After smitfraud

dadpad · Apr 20, 2007

I have recently had a smitfraud infection. My resident AV picked out many malignant programs.

I have now run your special removal proceedures thread as per here http://forums.majorgeeks.com/showthread.php?t=74265

Attatched are the requested logs. in addition I have included a hjt log.

I have removed the files mentioned by panda via windows explorer using the undelete files associated with each infection and or just deleted the file specified, (except for smitrem associated files)

Please advise if further malware removal proceedures are required.

At this point my computer seems to be running fine

Thank you for the work you do here.

dadpad · Apr 20, 2007

I seem unable to upload the hjt log

Edit: I see the HJT log was attatched to my first post.

chaslang · Apr 20, 2007

You did not run this READ & RUN ME FIRST Before Asking for Support as requested in the procedure you ran! It stated that this must be run before attaching a HijackThis log! You need to run it. You more than likely have a load of things remaining including PurityScan infections.

dadpad · Apr 20, 2007

Thanks for your guidance.

From the read and run me first thread

Before you start the below procedure, you may want to first check to see if your problem is covered in the Special Removal Procedures sticky thread. If it is, try that procedure first and come back here to the READ & RUN ME if necessary afterwards.
Click to expand...

From the special removal proceedure

# Now please attach the smitfiles.txt and PandaActiveScanlog to your next reply. And also tell us how things are working.
Click to expand...

<Shrug> Happy to do it if it makes things easier for you.

Prior to running the advised thread. I have attached the system startup list from spybot.

should I activate all of these programs? Will I be reinfected? will they be activated if I choose normal startup in msconfig?

chaslang · Apr 20, 2007

dadpad said: ↑

From the special removal proceedure
Click to expand...

Yes I know! But you also attached a HijackThis log and the special removal procedure clearly states this:

If you are still having problems, you should work thru standard cleaning procedures given in this Sticky thread READ & RUN ME FIRST Before Asking for Support and then after completing the READ & RUN ME attach a HijackThis log if necessary.
Click to expand...

You are still infected and you need to follow all of the directions in the READ & RUN ME and then attach the six logs that are requested in the READ ME. The procedure must be followed in the order written. Some of the items you show as disabled in your Spybot log are related to Virtumonde and it typically can put a load of other files on your system.

dadpad · Apr 21, 2007

set ms config to normal start up.
reset spy bot startup files to start all
start in safe mode
run spybot

run counter spy. log attatched

Reconnect and reboot in safe mode with networking

Bit defender would not run and offered this message

This website is not Authorised to host this activeX control
Please contact the webmaster of this website or report to bit defender et the email address scanonline "at" bitdefender "dot" com
Click to expand...

Panda active scan: log attached

Restarting this system in normal mode was difficult, the system recycled several times automatically, eventually starting and running to allow access for this post.

Get runkey would not run and offered this message

The system was unable to find the specified registry key or value
Click to expand...

show new: log attached

Your advice would be welcolme.

dadpad · Apr 21, 2007

Hijack this log attached

chaslang · Apr 21, 2007

You have a PurityScan infection. Please run ComboFix as indicated below.

Download this file - combofix.exe

Double click combofix.exe & follow the prompts.

When finished, it will produce a log for you. Attach this log to your next reply

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

dadpad said: ↑

Get runkey would not run and offered this message
Click to expand...

You just need to allow it to run thru to completion. Based on your ShowNew log, I can see you did not allow GetRunKey to finish running. That is not a message that causes the program not to work. It is an intermediate message about a particular key that does not exist. The program just continues after that. Run it again and wait for it to finish. Then attach the log.

Do you or did you play games (maybe Maple Story) on this PC? I see the below file which is considered a rootkit install for game guard.

