Jump to content

Windows restarts - DCOM Server Process Launcher Service. Help please!


Recommended Posts

Heya,

I know other people have had this same problem but have been unable to fix this through googling.... any help would be much appreciated :)

I get this message on my computer: This system is shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown initiated by NT Authority\System. Windows must now restart because the DCOM Server Process Launcher Service terminated unexpectedly.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:06:19 p.m., on 22/01/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Launch Manager\HotkeyApp.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Launch Manager\WisLMSvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe

O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe

O4 - HKLM\..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe -p

O4 - HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [msiexec.exe] msiconf.exe (User 'Default user')

O4 - Startup: Shrink Pic.lnk = C:\Program Files\Shrink Pic\shrink_pic.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--

End of file - 7500 bytes

I have scanned with Malware and it is clear now... but here is the scan that I did first.

Malwarebytes' Anti-Malware 1.33

Database version: 1654

Windows 5.1.2600 Service Pack 2

21/01/2009 10:20:06 a.m.

mbam-log-2009-01-21 (10-20-06).txt

Scan type: Quick Scan

Objects scanned: 57677

Time elapsed: 4 minute(s), 29 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 5

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbxpijjc (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hbewez (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\cbXPijJc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1648787549-1694116548-4159064063-1005\Dc4241.tmp (Rogue.Installer) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\msiconf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Desktop\Best BDSM P0rn.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Desktop\Gay Fetish Sex.url (Rogue.Link) -> Quarantined and deleted successfully.

Now it's clear

Malwarebytes' Anti-Malware 1.33

Database version: 1654

Windows 5.1.2600 Service Pack 2

22/01/2009 10:16:43 p.m.

mbam-log-2009-01-22 (22-16-43).txt

Scan type: Full Scan (C:\|)

Objects scanned: 24362

Time elapsed: 3 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Thanks very much.

Link to post
Share on other sites

  • Root Admin

Please visit this webpage for instructions for downloading ComboFix to your
DESKTOP
:
how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

NOTE!!:

You must save and run
ComboFix.exe
on your DESKTOP and not from any other folder.

Also,
DO NOT
click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:

Note:

The
Windows Recovery Console
will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click
    Yes
    to allow ComboFix to continue scanning for malware.

  • When the tool is finished, it will produce a report for you.

  • Please post the
    C:\ComboFix.txt
    along with a
    new HijackThis log
    so we may continue cleaning the system.

Link to post
Share on other sites

  • Root Admin

The easiest thing to do is let Combofix do it for you, otherwise you can manually install it as shown near the bottom of that Web page in the link I gave you. You can drag the file on to Combofix and it will do it for you. But again, letting Combofix do the download and install is the easiest method if it can do it.

Link to post
Share on other sites

Yeah sorry! I didn't realise Combofix was going to do it for me - I was being careful to install the Recovery Console first but then realised that Combofix would do it... So I ran Combofix and it found and deleted rootkits. But here's the log!

ComboFix 09-01-21.04 - user 2009-01-23 23:09:27.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1582 [GMT -5:00]

Running from: c:\documents and settings\user\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\imgpdf2.dll

c:\temp\unins000.dat

c:\windows\system32\drivers\seneka.sys

c:\windows\system32\drivers\senekabgoedprk.sys

c:\windows\system32\senekaeneqmwfv.dat

c:\windows\system32\senekaeoicmowe.dll

c:\windows\system32\senekaeylspppa.dat

c:\windows\system32\senekawtqmykrj.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_SENEKA

((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 )))))))))))))))))))))))))))))))

.

2009-01-22 22:06 . 2009-01-22 22:06 <DIR> d-------- c:\program files\Trend Micro

2009-01-22 21:48 . 2009-01-18 16:35 15,688 --a------ c:\windows\system32\lsdelete.exe

2009-01-22 21:43 . 2001-08-17 13:28 113,762 --a------ c:\windows\system32\dllcache\usrpda.sys

2009-01-22 21:43 . 2001-08-17 13:28 7,556 --a------ c:\windows\system32\dllcache\usroslba.sys

2009-01-22 21:41 . 2004-08-04 07:00 571,392 --a------ c:\windows\system32\dllcache\tintlgnt.ime

2009-01-22 21:40 . 2009-01-22 21:40 <DIR> d-------- c:\program files\Lavasoft

2009-01-22 21:40 . 2009-01-22 21:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

2009-01-22 21:40 . 2009-01-22 21:40 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}

