Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: programs aren't running properly


(!)

Mark1956's Avatar
Malware Removal Specialist with 12,496 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
05-Oct-2012, 05:37 AM #16
Quote:
sry about that, i think i got it though, or they might be hidden again the files listed didn't appear in the scans afterward.
Quote:
i'm really sorry rkiller froze first scan so i scanned again after reboot then clicked on reset hosts after that..
Not a problem, thanks for letting me know.


Please now run this scan and post the log. When it is complete please tell me how well the PC is running now.

STEP 1
NOTE: If you have already used Combofix please delete the icon from your desktop.
  • Please download DeFogger and save it to your desktop.
  • Once downloaded, double-click on the DeFogger icon to start the tool.
  • The application window will appear.
  • You should now click on the Disable button to disable your CD Emulation drivers.
  • When it prompts you whether or not you want to continue, please click on the Yes button to continue.
  • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  • If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.



STEP 2
Please download ComboFix from one of the locations below and save it to your Desktop. <-Important!!!

Be sure to print out and follow these instructions: A guide and tutorial on using ComboFix

Vista/Windows 7 users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. XP users need to install the Recovery Console first.
  • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click this link to see a list of such programs and how to disable them.
  • If ComboFix detects an older version of itself, you will be asked to update the program.
  • ComboFix will begin by showing a Disclaimer. Read it and click I Agree if you want to continue.
  • Follow the prompts and click on Yes to continue scanning for malware.
  • If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
  • When finished, please copy and paste the contents of C:\ComboFix.txt (which will open after reboot) in your next reply.
  • Be sure to re-enable your anti-virus and other security programs.

-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.


If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier. Those instructions only apply to XP, for Vista and Windows 7 go here: Internet connection repair

NOTE: if you see a message like this when you attempt to open anything after the reboot "Illegal Operation attempted on a registry key that has been marked for deletion" please reboot the system again and the warning should not return.

Quote:
Do NOT use ComboFix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read ComboFix's Disclaimer.
tflpfshm's Avatar
tflpfshm tflpfshm is offline
Computer Specs
Member with 18 posts.
THREAD STARTER
 