C:\WINDOWS\system32\drivers\dump_wmimmc.sys

I also see the below files that have todays date. Do you know what they are from?
Code:
"C:\WINDOWS\system32\drivers\"
km1885~1.u2k  21 Apr 2007          64  "kmxcfg.u2k4"
km1895~1.u2k  21 Apr 2007          64  "kmxcfg.u2k5"
km18a5~1.u2k  21 Apr 2007          64  "kmxcfg.u2k6"
km18b5~1.u2k  21 Apr 2007          64  "kmxcfg.u2k7"
kmxcfg~1.u2k  21 Apr 2007      178962  "kmxcfg.u2k0"
kmxcfg~2.u2k  21 Apr 2007          64  "kmxcfg.u2k1"
kmxcfg~3.u2k  21 Apr 2007          64  "kmxcfg.u2k2"
kmxcfg~4.u2k  21 Apr 2007          64  "kmxcfg.u2k3"
Now make sure you attach the below logs when you come back:

ComboFix

GetRunKey

a new log from ShowNew

dadpad · Apr 21, 2007

When checking this board for your reply my Av CA Etrust detected and cleaned several items. I disconected from the internet and ran counterspy again in safe mode which showed no further infection.
Then proceeded to follow you instructions.

chaslang said: ↑

You have a PurityScan infection. Please run ComboFix as indicated below.
Click to expand...

combofix log attatched.
a pop up gave me the following message:
3821.cfexe has encountered a problem and needs to close.
we are sorry for the inconvienience
Please tell microsoft about this problem.
(the standard microsoft error popup)

I believe combofix had finished when this pop up occurred as the combo fix window had the following message.
almost done...
A report of combofix actions would be provided at C:\combofix.txt."

combo fix log attached. (some items were quarantined and a quarantined files txt created)

chaslang said: ↑

Do you or did you play games (maybe Maple Story) on this PC? I see the below file which is considered a rootkit install for game guard.

C:\WINDOWS\system32\drivers\dump_wmimmc.sys
Click to expand...

I have a teenage son and daughter. maple story is unknown to my son. My son plays battlefield 2 and Albatross (a Golf type game) recently. runescape featured for some time regularly. 2nd life has been played (now supposed to be banned but...??? However I would not assume these are the only games played.
chaslang said: ↑
I also see the below files that have todays date. Do you know what they are from?
Code:
"C:\WINDOWS\system32\drivers\"
km1885~1.u2k  21 Apr 2007          64  "kmxcfg.u2k4"
km1895~1.u2k  21 Apr 2007          64  "kmxcfg.u2k5"
km18a5~1.u2k  21 Apr 2007          64  "kmxcfg.u2k6"
km18b5~1.u2k  21 Apr 2007          64  "kmxcfg.u2k7"
kmxcfg~1.u2k  21 Apr 2007      178962  "kmxcfg.u2k0"
kmxcfg~2.u2k  21 Apr 2007          64  "kmxcfg.u2k1"
kmxcfg~3.u2k  21 Apr 2007          64  "kmxcfg.u2k2"
kmxcfg~4.u2k  21 Apr 2007          64  "kmxcfg.u2k3"
Click to expand...
These files are unknown to me. I am the only person to use this computer since I noticed infections. Could they be associated with the website Able to know? this site is sometimes refered to as A2k. (similar to u2k). I visited this web site on the 21st I think.

chaslang said: ↑

Now make sure you attach the below logs when you come back:

ComboFix

GetRunKey

a new log from ShowNew

Click to expand...

logs attached as requested

on shutting this computer down I recieved a message similar to this.
Ati2evxx.exe? ???????could not copy a memory???????
click to cancell, debugg, close
I was not able to copy this down before the computer shut down.
This may be associated with a recent microsoft update.

