Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP! infected computer, malware


  • This topic is locked This topic is locked
4 replies to this topic

#1 cami f

cami f

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 21 September 2010 - 12:05 AM

HI, here are my netbook's specifications just in case:
Manufacturer: Asus
Model: Eee Pc
Processor: Intel ® Atom ™ CPU N450 @1.66GHz 1.67 GHz
1 GB RAM

I am already pretty much sure that my computer (Windows 7) is infected. Windows Defender detected 4 times that there was a trojan file, which I removed each time with it. The file name ended in something like ruy.UH . As I researched I found that by using TCPview one could see what processes were running in my computer and so locate a suspicious one. In that way I found tons of processes called : "setup.exe" which were located in: C:\Windows\Temp\pvmo\setup.exe and came from the remote port: ext.211.ru . The state said: SYNC
I used an IP tracer and found that this port belongs to the ip 193.238.131.200 , who is located in Russia. Therefore, i am pretty sure that this guy hacked me. I ended the processes and therefore was able to erase the temp file from which the process originated. I do not know whether or not the problem has ended. I am now running a security scan using windows Defender and will inform later what happens.
Also, these past few days my computer screen has turned blue and it has been turning off, once it restarts I get a pop up that Windows has recovered from an unexpected shutdown and asking whether or not I want to send a problem report to Microsoft/check for solutions. My computer has Windows Defender and Trend Micro Security but it does not open. I am currently running Windows in safe mode with networking after the computer shut down as described above. I always get pop ups asking for permission for everything that happens, most applications and everything started when I started getting one which is supposedly from Windows Command Processor and when accepted, changes my User Control settings to never notify (which will only take effect after restart). I thought this was suspicious, so I ran Windows Defender and it was then when the first trojan was found. I also got pop ups of something that said "sbnat.exe" this was very suspicious so I never accepted. I looked for this file and erased it manually since Windows Defender did not detect it, it was in my user folder.

EDIT: the computer shut down while I was in the middle of writing this, I am now in normal mode and I keep getting the pop ups and Windows Defender detected a trojan. Now I just installed Panda Global Protection 2011 trial which found many suspicious files and trojans which are now removed or in quarantine. I will attach the Panda log. Many of the files were ones that I had found and thought were suspicious in the same folder as sbnat.exe . I cannot run the GMER scan because everytime I start to do it the computer shuts down. After restarting the computer since Panda asked so I notice that it is faster and the Windows Command Processor pop ups have not started yet.

This is my DDS log in safe mode:


DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Franco at 20:48:52.60 on Mon 09/20/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1014.146 [GMT -3:00]


============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\Explorer.exe
C:\windows\system32\ctfmon.exe
C:\Users\Franco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Franco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Franco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Franco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Franco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\TEMP\pvmo\setup.exe
C:\Users\Franco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Franco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Franco\Downloads\TCPView\Tcpview.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Users\Franco\Downloads\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431232
uDefault_Page_URL = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local
uWinlogon: Shell=c:\program files\asus\systemsetting\WallPaperAgent.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: : {89ea8c89-f143-45ba-bf3b-fbc4faad861c} - c:\windows\system32\dlocfa.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: ASUS Windows 7 Starter Helper: {d381ff29-7cfb-4d4e-b92a-c4eddc696614} - c:\program files\asus\systemsetting\StarterHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Google Update] "c:\users\franco\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr .exe" /background
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [uTorrent] "c:\program files\utorrent\uTorrent .exe"
uRun: [dtkuq] c:\users\franco\dtkuq.exe /L
uRun: [gaote] c:\users\franco\gaote.exe /W
uRun: [zegeh] c:\users\franco\zegeh.exe /T
uRun: [heuqoem] c:\users\franco\heuqoem.exe /M
uRun: [Metropolis] rundll32.exe c:\users\franco\appdata\local\temp\sshnas21.dll,GetHandle
uRun: [ASH24SXZ9S] c:\users\franco\appdata\local\temp\Ted .exe
uRun: [ciuon] c:\users\franco\ciuon.exe /k
uRun: [syvum] c:\users\franco\syvum.exe /u
uRun: [baowu] c:\users\franco\baowu.exe /n
uRun: [20W6RLKX65] c:\users\franco\appdata\local\temp\Tdx .exe
uRun: [tiedom] c:\users\franco\tiedom.exe /q
uRun: [reuege] c:\users\franco\reuege.exe /T
uRun: [ximit] c:\users\franco\ximit.exe /X
uRun: [boeagom] c:\users\franco\boeagom.exe /A
mRun: [ASUS Screen Saver Protector] c:\windows\AsScrPro.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe autorun
mRun: [LiveUpdate] AsusSender.exe c:\program files\asus\liveupdate\LiveUpdate.exe auto
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [HotkeyMon] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotKeyMon.exe
mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe
mRun: [SuperHybridEngine] AsusSender.exe c:\program files\eeepc\she\SuperHybridEngine.exe
mRun: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
mRun: [VizorHtmlDialog.exe] "c:\program files\trend micro\security\vizorhtmldialog.exe" "def" "eula" "c:\program files\trend micro\security\ui\pre_install_eula.html" "DEF" "DEF" "DEF"
mRun: [Trend Micro Client Framework] c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [OOBESetup] c:\program files\asus\ooberegbackup\ooberegbackup.exe /restore -"c:\program files\asus\ooberegbackup\OOBEReg.ini"
mRun: [Boingo Wi-Fi] "c:\program files\boingo\boingo wi-fi\Boingo.lnk"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\franco\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\franco\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\franco\appdata\roaming\microsoft\windows\start menu\programs\startup\img.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-10-6 51712]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-11-10 11448]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-6-19 52752]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-10-6 43944]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-6-22 54632]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]