Join Date: Jan 2011
Experience: Beginner
05-Oct-2012, 12:12 PM #17
ComboFix 12-10-04.02 - Franklin 5/2012 Fri 11:48:21.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.894.402 [GMT -4:00]
Running from: c:\documents and settings\Franklin\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\0tbpw.pad
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Franklin\Local Settings\Application Data\Vid-Saver
c:\documents and settings\Franklin\Local Settings\Application Data\Vid-Saver\Chrome\Vid-Saver.crx
c:\program files\Vid-Saver
c:\program files\Vid-Saver\Vid-Saver.exe
c:\program files\Vid-Saver\Vid-Saver.ico
c:\program files\Vid-Saver\Vid-Saver.ini
c:\program files\Vid-Saver\Vid-SaverInstaller.log
c:\windows\system32\Cache
c:\windows\system32\Cache\12b3680b3ac405da.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\8150be73d6ca6d65.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-05 to 2012-10-05 )))))))))))))))))))))))))))))))
.
.
2012-10-04 07:53 . 2012-10-04 07:53 -------- d-----w- c:\program files\ESET
2012-10-04 01:22 . 2012-10-04 01:22 -------- d-----w- C:\_OTM
2012-10-03 05:08 . 2012-10-03 05:08 -------- d-----w- c:\documents and settings\Franklin\Option
2012-10-03 04:01 . 2012-10-03 04:01 -------- d-----w- c:\documents and settings\Franklin\Application Data\Process Hacker 2
2012-10-03 03:57 . 2012-10-03 03:57 -------- d-----w- c:\program files\Process Hacker 2
2012-10-03 01:01 . 2012-10-03 01:01 -------- d-----w- c:\windows\system32\wbem\Repository
2012-10-02 23:47 . 2012-10-02 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\767003CCFBD97CF80085766F7EDAF9F0
2012-10-02 23:46 . 2012-10-02 23:46 56832 ---ha-w- c:\windows\system32\scimon.dll
2012-09-28 07:47 . 2012-09-28 07:47 -------- d-----w- c:\documents and settings\Franklin\Application Data\DivX
2012-09-27 13:09 . 2012-09-27 13:10 -------- d-----w- c:\program files\Common Files\DivX Shared
2012-09-27 13:08 . 2012-09-27 13:10 -------- d-----w- c:\program files\DivX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-05 16:04 . 2012-06-24 22:57 11232 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-09-20 23:42 . 2012-04-03 09:13 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-20 23:42 . 2012-02-12 07:38 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 21:04 . 2012-08-07 05:39 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-30 17:02 . 2012-08-30 17:02 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-29 00:24 . 2012-07-08 05:09 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-29 00:24 . 2012-02-12 07:06 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-08 17:24 . 2012-09-08 17:24 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2010-07-23 222496]
"SlimDrivers"="c:\program files\SlimDrivers\SlimDrivers.exe" [2012-06-19 27940736]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-18 29744]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-07-10 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-23 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-23 13671016]
"RTHDCPL"="RTHDCPL.EXE" [2000-01-01 18789920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2007-8-16 2342912]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [8/30/2012 1:02 PM 27496]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [3/11/2012 8:28 AM 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/11/2012 8:28 AM 86224]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3/3/2008 4:11 PM 16384]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/2/2012 7:53 PM 399432]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/7/2012 1:39 AM 676936]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [4/7/2008 1:42 AM 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [4/4/2008 6:03 AM 131072]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/7/2012 1:39 AM 22856]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2012 3:40 AM 135664]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/3/2012 5:13 AM 250288]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/24/2012 7:16 PM 1691480]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/18/2008 4:56 PM 29744]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2012 3:40 AM 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 7:29 PM 114144]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [6/24/2012 6:57 PM 11232]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [6/25/2012 4:32 AM 14416]
S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?]
S3 XDva397;XDva397;\??\c:\windows\system32\XDva397.sys --> c:\windows\system32\XDva397.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*NewlyCreated* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 23:42]
.
2012-10-05 c:\windows\Tasks\Game_Booster_AutoUpdate.job
- c:\program files\IObit\Game Booster 3\AutoUpdate.exe [2012-06-25 21:57]
.
2012-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-12 07:40]
.
2012-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-12 07:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0808&m=le1200
TCP: DhcpNameServer = 192.168.2.1 192.168.1.1
FF - ProfilePath - c:\documents and settings\Franklin\Application Data\Mozilla\Firefox\Profiles\gcep061y.default-1349230380593\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-LaunchApp - (no file)
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
HKLM-Run-nwiz - nwiz.exe
HKLM-Run-HF_G_Jul - c:\program files\AVG Secure Search\HF_G_Jul.exe
HKLM-Run-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-05 12:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_ 4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(792)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3800)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\conime.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
.
**************************************************************************
.
Completion time: 2012-10-05 12:09:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-05 16:09
.
Pre-Run: 8,398,647,296 bytes free
Post-Run: 9,524,236,288 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 33384A795A9BD705F0BD0CC68C06717C


edit: very sorry about that, my pc is running alot smoother now, the low virtual memory thing isn't appearing any more, programs aren't freezing/crashing and the browser isn't crashing much/at all

Last edited by tflpfshm; 05-Oct-2012 at 02:18 PM.. Reason: sorry, forgot to answer question
Mark1956's Avatar
Malware Removal Specialist with 12,496 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
05-Oct-2012, 01:54 PM #18
You have not answered my question:

Quote:
When it is complete please tell me how well the PC is running now.
There is a file that needs to be checked.

Go to one of the following online services that analyzes suspicious files:
In the "File to Scan" (Upload or Submit) box, click the "browse" button and locate the following file:

c:\windows\system32\scimon.dll <- this file

Click "Open", then click the "Submit" button. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.
-- Post back with the results of the file analysis in your next reply.
tflpfshm's Avatar
tflpfshm tflpfshm is offline
Computer Specs
Member with 18 posts.
THREAD STARTER
 
Join Date: Jan 2011
Experience: Beginner
05-Oct-2012, 02:22 PM #19
ah, sorry, it's running faster now, the low virtual memory on startup disappeared, programs can be booted and seem to work normally

Filename: scimon.dll Status: Scan finished. 12 out of 19 scanners reported malware.
Scan taken on: Fri 5 Oct 2012 20:20:16 (CET) Permalink

