It is currently Thu Apr 27, 2017 8:02 am


My work computer is compromised!

Is your PC infected? Is it running slow? Just can't figure out what's making it sluggish? Here is the place to get some help.

Moderators: liljim, Gecko

My work computer is compromised!

Postby BigDMasher » Wed Dec 14, 2016 6:35 pm

Hello and thank you in advance!

I work as a service advisor at an auto repair shop and we have two computers that have some issues. One is Windows 10 (this one) and the other is Windows 7. This topic will relate to the Win 10 computer. This computer has a lot of critical software and information that would make a fresh install very inconvenient. I recently installed ESET and ran the SYSINSPECTOR. Will this information file work for you?

Big D Masher
BigDMasher
Newbie
Newbie
 
Posts: 5
Joined: Wed Dec 14, 2016 6:03 pm
Location: California
Operating System: Win 10

Thanks given:0
Thanks received:0
Top

Re: My work computer is compromised!

Postby BigDMasher » Wed Dec 14, 2016 11:34 pm

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10240.16603 BrowserJavaVersion: 11.111.2
Run by maximum at 14:32:06 on 2016-12-14
Microsoft Windows 10 Pro 10.0.10240.0.1252.1.1033.18.8109.4279 [GMT -8:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Internet Security 10.0.369.0 *Enabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
SP: ESET Internet Security 10.0.369.0 *Enabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\SysWOW64\atashost.exe
C:\WINDOWS\system32\svchost.exe -k apphost
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\imdsksvc.exe
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\RDMSOService.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\ProgramData\CAM Commerce Solutions\X-Charge\Application\XCSecurityService.exe
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Mitchell1\DataProtection\Mitchell1.DPR.BCS.exe
C:\Program Files (x86)\Mitchell1\DataProtection\Mitchell1.DPR.ABS.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.SHOPSTREAM\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\M1-SK\M1-SK Software Updater Host\FileSystemMonitorService.exe
C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
C:\Program Files (x86)\Dell Update\DellUpService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
C:\Program Files\Dell\DellDataVault\DellDataVault.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\dwm.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\ESET\ESET Internet Security\egui.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\sihost.exe
C:\Program Files (x86)\M1-SK\M1-SK Software Updater Host\M1-SK.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Users\maximum\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Mitchell1\DataProtection\Mitchell1.DPR.BMA.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\M1-SK\Teamworks\ShopStreamXtShell.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Dell Update\DellUpTray.exe
C:\WINDOWS\splwow64.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\System32\fontdrvhost.exe
C:\Program Files\Dell\SupportAssist\uaclauncher.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uURLSearchHooks: <No Name>: {4c60e5ab-5c68-4c59-abaa-885010b24b32} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
TB: FromDocToPDF: {c66a678d-5e6c-4af9-8f57-c6192f42cf74} -
uRun: [Google Update] "C:\Users\maximum\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [OneDrive] "C:\Users\maximum\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Extensible Authentication Endpoint] C:\qzqnidyikbg\cxjjenyj.exe
uRun: [dfdd7a59-09c9-bb3b-a942-7be36de0243c] C:\Users\maximum\AppData\Local\Microsoft\808f97da-466c-ba8a-a60f-3b51f60e0936\598f8b3c-c4f1-4f3e-8a68-0113fa7c1525.exe
uRun: [Source PNRP TCP/IP Defragmenter] C:\Users\maximum\AppData\Local\eytcttesdul.exe
uRun: [Outlook Setup Assistant] C:\Program Files (x86)\GoDaddy\Outlook Setup Assistant\Go365Outlook.exe
uRun: [HP Officejet Pro 8610 (NET)] "C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe" -deviceID "CN63JFX123:NW" -scfn "HP Officejet Pro 8610 (NET)" -AutoStart 1
uRun: [RESTART_STICKY_NOTES] C:\WINDOWS\System32\StikyNot.exe
uRunOnce: [Uninstall C:\Users\maximum\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\maximum\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
uRunOnce: [Uninstall C:\Users\maximum\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\maximum\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
uRunOnce: [Uninstall C:\Users\maximum\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\maximum\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
uRunOnce: [Uninstall C:\Users\maximum\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\maximum\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
uRunOnce: [Uninstall C:\Users\maximum\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\maximum\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
uRunOnce: [Uninstall C:\Users\maximum\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\maximum\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
uRunOnce: [Uninstall C:\Users\maximum\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\maximum\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
uRunOnce: [Uninstall C:\Users\maximum\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\maximum\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
uRunOnce: [Uninstall C:\Users\maximum\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\maximum\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [DropboxOEM] "C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe" auto
mRun: [CAMMonitor] C:\ProgramData\CAM Commerce Solutions\X-Charge\Application\XChrgSrv.exe
mRun: [Mitchell 1 DataProtection Backup Monitor] "C:\Program Files (x86)\Mitchell1\DataProtection\Mitchell1.DPR.BMA.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mExplorerRun: [BtvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
StartupFolder: C:\Users\maximum\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\WINDOWS\System32\RunDll32.exe
StartupFolder: C:\Users\maximum\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~2.LNK - C:\WINDOWS\System32\RunDll32.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoLowDiscSpaceChecks = dword:1
