run just before the crash. ------

ComboFix 13-01-30.04 - Owner 01/30/2013 16:02:55.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3060.984 [GMT -7:00]
Running from: k:\malwaretools\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\isRS-000.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-30 )))))))))))))))))))))))))))))))
.
.
2013-01-30 23:11 . 2013-01-30 23:11 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2013-01-30 23:11 . 2013-01-30 23:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-30 23:11 . 2013-01-30 23:11 -------- d-----w- c:\users\admin\AppData\Local\temp
2013-01-30 22:21 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5523B181-A669-412E-8B69-227BB9D2CFEF}\mpengine.dll
2013-01-30 22:21 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2013-01-30 22:21 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2013-01-30 22:21 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2013-01-30 22:21 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-01-30 22:20 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-01-30 22:20 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-01-30 21:56 . 2013-01-30 21:56 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-18 15:15 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-01-18 15:15 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
2013-01-16 16:50 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-30 10:53 . 2009-10-05 14:20 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-24 16:03 . 2012-09-04 14:05 31576 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-12-14 23:49 . 2012-05-11 22:39 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-28 18:27 . 2012-11-28 18:28 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BD47EBA1-A671-4941-8F81-DAF6619BB988}\gapaengine.dll
2012-11-06 15:00 . 2012-06-13 19:16 52648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-11-06 15:00 . 2012-06-13 19:16 83912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-11-06 15:00 . 2012-06-13 19:16 31144 ----a-w- c:\windows\system32\LMIport.dll
2012-11-06 15:00 . 2012-06-13 19:16 92072 ----a-w- c:\windows\system32\LMIinit.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-01-24 16:03 1883824 ----a-w- c:\program files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll" [2013-01-24 1883824]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-05-11 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-04-28 5955000]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-04-28 403112]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2012-04-28 1171304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 947176]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2012-04-02 63048]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-01-24 1101488]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-17 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-12 02:13 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-12 02:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 16:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-17 13:22 4907008 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxMediaDB9"=3 (0x3)
"RoxWatch9"=2 (0x2)
"stllssvr"=3 (0x3)
"XAudioService"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 36143898
*Deregistered* - 36143898
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-11 22:44]
.
2013-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-11 22:44]
.
2013-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3037814572-161565341-3910630338-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-08 17:34]
.
2013-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3037814572-161565341-3910630338-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-08 17:34]
.
2013-01-30 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job
- c:\program files\AVG Secure Search\PostInstall\ROC.exe [2013-01-24 16:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.0.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
.
.
------- File Associations -------
.
.scr=AutoCADLTScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
SafeBoot-63225754.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-30 16:13
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-01-30 16:16:10
ComboFix-quarantined-files.txt 2013-01-30 23:16
.
Pre-Run: 366,535,434,240 bytes free
Post-Run: 368,360,083,456 bytes free
.
- - End Of File - - 4ABFB84E4EE564203AD23EEEE8122886


---- The FRST log ----------
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2013 02
Ran by SYSTEM at 30-01-2013 21:25:11
Running from F:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [5955000 2012-04-27] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [403112 2012-04-27] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [1171304 2012-04-27] (Acronis)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947176 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [63048 2012-04-02] (LogMeIn, Inc.)
HKLM\...\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" [17408 2010-07-04] ()
HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [1101488 2013-01-24] ()
HKU\admin\...\Run: [ROC_JAN2013_TB] "C:\Program Files\AVG Secure Search\ROC_JAN2013_TB.exe" /PROMPT /CMPID=JAN2013_TB [1177168 2013-01-24] ()
HKU\LogMeInRemoteUser\...\Run: [ROC_JAN2013_TB] "C:\Program Files\AVG Secure Search\ROC_JAN2013_TB.exe" /PROMPT /CMPID=JAN2013_TB [1177168 2013-01-24] ()
HKU\Owner\...\Run: [Sidebar] "C:\Program Files\Windows Sidebar\Sidebar.exe" /autorun [1233920 2009-04-10] (Microsoft Corporation)
HKU\Owner\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-05-11] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\MRI_DISABLED ()