2012-10-05 Trojan.Backdoor.Papras.Frt
2012-10-05 Gen:Variant.Kazy.67671
2012-10-05 Win32:Malware-gen
2012-10-05 Gen:Variant.Kazy.67671
2012-10-05 Generic29.BYWK
2012-10-05 Trojan.Agent
2012-10-05 TR/Kazy.67671.26
2012-10-05 Backdoor.Win32.Papras.frt
2012-10-05 Gen:Variant.Kazy.67671
2012-10-05 Found nothing
2012-10-05 Found nothing
2012-10-05 Found nothing
2012-10-05 Found nothing
2012-10-05 Mal/Generic-L
2012-10-05 Trojan.PWS.Banker1.5732
2012-10-04 Found nothing
2012-10-05 Win32/Kryptik.ALSU
2012-10-05 Found nothing
2012-10-05 Found nothing

File size: 56832 bytes Filetype: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit MD5: 2c99fc188824cdf7f34c0aff8f4866d9 SHA1: c8dbbba05355bd9804cbb33b0bfd9d0486f4e2db

Last edited by tflpfshm; 05-Oct-2012 at 02:28 PM.. Reason: worried original post was too vague
Mark1956's Avatar
Malware Removal Specialist with 12,496 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
05-Oct-2012, 03:10 PM #20
That is sufficient evidence to prove the file is malicious.

We will now remove that file along with a couple of other items detected by Eset.

We are now going to run ComboFix a different way.

Open Notepad by clicking > Run... and in the open box type: Notepad.exe
Press Ok, then copy and paste everything in the code box below into it.
-- Note: Make sure Word Wrap is unchecked in Notepad by clicking on Format in the top menu.

Code:
KillAll::

File::
c:\windows\system32\drivers\avgtpx86.sys
c:\windows\system32\scimon.dll
C:\Documents and Settings\Franklin\Local Settings\Application Data\{1EA2EAA4-99AF-11E1-826E-B8AC6F996F26}\chrome\content\browser.xul
C:\Documents and Settings\Franklin\My Documents\zp800rc2free.exe
DDS::

ClearJavaCache::

Reboot::
  • Save the file as CFScript.txt by choosing Save As... in the File Menu, and save it to your Desktop where the ComboFix icon is also located.
  • Close your browser and disconnect from the Internet.
  • Now use your mouse to drag, then drop the CFScript.txt file on top of ComboFix.exe as seen in the image below.


  • This will start ComboFix again and launch the script.
  • ComboFix may reboot your system when it finishes. This is normal.
  • A log will be created just as before and saved to C:\ComboFix.txt. Please copy and paste the contents of ComboFix.txt in your next reply.
  • Be sure to re-enable your anti-virus and other security programs after the scan is complete.
  • NOTE: if you see a message like this when you attempt to open anything after the reboot "Illegal Operation attempted on a registry key that has been marked for deletion" please reboot the system again and the warning should not return.
Mark1956's Avatar
Malware Removal Specialist with 12,496 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
05-Oct-2012, 03:14 PM #21
As long as everything is running ok after the above, we should be able to start the clean up and reinstall Java.

Please run this to check for anything else important that needs to be updated.

Download Security Check by screen317 from Here or Here.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
tflpfshm's Avatar
tflpfshm tflpfshm is offline
Computer Specs
Member with 18 posts.
THREAD STARTER
 
