Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Reading Combofix Log File


  • This topic is locked This topic is locked
3 replies to this topic

#1 webuser1001

webuser1001

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:34 AM

Posted 11 September 2014 - 02:48 PM

Hey everyone! I am new to the forum, I have just started using combofix and I have a log file but I don't know how to read it. Any help is greatly appreciated.
 
My computer restarted so I know there must have been some infection.
 
 
Here is the log file
ComboFix 14-09-05.01 - Administrator 09/08/2014  11:28:31.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.6027.4494 [GMT -5:00]
Running from: c:\users\Administrator\Downloads\ComboFix.exe
AV: McAfeeÆ Security-as-a-Service *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfeeÆ Security-as-a-Service *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETHFDRV
-------\Service_nethfdrv
-------\Service_NetHttpService
-------\Service_ServiceUpdater
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-08 to 2014-09-08  )))))))))))))))))))))))))))))))
.
.
2014-09-08 17:35 . 2014-09-08 17:35 -------- d-----w- c:\windows\Standalone System Sweeper
2014-09-08 16:34 . 2010-11-16 20:01 8199504 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{837B0317-F545-499B-89E1-E3A78196BC6F}\mpengine.dll
2014-09-08 16:33 . 2014-09-08 16:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-08 16:26 . 2010-11-16 20:01 8199504 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{54496B13-9605-486B-ADBF-F4F5C5AABD6A}\mpengine.dll
2014-09-08 16:15 . 2014-09-08 16:15 687 ----a-w- C:\awh5649.tmp
2014-09-08 16:07 . 2014-09-08 16:07 687 ----a-w- C:\awh7BD.tmp
2014-09-08 15:58 . 2014-09-08 15:58 687 ----a-w- C:\awh15D0.tmp
2014-09-08 15:37 . 2010-11-16 20:01 8199504 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ECEB5365-1C78-4B55-B9FF-11B2BFE7C598}\mpengine.dll
2014-09-08 15:24 . 2014-09-08 15:32 -------- d-----w- c:\users\snugent
2014-09-08 15:02 . 2014-09-08 15:02 687 ----a-w- C:\awh3C7.tmp
2014-09-08 14:20 . 2014-09-08 14:20 687 ----a-w- C:\awhD87.tmp
2014-09-08 13:32 . 2014-09-08 13:32 687 ----a-w- C:\awhFA45.tmp
2014-09-08 03:05 . 2014-09-08 03:05 687 ----a-w- C:\awhF298.tmp
2014-09-07 16:48 . 2014-09-07 16:48 687 ----a-w- C:\awhF314.tmp
2014-09-06 18:05 . 2014-09-06 18:05 687 ----a-w- C:\awhF305.tmp
2014-09-05 13:57 . 2014-09-05 13:57 687 ----a-w- C:\awhC5E.tmp
2014-09-04 13:41 . 2014-09-04 13:41 687 ----a-w- C:\awh1E97.tmp
2014-09-03 13:13 . 2014-09-03 13:13 687 ----a-w- C:\awh4E.tmp
2014-09-03 00:55 . 2014-09-03 00:55 687 ----a-w- C:\awh16CA.tmp
2014-09-02 13:37 . 2014-09-02 13:37 687 ----a-w- C:\awh2CD.tmp
2014-09-01 20:54 . 2014-09-05 17:23 -------- d-----w- c:\users\SMManager
2014-09-01 20:52 . 2014-09-01 20:52 -------- d-----w- c:\programdata\GroupPolicy
2014-09-01 20:27 . 2014-09-01 20:27 687 ----a-w- C:\awhEAF.tmp
2014-09-01 20:17 . 2014-09-01 20:17 687 ----a-w- C:\awh2DD.tmp
2014-09-01 20:04 . 2014-09-01 20:04 687 ----a-w- C:\awhFDCE.tmp
2014-09-01 17:56 . 2014-09-01 17:56 687 ----a-w- C:\awh12D4.tmp
2014-09-01 17:33 . 2014-09-01 17:38 -------- d-----w- C:\Backup
2014-09-01 13:19 . 2014-09-01 13:19 687 ----a-w- C:\awh28F.tmp
2014-09-01 13:09 . 2014-09-01 13:09 687 ----a-w- C:\awhFFE0.tmp
2014-08-29 14:54 . 2014-08-29 14:54 687 ----a-w- C:\awhECE.tmp
2014-08-29 03:16 . 2014-08-29 03:16 687 ----a-w- C:\awh21D2.tmp
2014-08-29 03:04 . 2014-08-29 03:04 687 ----a-w- C:\awhA775.tmp
2014-08-28 18:31 . 2014-08-28 18:31 -------- d-----w- c:\programdata\HP
2014-08-28 18:31 . 2014-08-28 18:31 -------- d-----w- c:\program files (x86)\HP
2014-08-28 18:31 . 2014-08-28 18:31 -------- d-----w- c:\programdata\Canon
2014-08-28 18:31 . 2012-08-09 05:59 1006080 ----a-w- c:\windows\system32\CNAS0MOK.DLL
2014-08-28 18:30 . 2014-08-28 18:32 -------- d-----w- c:\program files\Canon
2014-08-28 14:57 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-28 14:57 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-28 14:57 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-27 17:34 . 2014-08-27 17:34 687 ----a-w- C:\awh1BC9.tmp