2009-01-22 21:40 . 2001-08-17 12:18 285,760 --a------ c:\windows\system32\dllcache\stlnata.sys

2009-01-22 21:39 . 2004-08-03 22:41 404,990 --a------ c:\windows\system32\dllcache\slntamr.sys

2009-01-22 21:38 . 2001-08-17 22:36 495,616 --a------ c:\windows\system32\dllcache\sblfx.dll

2009-01-22 21:37 . 2001-08-17 13:28 899,146 --a------ c:\windows\system32\dllcache\r2mdkxga.sys

2009-01-22 21:36 . 2004-08-04 07:00 482,304 --a------ c:\windows\system32\dllcache\pintlgnt.ime

2009-01-22 21:35 . 2004-08-04 00:56 4,274,816 --a------ c:\windows\system32\dllcache\nv4_disp.dll

2009-01-22 21:34 . 2004-08-04 00:56 1,737,856 --a------ c:\windows\system32\dllcache\mtxparhd.dll

2009-01-22 21:33 . 2004-08-04 07:00 1,875,968 --a------ c:\windows\system32\dllcache\msir3jp.lex

2009-01-22 21:32 . 2004-08-04 07:00 1,158,818 --a------ c:\windows\system32\dllcache\korwbrkr.lex

2009-01-22 21:31 . 2004-08-04 07:00 13,463,552 --a------ c:\windows\system32\dllcache\hwxjpn.dll

2009-01-22 21:30 . 2001-08-17 14:56 1,733,120 --a------ c:\windows\system32\dllcache\g400d.dll

2009-01-22 21:29 . 2001-08-17 12:17 629,952 --a------ c:\windows\system32\dllcache\eqn.sys

2009-01-22 21:28 . 2001-08-17 12:14 952,007 --a------ c:\windows\system32\dllcache\diwan.sys

2009-01-22 21:27 . 2004-08-04 07:00 1,677,824 --a------ c:\windows\system32\dllcache\chsbrkr.dll

2009-01-22 21:26 . 2001-08-17 13:28 871,388 --a------ c:\windows\system32\dllcache\bcmdm.sys

2009-01-22 21:25 . 2001-08-17 14:56 66,048 --a------ c:\windows\system32\dllcache\s3legacy.dll

2009-01-22 08:54 . 2007-01-18 07:00 3,968 --a------ c:\windows\system32\drivers\AvgArCln.sys

2009-01-21 10:14 . 2009-01-21 10:14 <DIR> d-------- c:\documents and settings\user\Application Data\Malwarebytes

2009-01-21 10:14 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-21 10:13 . 2009-01-21 10:14 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-21 10:13 . 2009-01-21 10:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-21 10:13 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-21 09:46 . 2009-01-21 09:46 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\HPAppData

2009-01-13 00:06 . 2009-01-20 22:20 <DIR> d-------- c:\documents and settings\user\Application Data\Move Networks

2009-01-06 10:12 . 2009-01-06 10:12 <DIR> d-------- c:\program files\MadOnion.com

2008-12-29 06:45 . 2008-12-29 06:45 <DIR> d-------- c:\documents and settings\user\Application Data\Snapfish

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-21 14:25 --------- d-----w c:\documents and settings\All Users\Application Data\avg8

2009-01-21 12:26 --------- d-----w c:\documents and settings\user\Application Data\shrink_pic

2009-01-20 14:44 --------- d-----w c:\documents and settings\user\Application Data\mIRC

2009-01-20 03:44 --------- d-----w c:\program files\mIRC

2009-01-18 21:30 64,160 ----a-w c:\windows\system32\drivers\Lbd.sys

2009-01-09 22:23 --------- d-----w c:\documents and settings\user\Application Data\Skype

2009-01-09 20:13 --------- d-----w c:\documents and settings\user\Application Data\skypePM

2009-01-09 09:03 --------- d-----w c:\program files\XviD

2009-01-09 09:03 --------- d-----w c:\program files\DivX

2009-01-09 09:03 --------- d-----w c:\program files\Activation Assistant for the 2007 Microsoft Office suites

2009-01-09 09:03 --------- d-----w c:\program files\ABC

2009-01-08 17:43 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-02 21:20 --------- d-----w c:\program files\Google

2009-01-02 10:59 --------- d-----w c:\program files\Codemasters

2008-12-19 03:33 --------- d-----w c:\program files\Futuremark

2008-12-18 02:54 --------- d-----w c:\documents and settings\All Users\Application Data\ATI

