Jump to content

Recommended Posts

I have AVG and it warned me about some, but maybe not all. And it was too late. I ran malawarebytes and it cleaned up 8 malicious bugs but I'm still getting redirected. Ran the malaware a second time and it looked clean but I'm still redirected. I am publishing both Malawarebytes log and the trend micro log.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:48:49 PM, on 5/31/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\AVG\AVG8\avgfws8.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\UPHClean\uphclean.exe

C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe

C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe

C:\WINDOWS\system32\svchost.exe

C:\Documents and Settings\Mary Giese\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0060921

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"

O4 - HKCU\..\Run: [Walgreens PhotoShow Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [sansaDispatch] C:\Documents and Settings\Mary Giese\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Amazon Unbox.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll

O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Support.com Controller Service (ssrang_supportdotcom) - SupportSoft, Inc. - C:\Program Files\supportdotcom\rang\ssrangsv.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--

End of file - 9796 bytes

Log 1 showing infections:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4156

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

5/30/2010 12:42:09 PM

mbam-log-2010-05-30 (12-42-09).txt

Scan type: Full scan (C:\|)

Objects scanned: 183929

Time elapsed: 48 minute(s), 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 8

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\htomocbf (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\htomocbf (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\pawehuhe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tahuhure.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tanudeke.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\terowuko.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\zehubedu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\zojokewa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-2821380735-165671010-3248845186-1006\Dc40.exe (Adware.Seekmo) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-2821380735-165671010-3248845186-1006\Dc46.exe (Adware.Seekmo) -> Quarantined and deleted successfully.

Log 2 showing clean:

www.malwarebytes.org

Database version: 4156

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

5/31/2010 1:49:40 PM

mbam-log-2010-05-31 (13-49-40).txt

Scan type: Full scan (C:\|)

Objects scanned: 182644

Time elapsed: 52 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hi capricorn And Welcome to Malwarebytes!

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

[DeFogger

Download DeFogger by jpshortstuff from here & save it to your desktop.

  • Right click DeFogger then choose Run as Administrator Or you can double-click to run the tool
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A Finished! message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK. If not reboot your PC

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Next

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

  • Double click GMER.exe.
    gmer_zip.gif
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
      GMER_thumb.jpg
      Click the image to enlarge it

    [*] Then click the Scan button & wait for it to finish.

    [*] Once done click on the [save..] button, and in the File name area, type in "ark.txt"

    [*]Save the log where you can easily find it, such as your desktop.

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.

Link to post
Share on other sites

I did what you asked me to do, but now I am kicked off my wireless internet access. :) I am posting from my second laptop because I am unable to do anything else. I restarted my computer, but it made no difference. I will need instructions to be able to reconnect to my wireless internet on the infected computer before I can go further.

Hi capricorn And Welcome to Malwarebytes!

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

[DeFogger

Download DeFogger by jpshortstuff from here & save it to your desktop.

  • Right click DeFogger then choose Run as Administrator Or you can double-click to run the tool
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A Finished! message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK. If not reboot your PC

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Next

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

  • Double click GMER.exe.
    gmer_zip.gif
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
      GMER_thumb.jpg
      Click the image to enlarge it

    [*] Then click the Scan button & wait for it to finish.

    [*] Once done click on the [save..] button, and in the File name area, type in "ark.txt"

    [*]Save the log where you can easily find it, such as your desktop.

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.

Link to post
Share on other sites

Combofix is currently working on my infected computer. I'd like to know how it operates and if my internet connection will be automatically resume or whether it involves putting on some of those other programs you had me do.

I'll post the log when I get it.

Thanks.

Great you have another PC next to you. Please do the following
Link to post
Share on other sites

Here is the log:

ComboFix 10-05-31.02 - Mary Giese 05/31/2010 23:57:15.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.524 [GMT -5:00]

Running from: E:\ComboFix.exe

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Mary Giese\GoToAssistDownloadHelper.exe

Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected

Restored copy from - Kitty had a snack :)

.

((((((((((((((((((((((((( Files Created from 2010-05-01 to 2010-06-01 )))))))))))))))))))))))))))))))

.