2014-08-27 14:47 . 2014-08-27 14:47 687 ----a-w- C:\awhE52.tmp
2014-08-27 14:36 . 2014-08-27 14:36 687 ----a-w- C:\awhBC2.tmp
2014-08-27 13:51 . 2014-08-27 13:51 687 ----a-w- C:\awhC8D.tmp
2014-08-26 13:45 . 2014-08-26 13:45 687 ----a-w- C:\awh61BE.tmp
2014-08-26 01:54 . 2014-08-26 01:54 687 ----a-w- C:\awh1093.tmp
2014-08-25 19:37 . 2014-08-25 19:37 687 ----a-w- C:\awh83CF.tmp
2014-08-25 13:44 . 2014-08-25 13:44 687 ----a-w- C:\awh6D3.tmp
2014-08-25 02:23 . 2014-08-25 02:23 687 ----a-w- C:\awh5F4E.tmp
2014-08-24 17:57 . 2014-08-24 17:57 687 ----a-w- C:\awh608.tmp
2014-08-23 22:37 . 2014-08-23 22:37 687 ----a-w- C:\awhF823.tmp
2014-08-23 13:57 . 2014-08-23 13:57 687 ----a-w- C:\awh21E1.tmp
2014-08-22 13:44 . 2014-08-22 13:44 687 ----a-w- C:\awhF739.tmp
2014-08-22 01:16 . 2014-07-22 03:45 -------- d-----w- c:\windows\Panther
2014-08-22 00:40 . 2014-08-22 00:40 -------- d-----w- c:\program files (x86)\Microsoft
2014-08-22 00:18 . 2014-08-22 00:18 -------- d-----w- c:\program files (x86)\TeamViewer
2014-08-22 00:12 . 2014-08-22 00:14 -------- d-----w- c:\program files (x86)\Microsoft Works
2014-08-22 00:11 . 2014-08-22 00:11 -------- d-----w- c:\windows\PCHEALTH
2014-08-22 00:10 . 2014-08-22 00:10 -------- d-----w- c:\program files\Microsoft Office
2014-08-22 00:10 . 2014-08-22 00:10 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2014-08-22 00:09 . 2014-08-13 14:40 -------- d-----w- c:\programdata\Microsoft Help
2014-08-22 00:09 . 2014-08-22 00:09 -------- d-----r- C:\MSOCache
2014-08-21 23:51 . 2014-08-13 14:31 -------- d-s---w- c:\windows\system32\CompatTel
2014-08-21 23:13 . 2014-07-14 09:12 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7623D683-73CA-468F-A165-F75477D0EF64}\mpengine.dll
2014-08-21 23:11 . 2014-08-21 23:11 -------- d-----w- c:\windows\Migration
2014-08-21 23:10 . 2014-09-08 15:13 -------- d-sh--w- c:\windows\Installer
2014-08-21 23:08 . 2014-08-13 14:36 -------- d-----w- c:\windows\system32\MRT
2014-08-21 23:05 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-08-21 23:05 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-08-21 23:05 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-08-21 22:50 . 2014-08-21 22:50 451 ----a-w- c:\windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-08-21 22:47 . 2014-06-09 09:49 795120 ----a-w- c:\windows\system32\drivers\iusb3xhc.sys
2014-08-21 22:47 . 2013-11-01 10:04 4022272 ----a-w- c:\windows\system32\drivers\athrx.sys
2014-08-21 22:47 . 2014-08-21 22:47 -------- d-----w- c:\program files (x86)\Intel
2014-08-21 22:47 . 2014-08-08 14:33 -------- d-----w- C:\Intel
2014-08-21 22:47 . 2014-06-13 13:27 64000 ----a-w- c:\windows\system32\OpenCL.DLL
2014-08-21 22:47 . 2014-06-13 13:27 60416 ----a-w- c:\windows\SysWow64\OpenCL.DLL
2014-08-21 22:45 . 2014-06-13 13:27 17327160 ----a-w- c:\windows\system32\igd10iumd64.dll
2014-08-21 22:44 . 2011-09-14 15:11 1048576 ----a-w- c:\windows\system32\syndata.bin
2014-08-21 22:44 . 2014-03-31 08:43 71952 ----a-w- c:\windows\system32\drivers\AsusTP.sys
2014-08-21 22:43 . 2014-08-21 22:43 -------- d-----w- c:\windows\SysWow64\RTCOM
2014-08-21 22:43 . 2014-08-21 22:43 -------- d-----w- c:\program files\Realtek
2014-08-21 22:41 . 2014-05-08 11:25 939224 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2014-08-21 22:23 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2014-08-21 22:23 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2014-08-21 22:23 . 2014-08-21 22:23 -------- d-----w- C:\Recovery
2014-08-21 13:41 . 2014-08-21 13:41 687 ----a-w- C:\awh27AB.tmp
2014-08-20 23:20 . 2014-08-20 23:20 687 ----a-w- C:\awhF9F7.tmp
2014-08-20 13:54 . 2014-08-20 13:54 687 ----a-w- C:\awh83EE.tmp
2014-08-19 16:22 . 2014-08-19 16:22 -------- d-----w- c:\program files (x86)\GreenTree Applications
2014-08-19 13:41 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-08-19 13:41 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-19 13:41 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-19 13:41 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-08-19 13:40 . 2014-08-19 13:40 687 ----a-w- C:\awh28E3.tmp
