Jump to content

Infected with FBI ransomware


Recommended Posts

I have read through some of the old solved threads and followed the instructions within.  

 

Below is the .txt log after running the farbar scan tool.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013
Ran by SYSTEM on 29-08-2013 13:06:10
Running from F:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Winlogon: [shell] C:\Windows\Explorer.exe [2871808 2011-02-24] (Microsoft Corporation)
HKLM-x32\...\Run: [intuit SyncManager] - c:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [1087752 2009-11-25] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [sendori Tray] - C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-07-01] (Sendori, Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542104 2012-11-16] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\Vince\...\Run: [Google Update] - C:\Users\Vince\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-16] (Google Inc.)
HKU\Vince\...\Winlogon: [shell] explorer.exe,C:\Users\Vince\AppData\Roaming\cache.dat [98304 2011-11-16] () <==== ATTENTION 
 
==================== Services (Whitelisted) =================
 
S2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236368 2012-11-21] (Lavasoft Limited)
S2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [119072 2013-07-01] (Sendori, Inc.)
S4 QuickBooksDB20; C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe [678912 2009-08-17] (Intuit, Inc.)
S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-07-01] (sendori)
S2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-07-01] (Sendori)
S2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1025408 2013-07-17] (Enigma Software Group USA, LLC.)
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{4bcffee3-635a-204b-2e18-7583a9d72b65}\   \...\???\{4bcffee3-635a-204b-2e18-7583a9d72b65}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
 
==================== Drivers (Whitelisted) ====================
 
S3 e1kexpress; C:\Windows\System32\DRIVERS\e1k60x64.sys [220672 2009-06-10] (Intel Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [39504 2013-04-11] (ThreatTrack Security)
S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2012-12-06] (GFI Software)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-08-29 07:27 - 2013-08-29 08:12 - 00000004 _____ C:\Users\Vince\AppData\Roaming\cache.ini
2013-08-29 07:20 - 2013-08-29 07:20 - 00143395 _____ C:\sh4_service.log
2013-08-29 07:17 - 2013-08-29 06:02 - 00008192 _____ C:\shldr.mbr
2013-08-29 07:17 - 2012-11-02 12:23 - 00285747 _____ C:\shldr
2013-08-29 06:02 - 2013-08-29 06:02 - 00002261 _____ C:\Users\Vince\Desktop\SpyHunter.lnk
2013-08-29 06:02 - 2013-08-29 06:02 - 00000000 ____D C:\sh4ldr
2013-08-29 06:02 - 2013-08-29 06:02 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-29 06:02 - 2012-06-22 08:01 - 00022704 _____ C:\Windows\System32\Drivers\EsgScanner.sys
2013-08-29 06:01 - 2013-08-29 06:02 - 00000000 ____D C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-08-29 05:48 - 2013-08-29 05:48 - 00000292 _____ C:\Windows\PFRO.log
2013-08-29 05:18 - 2013-08-29 05:41 - 00000000 ____D C:\ProgramData\tybw
2013-08-29 03:19 - 2013-08-29 03:19 - 00580207 ____N C:\spyhunter.log
2013-08-29 01:08 - 2013-08-29 05:31 - 00000000 ____D C:\ProgramData\avqd
2013-08-29 01:08 - 2013-08-29 05:26 - 00000000 ____D C:\ProgramData\WDargaWW
2013-08-29 01:07 - 2013-08-29 01:07 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-23 08:24 - 2013-08-23 08:59 - 00000000 ____D C:\Users\Vince\Desktop\Kelly Orange 350Z
2013-08-20 12:08 - 2013-08-20 12:08 - 90619540 _____ C:\Users\Vince\Desktop\Morrison AP Dyno.MOV
2013-08-20 12:08 - 2013-08-20 12:08 - 81967900 ____N C:\Users\Vince\Desktop\MVI_2634.MOV
2013-08-20 12:08 - 2013-08-20 12:08 - 114228836 ____N C:\Users\Vince\Desktop\MVI_2642.MOV
2013-08-16 06:45 - 2013-08-19 09:44 - 00000000 ____D C:\Users\Vince\Desktop\Spyder
2013-08-13 08:06 - 2013-08-13 08:06 - 00000092 _____ C:\Users\Vince\Desktop\Igor Appt..txt
 