==================== Services (Whitelisted) ===================

2 AcrSch2Svc; "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe" [821016 2012-04-27] (Acronis)
2 AERTFilters; C:\Windows\System32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3459024 2012-05-11] (Acronis)
2 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [116040 2008-10-01] (Apple Inc.)
3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
2 avg8emc; C:\PROGRA~1\AVG\AVG8\avgemc.exe [908056 2009-08-17] (AVG Technologies CZ, s.r.o.)
2 avg8wd; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [297752 2009-08-17] (AVG Technologies CZ, s.r.o.)
2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.)
2 CrossLoopService; "C:\Users\Owner\AppData\Local\CrossLoop\CrossLoopService.exe" --service [569072 2012-01-06] (CrossLoop)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [20472 2012-09-12] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [287824 2012-09-12] (Microsoft Corporation)
2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 syncagentsrv; "C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe" [5914912 2012-04-27] (Acronis)
3 tvnserver; "C:\Users\Owner\AppData\Local\CrossLoop\tvnserver.exe" -service [814080 2010-07-21] (GlavSoft LLC.)
2 vToolbarUpdater14.0.1; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [945328 2013-01-24] ()

==================== Drivers (Whitelisted) ====================

1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [335240 2009-08-17] (AVG Technologies CZ, s.r.o.)
1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [27784 2009-08-17] (AVG Technologies CZ, s.r.o.)
1 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [108552 2009-05-15] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [31576 2013-01-24] (AVG Technologies)
2 MDC8021X; C:\Windows\System32\DRIVERS\mdc8021x.sys [15890 2008-06-10] (Meetinghouse Data Communications)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [193552 2012-08-30] (Microsoft Corporation)
0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [775232 2012-05-11] (Acronis)
0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [126880 2012-05-11] (Acronis)
0 vidsflt67; C:\Windows\System32\DRIVERS\vsflt67.sys [86496 2012-05-11] (Acronis)
3 AR5523; C:\Windows\System32\DRIVERS\wg11tnd5.sys [x]
3 ATHFMWDL; C:\Windows\System32\Drivers\ATHFMWDL.sys [x]
3 catchme; \??\C:\Users\Owner\AppData\Local\Temp\catchme.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
4 LMIRfsClientNP; [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-01-30 19:52 - 2013-01-30 14:03 - 00710504 ____A C:\Windows\isRS-000.tmp
2013-01-30 17:57 - 2013-01-30 17:57 - 00000000 ___HD C:\$AVG
2013-01-30 15:16 - 2013-01-30 15:16 - 00010233 ____A C:\ComboFix.txt
2013-01-30 14:59 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2013-01-30 14:59 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2013-01-30 14:59 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-01-30 14:59 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-01-30 14:59 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-01-30 14:59 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2013-01-30 14:59 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2013-01-30 14:59 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2013-01-30 14:58 - 2013-01-30 15:16 - 00000000 ____D C:\Qoobox
2013-01-30 14:58 - 2013-01-30 15:14 - 00000000 ____D C:\Windows\erdnt
2013-01-30 14:45 - 2012-05-11 14:54 - 00442762 ____A C:\Windows\System32\Drivers\etc\hosts - Copy
