Jump to content

Recommended Posts

Hi all,

I could use a bit of advice on finding some hidden malware. I'm just gonna give you all the info I have, including the log files specified by Forum Deity in the above Sticky. I'm running XP and was a bit late in installing updates. I was getting an error saying svchost.exe had to quit. This usually led to loss of functionality. I assumed it was malware. I'm running symmantec Endpoint protection and ran a scan. Symmantec found a few files it identified as risks SillyFDC and Bloodhound.MalPE and quarantined them. It also identified an incoming "intrusion" located in svchost.exe and blocked the IP (Malicious Toolkit Website 9 and Mass Iframe Injection Attack 2). The problem persisted. I ran a complete scan with Malwarebytes and it found several files it identified as Adware.minibug, both file and registry keys, and quarantined them. Malwarebytes stared detecting outgoing IP traffic, even w/o browser running, that it deemed malicious (95.64.48.39, 208.87.32.69). I used procexp and TCpview to determine which svchost process was the culprit and which dlls were associated with it. However, I could not figure out which was malware related, even with process of elimination. I realized why windows truly sucks. I then followed the directions in the above sticky.

Thanks for any help in advance!

Attach.zip

Here is my defogger log...it did not ask for a restart as suggested in the above post, so I assumed it was successful and restarted manually:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 12:50 on 11/09/2011

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

DSS log:

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Run by Dave at 13:04:57 on 2011-09-11

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1288 [GMT -5:00]

.

AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Endpoint Protection *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Symantec AntiVirus\Smc.exe

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

svchost.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Symantec AntiVirus\SmcGui.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\WDBtnMgr.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\vVX3000.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\palmOne\Hotsync.exe

C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp

uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html

uInternet Settings,ProxyOverride = *.local

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

uRun: [Google Update] "c:\documents and settings\dave\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [bCMSMMSG] BCMSMMSG.exe

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [WD Button Manager] WDBtnMgr.exe

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"

mRun: [VX3000] c:\windows\vVX3000.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{23565748-23BC-45FD-A9BB-0A83BD88EEBD} : DhcpNameServer = 192.168.0.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll

.

============= SERVICES / DRIVERS ===============

.

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-6-1 108456]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-6-1 108456]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-10 366640]

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec antivirus\Rtvscan.exe [2011-6-1 1839888]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-9-6 105592]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-10 22712]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110910.002\NAVENG.SYS [2011-9-10 86136]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110910.002\NAVEX15.SYS [2011-9-10 1576312]

S2 srvD48;srvD48;c:\windows\system32\svchost.exe -k netsvcs [2002-8-29 14336]

S3 BTCOMM;BTCOMM;c:\windows\system32\drivers\btcomm.sys --> c:\windows\system32\drivers\Btcomm.sys [?]

S3 BTKRNBDG;Bluetooth COM Bridge;c:\windows\system32\drivers\btkrnbdg.sys --> c:\windows\system32\drivers\btkrnbdg.sys [?]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2011-6-1 23888]

S3 CSRBC01;%CSRBC01.SvcDesc%;c:\windows\system32\drivers\csrbc01.sys --> c:\windows\system32\drivers\csrbc01.sys [?]

S3 ed_bus;Encrypted Disk Manager;c:\windows\system32\drivers\xcrdisk.sys [2004-11-10 28032]

S3 im_bus;Paragon Image Mounter;c:\windows\system32\drivers\imounter.sys --> c:\windows\system32\drivers\imounter.sys [?]

S3 vad_multi;Windigo Virtual Audio Device (WDM);c:\windows\system32\drivers\vadmulti.sys --> c:\windows\system32\drivers\vadmulti.sys [?]

S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]

.

=============== File Associations ===============

.

.scr=AutoCADScriptFile

.

=============== Created Last 30 ================

.

2011-09-11 03:41:20 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2011-09-11 03:38:42 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2011-09-10 23:17:09 -------- d-----w- c:\documents and settings\dave\application data\Malwarebytes

2011-09-10 23:17:01 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-10 23:17:00 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-09-10 23:16:56 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-10 23:16:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-10 04:46:23 -------- d-----w- c:\documents and settings\dave\local settings\application data\NPE

2011-09-10 04:46:23 -------- d-----w- c:\documents and settings\all users\application data\Norton

2011-09-05 07:22:44 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys

2011-09-05 07:18:47 357792 ----a-w- c:\windows\system32\Sysfer.dll

2011-09-05 07:18:46 99744 ----a-w- c:\windows\system32\drivers\SysPlant.sys

2011-09-05 07:18:15 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2011-09-05 07:18:15 125488 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-09-05 07:16:50 -------- d-----w- c:\program files\Symantec AntiVirus

2011-09-03 10:17:37 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll

2011-09-02 19:12:23 -------- d-----w- c:\program files\common files\Wolfram Research

2011-09-02 19:03:42 369680 ----a-w- c:\windows\system32\ml32i3.dll

2011-09-02 19:03:42 167952 ----a-w- c:\windows\system32\mlmodule32.dll

.