==================== One Month Modified Files and Folders =======
 
2013-08-29 08:12 - 2013-08-29 07:27 - 00000004 _____ C:\Users\Vince\AppData\Roaming\cache.ini
2013-08-29 07:59 - 2009-07-13 20:45 - 00021904 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-29 07:59 - 2009-07-13 20:45 - 00021904 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-29 07:53 - 2012-11-16 08:01 - 00000000 ____D C:\ProgramData\Sendori
2013-08-29 07:51 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-29 07:50 - 2013-07-20 21:00 - 00000560 _____ C:\Windows\setupact.log
2013-08-29 07:50 - 2012-08-16 07:12 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-503112933-3159197594-526901353-1000UA.job
2013-08-29 07:25 - 2013-03-29 08:27 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-29 07:20 - 2013-08-29 07:20 - 00143395 _____ C:\sh4_service.log
2013-08-29 07:17 - 2012-08-16 08:27 - 00000000 ____D C:\Users\Vince\AppData\Local\CRE
2013-08-29 06:02 - 2013-08-29 07:17 - 00008192 _____ C:\shldr.mbr
2013-08-29 06:02 - 2013-08-29 06:02 - 00002261 _____ C:\Users\Vince\Desktop\SpyHunter.lnk
2013-08-29 06:02 - 2013-08-29 06:02 - 00000000 ____D C:\sh4ldr
2013-08-29 06:02 - 2013-08-29 06:02 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-29 06:02 - 2013-08-29 06:01 - 00000000 ____D C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-08-29 05:48 - 2013-08-29 05:48 - 00000292 _____ C:\Windows\PFRO.log
2013-08-29 05:41 - 2013-08-29 05:18 - 00000000 ____D C:\ProgramData\tybw
2013-08-29 05:31 - 2013-08-29 01:08 - 00000000 ____D C:\ProgramData\avqd
2013-08-29 05:26 - 2013-08-29 01:08 - 00000000 ____D C:\ProgramData\WDargaWW
2013-08-29 05:06 - 2012-08-16 06:58 - 01299947 _____ C:\Windows\WindowsUpdate.log
2013-08-29 03:19 - 2013-08-29 03:19 - 00580207 ____N C:\spyhunter.log
2013-08-29 01:07 - 2013-08-29 01:07 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-28 13:49 - 2012-08-16 07:12 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-503112933-3159197594-526901353-1000Core.job
2013-08-28 13:13 - 2012-08-16 11:26 - 00000000 ____D C:\Users\Vince\Desktop\Website
2013-08-28 12:31 - 2012-11-16 08:01 - 00000000 ____D C:\Program Files (x86)\Sendori
2013-08-28 07:23 - 2012-12-18 13:46 - 00000000 ____D C:\Users\Vince\Desktop\Estimates
2013-08-23 08:59 - 2013-08-23 08:24 - 00000000 ____D C:\Users\Vince\Desktop\Kelly Orange 350Z
2013-08-21 00:25 - 2013-06-12 07:25 - 17737608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-08-21 00:25 - 2013-03-29 08:27 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 00:25 - 2013-03-29 08:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-21 00:25 - 2013-03-29 08:27 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-20 12:08 - 2013-08-20 12:08 - 90619540 _____ C:\Users\Vince\Desktop\Morrison AP Dyno.MOV
2013-08-20 12:08 - 2013-08-20 12:08 - 81967900 ____N C:\Users\Vince\Desktop\MVI_2634.MOV
2013-08-20 12:08 - 2013-08-20 12:08 - 114228836 ____N C:\Users\Vince\Desktop\MVI_2642.MOV
2013-08-19 09:44 - 2013-08-16 06:45 - 00000000 ____D C:\Users\Vince\Desktop\Spyder
2013-08-13 08:06 - 2013-08-13 08:06 - 00000092 _____ C:\Users\Vince\Desktop\Igor Appt..txt
2013-08-02 10:39 - 2009-07-13 21:13 - 00726316 _____ C:\Windows\System32\PerfStringBackup.INI
 