Join Date: Jan 2011
Experience: Beginner
06-Oct-2012, 02:09 AM #22
ComboFix 12-10-04.02 - Franklin 6/2012 Sat 1:47.2.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.894.720 [GMT -4:00]
Running from: c:\documents and settings\Franklin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Franklin\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"c:\documents and settings\Franklin\Local Settings\Application Data\{1EA2EAA4-99AF-11E1-826E-B8AC6F996F26}\chrome\content\browser.xul"
"c:\documents and settings\Franklin\My Documents\zp800rc2free.exe"
"c:\windows\system32\drivers\avgtpx86.sys"
"c:\windows\system32\scimon.dll"
.
.
((((((((((((((((((((((((( Files Created from 2012-09-06 to 2012-10-06 )))))))))))))))))))))))))))))))
.
.
2012-10-04 07:53 . 2012-10-04 07:53 -------- d-----w- c:\program files\ESET
2012-10-04 01:22 . 2012-10-04 01:22 -------- d-----w- C:\_OTM
2012-10-03 05:08 . 2012-10-03 05:08 -------- d-----w- c:\documents and settings\Franklin\Option
2012-10-03 04:01 . 2012-10-03 04:01 -------- d-----w- c:\documents and settings\Franklin\Application Data\Process Hacker 2
2012-10-03 03:57 . 2012-10-03 03:57 -------- d-----w- c:\program files\Process Hacker 2
2012-10-03 01:01 . 2012-10-03 01:01 -------- d-----w- c:\windows\system32\wbem\Repository
2012-10-02 23:47 . 2012-10-02 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\767003CCFBD97CF80085766F7EDAF9F0
2012-10-02 23:46 . 2012-10-02 23:46 56832 ---ha-w- c:\windows\system32\scimon.dll
2012-09-28 07:47 . 2012-09-28 07:47 -------- d-----w- c:\documents and settings\Franklin\Application Data\DivX
2012-09-27 13:09 . 2012-09-27 13:10 -------- d-----w- c:\program files\Common Files\DivX Shared
2012-09-27 13:08 . 2012-09-27 13:10 -------- d-----w- c:\program files\DivX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-06 05:59 . 2012-06-24 22:57 11232 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-09-20 23:42 . 2012-04-03 09:13 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-20 23:42 . 2012-02-12 07:38 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 21:04 . 2012-08-07 05:39 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-30 17:02 . 2012-08-30 17:02 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-29 00:24 . 2012-07-08 05:09 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-29 00:24 . 2012-02-12 07:06 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-08 17:24 . 2012-09-08 17:24 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2010-07-23 222496]
"SlimDrivers"="c:\program files\SlimDrivers\SlimDrivers.exe" [2012-06-19 27940736]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-18 29744]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-07-10 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-23 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-23 13671016]
"RTHDCPL"="RTHDCPL.EXE" [2000-01-01 18789920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2007-8-16 2342912]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [8/30/2012 1:02 PM 27496]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [3/11/2012 8:28 AM 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/11/2012 8:28 AM 86224]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3/3/2008 4:11 PM 16384]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/2/2012 7:53 PM 399432]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/7/2012 1:39 AM 676936]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [4/7/2008 1:42 AM 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [4/4/2008 6:03 AM 131072]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/7/2012 1:39 AM 22856]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2012 3:40 AM 135664]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/3/2012 5:13 AM 250288]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/24/2012 7:16 PM 1691480]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/18/2008 4:56 PM 29744]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2012 3:40 AM 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 7:29 PM 114144]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [6/24/2012 6:57 PM 11232]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [6/25/2012 4:32 AM 14416]
S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?]
S3 XDva397;XDva397;\??\c:\windows\system32\XDva397.sys --> c:\windows\system32\XDva397.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 23:42]
.
2012-10-06 c:\windows\Tasks\Game_Booster_AutoUpdate.job
- c:\program files\IObit\Game Booster 3\AutoUpdate.exe [2012-06-25 21:57]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-12 07:40]
.
2012-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-12 07:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0808&m=le1200
FF - ProfilePath - c:\documents and settings\Franklin\Application Data\Mozilla\Firefox\Profiles\gcep061y.default-1349230380593\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-06 01:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_ 4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(780)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(4012)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\conime.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Completion time: 2012-10-06 02:03:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-06 06:03
ComboFix2.txt 2012-10-05 16:09
.
Pre-Run: 10,283,196,416 bytes free
Post-Run: 9,333,817,344 bytes free
.
- - End Of File - - B3099F21ACD502AF8B352D966CFFC06C


combofix didn't do anything in normal mode after 4 or so hours.. but i did get this from safe mode.
tflpfshm's Avatar
tflpfshm tflpfshm is offline
Computer Specs
Member with 18 posts.
THREAD STARTER
 
Join Date: Jan 2011
Experience: Beginner
06-Oct-2012, 02:17 AM #23
Results of screen317's Security Check version 0.99.51
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Free Antivirus
ESET Online Scanner v3
Sophos Virus Removal Tool
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.65.0.1400
CCleaner
Adobe Flash Player 11.4.402.265
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (15.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
Mark1956's Avatar
Malware Removal Specialist with 12,496 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
06-Oct-2012, 08:31 AM #24
Please run Combofix in Normal and just do a scan with it and post the log. I just need to make quite sure the infected file, scimon.dll, really has gone. Once that is checked and you have completed all the steps below we just have to clean up the tools used.