on restarting and reconnecting to the internet I recieved this message
Firefox is not set as your default browser (It should be) would you like to make this your default browser
I chose yes and always perform this check

chaslang · Apr 22, 2007

Please put the below files into a ZIP file and attach the ZIP to your next message.
Code:
 "C:\WINDOWS\system32\drivers\"
km1885~1.u2k  22 Apr 2007          64  "kmxcfg.u2k4"
km1895~1.u2k  22 Apr 2007          64  "kmxcfg.u2k5"
km18a5~1.u2k  22 Apr 2007          64  "kmxcfg.u2k6"
km18b5~1.u2k  22 Apr 2007          64  "kmxcfg.u2k7"
kmxcfg~1.u2k  22 Apr 2007      248984  "kmxcfg.u2k0"
kmxcfg~2.u2k  22 Apr 2007          64  "kmxcfg.u2k1"
kmxcfg~3.u2k  22 Apr 2007          64  "kmxcfg.u2k2"
kmxcfg~4.u2k  22 Apr 2007          64  "kmxcfg.u2k3"
Uninstall the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below two folders which may be left behind by the uninstall:
C:\Documents and Settings\All Users\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software

Continue by downloading a tool we will need - Pocket KillBox

Save it to its own folder somewhere that you will be able to locate it later.

Now run Pocket Killbox by doubleclicking on killbox.exe

select File, Cleanup, Delete All Backups

Choose Tools > Delete Temp Files and click Delete Selected Temp Files.

Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

Select:

Delete on Reboot

then Click on the All Files button.

Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\catchme.exe
C:\WINDOWS\GPInstall.exe

Return to Killbox, go to the File menu, and choose Paste from Clipboard.

Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.

If you receive a PendingFileRenameOperations prompt, just click OK to continue (But if you do get this message, please let me know!)

If Killbox does not reboot just reboot your PC yourself.
After reboot locate the below folder and delete if found:
C:\Program Files\PopAdStop

Now run Ccleaner!

Now attach the below new logs and tell me how the above steps went.

GetRunKey

ShowNew

HJT

Make sure you tell me how things are working now!

dadpad · Apr 22, 2007

chaslang said: ↑

Please put the below files into a ZIP file and attach the ZIP to your next message.

Code:

 "C:\WINDOWS\system32\drivers\"
km1885~1.u2k  22 Apr 2007          64  "kmxcfg.u2k4"
km1895~1.u2k  22 Apr 2007          64  "kmxcfg.u2k5"
km18a5~1.u2k  22 Apr 2007          64  "kmxcfg.u2k6"
km18b5~1.u2k  22 Apr 2007          64  "kmxcfg.u2k7"
kmxcfg~1.u2k  22 Apr 2007      248984  "kmxcfg.u2k0"
[/QUOTE]

Zip file attached to the post following this. Possibly updates associated with CA anti virus?
 
[quote="chaslang, post: 964944"][b]Uninstall the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below two folders which may be left behind by the uninstall:[/b]
C:\Documents and Settings\All Users\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software[/QUOTE]

Done.

 
[quote="chaslang, post: 964944"][B]Continue by downloading a tool we will need[/B] [COLOR=black]- [URL="http://www.majorgeeks.com/Pocket_KillBox_d4709.html"][B][COLOR=blue]Pocket KillBox[/COLOR][/B][/URL][/COLOR]
 
[COLOR=black]Save it to its own folder somewhere that you will be able to locate it later. [/COLOR][/QUOTE]

Saved first to desktop (default) then drag and drop to my folder C:\ spyware
 
[quote="chaslang, post: 964944"]Now run[B] Pocket Killbox [/B]by doubleclicking on [B]killbox.exe[/B]
[LIST]
[*]select[B] File[/B], [B]Cleanup[/B], [B]Delete All Backups[/B]
[*][COLOR=black]Choose [B]Tools[/B] >[B] Delete Temp Files[/B] and click [B]Delete Selected Temp Files[/B].[/COLOR]
[*]Then after it deletes the files click the [B]Exit (Save Settings)[/B] button.[/LIST][B][COLOR=red]NOTE:[/COLOR][/B] Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.[/quote]

kilbox detected 11 users I deliberately selected each user in turn and deleted the checked files
 
