Jump to content

Recommended Posts

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:42:15 PM, on 5/6/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Wave Systems Corp\Common\DataServer.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\mfevtps.exe

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe

C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Apoint\Apoint.exe

C:\Documents and Settings\Tony Hogstad\Local Settings\Application Data\dph.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\McAfee\Common Framework\udaterui.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Apoint\HidFind.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe

C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe

C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\McAfee\VirusScan Enterprise\SCAN32.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061108

F3 - REG:win.ini: load=C:\DOCUME~1\TONYHO~1\LOCALS~1\TEMP

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110502131625.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PDF4 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 4.0\\RegistryController.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [statusClient 2.5] C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto

O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKLM\..\Policies\Explorer\Run: [mfnvlhctg] C:\WINDOWS\system32\GX264DN.exe

O4 - HKLM\..\Policies\Explorer\Run: [EDPFEEXL] C:\WINDOWS\system32\odpdx32Q.exe

O4 - HKLM\..\Policies\Explorer\Run: [WOCQ] C:\WINDOWS\system32\odpdx32Q.exe

O4 - Startup: BounceBack Launcher.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://C:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {3A52566B-6018-485B-B713-8B9FF660D8E8} (ilhtrapp Object) - http://www.dvrconnections.com/sec_user/xwatch_search/activex/isentry.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab

O16 - DPF: {4838DDF0-AEEE-46B4-9D91-E46479CB9EFF} (RASplus_WatSear Control) - http://www.dvrconnections.com/sec_user/iwatch_search/activex/WatSearCtrl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1304431104250

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553538600} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2250F2C5-6D19-414C-9D49-FDF0EB12D6A8}: NameServer = 93.188.165.199,93.188.160.170

O17 - HKLM\System\CCS\Services\Tcpip\..\{A1E3A6F2-2A05-4A3C-BA5D-68A268B9D024}: NameServer = 93.188.165.199,93.188.160.170

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.165.199,93.188.160.170

O17 - HKLM\System\CS1\Services\Tcpip\..\{2250F2C5-6D19-414C-9D49-FDF0EB12D6A8}: NameServer = 93.188.165.199,93.188.160.170

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.165.199,93.188.160.170

O20 - AppInit_DLLs: karina.dat

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: OmniForm Printer - Unknown owner - C:\WINDOWS\system32\ofps.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe

O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe

O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe

O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe

O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe

--

End of file - 14656 bytes

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Vista / Windows7 Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.

Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.

When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:

Double-click on the Folder Options icon.

Click on the View tab.

If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.

Click on Show Hidden Files or Folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

Remove the checkmark from the checkbox labeled Hide extensions for known file types.

Remove the checkmark from the checkbox labeled Hide protected operating system files.

Please do not delete anything unless instructed to.

I've been seeing some Java infections lately.

Go here and follow the instructions to clear your Java Cache

http://www.java.com/en/download/help/plugin_cache.xml

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

I have been working on this for several days with little progress. Virus scan catches things on and off and malwarebytes nothing anymore.

Posted log file. Did the ATF cleaner, tried to run malwarebytes and it would not run, uninstalled malwarebytes, downloaded the mbabm-setup.exe file on another computer put it on a jump drive and copied to desktop on infected computer. In both normal and safe mode when I try to run the mbabm-setup.exe and it will not open, fake window xp home security windows come up.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5363

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/6/2011 4:22:27 PM

mbam-log-2011-05-06 (16-22-27).txt

Scan type: Quick scan

Objects scanned: 173897

Time elapsed: 4 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 7

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.199,93.188.160.170) Good: () -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2250F2C5-6D19-414C-9D49-FDF0EB12D6A8}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.199,93.188.160.170) Good: () -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A1E3A6F2-2A05-4A3C-BA5D-68A268B9D024}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.199,93.188.160.170) Good: () -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Documents and Settings\Tony Hogstad\Local Settings\Application Data\dph.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\tony hogstad\local settings\Temp\Zhv.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.

c:\documents and settings\tony hogstad\local settings\Temp\Zhw.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.

c:\documents and settings\tony hogstad\local settings\Temp\Zhx.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Download Combofix to a USB device and transfer it to the infected computer.

Beings the pc won't stay connected to the net, you'll need to download the tools to a USB device like a flash / thumb drive and run from that device.