Now follow these steps to update a few things:

STEP 1
Follow this to defrag the hard drive: How to defragment the hard drive

STEP 2
Adobe
Close any programs you may have running - especially your web browser.
Click on Start > Control Panel, double-click on Programs and Features and uninstall the following Adobe entries:

Adobe Reader 8

NOTE: For XP click on > Control Panel, double-click on Add or Remove Programs and continue as above.

Then go to this link Adobe Downloads and select the latest version to download and install. You will see this page below, click on the appropriate button for for the Adobe product that was just removed.



You will now see a page similar to this one:



All four Adobe products, Reader, Flash Player, Air and Shockwave Player are set by default to download the version for Windows Operating Systems and for Internet Explorer in English. If you are using a Macintosh, or you want to use the Adobe product with a different Browser or language you must click on the line (as indicated in the above image) to make further selections to meet your requirements.

As you will see in the above image the Adobe Reader is set for Windows 7, please click (as indicated) if you are using a different version of Windows to make further selections. All the other Adobe products are universal and you will only need to change the selection for different Browsers, Languages or for Macintosh.
NOTE: In all the downloads look out for the Google Toolbar and uncheck the box if you do not need it.

Some additional instructions may appear for XP installations. In all cases save the download to your desktop, then close your browser and double click on the Adobe icon on your desktop to install it. If you have any problems installing, disconnect from the internet and disable your Anti Virus and any other security software, instructions for most AV's, etc. can be found here: How to disable security software.

STEP 3
How to install the latest version of Java.
  • Open the browser that you normally use and click on this link: Java Download
  • Click on the big red button Free Java Download
  • On the next page click on the big red button Agree and Start Free Download
  • Select Run whenever the option appears. If no Run option appears click on Save and then when the download completes click on Run. If a User Account Control warning appears click on Continue.
  • When the Welcome to Java window appears click on Install.
  • It may takes several minutes to download the installer depending on the speed of your connection, allow it to complete.
  • If any error messages appear click on OK and then click on the Agree and start free download button again.
  • Please wait for the Java Setup window to appear. Uncheck the box to install the Ask Toolbar and then click on Next.
  • NOTE: The Ask Toolbar option may change without notice to something different, please make sure you uncheck the box for anything else that is offered. On some systems this offer may not appear, in which case, continue with the next instruction.
  • You will then see the Java Setup Progress window and another will appear for JavaFX (on some systems the JavaFX will not appear or be installed). Finally the Java Setup Complete window will appear, click on Close.
  • If a Java page then appears with a button to Verify Java Version click on it and it will verify the installation.
  • The Installation is now complete, please reboot the system.
  • NOTE: The JavaFX component is not required unless you are developing Java applications. It is perfectly safe to keep on your system, but if you wish to uninstall it please do so.



STEP 4
Internet Explorer
Your Internet Explorer is out of date, the latest version for XP has a better level of security which helps to stop malicious software from reaching your PC.
Internet Explorer 8 for Windows XP
tflpfshm's Avatar
tflpfshm tflpfshm is offline
Computer Specs
Member with 18 posts.
THREAD STARTER
 
Join Date: Jan 2011
Experience: Beginner
06-Oct-2012, 07:05 PM #25
i'm not sure why, but i can't get combofix to work in normal mode. after the "it may take 20 minutes to run/double for badly infected computers" text it does nothing, i left it running for half a day, no change. i disabled my antivirus while off the internet, but i'm not sure if i really disabled it or if there's some other measure of AV running that i'm not sure about or what.. but CF wouldn't run past the prompt. i did follow through on the steps posted though...
i mean.... , i couldn't run Combo Fix in normal mode to scan for scimon.dll, but i did get though steps 1-4..


