Jump to content

Popups galore - Ran MBAM, GMER, Hijack...now what?

wholefoodsfool2
 Share

Recommended Posts

wholefoodsfool2

wholefoodsfool2

Posted
Posted

I'm a noob at this; forgive me if I make this harder than it needs to be.

Ran MBAM after getting popups but returned no results. Continued having random popups - finally, yesterday I searched Google for a particular site that poppedup, sure enough - same site found on your forum: http://forums.malwarebytes.org/index.php?showtopic=51915

According to that forum, the troubleshooting was specifically for that individual comp and I was having a bit of trouble registering for this forum, so I went ahead and ran the Hijackthis and GMER deals last night. Saved the logs to desktop and a CD. Interesting thing was that I had started moving some items into a flash drive last night but, they weren't in the flash drive this morning. Friend said to run MBAM on the flash drive and it returned some negative results, which was strange that it hadn't returned them before. Regardless, friend was able to walk me to this stage.

Otherwise, have changed all passwords on a secure comp but the comp that continues to have popups is working fine, aside from what happened to the flash drive.

So, I pasted the logs below, omitting the results that did not evidence malicious items (if need be, those results are available). What's next and why do people create these things?

______________________

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4169

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/4/2010 3:23:04 PM

mbam-log-2010-06-04 (15-23-04).txt

Scan type: Full scan (C:\|)

Objects scanned: 190035

Time elapsed: 1 hour(s), 0 minute(s), 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

_________________

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4167

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/4/2010 1:52:45 PM

mbam-log-2010-06-04 (13-52-45).txt

Scan type: Full scan (D:\|E:\|)

Objects scanned: 141694

Time elapsed: 2 minute(s), 39 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mjvqqhxr (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mjvqqhxr (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Files Infected:

C:\Documents and Settings\Dan\Local Settings\Application Data\blxfeemyf\sptdnautssd.exe (Rogue.AntivirusSuite.Gen) -> Delete on reboot.

________________________________

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-06-03 22:10:46

Windows 5.1.2600 Service Pack 3

Running: f233f39k.exe; Driver: C:\DOCUME~1\Dan\LOCALS~1\Temp\kfkoapoc.sys

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\System32\DRIVERS\omci.sys entry point in ".rsrc" section [0xF88E9C74]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A

.text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A

.text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

.text C:\Program Files\palmOne\HOTSYNC.EXE[604] MSVCRT.dll!??2@YAPAXI@Z 77C29CC5 5 Bytes JMP 0A93C080 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\HOTSYNC.EXE[604] MSVCRT.dll!??3@YAXPAX@Z 77C29CDD 5 Bytes JMP 0A93C0E0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\HOTSYNC.EXE[604] MSVCRT.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 77C29D9F 5 Bytes JMP 0A93C110 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\HOTSYNC.EXE[604] MSVCRT.dll!_aligned_offset_malloc 77C29DAF 5 Bytes JMP 0A93BFE0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\HOTSYNC.EXE[604] MSVCRT.dll!_aligned_free 77C29E33 5 Bytes JMP 0A93C0E0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\HOTSYNC.EXE[604] MSVCRT.dll!_aligned_malloc 77C29E52 5 Bytes JMP 0A93BFC0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\HOTSYNC.EXE[604] MSVCRT.dll!_aligned_offset_realloc 77C29E6E 5 Bytes JMP 0A93C020 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\HOTSYNC.EXE[604] MSVCRT.dll!_aligned_realloc 77C29FC6 5 Bytes JMP 0A93C000 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\HOTSYNC.EXE[604] MSVCRT.dll!_expand 77C29FE5 5 Bytes JMP 0A93BFA0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\HOTSYNC.EXE[604] MSVCRT.dll!_heapadd 77C2BC9F 5 Bytes JMP 0A93C160 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\HOTSYNC.EXE[604] MSVCRT.dll!_heapchk 77C2BCB3 5 Bytes JMP 0A93C170 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\HOTSYNC.EXE[604] MSVCRT.dll!_heapset + 1 77C2BD83 4 Bytes JMP 0A93C191 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\HOTSYNC.EXE[604] MSVCRT.dll!_heapmin 77C2BD8C 5 Bytes JMP 0A93C260 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\HOTSYNC.EXE[604] MSVCRT.dll!_heapused 77C2BE3A 5 Bytes JMP 0A93C230 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\HOTSYNC.EXE[604] MSVCRT.dll!_heapwalk 77C2BE4D 5 Bytes JMP 0A93C1A0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\HOTSYNC.EXE[604] MSVCRT.dll!_msize 77C2BF6C 5 Bytes JMP 0A93BEB0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\HOTSYNC.EXE[604] MSVCRT.dll!calloc 77C2C0C3 5 Bytes JMP 0A93BE50 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\HOTSYNC.EXE[604] MSVCRT.dll!free 77C2C21B 5 Bytes JMP 0A93C0E0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\HOTSYNC.EXE[604] MSVCRT.dll!malloc 77C2C407 5 Bytes JMP 0A93BE10 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\Program Files\palmOne\HOTSYNC.EXE[604] MSVCRT.dll!realloc 77C2C437 5 Bytes JMP 0A93BE90 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