Download from a working PC to the USB device, remove the USB device and plug it into the infected PC.

Also if you have Vista

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations to the USB device.

Link 1

Link 2 If using this link, Right Click and select Save As.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.

Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part.

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

ComboFix 11-05-06.03 - Tony Hogstad 05/06/2011 17:46:01.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1453 [GMT -5:00]

Running from: C:\Documents and Settings\Tony Hogstad\Desktop\ComboFix.exe

AV: McAfee VirusScan Enterprise+AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\Tony Hogstad\Local Settings\Application Data\dph.exe

C:\Documents and Settings\Tony Hogstad\WINDOWS

C:\iexplore.exe

C:\Thumbs.db

Infected copy of C:\WINDOWS\system32\drivers\volsnap.sys was found and disinfected

Restored copy from - Kitty had a snack :P

((((((((((((((((((((((((( Files Created from 2011-04-06 to 2011-05-06 )))))))))))))))))))))))))))))))

2011-05-06 21:14:11 . 2010-12-20 23:09:00 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2011-05-06 20:41:20 . 2011-05-06 20:39:56 50688 ----a-w- C:\ATF_Cleaner.exe

2011-05-03 15:17:14 . 2011-05-03 15:17:14 -------- d-----w- C:\Program Files\Trend Micro

2011-05-03 15:05:37 . 2011-05-03 15:05:37 -------- d-----w- C:\Documents and Settings\Tony Hogstad\Local Settings\Application Data\FixItCenter

2011-05-03 15:05:27 . 2011-05-03 15:05:27 -------- d-----w- C:\Documents and Settings\NetworkService\Application Data\Zeon

2011-05-03 14:02:13 . 2011-05-03 14:02:14 -------- d-----w- C:\WINDOWS\MATS

2011-05-03 14:02:12 . 2011-05-03 14:02:16 -------- d-----w- C:\Program Files\Microsoft Fix it Center

2011-05-03 13:56:08 . 2011-05-03 13:56:08 -------- d-----w- C:\Documents and Settings\Tony Hogstad\Application Data\DriverCure

2011-05-03 13:56:07 . 2011-05-03 13:56:07 -------- d-----w- C:\Documents and Settings\Tony Hogstad\Application Data\ParetoLogic

2011-05-03 13:55:54 . 2011-05-03 15:09:06 -------- d-----w- C:\Documents and Settings\All Users\Application Data\ParetoLogic

2011-05-03 13:46:56 . 2011-05-03 13:46:56 -------- d-sh--w- C:\Documents and Settings\Tony Hogstad\IECompatCache

2011-05-02 18:18:44 . 2011-05-02 18:18:44 -------- d-----w- C:\Documents and Settings\Tony Hogstad\Application Data\McAfee

2011-05-02 18:16:29 . 2011-05-02 18:12:56 74848 ----a-w- C:\WINDOWS\system32\MfeOtlkAddin.dll

2011-05-02 18:16:29 . 2011-05-02 18:12:56 22816 ----a-w- C:\WINDOWS\system32\MFEOtlk.dll

2011-05-02 18:16:19 . 2011-05-02 18:12:55 9344 ----a-w- C:\WINDOWS\system32\drivers\mfeclnk.sys

2011-05-02 18:16:18 . 2011-05-02 18:12:56 85152 ----a-w- C:\WINDOWS\system32\drivers\mferkdet.sys

2011-05-02 18:16:16 . 2011-05-02 18:12:56 88544 ----a-w- C:\WINDOWS\system32\drivers\mfetdi2k.sys

2011-05-02 18:16:15 . 2011-05-02 18:12:57 145936 ----a-w- C:\WINDOWS\system32\mfevtps.exe

2011-05-02 16:32:08 . 2011-05-02 16:30:50 7025088 ----a-w- C:\mbam-rules.exe

2011-05-02 13:46:25 . 2011-05-02 13:43:48 13007304 ----a-w- C:\windows-kb890830-v3.18.exe

2011-05-02 00:40:00 . 2011-05-02 00:40:38 -------- d-----w- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp

2011-04-29 21:40:41 . 2011-05-02 15:53:54 -------- d-----w- C:\New Antivirus

2011-04-29 16:30:38 . 2011-04-29 16:25:06 8128007 ----a-w- C:\stinger10101535.exe