2013-01-30 14:21 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2013-01-30 14:21 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2013-01-30 14:21 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2013-01-30 14:21 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2013-01-30 14:20 - 2012-06-02 14:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2013-01-30 14:20 - 2012-06-02 14:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2013-01-30 13:56 - 2013-01-30 13:56 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-01-30 07:45 - 2013-01-30 07:45 - 00000000 ____D C:\Users\Owner\AppData\Local\{CE737E33-03CC-49FB-A47A-A561286FBF7A}
2013-01-29 08:49 - 2013-01-29 08:49 - 00000000 ____D C:\Users\Owner\AppData\Local\{AD031A17-C92C-4D04-8B5D-729C8478827C}
2013-01-28 09:14 - 2013-01-28 09:14 - 00000000 ____D C:\Users\Owner\AppData\Local\{21A75212-6902-4911-A5C5-71BA5DF3BCEA}
2013-01-25 09:22 - 2013-01-25 09:22 - 00000000 ____D C:\Users\Owner\AppData\Local\{AF95CBB7-C775-421F-B4B7-2A0AF884CBCA}
2013-01-24 08:59 - 2013-01-24 08:59 - 00000000 ____D C:\Users\Owner\AppData\Local\{74B28D59-3346-4A58-83C5-033A6D0D2A06}
2013-01-24 08:06 - 2013-01-30 14:12 - 00000342 ____A C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2013-01-23 08:01 - 2013-01-23 08:01 - 00000000 ____D C:\Users\Owner\AppData\Local\{ED747D06-2238-4357-9505-55FF3B97ED2A}
2013-01-22 06:57 - 2013-01-22 06:57 - 00000000 ____D C:\Users\Owner\AppData\Local\{4C8216DD-4E5C-42C2-A344-FC8394871F3E}
2013-01-18 14:57 - 2013-01-18 14:57 - 01582117 ____A C:\Users\Owner\Desktop\Davis Structural.dwg
2013-01-18 08:05 - 2013-01-18 08:05 - 00000000 ____D C:\Users\Owner\AppData\Local\{3BC16069-85F6-46F9-B5C5-7239485E1538}
2013-01-18 07:15 - 2012-12-16 05:12 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-01-18 07:15 - 2012-12-16 02:50 - 00293376 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-01-17 07:29 - 2013-01-17 07:29 - 00000000 ____D C:\Users\Owner\AppData\Local\{0ECC73E7-7D33-4C28-9FEE-D4D5C6CB0C6A}
2013-01-16 07:22 - 2013-01-16 07:22 - 00000000 ____D C:\Users\Owner\AppData\Local\{D16D1418-73A6-4CBD-B9E0-293CE5E9DD30}
2013-01-15 12:01 - 2013-01-15 12:01 - 00138712 ____A C:\Windows\Minidump\Mini011513-01.dmp
2013-01-15 06:43 - 2013-01-15 06:43 - 00000000 ____D C:\Users\Owner\AppData\Local\{D3E789AF-0A1C-48AD-B257-572B064B4B0F}
2013-01-14 07:32 - 2013-01-14 07:32 - 00000000 ____D C:\Users\Owner\AppData\Local\{BF869FB8-9AC3-41A5-A6E4-B71AE96105DA}
2013-01-14 07:18 - 2013-01-14 07:18 - 00135064 ____A C:\Windows\Minidump\Mini011413-01.dmp
2013-01-11 07:26 - 2013-01-11 07:26 - 00000000 ____D C:\Users\Owner\AppData\Local\{95A5AAF4-1D62-4C29-B81F-82820BF3D8FD}
2013-01-10 11:20 - 2013-01-10 11:20 - 00000000 ____D C:\Users\Owner\AppData\Local\{1E51AC78-CA81-4FEF-8DE4-9290E07B2B8B}
2013-01-09 09:36 - 2013-01-09 09:36 - 00000000 ____D C:\Users\Owner\AppData\Local\{FD4DCE6D-40EF-405C-BD15-BD896F60B91F}
2013-01-08 12:18 - 2013-01-08 12:18 - 00000000 ____D C:\Users\Owner\AppData\Local\{0EB82A78-37BA-4BF4-B90B-67FD5D84F765}
2013-01-07 07:15 - 2013-01-07 07:15 - 00000000 ____D C:\Users\Owner\AppData\Local\{4FE8A592-32FA-442E-A5C7-A9AC9E669DC9}
2013-01-04 13:51 - 2013-01-04 13:51 - 00000000 ____D C:\Users\Owner\AppData\Local\{B04DB821-E0C8-4C1A-8EBE-936DE6B80CE2}
2013-01-03 08:01 - 2013-01-03 08:01 - 00000000 ____D C:\Users\Owner\AppData\Local\{C27D412D-E876-4234-B298-7D731BEC2857}
2013-01-02 09:12 - 2013-01-02 09:12 - 00000000 ____D C:\Users\Owner\AppData\Local\{D4F6D57C-D353-4D30-A3D2-F624B794B43D}
2012-12-31 08:20 - 2012-12-31 08:20 - 00000000 ____D C:\Users\Owner\AppData\Local\{70B2ECED-6557-440B-848D-12710D591024}