2010-05-30 18:23 . 2010-05-30 18:23 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee

2010-05-30 16:35 . 2010-05-30 16:35 -------- d-----w- c:\documents and settings\Mary Giese\Application Data\Malwarebytes

2010-05-30 16:35 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-30 16:35 . 2010-05-30 16:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-30 16:35 . 2010-05-30 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-05-30 16:35 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-28 03:55 . 2010-05-28 03:55 -------- d-----w- c:\documents and settings\Mary Giese\Local Settings\Application Data\Help

2010-05-27 15:03 . 1998-06-19 02:23 27648 ----a-w- c:\windows\system32\SSUBTMR.DLL

2010-05-27 15:03 . 1998-07-09 15:06 116736 ----a-w- c:\windows\system32\stamin32.dll

2010-05-27 15:02 . 2000-06-13 05:00 1234704 ----a-w- c:\windows\system32\MSJT4JLT.DLL

2010-05-27 15:02 . 1999-04-24 02:22 430080 ----a-w- c:\windows\system32\MSREPL35.DLL

2010-05-27 15:02 . 1998-04-24 05:00 252176 ----a-w- c:\windows\system32\msrd2x35.dll

2010-05-27 15:02 . 1998-04-24 05:00 24848 ----a-w- c:\windows\system32\msjter35.dll

2010-05-27 15:02 . 1999-08-05 00:17 1050384 ----a-w- c:\windows\system32\msjet35.dll

2010-05-27 15:02 . 1998-04-24 05:00 123664 ----a-w- c:\windows\system32\msjint35.dll

2010-05-27 15:02 . 1998-06-18 05:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL

2010-05-27 15:02 . 2002-03-19 15:39 98345 ----a-w- c:\windows\system32\imhost32.dll

2010-05-27 15:02 . 2002-03-14 18:46 339968 ----a-w- c:\windows\system32\imgman32.dll

2010-05-27 15:02 . 2001-12-01 08:25 446464 ----a-w- c:\windows\system32\HHActiveX.dll

2010-05-27 15:02 . 1998-10-15 18:51 136192 ----a-w- c:\windows\system32\dwspy32.dll

2010-05-27 15:02 . 1998-10-09 14:02 75776 ----a-w- c:\windows\system32\DWSPY36.dll

2010-05-27 15:01 . 2010-06-01 02:32 -------- d-----w- c:\program files\Matrix

2010-05-26 23:31 . 2010-05-28 21:52 -------- d-----w- c:\documents and settings\Mary Giese\Local Settings\Application Data\lpjdypcel

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-01 04:37 . 2007-11-26 00:59 45986 ----a-w- c:\documents and settings\Mary Giese\Application Data\wklnhst.dat

2010-05-31 20:48 . 2006-09-21 13:37 -------- d-----w- c:\program files\Trend Micro

2010-05-30 19:20 . 2007-11-15 01:13 -------- d-----w- c:\program files\Mozilla Thunderbird

2010-05-30 18:44 . 2008-08-16 20:09 -------- d-----w- c:\program files\AVG

2010-05-30 18:24 . 2008-10-18 01:12 -------- d-----w- c:\documents and settings\Mary Giese\Application Data\Move Networks

2010-05-30 18:23 . 2009-11-11 01:28 -------- d-----w- c:\program files\McAfee Security Scan

2010-05-30 17:46 . 2008-12-30 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2010-05-27 15:16 . 2008-01-27 15:08 68144 ----a-w- c:\documents and settings\Mary Giese\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-04-14 20:29 . 2010-04-14 20:29 157000 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2010-03-29 14:26 . 2009-12-02 22:16 79488 ----a-w- c:\documents and settings\Mary Giese\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2010-03-10 08:02 . 2004-08-11 22:00 417792 ----a-w- c:\windows\system32\vbscript.dll

2008-03-26 20:23 . 2007-12-03 17:52 88 --sh--r- c:\windows\system32\F2B3B9B7DA.sys

2008-03-26 20:23 . 2007-12-03 17:52 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

"DellTransferAgent"="c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168]

"Walgreens PhotoShow Media Manager"="c:\progra~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe" [2006-04-20 237568]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

"SansaDispatch"="c:\documents and settings\Mary Giese\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-05-12 79872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]

"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-17 2046816]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-01 136600]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-21 98304]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