Files to move or delete:
====================
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install\{4bcffee3-635a-204b-2e18-7583a9d72b65}
C:\Users\Vince\AppData\Roaming\cache.dat
C:\Users\Vince\AppData\Roaming\cache.ini
C:\Users\Vince\AppData\Local\Temp\RHSetup.exe
C:\Users\Vince\AppData\Local\Temp\SHSetup.exe
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-07-23 20:01:00
Restore point made on: 2013-07-31 20:00:47
Restore point made on: 2013-08-08 20:00:50
Restore point made on: 2013-08-16 20:01:03
Restore point made on: 2013-08-24 20:01:03
 
==================== Memory info =========================== 
 
Percentage of memory in use: 25%
Total physical RAM: 2023.31 MB
Available physical RAM: 1514.15 MB
Total Pagefile: 2023.31 MB
Available Pagefile: 1503.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:148.81 GB) (Free:108.81 GB) NTFS
Drive f: () (Removable) (Total:14.9 GB) (Free:14.86 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System) (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: BE32722A)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)
 
 
LastRegBack: 2013-08-21 20:52
 
==================== End Of Log ============================

 

 

 

 

 

Thanks in advance for the help!

 

 

 

 

 

 

Link to post
Share on other sites

Hello rttuning and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
  • One or more of the identified infections is related to a nasty rootkit component which is difficult to remove. Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

    If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER. You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

    Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, delete the partition, reformat and reinstall the Operating System.

    Please read:

    Should you decide not to follow this advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. If you wish to proceed, disinfection will require more time and more advanced tools.

    Please let us know how you would like to proceed.

Link to post
Share on other sites

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the flashdrive as fixlist.txt

HKU\Vince\...\Winlogon: [shell] explorer.exe,C:\Users\Vince\AppData\Roaming\cache.dat [98304 2011-11-16] () <==== ATTENTION

S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{4bcffee3-635a-204b-2e18-7583a9d72b65}\ \...\???\{4bcffee3-635a-204b-2e18-7583a9d72b65}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

C:\Program Files (x86)\Google\Desktop\Install\{4bcffee3-635a-204b-2e18-7583a9d72b65}

C:\Users\Vince\AppData\Roaming\cache.dat

C:\Users\Vince\AppData\Roaming\cache.ini

C:\Users\Vince\AppData\Local\Temp\RHSetup.exe

C:\Users\Vince\AppData\Local\Temp\SHSetup.exe

DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-08-2013

Ran by Vince at 2013-09-03 11:37:35 Run:1

Running from F:\

Boot Mode: Safe Mode (minimal)

==============================================

 

Content of fixlist:

*****************

HKU\Vince\...\Winlogon: [shell] explorer.exe,C:\Users\Vince\AppData\Roaming\cache.dat [98304 2011-11-16] () <==== ATTENTION

S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{4bcffee3-635a-204b-2e18-7583a9d72b65}\ \...\???\{4bcffee3-635a-204b-2e18-7583a9d72b65}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

C:\Program Files (x86)\Google\Desktop\Install\{4bcffee3-635a-204b-2e18-7583a9d72b65}

C:\Users\Vince\AppData\Roaming\cache.dat

C:\Users\Vince\AppData\Roaming\cache.ini

C:\Users\Vince\AppData\Local\Temp\RHSetup.exe

C:\Users\Vince\AppData\Local\Temp\SHSetup.exe

DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

*****************

 

HKU\Vince\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.

*etadpug => Service deleted successfully.

C:\Program Files (x86)\Google\Desktop\Install\{4bcffee3-635a-204b-2e18-7583a9d72b65} => Moved successfully.

C:\Users\Vince\AppData\Roaming\cache.dat => Moved successfully.

C:\Users\Vince\AppData\Roaming\cache.ini => Moved successfully.

C:\Users\Vince\AppData\Local\Temp\RHSetup.exe => Moved successfully.

C:\Users\Vince\AppData\Local\Temp\SHSetup.exe => Moved successfully.

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.

"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

 

==== End of Fixlog ====

 

 

 

 

On a fresh restart I ran Malwarebytes and deleted 6 infections.  The computer now seems to boot up and operate normally.  I have it disconnected from the internet at the moment but all other functions seem normal.
Link to post
Share on other sites

Well done, please run this tool at Regular mode:

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.