2014-08-19 13:40 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2014-08-19 13:40 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2014-08-19 13:40 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-08-19 13:40 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2014-08-19 13:40 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2014-08-19 13:40 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-08-19 13:40 . 2014-05-14 14:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-19 13:40 . 2014-05-14 14:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-08-19 13:40 . 2014-05-14 14:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-08-19 13:40 . 2014-05-14 14:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2014-08-18 23:38 . 2014-08-18 23:38 687 ----a-w- C:\awh1FF9.tmp
2014-08-18 23:34 . 2014-08-18 23:34 -------- d-----w- c:\windows\Sun
2014-08-18 23:33 . 2014-08-20 17:54 -------- d-----w- c:\program files (x86)\globalUpdate
2014-08-18 23:32 . 2014-08-18 23:32 -------- d-----w- c:\program files (x86)\Common Files\Config
2014-08-18 21:44 . 2014-08-18 21:44 -------- d-----w- c:\programdata\Oracle
2014-08-18 21:43 . 2014-08-18 21:43 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-08-18 21:43 . 2014-08-18 21:43 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-18 21:43 . 2014-08-18 21:43 -------- d-----w- c:\program files (x86)\Java
2014-08-18 20:39 . 2014-08-18 20:39 46160 ----a-w- c:\windows\system32\drivers\nethfdrv.sys
2014-08-18 20:39 . 2014-08-18 20:39 162304 ----a-w- c:\windows\SysWow64\netupdsrv.exe
2014-08-18 20:39 . 2014-08-18 20:39 108544 ----a-w- c:\windows\SysWow64\installd.exe
2014-08-18 20:39 . 2014-08-18 20:39 179712 ----a-w- c:\windows\SysWow64\nethtsrv.exe
2014-08-18 20:39 . 2014-08-18 20:39 108544 ----a-w- c:\windows\SysWow64\hfnapi.dll
2014-08-18 20:39 . 2014-08-18 20:39 246784 ----a-w- c:\windows\SysWow64\hfpapi.dll
2014-08-14 21:29 . 2014-08-19 16:22 -------- d-----r- c:\users\Public
2014-08-13 14:32 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-13 14:32 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-13 14:32 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-13 14:32 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-13 14:32 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-22 03:28 . 2014-07-22 03:28 57200 ----a-w- c:\windows\system32\snacnp.dll
2014-06-17 19:05 . 2014-06-17 19:05 3178496 ----a-w- c:\windows\system32\rdpcorets.dll
2014-06-17 19:05 . 2014-06-17 19:05 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-06-17 19:05 . 2014-06-17 19:05 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-06-17 19:05 . 2014-06-17 19:05 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-06-17 19:05 . 2014-06-17 19:05 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-06-17 19:05 . 2014-06-17 19:05 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-06-17 19:05 . 2014-06-17 19:05 855552 ----a-w- c:\windows\SysWow64\rdvidcrl.dll
2014-06-17 19:05 . 2014-06-17 19:05 83968 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-06-17 19:05 . 2014-06-17 19:05 62976 ----a-w- c:\windows\system32\tsgqec.dll
2014-06-17 19:05 . 2014-06-17 19:05 56832 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2014-06-17 19:05 . 2014-06-17 19:05 56832 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2014-06-17 19:05 . 2014-06-17 19:05 53248 ----a-w- c:\windows\SysWow64\tsgqec.dll
2014-06-17 19:05 . 2014-06-17 19:05 50176 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll
2014-06-17 19:05 . 2014-06-17 19:05 44544 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2014-06-17 19:05 . 2014-06-17 19:05 420864 ----a-w- c:\windows\system32\wksprt.exe
2014-06-17 19:05 . 2014-06-17 19:05 29696 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2014-06-17 19:05 . 2014-06-17 19:05 18944 ----a-w- c:\windows\system32\wksprtPS.dll
2014-06-17 19:05 . 2014-06-17 19:05 17920 ----a-w- c:\windows\SysWow64\wksprtPS.dll