2011-04-29 15:55:31 . 2011-04-29 15:55:31 -------- d-----w- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2011-04-21 14:44:08 . 2011-05-06 21:14:12 -------- d--h--w- C:\Program Files\Malwarebytes' Anti-Malware

2011-04-21 14:25:04 . 2011-04-21 14:25:04 -------- d--h--w- C:\Documents and Settings\Tony Hogstad\Application Data\Malwarebytes

2011-04-08 15:51:41 . 2011-04-08 15:51:44 -------- d--h--w- C:\Documents and Settings\Tony Hogstad\Application Data\Blackberry Desktop

2011-04-07 13:53:03 . 2008-11-07 23:55:30 16928 ------w- C:\WINDOWS\system32\spmsgXP_2k3.dll

2011-04-07 13:52:08 . 2011-04-07 13:52:08 -------- d--h--w- C:\Documents and Settings\Tony Hogstad\Local Settings\Application Data\Research In Motion

2011-04-07 13:52:06 . 2011-04-07 13:52:23 -------- d--h--w- C:\Documents and Settings\Tony Hogstad\Application Data\Research In Motion

2011-04-07 13:51:47 . 2009-01-09 22:18:02 27136 ----a-r- C:\WINDOWS\system32\drivers\RimSerial.sys

2011-04-07 13:51:13 . 2011-04-07 13:51:13 -------- d--h--w- C:\Documents and Settings\All Users\Application Data\Research In Motion

2011-04-07 13:50:40 . 2011-04-07 13:51:05 -------- d--h--w- C:\Program Files\Common Files\Research In Motion

2011-04-07 13:50:40 . 2011-04-07 13:50:40 -------- d--h--w- C:\Program Files\Research In Motion

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-05-02 18:12:56 . 2007-04-12 21:54:23 436728 ----a-w- C:\WINDOWS\system32\drivers\mfehidk.sys

2011-05-02 18:12:55 . 2007-04-12 21:54:27 58456 ----a-w- C:\WINDOWS\system32\drivers\mfebopk.sys

2011-05-02 18:12:55 . 2007-04-12 21:54:24 171296 ----a-w- C:\WINDOWS\system32\drivers\mfeavfk.sys

2011-05-02 18:12:54 . 2007-04-12 21:54:26 116104 ----a-w- C:\WINDOWS\system32\drivers\mfeapfk.sys

2011-03-22 21:00:30 . 2011-03-22 21:00:28 6928793 ----a-w- C:\psv301.zip

2011-03-07 05:33:50 . 2004-08-11 23:12:51 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll

2011-03-04 06:37:06 . 2004-08-11 23:00:36 420864 ----a-w- C:\WINDOWS\system32\vbscript.dll

2011-03-03 13:21:11 . 2004-08-11 23:00:37 1857920 ----a-w- C:\WINDOWS\system32\win32k.sys

2011-02-22 23:06:29 . 2004-08-11 23:00:37 916480 ----a-w- C:\WINDOWS\system32\wininet.dll

2011-02-22 23:06:29 . 2004-08-11 23:00:18 43520 ------w- C:\WINDOWS\system32\licmgr10.dll

2011-02-22 23:06:29 . 2004-08-11 23:00:17 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl

2011-02-22 11:41:59 . 2004-08-11 23:00:16 385024 ------w- C:\WINDOWS\system32\html.iec

2011-02-17 13:18:24 . 2004-08-11 23:00:20 455936 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys

2011-02-17 13:18:03 . 2004-08-11 23:00:34 357888 ----a-w- C:\WINDOWS\system32\drivers\srv.sys

2011-02-17 12:32:12 . 2009-04-16 15:11:53 5120 ----a-w- C:\WINDOWS\system32\xpsp4res.dll

2011-02-15 12:56:39 . 2004-08-11 23:00:01 290432 ----a-w- C:\WINDOWS\system32\atmfd.dll

2011-02-11 13:25:52 . 2004-08-11 23:11:26 229888 ----a-w- C:\WINDOWS\system32\fxscover.exe

2011-02-09 13:53:52 . 2004-08-11 23:00:30 270848 ----a-w- C:\WINDOWS\system32\sbe.dll