[quote="chaslang, post: 964944"][COLOR=black]Select:
[LIST]
[*][B]Delete on Reboot[/B]
[*]then [B]Click[/B] on the [B]All Files[/B] button.
[*]Please [B]copy the file paths below to the clipboard[/B] by highlighting [B]ALL[/B] of them and [B]pressing CTRL + C[/B] (or, after highlighting, right-click and choose copy):[/LIST][/COLOR]
C:\WINDOWS\catchme.exe
C:\WINDOWS\GPInstall.exe[/quote]
done

[quote="chaslang, post: 964944"]
Return to Killbox, go to the [B]File[/B] menu, and choose [B]Paste from Clipboard[/B].
Click the red-and-white [B]Delete File[/B] button. Click [B]Yes[/B] at the Delete on Reboot prompt.[/LIST]If you receive a [COLOR=darkred][B]PendingFileRenameOperations [/B][/COLOR]prompt, just click [B]OK[/B] to continue ([COLOR=purple][b]But if you do get this message, please let me know!)[/b][/COLOR]

[COLOR=black]If Killbox does not reboot just reboot your PC yourself.[/COLOR]
[/quote]
[b]The system took some time to reboot. This message was offered.
Your system has recovered from a seriouse error a log of this error has been created please tell microsoft about this problem
Error signiature Bccode:93 Bcp1 00000050 Bcp2 00000000 Bcp3 00000050 Bcp4 00000000 Osver:5_1_2600 sp2 product 768_1
The following files will be included in the error report
C:\windows\TEMP\WERdedd.dir 00\mini042207-01
C:\ windows\TEMP\WERdedd.dir 00\sysdata.xml[/b]
A window opened and offered this advice"
Problem caused by Device Driver


[quote="chaslang, post: 964944"][B]After reboot locate the below folder and delete if found:[/B]
C:\Program Files\PopAdStop[/quote]

not found
 
[quote][B]Now run Ccleaner![/B][/quote]

ran cleaner only, Should I run ISSUES as well?
 
[quote][B][COLOR=black]Now attach the below new logs and tell me how the above steps went. [/COLOR][/B]
[B][COLOR=brown][LIST=1]
[*] GetRunKey
[*] ShowNew
[*] HJT
[/LIST][/B][/COLOR][/quote]

Attached
 
[quote][B]Make sure you tell me how things are working now![/B][/QUOTE]

Things seem ok. have not yet had time to assess.

Click to expand...

dadpad · Apr 22, 2007

kmxcfg.zip as requested.

chaslang · Apr 22, 2007

dadpad said: ↑

Zip file attached to the post following this. Possibly updates associated with CA anti virus?
Click to expand...

Yes that is what they look like! Some one should smack them in the head for naming files like that. They should know better in this day and age. Those look just like malware.

Your logs are clean. If you are not having any other malware problems, it is time to do our final steps:

If we used Pocket Killbox during your cleanup, do the below

Run Pocket Killbox and select File, Cleanup, Delete All Backups

If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.

If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.

If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.

If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.

If we had you run Avenger, you can delete all files related to Avenger now.

If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.

You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created

If you are running Windows XP or Windows ME, do the below:

go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.

Then reboot and Enable System Restore to create a new clean Restore Point.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

dadpad · Apr 22, 2007

Thank you for your time and effort.

The computer recycles (restarts automaticall) several times at startup.
an warns me that C: is low on disc space. I can see 2 files have been created in C:\windows\system32 drivstore and dll cache.

This is not the forum to solve driver errors however if you wish to suggest where I can receive advice on this problem feel free.

Once again I give thanks to all at major geeks for the time and troule taken to solve these and other problems.

chaslang · Apr 23, 2007

dadpad said: ↑

The computer recycles (restarts automaticall) several times at startup. an warns me that C: is low on disc space.
Click to expand...

yes you hard disk only had the below available in your log from ShowNew:
Code:
               2 Dir(s)     567,775,232 bytes free
That is not enough free space to properly run Windows. You need to cleanup whatever is hogging all of your diskspace or you need to get a larger hardisk.