.text C:\WINDOWS\System32\svchost.exe[1512] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A

.text C:\WINDOWS\System32\svchost.exe[1512] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A

.text C:\WINDOWS\System32\svchost.exe[1512] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C

.text C:\WINDOWS\System32\svchost.exe[1512] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00F4000A

.text C:\WINDOWS\System32\svchost.exe[1512] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00DF000A

.text C:\Program Files\Mozilla Firefox\firefox.exe[2448] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0132000A

.text C:\Program Files\Mozilla Firefox\firefox.exe[2448] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0133000A

.text C:\Program Files\Mozilla Firefox\firefox.exe[2448] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0131000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)

AttachedDevice \FileSystem\Fastfat \Fat TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 82857EE4

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\System32\DRIVERS\omci.sys suspicious modification

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

________________________________________________

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:34:57 PM, on 6/3/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\S24EvMon.exe

C:\WINDOWS\system32\ZCfgSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe

C:\WINDOWS\SMPClient.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Lexmark 9500 Series\lxdoamon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\System32\basfipm.exe

C:\Program Files\palmOne\HOTSYNC.EXE

C:\WINDOWS\system32\lxdocoms.exe

C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\WINDOWS\System32\RegSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

C:\WINDOWS\TEMP\XM3DC7.EXE

C:\WINDOWS\System32\MDM.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Microsoft Office\Office\WINWORD.EXE

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Documents and Settings\Dan\My Documents\Downloads\f233f39k.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [bascstray] BascsTray.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [sMPClient] C:\WINDOWS\SMPClient.exe

O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"

O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"

O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN

O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [lxdomon.exe] "C:\Program Files\Lexmark 9500 Series\lxdomon.exe"

O4 - HKLM\..\Run: [lxdoamon] "C:\Program Files\Lexmark 9500 Series\lxdoamon.exe"

O4 - HKLM\..\Run: [Lexmark 9500 Series Fax Server] "C:\Program Files\Lexmark 9500 Series\fm3032.exe" /s

O4 - HKLM\..\Run: [Hzumonorapule] rundll32.exe "C:\WINDOWS\oxerosuloro.dll",Startup

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Tzeruje] rundll32.exe "C:\WINDOWS\suiclacr.dll",Startup

O4 - HKUS\S-1-5-21-1495402626-1611685384-1273148813-1696\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')

O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')

O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe

O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE

O23 - Service: lxdoCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdoserv.exe (file missing)

O23 - Service: lxdo_device - - C:\WINDOWS\system32\lxdocoms.exe

O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe

O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

--

End of file - 7815 bytes

__________________________________________

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:37:34 PM, on 6/3/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\S24EvMon.exe

C:\WINDOWS\system32\ZCfgSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe

C:\WINDOWS\SMPClient.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Lexmark 9500 Series\lxdoamon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\System32\basfipm.exe

C:\Program Files\palmOne\HOTSYNC.EXE

C:\WINDOWS\system32\lxdocoms.exe

C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\WINDOWS\System32\RegSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

C:\WINDOWS\TEMP\XM3DC7.EXE

C:\WINDOWS\System32\MDM.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Microsoft Office\Office\WINWORD.EXE

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [bascstray] BascsTray.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [sMPClient] C:\WINDOWS\SMPClient.exe

O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"

O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"

O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN

O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [lxdomon.exe] "C:\Program Files\Lexmark 9500 Series\lxdomon.exe"

O4 - HKLM\..\Run: [lxdoamon] "C:\Program Files\Lexmark 9500 Series\lxdoamon.exe"

O4 - HKLM\..\Run: [Lexmark 9500 Series Fax Server] "C:\Program Files\Lexmark 9500 Series\fm3032.exe" /s

O4 - HKLM\..\Run: [Hzumonorapule] rundll32.exe "C:\WINDOWS\oxerosuloro.dll",Startup

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Tzeruje] rundll32.exe "C:\WINDOWS\suiclacr.dll",Startup

O4 - HKUS\S-1-5-21-1495402626-1611685384-1273148813-1696\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')

O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')

O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe

O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE

O23 - Service: lxdoCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdoserv.exe (file missing)

O23 - Service: lxdo_device - - C:\WINDOWS\system32\lxdocoms.exe

O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe

O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

--

End of file - 7781 bytes

_____________________________________

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4149

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/27/2010 6:50:51 PM

mbam-log-2010-05-27 (18-50-51).txt

Scan type: Full scan (C:\|)

Objects scanned: 192994

Time elapsed: 1 hour(s), 14 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Files Infected:

C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP736\A0086168.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP736\A0086169.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.