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: DisableCAD = dword:1
mPolicies-Explorer: NoLowDiscSpaceChecks = dword:1
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
Trusted Zone: oeconnection.com
DPF: {3D6F2DBA-F4E5-40A6-8725-E99BC96CC23A} - hxxp://192.168.1.18/speco_control.cab
DPF: {A6B11FA9-502E-44BE-8D0F-BC76CE036AE4} - hxxp://192.168.1.18/speco_webviewer.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0280edc6-5cc5-45e0-a411-3ffe6d1ef0c4} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{27124b52-7697-4a8d-9f9b-d819d9f606cc} : DHCPNameServer = 192.168.1.1
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = about:blank
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4P1
x64-Run: [Logitech Download Assistant] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\LogiLDA.dll,LogiFetch
x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\WINDOWS\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\WINDOWS\System32\igfxpers.exe"
x64-Run: [RtHDVBg_PushButton] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /IM
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-ExplorerRun: [BtvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: DisableCAD = dword:1
x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\maximum\AppData\Roaming\Mozilla\Firefox\Profiles\1o8f282z.default\
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrlui.dll
FF - plugin: C:\Users\maximum\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll
FF - plugin: C:\Users\maximum\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Users\maximum\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\maximum\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll
.
============= SERVICES / DRIVERS ===============
.
R0 edevmon;edevmon;C:\WINDOWS\System32\drivers\edevmon.sys [2016-10-7 212096]
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2015-1-13 1455552]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-7-10 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-7-10 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-8-21 200528]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-7-10 215552]
R1 eamonm;eamonm;C:\WINDOWS\System32\drivers\eamonm.sys [2016-10-7 232072]
R1 epfwwfp;epfwwfp;C:\WINDOWS\System32\drivers\epfwwfp.sys [2016-10-7 91784]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-7-10 83968]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-12-9 8192]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2015-10-1 149752]
R2 AWEAlloc;AWE Memory Allocation Driver;C:\WINDOWS\System32\drivers\awealloc.sys [2015-3-16 20536]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-7-10 39856]
R2 Dell Customer Connect;Dell Customer Connect;C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [2016-9-9 132472]
R2 Dell Foundation Services;Dell Foundation Services;C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [2016-4-29 153960]
R2 DellDataVault;Dell Data Vault;C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2016-6-23 2572024]
R2 DellDataVaultWiz;Dell Data Vault Wizard;C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [2016-6-23 202488]
R2 DellUpdate;Dell Update Service;C:\Program Files (x86)\Dell Update\DellUpService.exe [2015-8-27 237272]
R2 DiagTrack;Diagnostics Tracking Service;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-7-10 39856]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Internet Security\ekrn.exe [2016-10-11 2815520]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2016-3-16 29728]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2015-6-23 18856]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2015-7-17 350312]
R2 ImDisk;ImDisk Virtual Disk Driver;C:\WINDOWS\System32\drivers\imdisk.sys [2015-3-16 43584]
R2 ImDskSvc;ImDisk Virtual Disk Driver Helper;C:\WINDOWS\System32\imdsksvc.exe [2015-3-16 18016]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2015-6-24 223008]
R2 Mitchell1DataProtectionABS;Mitchell1 DataProtection Application Backup;C:\Program Files (x86)\Mitchell1\DataProtection\Mitchell1.DPR.ABS.exe [2013-2-14 43464]
R2 Mitchell1DataProtectionBCS;Mitchell1 DataProtection Backup Controller;C:\Program Files (x86)\Mitchell1\DataProtection\Mitchell1.DPR.BCS.exe [2013-2-14 78792]
R2 MSSQL$SHOPSTREAM;SQL Server (SHOPSTREAM);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.SHOPSTREAM\MSSQL\Binn\sqlservr.exe [2015-3-29 43130032]
R2 RDMSOService;RDMSOService;C:\Windows\SysWOW64\RDMSOService.exe [2015-4-14 128448]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2015-6-24 303360]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-7-10 61952]
R2 SupportAssistAgent;Dell SupportAssist Agent;C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [2016-9-9 31704]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R2 XCSecurity;X-Charge Security;C:\ProgramData\CAM Commerce Solutions\X-Charge\Application\XCSecurityService.exe [2015-4-14 2073088]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2015-1-13 81536]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\WINDOWS\System32\drivers\btath_bus.sys [2013-7-2 34384]
R3 BtFilter;BtFilter;C:\WINDOWS\System32\drivers\btfilter.sys [2015-3-9 599240]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2015-7-10 237568]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
R3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R3 DDDriver;DDDriver;C:\WINDOWS\System32\drivers\DDDriver64Dcsa.sys [2015-2-26 23760]
R3 DellProf;DellProf;C:\WINDOWS\System32\drivers\DellProf.sys [2015-5-22 24240]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
R3 FileSystemMonitorService;Mitchell1/Snap-on Update Service;C:\Program Files (x86)\M1-SK\M1-SK Software Updater Host\FileSystemMonitorService.exe [2014-12-5 69424]
R3 Intel(R) Security Assist;Intel(R) Security Assist;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [2015-5-19 335872]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-7-10 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\WINDOWS\System32\drivers\RtsUStor.sys [2015-1-13 263896]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-7-10 587264]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2015-7-10 24576]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2015-7-10 214016]