2014-06-17 19:05 . 2014-06-17 19:05 13824 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-06-17 19:05 . 2014-06-17 19:05 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-06-17 19:05 . 2014-06-17 19:05 1147392 ----a-w- c:\windows\system32\mstsc.exe
2014-06-17 19:05 . 2014-06-17 19:05 1068544 ----a-w- c:\windows\SysWow64\mstsc.exe
2014-06-17 19:05 . 2014-06-17 19:05 1057280 ----a-w- c:\windows\system32\rdvidcrl.dll
2014-06-17 19:04 . 2014-06-17 19:04 96768 ----a-w- c:\windows\system32\fsutil.exe
2014-06-17 19:04 . 2014-06-17 19:04 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2014-06-17 19:04 . 2014-06-17 19:04 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2014-06-17 19:04 . 2014-06-17 19:04 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2014-06-17 19:04 . 2014-06-17 19:04 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2014-06-17 19:04 . 2014-06-17 19:04 2565632 ----a-w- c:\windows\system32\esent.dll
2014-06-17 19:04 . 2014-06-17 19:04 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2014-06-17 19:04 . 2014-06-17 19:04 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2014-06-17 19:04 . 2014-06-17 19:04 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2014-06-17 19:04 . 2014-06-17 19:04 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2014-06-17 19:03 . 2014-06-17 19:03 801280 ----a-w- c:\windows\system32\usp10.dll
2014-06-17 19:03 . 2014-06-17 19:03 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2014-06-17 19:03 . 2014-06-17 19:03 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-06-17 19:03 . 2014-06-17 19:03 288192 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-06-17 19:03 . 2014-06-17 19:03 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-06-17 19:03 . 2014-06-17 19:03 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2014-06-17 19:03 . 2014-06-17 19:03 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-06-17 19:03 . 2014-06-17 19:03 2048 ----a-w- c:\windows\system32\msxml6r.dll
2014-06-17 19:03 . 2014-06-17 19:03 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-06-17 19:03 . 2014-06-17 19:03 2002432 ----a-w- c:\windows\system32\msxml6.dll
2014-06-17 19:03 . 2014-06-17 19:03 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-06-17 19:03 . 2014-06-17 19:03 1389056 ----a-w- c:\windows\SysWow64\msxml6.dll
2014-06-17 19:03 . 2014-06-17 19:03 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-06-17 19:02 . 2014-06-17 19:02 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-06-17 19:02 . 2014-06-17 19:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-06-17 19:02 . 2014-06-17 19:02 484864 ----a-w- c:\windows\system32\wer.dll
2014-06-17 19:02 . 2014-06-17 19:02 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-06-17 19:02 . 2014-06-17 19:02 1684928 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-06-17 19:01 . 2014-06-17 19:01 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2014-06-17 19:01 . 2014-06-17 19:01 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-06-17 19:01 . 2014-06-17 19:01 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2014-06-17 19:01 . 2014-06-17 19:01 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2014-06-17 19:01 . 2014-06-17 19:01 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-06-17 19:01 . 2014-06-17 19:01 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-06-17 19:01 . 2014-06-17 19:01 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-06-17 19:01 . 2014-06-17 19:01 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-06-17 19:00 . 2014-06-17 19:00 27584 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-06-17 19:00 . 2014-06-17 19:00 274880 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-06-17 19:00 . 2014-06-17 19:00 2048 ----a-w- c:\windows\SysWow64\iologmsg.dll
2014-06-17 19:00 . 2014-06-17 19:00 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-06-17 19:00 . 2014-06-17 19:00 190912 ----a-w- c:\windows\system32\drivers\storport.sys
2014-06-17 19:00 . 2014-06-17 19:00 197120 ----a-w- c:\windows\system32\credui.dll