________________________________

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4148

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

5/27/2010 12:31:54 PM

mbam-log-2010-05-27 (12-31-54).txt

Scan type: Full scan (C:\|)

Objects scanned: 216275

Time elapsed: 47 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 5

Registry Keys Infected:

HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eanfgkdo (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eanfgkdo (Trojan.Downloader) -> Quarantined and deleted successfully.

Files Infected:

C:\Documents and Settings\Dan\Local Settings\Application Data\ismfshcjo\aqpwlattssd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Dan\Local Settings\Application Data\syssvc.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.

C:\Documents and Settings\Dan\Local Settings\Temp\8c8d163e.exe (Rogue.AntispywareSoft) -> Quarantined and deleted successfully.

C:\Documents and Settings\Dan\Local Settings\Temp\aAEV.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Dan\Local Settings\Temp\tuunld.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

____________________________

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4148

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/27/2010 9:29:41 AM

mbam-log-2010-05-27 (09-29-41).txt

Scan type: Full scan (C:\|)

Objects scanned: 192573

Time elapsed: 1 hour(s), 13 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Files Infected:

C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP735\A0086150.exe (Rogue.AntispywareSoft) -> Quarantined and deleted successfully.

____________________________

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4141

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/25/2010 9:59:42 AM

mbam-log-2010-05-25 (09-59-42).txt

Scan type: Full scan (C:\|)

Objects scanned: 192964

Time elapsed: 1 hour(s), 56 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\postbootreminder (Backdoor.Losfondup) -> Quarantined and deleted successfully.

Files Infected:

C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP735\A0086149.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.

C:\windows\system32\etar32dll.dll (Backdoor.Losfondup) -> Delete on reboot.

__________________________________

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4134

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

5/24/2010 11:46:07 PM

mbam-log-2010-05-24 (23-46-07).txt

Scan type: Full scan (C:\|)

Objects scanned: 219832

Time elapsed: 52 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xxqiidfg (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xxqiidfg (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Files Infected:

C:\Documents and Settings\Dan\Local Settings\Application Data\syssvc.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.

C:\Documents and Settings\Dan\Local Settings\Application Data\jvgwydunn\tybalrktssd.exe (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

__________________________________

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4133

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/23/2010 3:05:53 PM

mbam-log-2010-05-23 (15-05-53).txt

Scan type: Full scan (C:\|)

Objects scanned: 192434

Time elapsed: 1 hour(s), 15 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Files Infected:

C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP730\A0083131.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.

_________________

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4113

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/18/2010 4:57:57 PM

mbam-log-2010-05-18 (16-57-57).txt

Scan type: Full scan (C:\|)

Objects scanned: 191304

Time elapsed: 1 hour(s), 10 minute(s), 29 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Files Infected:

C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP730\A0083128.exe (Rogue.AntispywareSoft) -> Quarantined and deleted successfully.

___________________________

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4113

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

5/18/2010 3:14:22 PM

mbam-log-2010-05-18 (15-14-22).txt

Scan type: Quick scan

Objects scanned: 171561

Time elapsed: 30 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 5

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 8

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ridaqovq (Rogue.AntispywareSoft) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ridaqovq (Rogue.AntispywareSoft) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\comserver (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asam (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asam (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CLASSES_ROOT\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32\(default) (Hijack.Tray) -> Bad: (C:\DOCUME~1\Dan\LOCALS~1\Temp\7848113787.dll) Good: (stobject.dll) -> Quarantined and deleted successfully.

Files Infected:

C:\Documents and Settings\Dan\Local Settings\Application Data\ekhmtawrq\lkbsgmptssd.exe (Rogue.AntispywareSoft) -> Quarantined and deleted successfully.

C:\Documents and Settings\Dan\Local Settings\Temp\4244749680.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Dan\Local Settings\Temp\wlavqa.exe (Rogue.AntispywareSoft) -> Quarantined and deleted successfully.

C:\Documents and Settings\Dan\Local Settings\Temp\ywbhtj.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\Documents and Settings\Dan\Local Settings\Temp\comsrvr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\windows\system32\msapps\comsrvr.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\windows\herjek.config (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Dan\Local Settings\Application Data\asam.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Link to post
Share on other sites
Firefox

Firefox

Posted
Posted

Hi, and Welcome to Malwarebytes!

Please read the following so that you can begin the cleaning process:

As we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the Malware Removal forum so a qualified helper can help you fix any malware related problems/infections you may have.

  • Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.
  • After posting your new post, make sure under options, you select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post.
  • One of the expert helpers there will give you one-on-one assistance when one becomes available.
  • Please refrain from making any further changes to your computer (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.

NOTE: Please DO NOT post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post.

    • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
      Or
    • You may send a Private Message to a Moderator asking for assistance.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or here.

Please be patient, someone will assist you as soon as it is possible.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.