S0 eelam;eelam;C:\WINDOWS\System32\drivers\eelam.sys [2016-7-20 15488]
S2 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 ekbdflt;ekbdflt;C:\WINDOWS\System32\drivers\ekbdflt.sys [2016-10-7 48768]
S2 isaHelperSvc;Intel(R) Security Assist Helper;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [2015-5-19 7680]
S2 M1SKBackupService;M1-SK Auto Backup Service;C:\Program Files (x86)\M1-SK\Teamworks\Mitchell1.BackupService.exe [2015-9-4 91952]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-7-10 39856]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-7-10 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-7-10 39856]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-7-10 17624]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-7-10 39856]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-1 36352]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2015-7-10 116736]
S3 CDPSvc;CDPSvc;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-7-10 27136]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 ESETCleanersDriver;ESET Cleaner Service;C:\WINDOWS\System32\drivers\ESETCleanersDriver.sys [2016-12-14 181160]
S3 fcvsc;fcvsc;C:\WINDOWS\System32\drivers\fcvsc.sys [2015-7-10 31232]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-7-10 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-7-10 50016]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-7-10 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-7-10 122608]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-7-10 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-7-10 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-7-10 115200]
S3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2015-9-8 475384]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2015-5-22 881152]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-7-10 43872]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-7-10 26624]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-7-10 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-7-10 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-7-10 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-7-10 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2015-7-10 94720]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\lsass.exe [2015-7-10 56344]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-7-10 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-7-10 58720]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-8-20 934752]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-8-20 1031680]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-7-10 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-7-10 39856]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-8-21 80720]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-7-10 40288]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-7-10 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-8-20 46080]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-7-10 44032]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-7-10 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-7-10 245088]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-7-10 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-7-10 127840]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-7-10 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-7-10 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-7-10 27488]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-7-10 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2015-7-10 39856]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-8-21 685568]
S3 WdNisDrv;WdNisDrv;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-7-10 119648]
S3 WdNisSvc;WdNisSvc;"C:\Program Files\Windows Defender\NisSrv.exe" --> C:\Program Files\Windows Defender\NisSrv.exe [?]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-7-10 39856]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-7-10 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-7-10 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-7-10 39856]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2015-7-10 222720]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 XCService;X-Charge Server;C:\ProgramData\CAM Commerce Solutions\X-Charge\Application\XCService.exe [2015-4-14 461824]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2015-7-10 25600]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 44896]
S4 SQLAgent$SHOPSTREAM;SQL Server Agent (SHOPSTREAM);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.SHOPSTREAM\MSSQL\Binn\SQLAGENT.EXE [2015-3-29 381104]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2016-12-14 22:29:04 -------- d-----w- C:\Users\maximum\AppData\Roaming\ESET
2016-12-14 20:23:51 16148 ----a-w- C:\WINDOWS\System32\MAXIMUM-PC_maximum_HistoryPrediction.bin
2016-12-14 17:43:19 -------- d-----w- C:\Users\maximum\SysInspector-MAXIMUM-PC-161214-073934
2016-12-14 15:32:52 181160 ----a-w- C:\WINDOWS\System32\drivers\ESETCleanersDriver.sys
2016-12-14 15:30:10 -------- d--h--w- C:\OneDriveTemp
2016-12-06 16:51:07 -------- d-----w- C:\Users\maximum\AppData\Local\ESET
2016-12-06 16:40:34 -------- d-----w- C:\Program Files\ESET
.
==================== Find3M ====================
.
2016-12-14 15:28:57 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-10-25 15:09:57 97856 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2016-10-08 04:31:10 91784 ----a-w- C:\WINDOWS\System32\drivers\epfwwfp.sys
2016-10-08 04:31:10 76416 ----a-w- C:\WINDOWS\System32\drivers\epfw.sys
2016-10-08 04:31:10 48768 ----a-w- C:\WINDOWS\System32\drivers\ekbdflt.sys
2016-10-08 04:31:10 232072 ----a-w- C:\WINDOWS\System32\drivers\eamonm.sys
2016-10-08 04:31:10 212096 ----a-w- C:\WINDOWS\System32\drivers\edevmon.sys
2016-10-08 04:31:10 177792 ----a-w- C:\WINDOWS\System32\drivers\ehdrv.sys
2016-09-20 20:26:40 200 ----a-w- C:\WINDOWS\System32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
.
============= FINISH: 14:32:37.98 ===============
BigDMasher
Newbie
Newbie
 