2014-06-17 19:00 . 2014-06-17 19:00 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2014-06-17 19:00 . 2014-06-17 19:00 168960 ----a-w- c:\windows\SysWow64\credui.dll
2014-06-17 19:00 . 2014-06-17 19:00 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2014-06-17 18:59 . 2014-06-17 18:59 81408 ----a-w- c:\windows\system32\imagehlp.dll
2014-06-17 18:59 . 2014-06-17 18:59 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2014-06-17 18:59 . 2014-06-17 18:59 202752 ----a-w- c:\windows\system32\scrrun.dll
2014-06-17 18:59 . 2014-06-17 18:59 168960 ----a-w- c:\windows\system32\wscript.exe
2014-06-17 18:59 . 2014-06-17 18:59 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
2014-06-17 18:59 . 2014-06-17 18:59 156160 ----a-w- c:\windows\system32\cscript.exe
2014-06-17 18:59 . 2014-06-17 18:59 150016 ----a-w- c:\windows\system32\wshom.ocx
2014-06-17 18:59 . 2014-06-17 18:59 141824 ----a-w- c:\windows\SysWow64\wscript.exe
2014-06-17 18:59 . 2014-06-17 18:59 126976 ----a-w- c:\windows\SysWow64\cscript.exe
2014-06-17 18:59 . 2014-06-17 18:59 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
2014-06-17 18:59 . 2014-06-17 18:59 335360 ----a-w- c:\windows\system32\msieftp.dll
2014-06-17 18:59 . 2014-06-17 18:59 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2014-06-17 18:59 . 2014-06-17 18:59 327168 ----a-w- c:\windows\system32\mswsock.dll
2014-06-17 18:59 . 2014-06-17 18:59 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2014-06-17 18:59 . 2014-06-17 18:59 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-06-17 18:59 . 2014-06-17 18:59 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-06-17 18:59 . 2014-06-17 18:59 878080 ----a-w- c:\windows\system32\advapi32.dll
2014-06-17 18:59 . 2014-06-17 18:59 859648 ----a-w- c:\windows\system32\tdh.dll
2014-06-17 18:59 . 2014-06-17 18:59 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2014-06-17 18:59 . 2014-06-17 18:59 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2014-06-17 18:59 . 2014-06-17 18:59 1732032 ----a-w- c:\windows\system32\ntdll.dll
2014-06-17 18:59 . 2014-06-17 18:59 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2014-06-17 18:58 . 2014-06-17 18:58 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2014-06-17 18:58 . 2014-06-17 18:58 144384 ----a-w- c:\windows\system32\cdd.dll
2014-06-17 18:58 . 2014-06-17 18:58 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-06-17 18:58 . 2014-06-17 18:58 722944 ----a-w- c:\windows\system32\objsel.dll
2014-06-17 18:58 . 2014-06-17 18:58 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2014-06-17 18:58 . 2014-06-17 18:58 6656 ----a-w- c:\windows\system32\apisetschema.dll
2014-06-17 18:58 . 2014-06-17 18:58 57344 ----a-w- c:\windows\system32\cngprovider.dll
2014-06-17 18:58 . 2014-06-17 18:58 56832 ----a-w- c:\windows\system32\adprovider.dll
2014-06-17 18:58 . 2014-06-17 18:58 5550016 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 ATP;ASUS Input Device;c:\windows\system32\DRIVERS\AsusTP.sys;c:\windows\SYSNATIVE\DRIVERS\AsusTP.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S1 dwvkbd;DameWare Virtual Keyboard 64 bit Driver;c:\windows\system32\DRIVERS\dwvkbd64.sys;c:\windows\SYSNATIVE\DRIVERS\dwvkbd64.sys [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]
S2 DptfParticipantProcessorService;Intel® Dynamic Platform and Thermal Framework Processor Participant Service Application;c:\windows\system32\DptfParticipantProcessorService.exe;c:\windows\SYSNATIVE\DptfParticipantProcessorService.exe [x]
S2 DptfPolicyConfigTDPService;Intel® Dynamic Platform and Thermal Framework Config TDP Service Application;c:\windows\system32\DptfPolicyConfigTDPService.exe;c:\windows\SYSNATIVE\DptfPolicyConfigTDPService.exe [x]
S2 DptfPolicyCriticalService;Intel® Dynamic Platform and Thermal Framework Critical Service Application;c:\windows\system32\DptfPolicyCriticalService.exe;c:\windows\SYSNATIVE\DptfPolicyCriticalService.exe [x]
S2 DptfPolicyLpmService;Intel® Dynamic Platform and Thermal Framework Low Power Mode Service Application;c:\windows\system32\DptfPolicyLpmService.exe;c:\windows\SYSNATIVE\DptfPolicyLpmService.exe [x]