==================== One Month Modified Files and Folders ========

2013-01-30 19:19 - 2008-03-17 06:30 - 01424729 ____A C:\Windows\WindowsUpdate.log
2013-01-30 19:16 - 2006-11-02 04:47 - 00003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-30 19:16 - 2006-11-02 04:47 - 00003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-30 19:15 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-30 17:57 - 2013-01-30 17:57 - 00000000 ___HD C:\$AVG
2013-01-30 16:27 - 2012-06-13 11:16 - 00003449 ____A C:\Windows\setupact.log
2013-01-30 15:18 - 2012-07-16 07:37 - 00008202 ____A C:\Windows\PFRO.log
2013-01-30 15:16 - 2013-01-30 15:16 - 00010233 ____A C:\ComboFix.txt
2013-01-30 15:16 - 2013-01-30 14:58 - 00000000 ____D C:\Qoobox
2013-01-30 15:16 - 2006-11-02 03:18 - 00000000 __RHD C:\users\Default
2013-01-30 15:16 - 2006-11-02 03:18 - 00000000 ___RD C:\users\Public
2013-01-30 15:14 - 2013-01-30 14:58 - 00000000 ____D C:\Windows\erdnt
2013-01-30 15:13 - 2006-11-02 02:23 - 00000215 ____A C:\Windows\system.ini
2013-01-30 15:06 - 2012-05-11 14:44 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-01-30 14:53 - 2012-06-08 09:34 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3037814572-161565341-3910630338-1000UA.job
2013-01-30 14:46 - 2006-11-02 02:33 - 00703388 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-30 14:12 - 2013-01-24 08:06 - 00000342 ____A C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2013-01-30 14:12 - 2012-05-11 14:44 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-01-30 14:10 - 2012-03-13 14:26 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-01-30 14:05 - 2006-11-02 05:01 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-01-30 14:03 - 2013-01-30 19:52 - 00710504 ____A C:\Windows\isRS-000.tmp
2013-01-30 14:03 - 2012-05-11 14:40 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-01-30 13:56 - 2013-01-30 13:56 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-01-30 07:45 - 2013-01-30 07:45 - 00000000 ____D C:\Users\Owner\AppData\Local\{CE737E33-03CC-49FB-A47A-A561286FBF7A}
2013-01-30 07:14 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-01-30 07:02 - 2012-06-13 11:15 - 00000000 ____D C:\Users\All Users\LogMeIn
2013-01-30 02:53 - 2009-10-05 06:20 - 00232336 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-01-29 11:07 - 2010-09-08 07:42 - 00048320 ____A C:\Users\Owner\Documents\plot.log
2013-01-29 10:35 - 2008-06-13 10:43 - 00000059 ____A C:\Windows\wpd99.drv
2013-01-29 10:35 - 2008-06-13 10:43 - 00000000 ____D C:\Users\All Users\pdf995
2013-01-29 08:49 - 2013-01-29 08:49 - 00000000 ____D C:\Users\Owner\AppData\Local\{AD031A17-C92C-4D04-8B5D-729C8478827C}
2013-01-28 16:01 - 2012-06-08 09:34 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3037814572-161565341-3910630338-1000Core.job
2013-01-28 09:14 - 2013-01-28 09:14 - 00000000 ____D C:\Users\Owner\AppData\Local\{21A75212-6902-4911-A5C5-71BA5DF3BCEA}
2013-01-25 13:33 - 2012-01-23 15:56 - 00001352 ____A C:\Users\Owner\Desktop\plot.log
2013-01-25 09:22 - 2013-01-25 09:22 - 00000000 ____D C:\Users\Owner\AppData\Local\{AF95CBB7-C775-421F-B4B7-2A0AF884CBCA}
2013-01-24 08:59 - 2013-01-24 08:59 - 00000000 ____D C:\Users\Owner\AppData\Local\{74B28D59-3346-4A58-83C5-033A6D0D2A06}
2013-01-24 08:06 - 2011-12-12 08:01 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-01-24 08:06 - 2011-12-12 08:01 - 00000000 ____D C:\Program Files\AVG Secure Search