Results of screen317's Security Check version 0.99.51
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Free Antivirus
ESET Online Scanner v3
Sophos Virus Removal Tool
Avira successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.65.0.1400
CCleaner
Java 7 Update 7
Adobe Flash Player 11.4.402.265
Adobe Reader X (10.1.4)
Mozilla Firefox (15.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 3%
````````````````````End of Log``````````````````````

Last edited by tflpfshm; 07-Oct-2012 at 06:46 AM..
Mark1956's Avatar
Malware Removal Specialist with 12,496 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
07-Oct-2012, 11:56 AM #26
I guess I must have been half asleep when I looked at the last Combofix log as it clearly shows at the top that the file in question was removed. It is a bit odd that it will not run now, but could be due to your Anti Virus, usually it will warn you if the Anti Virus is still active.

Please try and run it again and if it won't run then delete the icon on your desktop and download a fresh copy and try again.

If it still won't run boot into Safe Mode and try again.
tflpfshm's Avatar
tflpfshm tflpfshm is offline
Computer Specs
Member with 18 posts.
THREAD STARTER
 
Join Date: Jan 2011
Experience: Beginner
08-Oct-2012, 04:01 PM #27
still wouldn't boot, but i'll try in safe mode now
Mark1956's Avatar
Malware Removal Specialist with 12,496 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
08-Oct-2012, 04:49 PM #28
If it still won't boot we may be looking at a reinfection, if no joy with Combofix please run RogueKiller again and post the log.
tflpfshm's Avatar
tflpfshm tflpfshm is offline
Computer Specs
Member with 18 posts.
THREAD STARTER
 
Join Date: Jan 2011
Experience: Beginner
09-Oct-2012, 09:23 PM #29
ComboFix 12-10-09.01 - Franklin 9/2012 Tue 21:06:35.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.894.552 [GMT -4:00]
Running from: c:\documents and settings\Franklin\Desktop\blah.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-10 to 2012-10-10 )))))))))))))))))))))))))))))))
.
.
2012-10-09 17:34 . 2012-10-09 17:34 -------- d-----w- c:\documents and settings\Franklin\Local Settings\Application Data\Sun
2012-10-09 06:30 . 2012-10-09 06:30 -------- d-----w- c:\windows\LastGood
2012-10-08 19:41 . 2012-10-08 19:41 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-10-07 01:38 . 2012-10-07 01:38 -------- d-sh--w- c:\documents and settings\Franklin\IECompatCache
2012-10-07 01:37 . 2012-10-07 01:37 -------- d-sh--w- c:\documents and settings\Franklin\PrivacIE
2012-10-07 01:33 . 2012-10-07 01:33 -------- d-sh--w- c:\documents and settings\Franklin\IETldCache
2012-10-07 01:24 . 2012-10-07 01:26 -------- dc-h--w- c:\windows\ie8
2012-10-07 01:20 . 2012-08-28 15:14 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-10-07 01:18 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-10-07 01:18 . 2012-08-28 15:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-10-07 01:18 . 2012-08-28 15:14 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-10-07 01:18 . 2012-08-28 15:14 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-10-07 01:13 . 2012-10-07 01:13 -------- d-----w- c:\program files\Common Files\Java
2012-10-07 01:13 . 2012-10-07 01:12 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-07 01:13 . 2012-10-07 01:12 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-07 01:12 . 2012-10-07 01:12 -------- d-----w- c:\program files\Java
2012-10-04 07:53 . 2012-10-04 07:53 -------- d-----w- c:\program files\ESET
2012-10-04 01:22 . 2012-10-04 01:22 -------- d-----w- C:\_OTM
2012-10-03 05:08 . 2012-10-03 05:08 -------- d-----w- c:\documents and settings\Franklin\Option
2012-10-03 04:01 . 2012-10-03 04:01 -------- d-----w- c:\documents and settings\Franklin\Application Data\Process Hacker 2
2012-10-03 03:57 . 2012-10-03 03:57 -------- d-----w- c:\program files\Process Hacker 2
2012-10-03 01:01 . 2012-10-03 01:01 -------- d-----w- c:\windows\system32\wbem\Repository
2012-10-02 23:47 . 2012-10-02 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\767003CCFBD97CF80085766F7EDAF9F0
2012-09-28 07:47 . 2012-09-28 07:47 -------- d-----w- c:\documents and settings\Franklin\Application Data\DivX
2012-09-27 13:09 . 2012-09-27 13:10 -------- d-----w- c:\program files\Common Files\DivX Shared
2012-09-27 13:08 . 2012-09-27 13:10 -------- d-----w- c:\program files\DivX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 06:29 . 2012-06-24 22:57 11232 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-10-08 20:41 . 2012-04-03 09:13 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 20:41 . 2012-02-12 07:38 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-07 01:12 . 2012-02-12 07:06 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-07 21:04 . 2012-08-07 05:39 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-29 00:24 . 2012-07-08 05:09 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-28 15:14 . 2007-08-14 01:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2007-08-14 01:44 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2007-08-14 01:45 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-09-08 17:24 . 2012-09-08 17:24 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2010-07-23 222496]