S2 igfxCUIService1.0.0.0;Intel® HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]
S3 DptfDevDram;DptfDevDram;c:\windows\system32\DRIVERS\DptfDevDram.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevDram.sys [x]
S3 DptfDevPch;DptfDevPch;c:\windows\system32\DRIVERS\DptfDevPch.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevPch.sys [x]
S3 DptfDevProc;DptfDevProc;c:\windows\system32\DRIVERS\DptfDevProc.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevProc.sys [x]
S3 DptfManager;DptfManager;c:\windows\system32\DRIVERS\DptfManager.sys;c:\windows\SYSNATIVE\DRIVERS\DptfManager.sys [x]
S3 DwMirror;DwMirror;c:\windows\system32\DRIVERS\DamewareMini.sys;c:\windows\SYSNATIVE\DRIVERS\DamewareMini.sys [x]
S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-03 13:46 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-08 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-347318900-3001803211-3520325003-1213.job
- c:\users\Sales.Marketing\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe [2014-08-21 16:01]
.
2014-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-22 03:24]
.
2014-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-22 03:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DptfPolicyLpmServiceHelper"="c:\windows\system32\DptfPolicyLpmServiceHelper.exe" [2013-10-14 111488]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"DameWare MRC Agent"="c:\windows\dwrcs\DWRCST.exe" [2011-03-31 296312]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://century21jm.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
TCP: DhcpNameServer = 192.168.0.2
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\cdvffj3q.default\
FF - prefs.js: browser.startup.homepage - hxxp://century21jm.com/
.
- - - - ORPHANS REMOVED - - - -
.
c:\users\Sales.Marketing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1777186739-2167211428-3001874831-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
.
[HKEY_USERS\S-1-5-21-1777186739-2167211428-3001874831-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,63,14,b3,1b,4b,c0,57,49,a7,7a,03,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,63,14,b3,1b,4b,c0,57,49,a7,7a,03,\
.
[HKEY_USERS\S-1-5-21-1777186739-2167211428-3001874831-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1777186739-2167211428-3001874831-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1777186739-2167211428-3001874831-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1777186739-2167211428-3001874831-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1777186739-2167211428-3001874831-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\TeamViewer\Version9\TeamViewer.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\TeamViewer\Version9\tv_w32.exe
.
**************************************************************************
.
Completion time: 2014-09-08  11:52:21 - machine was rebooted
ComboFix-quarantined-files.txt  2014-09-08 16:52
ComboFix2.txt  2014-08-05 17:35
.
Pre-Run: 436,346,150,912 bytes free
Post-Run: 436,021,415,936 bytes free
.
- - End Of File - - 72E3995677A31F67E421167DFDA54385
A36C5E4F47E84449FF07ED3517B43A31

Edit: Moved topic from Introductions to the more appropriate forum.~ Animal

BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 AM

Posted 15 September 2014 - 10:39 AM

Hello webuser1001 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

 

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.
 

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.

 

  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks

---------------------------------------------------------------------------------------------------------

 

Please do the following.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

-------------------------------------------

 

Are you still with us?

 

Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 AM

Posted 17 September 2014 - 05:06 PM

Hello,

 

3 Day Bump

It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 AM

Posted 21 September 2014 - 04:51 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users