Amazon Unbox.lnk - c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2009-4-10 97320]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-21 24576]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-07-30 23:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2007-11-15 00:35 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [12/29/2008 8:21 PM 12552]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/29/2008 8:20 PM 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/29/2008 8:21 PM 108552]

R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/3/2009 6:43 PM 908056]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/29/2008 8:20 PM 297752]

R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [7/3/2009 6:43 PM 1370488]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12/29/2008 8:19 PM 29208]

R3 ssrangdr;ssrangdr;c:\windows\system32\drivers\ssrangdr.sys [11/11/2008 12:59 PM 2560]

S2 ssrang_supportdotcom;Support.com Controller Service;c:\program files\supportdotcom\rang\ssrangsv.exe [12/10/2008 12:41 AM 965960]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12/29/2008 8:19 PM 29208]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

2010-06-01 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-01 03:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0060921

mStart Page = hxxp://www.dell.com

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0060921

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

Trusted Zone: musicmatch.com\online

FF - ProfilePath - c:\documents and settings\Mary Giese\Application Data\Mozilla\Firefox\Profiles\w3aah6ix.default\

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll

FF - plugin: c:\documents and settings\Mary Giese\Application Data\Move Networks\plugins\npqmp071505000010.dll

FF - plugin: c:\documents and settings\Mary Giese\Application Data\Mozilla\Firefox\Profiles\w3aah6ix.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\stk_downloads\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-01 00:06

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

SansaDispatch = c:\documents and settings\Mary Giese\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?sher%3dMandatory%26publication-date%3d03%252f23%252f2009%26authors%3d1.205%26isbn%3d%26descript

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Windows\AutorunsDisabled]

"Appinit_Dlls"="c:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL,c:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1296)

c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(940)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Intel\Wireless\Bin\WLKeeper.exe

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Dell\QuickSet\NICCONFIGSVC.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\UPHClean\uphclean.exe

c:\progra~1\AVG\AVG8\avgam.exe

c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\windows\system32\wscntfy.exe

c:\program files\AVG\AVG8\avgcsrvx.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\stsystra.exe

c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe

c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe

.

**************************************************************************

.

Completion time: 2010-06-01 00:14:30 - machine was rebooted

ComboFix-quarantined-files.txt 2010-06-01 05:14

ComboFix2.txt 2008-12-31 23:13

Pre-Run: 45,478,453,248 bytes free

Post-Run: 46,660,853,760 bytes free

- - End Of File - - 6872D702DC5623D8D94759519390E279

Link to post
Share on other sites

ComboFix was ran on this PC before back in 2008. You read my blog about ComboFix:

http://kdiamondkenny.blogspot.com/2009/07/combofix.html

Please read carefully and let me know if you have any questions.

Create a batch file:

Note: You will need to save any work before double clicking the fix.bat file because it will automatically restart your computer

  • Please copy and paste the following text in the Code box exactly as written into notepad (not wordpad or any other text editor):
    @echo off
    ipconfig /release
    ipconfig /renew
    ipconfig /flushdns
    netsh winsock reset all
    netsh int ip reset all
    shutdown -r -t 10
    del /f /q %0


  • Once you've done that click on File and select Save As...
  • In the Save dialogue box click on the drop down menu next to Save as type and select All Files
  • Name the file fix.bat (the .bat extension is very important)
  • Save the file to your desktop and double click it to run it.
  • Once it runs it will automatically restart your computer
  • Once your computer boots again, check to see if your internet performance has improved

Please let me know how your PC is doing before we move on?

Link to post
Share on other sites

Not by me it wasn't, but I did have some repair work done.

ComboFix was ran on this PC before back in 2008. You read my blog about ComboFix:

http://kdiamondkenny.blogspot.com/2009/07/combofix.html

Please read carefully and let me know if you have any questions.

Create a batch file:

Note: You will need to save any work before double clicking the fix.bat file because it will automatically restart your computer

  • Please copy and paste the following text in the Code box exactly as written into notepad (not wordpad or any other text editor):
    @echo off
    ipconfig /release
    ipconfig /renew
    ipconfig /flushdns
    netsh winsock reset all
    netsh int ip reset all
    shutdown -r -t 10
    del /f /q %0


  • Once you've done that click on File and select Save As...
  • In the Save dialogue box click on the drop down menu next to Save as type and select All Files
  • Name the file fix.bat (the .bat extension is very important)
  • Save the file to your desktop and double click it to run it.
  • Once it runs it will automatically restart your computer
  • Once your computer boots again, check to see if your internet performance has improved

Please let me know how your PC is doing before we move on?