But as you suggested, this is not an issue for this forum. You can try the Software (or Hardware) Forum but before doing that, you really need to first free up a lot diskspace. How large is your hard disk?

dadpad · Apr 24, 2007

chaslang said: ↑
yes you hard disk only had the below available in your log from ShowNew:
Code:
               2 Dir(s)     567,775,232 bytes free
That is not enough free space to properly run Windows. You need to cleanup whatever is hogging all of your diskspace or you need to get a larger hardisk.

But as you suggested, this is not an issue for this forum. You can try the Software (or Hardware) Forum but before doing that, you really need to first free up a lot diskspace. How large is your hard disk?
Click to expand...
Hard disks (2) 80 gig and 160 gig as a slave. Been thru the hard discs and deleted a few programs we no longer need and according to C: propreties we have 34 gig of space. Defragged and ran disc cleanup. I am also forcing the kids to "tidy their rooms" on the computer.

Updating ATI2 with ATI catalyst drivers seems to have solved most of the error messages except that I then began getting messages "the app or dll C:/ windows system32 ieframe.dll is not a valid windows image".

I solved this by removing/re installing Internet explorer.

Thanks I'm done here just wanted to post the above in case it was useful to someone else.

chaslang · Apr 24, 2007

Thanks for the follow up! Surf safely!

dadpad · Apr 26, 2007

After my recent clean up I found two files called x.exe and X.log. I asked for information about this program in the software forum. It was suggested I attach it here.
As it seems a waste to attach it twice here is the link. I'm happy to attach it here if required.
http://forums.majorgeeks.com/showthread.php?t=124461

Some problems are occuring since the clean up.

The computer cycles once at start up. CA security center is unable to update. Java will not work. Some free on line diagnostic sites are unable to detect my chipset. chip utility from Intel gives the following:
Memory Controller:
Failed to identify your chipset
I/O Controller:
Failed to identify your ICH

Others do not detect my operating system or seem to suggest it is win 2000

I have run some free diagnostic tools (pc pitstop) which seem to indicate that this computer is operating using win 2000 files. (OS is XP sp 2)
I have removed Java runtime using add/remove and reinstalled, it operated fine until I shut my system down. when I reopened it would not work.

Any assistance would be greatly appreciated.

chaslang · Apr 27, 2007

dadpad said: ↑

After my recent clean up I found two files called x.exe and X.log. I asked for information about this program in the software forum. It was suggested I attach it here.
Click to expand...

According to more than thirty scanning tools there is nothing wrong with x.exe. It seems have something to do with compressed java scripts.

Did you delete them?

Are you having malware type problems? Have your GetRunKey, ShowNew, or HJT logs changed from what was last posted?

Have you downloaded or installed anything else since your last logs were posted?

dadpad said: ↑

The computer cycles once at start up. CA security center is unable to update. Java will not work. Some free on line diagnostic sites are unable to detect my chipset. chip utility from Intel gives the following:
Memory Controller:
Failed to identify your chipset
I/O Controller:
Failed to identify your ICH

Others do not detect my operating system or seem to suggest it is win 2000

I have run some free diagnostic tools (pc pitstop) which seem to indicate that this computer is operating using win 2000 files. (OS is XP sp 2)
I have removed Java runtime using add/remove and reinstalled, it operated fine until I shut my system down. when I reopened it would not work.
Click to expand...

These may not be a topic for the malware forum. Your last logs showed that you are running WinXP. Try using tools that are not doing scans online. Take a look at all the tools available for download in the below file system folders:

http://www.majorgeeks.com/downloads9.html

http://www.majorgeeks.com/downloads7.html

As far as CAetrust issues, try uninstalling the program, rebooting (don't skip) and then reinstalling.