2008-12-18 02:51 --------- d-----w c:\program files\ATI Technologies

2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-04 01:51 --------- d-----w c:\program files\Sims2Pack Clean Installer

2008-12-04 00:39 --------- d-----w c:\program files\EA GAMES

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]

"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-04-26 192512]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-29 1261336]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-20 61440]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]

c:\documents and settings\user\Start Menu\Programs\Startup\

Shrink Pic.lnk - c:\program files\Shrink Pic\shrink_pic.exe [2007-04-18 3027019]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-08-02 2760704]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.xvid"= xvid.dll

"VIDC.DIV4"= DivXc32f.dll

"VIDC.DIV3"= DivXc32.dll

"MSACM.DIVXA32"= DivXa32.acm

"VIDC.HFYU"= huffyuv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgui.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgtray.exe"=

"c:\\Program Files\\ABC\\abc.exe"=

"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5222:TCP"= 5222:TCP:livechat

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-22 64160]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-06-15 97928]

R1 Hotkey;Hotkey;c:\windows\system32\drivers\HOTKEY.sys [2008-05-20 9867]

R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2008-05-20 118784]

R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-10 875288]

R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-10 231704]

R4 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-06-15 76040]

R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]

S1 mailKmd;mailKmd; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{addf693f-2616-11dd-a763-001e370da59a}]

\Shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9a7f2cc-8b81-11dd-a885-001e370da59a}]

\Shell\Auto\command - F:\autorun.bat

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.bat

\Shell\explore\Command - F:\autorun.bat

.

Contents of the 'Scheduled Tasks' folder

2009-01-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 16:34]

2009-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 08:57]

2008-06-19 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job

- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-05-23 08:03]

2008-05-20 c:\windows\Tasks\Uniblue SpeedUpMyPC.job

- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-05-23 08:03]

2008-05-25 c:\windows\Tasks\Uniblue SpyEraser.job

- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-04-02 03:50]

2009-01-23 c:\windows\Tasks\WebReg Photosmart C4200 series.job

- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-11 04:27]

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe

HKLM-Run-LaunchAp - c:\program files\Launch Manager\LaunchAp.exe

HKLM-Run-Wbutton - c:\program files\Launch Manager\WButton.exe

HKU-Default-Run-msiexec.exe - msiconf.exe

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.nz/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\udjviw44.default\

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\udjviw44.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-23 23:13:01

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?????0???????????0???q??|???????|???|???????|????????L????????&????F?????????????h?????????????B????????|p??|????m??|J?A?????????i?A????*??B~??????F??b@?????????????? A?l??*????i?A?{?@??&??6m@??&?????*??@??&?????

LaunchAp = c:\program files\Launch Manager\LaunchAp.exe????0???????????0???q??|???????|???|???????|????????L????????&????F?????????????h?????????????B????????|p??|????m??|J?A?????????i?A????*??B~??????F??b@?????????????? A?l??*????i?A?{?@??&??6m@??&?????*??@??&?????

Wbutton = c:\program files\Launch Manager\WButton.exe?????0???????????0???q??|???????|???|???????|????????L????????&????F?????????????h?????????????B????????|p??|????m??|J?A?????????i?A????*??B~??????F??b@?????????????? A?l??*????i?A?{?@??&??6m@??&?????*??@??&?????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]

"ImagePath"=""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1192)

c:\windows\system32\Ati2evxx.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\program files\Sygate\SPF\Smc.exe

c:\windows\system32\ati2evxx.exe

c:\windows\system32\rundll32.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\AVG\AVG8\avgrsx.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

c:\windows\system32\wdfmgr.exe

c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2009-01-23 23:16:42 - machine was rebooted

ComboFix-quarantined-files.txt 2009-01-24 04:16:28

Pre-Run: 125,433,745,408 bytes free

Post-Run: 125,374,574,592 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

233 --- E O F --- 2009-01-15 14:51:45

And Hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:21:00 p.m., on 23/01/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Launch Manager\HotkeyApp.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Launch Manager\WisLMSvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Startup: Shrink Pic.lnk = C:\Program Files\Shrink Pic\shrink_pic.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--

End of file - 7374 bytes

Link to post
Share on other sites

  • Root Admin

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then RESTART the computer

AFTER the reboot run HJT Do a system scan and save a logfile

The post back NEW MBAM and HJT logs in that order please.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.