==================== Find3M ====================

.

2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: FUJITSU_MHU2100AT rev.00000008 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A0A74C0]<<

_asm { MOV EAX, [ESP+0x4]; MOV ECX, [0x8a0ae8a4]; PUSH ESI; MOV ESI, [ESP+0xc]; PUSH EDI; MOV EDI, [ESI+0x60]; CMP EAX, [0x8a0ae730]; JNZ 0x1f; MOV [ESP+0xc], ECX; }

1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8AC04AB8]

3 CLASSPNP[0xF7657FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x89FC8BE8]

\Driver\atapi[0x8A9F2BE0] -> IRP_MJ_CREATE -> 0x8A0A74C0

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { JMP 0x4a; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8A0A72E0

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 13:06:33.80 ===============

Link to post
Share on other sites

Hello and :welcome:

Unfortunately you have a nasty rootkit on your computer. Please read the following first.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

thanks for your reply. Just to be clear, if I format the partition on the disk that contains my windows OS and then reinstall, will the risk be gone? Is the MBR or other sectors outside the OS partition also affected?

Thanks!

Hello and :welcome:

Unfortunately you have a nasty rootkit on your computer. Please read the following first.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

The MBR is most likely infected, so formatting the partition will not help, although a reinstall of Windows might rewrite the MBR. If you choose to do this, I recommend going through with the cleanup for now, so you know that other partitions do not contain infected data.

Link to post
Share on other sites

ok, I'll attempt the clean up. Another question though, my partition table is probably written in the MBR, so if I wipe the MBR, I basically lose my other partitions too, right?

The MBR is most likely infected, so formatting the partition will not help, although a reinstall of Windows might rewrite the MBR. If you choose to do this, I recommend going through with the cleanup for now, so you know that other partitions do not contain infected data.

Link to post
Share on other sites

Wiping the MBR is indeed not a good idea. Rewriting it will also rewrite the partition table. Usually when you reinstall Windows, Windows will search for partitions and write a new MBR including a partition table to the first sector of the drive. However, with infected MBRs it is always a bit tricky (depends a bit on what you use to reinstall, especially recovery disks do not always do this).

Link to post
Share on other sites

Hi,

Thank you again for all your advise. I took it seriously and immediately took steps to secure all my banking and financial accounts. As for my computer, the infected disk is actually partitioned into 4 logical partitions. They are win (NTFS), FAT32, linux (ext3), and swap (ext3). I got into this mess because winXP has grown over the last 5 years to exceed my win partition and I could not fit any more updates. Since I need to adjust the partitions anyways, I have decided the following course of action:

From my linux OS, I'm going to remove my NTFS and FAT32 partitions and resize them. I believe my MBR is on my NTFS partition. I think this should effectively reformat the MBR, NTFS, and fat32 partitions, and remove the malware. All my data was on the FAT32 partition. I already scanned it with Malwarebytes and found nothing. I then moved it to a USB drive using linux. I plan to reinstall XP on the new NTFS partition. I'm not sure what I should do with the data from FAT32.

Do you have any suggestions on how I should reformat the NTFS and FAT32 partitions to best eliminate the malware? I'm hoping typical fdisk removing and reformating is sufficient. Also, is there anything else I can do to assure my data partition, FAT32, is uneffected? I have assumed since winXP can not even see my ext3 partitions, there is no issue with them, but I am very inexperienced with malware. Guess I've been really lucky up to now and I'm really glad Malwarebytes caught this.

Thanks again

Link to post
Share on other sites

The MBR is located outside the partitions. So, reformatting these partitions will not make any difference. If you reinstall Windows this way, the only thing that will change is that Windows will be added to the GRUB boot loader.

For that reason I recommend you go through with cleaning the MBR for now, and then do as planned by reformatting the partitions (if you do so, any security vulnerability in the Windows installation will be eliminated and you will be sure the MBR is clean).

Link to post
Share on other sites

yup, my mistake. You are correct. Can you suggest a method for me to check whether the data I transferred to a USB drive, from FAT32 partition via linux OS, contains any Malware related to this rootkit? I'm guessing it may be impossible to know for sure until I put the files back on a windows system.

Link to post
Share on other sites

  • 4 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.