Posts: 5
Joined: Wed Dec 14, 2016 6:03 pm
Location: California
Operating System: Win 10

Thanks given:0
Thanks received:0
Top

Re: My work computer is compromised!

Postby Gecko » Sun Dec 18, 2016 5:11 pm

BigDMasher,

It's been years since I've seen a HJT log of any type. I do see some entries that are questionable but I'm not going to recommend anything at this point based on the supplied log.

What makes you believe that you system is compromised?

Have you run a detection and removal scan using ESET?

Do you have any idea why the two following items are in your start menu?
StartupFolder: C:\Users\maximum\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\WINDOWS\System32\RunDll32.exe
StartupFolder: C:\Users\maximum\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~2.LNK - C:\WINDOWS\System32\RunDll32.exe
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5205
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: My work computer is compromised!

Postby BigDMasher » Mon Dec 19, 2016 5:38 pm

Thank you for your reply! When I started working here, I realized that my new co-workers are more computer illiterate than I. I tried updating Windows (showed the last update was early 2015). The update tool would just search forever and never indicate an update was found. I even tried through a browser with the same effect. Also, printer functions (wi-fi with good signal) are glitchy at best. I can use another computer and the printer functions normally. I have done a thorough scan of the computer with ESET and there are many files that come up as damaged. ESET did clean a few threats, but this did not change the performance of the computer. Is there a way I can attach ESET's log for you to view?

Thank you,
Big D Masher
BigDMasher
Newbie
Newbie
 
Posts: 5
Joined: Wed Dec 14, 2016 6:03 pm
Location: California
Operating System: Win 10

Thanks given:0
Thanks received:0
Top

Re: My work computer is compromised!

Postby BigDMasher » Mon Dec 19, 2016 8:11 pm

- SNIP -

"Do you have any idea why the two following items are in your start menu?
StartupFolder: C:\Users\maximum\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\WINDOWS\System32\RunDll32.exe
StartupFolder: C:\Users\maximum\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~2.LNK - C:\WINDOWS\System32\RunDll32.exe[/quote]"

Just checked them out. I believe those monitor the ink levels in my HP printer.

Big D Masher
BigDMasher
Newbie
Newbie
 
Posts: 5
Joined: Wed Dec 14, 2016 6:03 pm
Location: California
Operating System: Win 10

Thanks given:0
Thanks received:0
Top

Re: My work computer is compromised!

Postby Gecko » Thu Dec 22, 2016 11:16 pm

The fact that you can't update is significant, are you sure that there's not an update downloading or waiting to be installed?
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5205
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: My work computer is compromised!

Postby BigDMasher » Fri Dec 23, 2016 1:30 am

Yes. I am sure. May I send you the log file from ESET. It indicates many windows files that are corrupted. It is too long a file to fit here (77 pages). (0x80080005) code when attempting to update Windows. Is there a way to attach a file here?


Dan
BigDMasher
Newbie
Newbie
 
Posts: 5
Joined: Wed Dec 14, 2016 6:03 pm
Location: California
Operating System: Win 10

Thanks given:0
Thanks received:0
Top


Return to Malware Support

Who is online

Users browsing this forum: No registered users and 2 guests

cron