"SlimDrivers"="c:\program files\SlimDrivers\SlimDrivers.exe" [2012-06-19 27940736]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-18 29744]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-07-10 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-23 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-23 13671016]
"RTHDCPL"="RTHDCPL.EXE" [2000-01-01 18789920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2007-8-16 2342912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [3/11/2012 8:28 AM 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/11/2012 8:28 AM 86224]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3/3/2008 4:11 PM 16384]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/2/2012 7:53 PM 399432]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/7/2012 1:39 AM 676936]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [4/7/2008 1:42 AM 50424]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/7/2012 1:39 AM 22856]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2012 3:40 AM 135664]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [4/4/2008 6:03 AM 131072]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/3/2012 5:13 AM 250808]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/24/2012 7:16 PM 1691480]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/18/2008 4:56 PM 29744]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2012 3:40 AM 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 7:29 PM 114144]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [6/24/2012 6:57 PM 11232]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [6/25/2012 4:32 AM 14416]
S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?]
S3 XDva397;XDva397;\??\c:\windows\system32\XDva397.sys --> c:\windows\system32\XDva397.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TrueSight
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 20:41]
.
2012-10-09 c:\windows\Tasks\Game_Booster_AutoUpdate.job
- c:\program files\IObit\Game Booster 3\AutoUpdate.exe [2012-06-25 21:57]
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-12 07:40]
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-12 07:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW
TCP: DhcpNameServer = 192.168.2.1 192.168.1.1
FF - ProfilePath - c:\documents and settings\Franklin\Application Data\Mozilla\Firefox\Profiles\gcep061y.default-1349230380593\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-09 21:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_ 4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2012-10-09 21:20:13
ComboFix-quarantined-files.txt 2012-10-10 01:20
ComboFix2.txt 2012-10-08 20:33
ComboFix3.txt 2012-10-06 08:19
ComboFix4.txt 2012-10-06 06:03
ComboFix5.txt 2012-10-10 01:04
.
Pre-Run: 22,576,926,720 bytes free
Post-Run: 22,558,105,600 bytes free
.
- - End Of File - - BCAC51F35D75339196997EC991F49161


wow, combofix ran all the way though this time

sorry, i thought i posted the log last time, but this one is current.
Mark1956's Avatar
Malware Removal Specialist with 12,496 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
10-Oct-2012, 05:25 AM #30
The log is looking good, as long as you have no further issues then we can start the clean up.


To re-enable your CD Emulation drivers if you disabled them, double click DeFogger.exe to run the tool again.

  • The application window will appear.
  • Click the Re-enable button to re-enable your CD Emulation drivers.
  • Click Yes to continue.
  • A 'Finished!' message will appear.
  • Click OK.
  • DeFogger will now ask to reboot the machine...click OK.

To uninstall ComboFix, press the WINKEY + R keys on your keyboard or click > Run... and in the Open dialog box, type: ComboFix /Uninstall



  • Press OK.
    -- Vista/Windows 7 users refer to these instructions.
  • If you encounter any problems using the switch from the Run dialog box, just rename ComboFix.exe to Uninstall.exe, then double-click on it to remove.
  • This will delete ComboFix's related folders/files, reset the clock settings, hide file extensions/system files, clear the System Restore cache to prevent possible reinfection and create a new Restore point.
  • When it has finished you will see a dialog box stating that "ComboFix has been uninstalled".
  • After that, you can delete the ComboFix.exe program from your computer (Desktop).

  • Next
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program.
    If you are using Vista or Windows 7, please right-click and choose Run as Administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

-- Doing this will remove any specialized tools downloaded and used. If OTC does not delete itself, then delete the file manually when done.
-- Any leftover folders/files related to ComboFix or other tools which OTC did not remove can be deleted manually (right-click on it and choose delete).


Please post back when this is complete and let me know if you have had any problems.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