2013-01-24 08:03 - 2012-09-04 06:05 - 00031576 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2013-01-23 08:01 - 2013-01-23 08:01 - 00000000 ____D C:\Users\Owner\AppData\Local\{ED747D06-2238-4357-9505-55FF3B97ED2A}
2013-01-22 06:57 - 2013-01-22 06:57 - 00000000 ____D C:\Users\Owner\AppData\Local\{4C8216DD-4E5C-42C2-A344-FC8394871F3E}
2013-01-21 17:38 - 2011-03-21 14:18 - 00002585 ____A C:\Users\Owner\Desktop\Microsoft Word.lnk
2013-01-18 14:57 - 2013-01-18 14:57 - 01582117 ____A C:\Users\Owner\Desktop\Davis Structural.dwg
2013-01-18 14:36 - 2006-11-02 04:47 - 00413288 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-18 08:05 - 2013-01-18 08:05 - 00000000 ____D C:\Users\Owner\AppData\Local\{3BC16069-85F6-46F9-B5C5-7239485E1538}
2013-01-18 07:18 - 2012-05-11 14:34 - 00001945 ____A C:\Windows\epplauncher.mif
2013-01-18 07:18 - 2012-03-12 14:25 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-01-17 07:29 - 2013-01-17 07:29 - 00000000 ____D C:\Users\Owner\AppData\Local\{0ECC73E7-7D33-4C28-9FEE-D4D5C6CB0C6A}
2013-01-16 07:55 - 2008-05-08 13:59 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2013-01-16 07:22 - 2013-01-16 07:22 - 00000000 ____D C:\Users\Owner\AppData\Local\{D16D1418-73A6-4CBD-B9E0-293CE5E9DD30}
2013-01-15 12:01 - 2013-01-15 12:01 - 00138712 ____A C:\Windows\Minidump\Mini011513-01.dmp
2013-01-15 12:01 - 2012-07-23 07:02 - 263227983 ____A C:\Windows\MEMORY.DMP
2013-01-15 12:01 - 2008-06-06 11:40 - 00000000 ____D C:\Windows\Minidump
2013-01-15 06:43 - 2013-01-15 06:43 - 00000000 ____D C:\Users\Owner\AppData\Local\{D3E789AF-0A1C-48AD-B257-572B064B4B0F}
2013-01-14 07:32 - 2013-01-14 07:32 - 00000000 ____D C:\Users\Owner\AppData\Local\{BF869FB8-9AC3-41A5-A6E4-B71AE96105DA}
2013-01-14 07:18 - 2013-01-14 07:18 - 00135064 ____A C:\Windows\Minidump\Mini011413-01.dmp
2013-01-11 08:40 - 2008-06-19 11:33 - 00021504 ____A C:\Users\Owner\Documents\Jobs List.xlr
2013-01-11 08:40 - 2008-05-08 15:09 - 00004186 ____A C:\Users\Owner\AppData\Roaming\wklnhst.dat
2013-01-11 07:26 - 2013-01-11 07:26 - 00000000 ____D C:\Users\Owner\AppData\Local\{95A5AAF4-1D62-4C29-B81F-82820BF3D8FD}
2013-01-10 12:56 - 2012-06-08 09:40 - 00002044 ____A C:\Users\Owner\Desktop\Google Chrome.lnk
2013-01-10 11:20 - 2013-01-10 11:20 - 00000000 ____D C:\Users\Owner\AppData\Local\{1E51AC78-CA81-4FEF-8DE4-9290E07B2B8B}
2013-01-10 07:50 - 2012-09-27 14:04 - 00003664 ___AH C:\Users\Owner\Desktop\ZbThumbnail.info
2013-01-09 09:36 - 2013-01-09 09:36 - 00000000 ____D C:\Users\Owner\AppData\Local\{FD4DCE6D-40EF-405C-BD15-BD896F60B91F}
2013-01-08 12:18 - 2013-01-08 12:18 - 00000000 ____D C:\Users\Owner\AppData\Local\{0EB82A78-37BA-4BF4-B90B-67FD5D84F765}
2013-01-07 07:15 - 2013-01-07 07:15 - 00000000 ____D C:\Users\Owner\AppData\Local\{4FE8A592-32FA-442E-A5C7-A9AC9E669DC9}
2013-01-04 13:51 - 2013-01-04 13:51 - 00000000 ____D C:\Users\Owner\AppData\Local\{B04DB821-E0C8-4C1A-8EBE-936DE6B80CE2}
2013-01-03 08:01 - 2013-01-03 08:01 - 00000000 ____D C:\Users\Owner\AppData\Local\{C27D412D-E876-4234-B298-7D731BEC2857}
2013-01-02 09:12 - 2013-01-02 09:12 - 00000000 ____D C:\Users\Owner\AppData\Local\{D4F6D57C-D353-4D30-A3D2-F624B794B43D}
2012-12-31 08:20 - 2012-12-31 08:20 - 00000000 ____D C:\Users\Owner\AppData\Local\{70B2ECED-6557-440B-848D-12710D591024}