2011-02-09 13:53:52 . 2004-08-11 23:00:13 186880 ----a-w- C:\WINDOWS\system32\encdec.dll

2011-02-08 13:33:55 . 2004-08-11 23:00:19 978944 ----a-w- C:\WINDOWS\system32\mfc42.dll

2011-02-08 13:33:55 . 2004-08-11 23:00:19 974848 ----a-w- C:\WINDOWS\system32\mfc42u.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-07-17 03:29:54 389120]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-25 13:43:17 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 18:13:38 176128]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-19 14:14:00 7401472]

"nwiz"="nwiz.exe" [2006-01-19 14:14:00 1519616]

"NVHotkey"="nvHotkey.dll" [2006-01-19 14:14:00 73728]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 22:30:44 282624]

"Document Manager"="C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-05-16 18:35:08 102400]

"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-06-29 18:13:32 1032192]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 22:50:42 221184]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 22:50:18 81920]

"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 16:51:04 49152]

"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 06:14:58 155648]

"PDF4 Registry Controller"="C:\Program Files\ScanSoft\PDF Professional 4.0\\RegistryController.exe" [2006-08-23 01:09:54 40960]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 02:52:38 49152]

"StatusClient 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2003-09-30 22:39:38 61440]

"TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2003-06-10 16:47:08 155648]

"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\udaterui.exe" [2011-01-12 21:05:00 161088]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 16:09:58 63712]

"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-09-19 08:53:50 1687552]

"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-09-19 08:29:54 163840]

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-04-16 17:24:32 819200]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-04-16 17:22:16 970752]

"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 03:38:56 623992]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-10-15 13:42:48 185872]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 07:04:34 39792]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2010-11-29 22:38:18 421888]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-03-07 20:33:40 421160]

"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-12 13:08:00 215360]

C:\Documents and Settings\Tony Hogstad\Start Menu\Programs\Startup\

BounceBack Launcher.lnk - C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe [2011-3-22 93888]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-11-8 24576]

EMBASSY Trust Suite Secure Update.lnk - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-1-30 192512]

Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

"C:\\RASplus\\RASplus_Runner.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" --> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [?]

S3 ICDSX;Sony IC Recorder (SX);C:\WINDOWS\system32\drivers\ICDSX.sys [10/1/2003 6:44:00 PM 31744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08

Contents of the 'Scheduled Tasks' folder

2011-05-06 C:\WINDOWS\Tasks\ConfigExec.job

- C:\Program Files\Microsoft Fix it Center\MatsApi.dll [2010-11-16 06:09:20 . 2010-11-16 06:09:20]

2011-05-06 C:\WINDOWS\Tasks\DataUpload.job

- C:\Program Files\Microsoft Fix it Center\MatsApi.dll [2010-11-16 06:09:20 . 2010-11-16 06:09:20]

2011-05-06 C:\WINDOWS\Tasks\Google Software Updater.job

- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-31 23:34:45 . 2009-04-16 15:18:05]

2011-05-06 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-16 16:10:31 . 2011-03-16 16:10:26]

2011-05-06 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-16 16:10:31 . 2011-03-16 16:10:26]

2011-05-06 C:\WINDOWS\Tasks\User_Feed_Synchronization-{E9894C46-A46F-4475-887D-F78DBFAD00B4}.job

- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 17:58:32 . 2009-03-08 09:31:54]

2011-05-06 C:\WINDOWS\Tasks\User_Feed_Synchronization-{F15C2D80-91D7-4EF7-B0C1-B122C1926555}.job

- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 17:58:32 . 2009-03-08 09:31:54]

------- Supplementary Scan -------

uStart Page = hxxp://www.google.com/

IE: Open with ScanSoft PDF Converter 4.0 - C:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100

DPF: {3A52566B-6018-485B-B713-8B9FF660D8E8} - hxxp://www.dvrconnections.com/sec_user/xwatch_search/activex/isentry.cab

DPF: {4838DDF0-AEEE-46B4-9D91-E46479CB9EFF} - hxxp://www.dvrconnections.com/sec_user/iwatch_search/activex/WatSearCtrl.cab

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

Link to post
Share on other sites

You can renable your anti-virus after uninstall combofix

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*]Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.