Try the same for Sun Java!

dadpad · Apr 28, 2007

According to more than thirty scanning tools there is nothing wrong with x.exe. It seems have something to do with compressed java scripts.

Did you delete them?
Click to expand...

No they are located in C:\ documents and settings\my user name. As I dont know what they are I'm inclined to delete them to recycle bin and see what happens.

what's your advice on this.

Are you having malware type problems? Have your GetRunKey, ShowNew, or HJT logs changed from what was last posted?

Have you downloaded or installed anything else since your last logs were posted?
Click to expand...

I have, prior to your post, downloaded several diagnostic tools but not "fixed" anything.
Downloaded (but not installed) then add/removed CA etrust security center, ATI catalyst, Internet explorer, and Java runtime 6 and 6.1.
Restarted computer.
I have installed firefox ie tab add on and reinstalled all the above.

spybot gave me a "detected bad url" message whilst downloading Internet explorer????.

After each individual install I shut down and restarted.
When all were installed and appeared to be working correctly I ran CCleaner in issues mode.
CCleaner details mostly uninstaller reference issues (arp cache) but also mentions two missing startup files I have fixed selected issues without selecting the two missing start up items.

I then ran complete spyware and Virus scans with CA security center which picked up one item (?trojan?). Quarantined and then deleted this item. I then threatened to throw a brick through the monitor. This seemed to have the desired effect.

My computer has been behaving in a much more civilised manner since the reinstalls. java works and the recycle at start up is no longer happening. CA security center works well as does IE explorer.

I have rerun the read and run me thread.
below are the requested logs.
bit defender and panda run in safe mode show "no malware" so I have not posted logs
Interestingly whilst bit defender was running counterspy (running in background I assume) found another item so i have posted 2 counterspy logs.

dadpad · Apr 28, 2007

Show new and HJT logs as requested

chaslang · Apr 28, 2007

dadpad said: ↑

No they are located in C:\ documents and settings\my user name. As I dont know what they are I'm inclined to delete them to recycle bin and see what happens.

what's your advice on this.
Click to expand...

Just delete them!

dadpad said: ↑

I have, prior to your post, downloaded several diagnostic tools but not "fixed" anything.
Click to expand...

Did you also download and install PC MightyMax which CounterSpy has been fixing?

The logs you attached are all clean!

Are you having any malware issues?

dadpad · Apr 29, 2007

chaslang said: ↑

Just delete them!

Did you also download and install PC MightyMax which CounterSpy has been fixing?
Click to expand...

Yes I thought it was being reccomended on http://www.blackviper.com/WinXP/servicecfg.htm however I realise now it was a google advert.

chaslang said: ↑

The logs you attached are all clean!

Are you having any malware issues?
Click to expand...

Thanks for taking a look at the new logs. There appear to be no malware issues now.

chaslang · Apr 29, 2007

dadpad said: ↑

Yes I thought it was being reccomended on http://www.blackviper.com/WinXP/servicecfg.htm however I realise now it was a google advert.
Click to expand...

Do yourself a big favor, never download any tools online. Download from Major Geeks to be sure that you are not getting a rogue tool or a piece of garbage. Many download sites do not test their downloads (even though some say they do). They wait until people complain about infected downloads. And then some sites remove them and some sites (the ones that make try to make money from infecting you) do not remove them.

dadpad said: ↑

Thanks for taking a look at the new logs. There appear to be no malware issues now.
Click to expand...

You're welcome. Surf safely!

After smitfraud

dadpad Private E-2

Attached Files:

dadpad Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

dadpad Private E-2

Attached Files:

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

dadpad Private E-2

Attached Files:

dadpad Private E-2

Attached Files:

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

dadpad Private E-2

Attached Files:

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

dadpad Private E-2

Attached Files:

dadpad Private E-2

Attached Files:

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

dadpad Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

dadpad Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

dadpad Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

dadpad Private E-2

Attached Files:

dadpad Private E-2

Attached Files:

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

dadpad Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member