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 3060.56 MB
Available physical RAM: 2610.61 MB
Total Pagefile: 2837.95 MB
Available Pagefile: 2691.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.72 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:455.71 GB) (Free:413.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.97 GB) NTFS
3 Drive e: (VISTA_32_PREMIUM) (CDROM) (Total:2.84 GB) (Free:0 GB) CDFS
4 Drive f: () (Removable) (Total:3.74 GB) (Free:0.19 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 981 KB
Disk 1 Online 3836 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

ACTIVE - Mark the selected basic partition as active.
ADD - Add a mirror to a simple volume.
ASSIGN - Assign a drive letter or mount point to the selected volume.
ATTRIBUTES - Manipulate volume attributes.
AUTOMOUNT - Enable and disable automatic mounting of basic volumes.
BREAK - Break a mirror set.
CLEAN - Clear the configuration information, or all information, off the
disk.
CONVERT - Convert between different disk formats.
CREATE - Create a volume or partition.
DELETE - Delete an object.
DETAIL - Provide details about an object.
EXIT - Exit DiskPart.
EXTEND - Extend a volume.
FILESYSTEMS - Display current and supported file systems on the volume.
FORMAT - Format the volume or partition.
GPT - Assign attributes to the selected GPT partition.
HELP - Display a list of commands.
IMPORT - Import a disk group.
INACTIVE - Mark the selected basic partition as inactive.
LIST - Display a list of objects.
ONLINE - Online a disk that is currently marked as offline.
REM - Does nothing. This is used to comment scripts.
REMOVE - Remove a drive letter or mount point assignment.
REPAIR - Repair a RAID-5 volume with a failed member.
RESCAN - Rescan the computer looking for disks and volumes.
RETAIN - Place a retained partition under a simple volume.
SELECT - Shift the focus to an object.
SETID - Change the partition type.
SHRINK - Reduce the size of the selected volume.

=========================================================

Partitions of Disk 1:
===============

ACTIVE - Mark the selected basic partition as active.
ADD - Add a mirror to a simple volume.
ASSIGN - Assign a drive letter or mount point to the selected volume.
ATTRIBUTES - Manipulate volume attributes.
AUTOMOUNT - Enable and disable automatic mounting of basic volumes.
BREAK - Break a mirror set.
CLEAN - Clear the configuration information, or all information, off the
disk.
CONVERT - Convert between different disk formats.
CREATE - Create a volume or partition.
DELETE - Delete an object.
DETAIL - Provide details about an object.
EXIT - Exit DiskPart.
EXTEND - Extend a volume.
FILESYSTEMS - Display current and supported file systems on the volume.
FORMAT - Format the volume or partition.
GPT - Assign attributes to the selected GPT partition.
HELP - Display a list of commands.
IMPORT - Import a disk group.
INACTIVE - Mark the selected basic partition as inactive.
LIST - Display a list of objects.
ONLINE - Online a disk that is currently marked as offline.
REM - Does nothing. This is used to comment scripts.
REMOVE - Remove a drive letter or mount point assignment.
REPAIR - Repair a RAID-5 volume with a failed member.
RESCAN - Rescan the computer looking for disks and volumes.
RETAIN - Place a retained partition under a simple volume.
SELECT - Shift the focus to an object.
SETID - Change the partition type.
SHRINK - Reduce the size of the selected volume.

=========================================================

Last Boot: 2013-01-30 19:30

==================== End Of Log ============================

BC AdBot (Login to Remove)

 


#2 virtualbob

virtualbob
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 31 January 2013 - 01:24 AM

I decided to just undo the ComboFix registry changes, which allowed the computer to boot normally. I then tested the original reported problem, which was a redirector. This was removed using standard procedures - no need for ComboFix. So all is well.

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 AM

Posted 04 February 2013 - 11:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/483627 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 AM

Posted 05 February 2013 - 09:50 AM

You have stated that you no longer need help with this issue, therefore I am closing this topic. If that is not the case and you need or wish to continue with this topic, please send any Moderator a Personal Message (PM) that you would like this topic re-opened.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users