Link to post
Share on other sites

Not by me it wasn't, but I did have some repair work done. I don't understand the point of your blog.

Second, how do I find notepad. Don't forget, I am having to do this from a second computer through a jump drive. I will not proceed until I get an answer to this.

Link to post
Share on other sites

I'd like to know how it operates and if my internet connection will be automatically resume or whether it involves putting on some of those other programs you had me do.
I don't understand the point of your blog.

And I don't understand your question about ComboFix... :) It removes infections that could have changed the settings in your PC . Your PC had a rootkit that has replaced your ide driver atapi.sys file with malware. ComboFix replaced it with a clean copy.

Here's how to find Notepad:

1.Click Start

2.Click Programs

3.Click Accessories

4.Click Notepad

And run the batch file please.

Link to post
Share on other sites

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Link to post
Share on other sites

C:\Documents and Settings\Mary Giese\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-30a92bc9 probably a variant of Win32/Agent trojan

C:\Documents and Settings\Mary Giese\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-30eefac2.zip probably a variant of Win32/Agent trojan

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\atapi.sys.vir Win32/Olmarik.ZC trojan

Hopefully this is the log file you were looking for. I have kept it open and have not selected finish for the EST scan. I will do that once you assure me that this is the correct log file.

Link to post
Share on other sites

have kept it open and have not selected finish for the EST scan.

Did you finish this scan?

Please remove these

C:\Documents and Settings\Mary Giese\Application Data\Sun\Java\

C:\Documents and Settings\Mary Giese\Application Data\Sun\Java\

Link to post
Share on other sites

OK, I guess I am not being clear. The ESET scan is finished. I did not know where to find the log so I did not click finish or uninstall for the ESET program. I am afraid of losing the log and having to do the very lengthy scan all over again. I gave you what ESET listed as being the 3 infections.

I apparently do not know where to find the log. Will it pop up automatically when I click "finish"? The ESET program does not plainly list a log button like the other programs did.

Also, how do I remove the two infections you listed? There are no instructions on the ESET program.

Link to post
Share on other sites

The log shuold be at:

C:\Program Files\ESET\EsetOnlineScanner\log.txt.

Using Windows Explorer (to get there right-click your Start button and go to "Explore") to find the Eset log.

Also,

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these Folders (if present):

C:\Documents and Settings\Mary Giese\Application Data\Sun\Java

C:\Documents and Settings\Mary Giese\Application Data\Sun\Java

Link to post
Share on other sites

ESET has online scanner which has end files labeled "Modules" "data" "updfiles" "http_update.eset.com" and "temp"

There is nothing labeled "log.txt"

Would the log be in any of these?

I found the sun\java files and deleted them.

Thanks.

The log shuold be at:

C:\Program Files\ESET\EsetOnlineScanner\log.txt.

Using Windows Explorer (to get there right-click your Start button and go to "Explore") to find the Eset log.

Also,

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these Folders (if present):

C:\Documents and Settings\Mary Giese\Application Data\Sun\Java

C:\Documents and Settings\Mary Giese\Application Data\Sun\Java

Link to post
Share on other sites

C:\Program Files\ESET\EsetOnlineScanner\log.txt.

I read this, looked in this location and there was nothing there. I gave you the folders that were there and all were final, i.e. could not be expanded any further.

Is there somewhere else to look or could the folder have another name? What about the C:\Program Files\ESET\EsetOnlineScanner\data ? All the files I named for you had the prefix C:\Program Files\ESET\EsetOnlineScanner\ .

Link to post
Share on other sites

OK--finally found it:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=ef4f07113b7de04fb2e825efb571605c

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-06-01 06:29:58

# local_time=2010-06-01 01:29:58 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1024 16777191 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=58171

# found=3

# cleaned=0

# scan_time=6442

C:\Documents and Settings\Mary Giese\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-30a92bc9 probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I

C:\Documents and Settings\Mary Giese\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-30eefac2.zip probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\atapi.sys.vir Win32/Olmarik.ZC trojan 00000000000000000000000000000000 I

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.