=============== Created Last 30 ================

2010-09-20 16:15:24 40960 ----a-w- c:\windows\system32\ojfihyom.dll
2010-09-20 15:28:37 0 d-----w- c:\users\franco\appdata\roaming\Western Digital
2010-09-20 15:22:36 0 d-----w- c:\program files\Western Digital
2010-09-20 14:52:27 306 ----a-w- c:\users\franco\NetHood.lnk
2010-09-20 14:52:15 316 ----a-w- c:\users\franco\My Documents.lnk
2010-09-20 14:52:13 302 ----a-w- c:\users\franco\Music.lnk
2010-09-20 14:51:12 320 ----a-w- c:\users\franco\Local Settings.lnk
2010-09-20 14:51:07 302 ----a-w- c:\users\franco\Links.lnk
2010-09-20 14:14:43 310 ----a-w- c:\users\franco\Favorites.lnk
2010-09-20 14:14:40 310 ----a-w- c:\users\franco\Downloads.lnk
2010-09-20 14:14:35 310 ----a-w- c:\users\franco\Documents.lnk
2010-09-20 14:12:09 306 ----a-w- c:\users\franco\Desktop.lnk
2010-09-20 14:12:06 306 ----a-w- c:\users\franco\Cookies.lnk
2010-09-20 14:12:04 308 ----a-w- c:\users\franco\Contacts.lnk
2010-09-20 14:12:03 324 ----a-w- c:\users\franco\Application Data.lnk
2010-09-20 14:12:02 306 ----a-w- c:\users\franco\AppData.lnk
2010-09-20 14:12:00 296 ----a-w- c:\users\franco\...lnk
2010-09-20 14:11:56 294 ----a-w- c:\users\franco\..lnk
2010-09-20 14:04:24 262144 --sh--r- c:\users\franco\boeagomx.exe
2010-09-20 14:04:18 126 --sh--r- c:\users\franco\autorun.inf
2010-09-20 13:54:33 0 d-----w- c:\programdata\PC Tools
2010-09-20 13:47:08 262144 --sh--r- c:\users\franco\boeagom.exe
2010-09-19 03:16:36 72706 ----a-w- c:\programdata\g06un5RF.exe
2010-09-19 03:13:50 112 ----a-w- c:\programdata\nnd7Q8BW.dat
2010-09-19 03:12:34 745984 ----a-w- c:\windows\system32\dloCFA.dll
2010-09-19 03:12:34 0 ----a-w- c:\windows\system32\dloCFA.tmp
2010-09-19 02:58:49 133225728 ----a-w- c:\windows\MEMORY.DMP
2010-09-18 22:49:23 0 d-----w- c:\program files\GRETECH
2010-09-15 00:00:38 0 d-----w- c:\users\franco\Tracing
2010-09-14 21:06:22 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-14 21:05:50 0 d-----w- c:\users\franco\appdata\roaming\Dropbox
2010-09-08 20:51:59 0 d--h--w- c:\windows\AxInstSV
2010-09-02 21:38:21 0 d-----w- c:\users\franco\appdata\roaming\ooVoo Details
2010-09-02 21:37:55 0 d-----w- c:\program files\ooVoo
2010-08-27 22:25:39 0 d-----w- c:\program files\Conduit
2010-08-26 02:41:01 0 d-----w- c:\users\franco\appdata\roaming\Power Sound Editor Free
2010-08-26 02:39:28 522752 ----a-w- c:\windows\system32\NCTAudioTransform2.dll
2010-08-26 02:39:28 478208 ----a-w- c:\windows\system32\NCTAudioVisualization2.dll
2010-08-26 02:39:28 417792 ----a-w- c:\windows\system32\NCTTextToAudio2.dll
2010-08-26 02:39:28 348160 ----a-w- c:\windows\system32\NCTWMAFile2.dll
2010-08-26 02:39:28 113486 ----a-w- c:\windows\system32\NCTWMAProfiles.prx
2010-08-26 02:39:27 966144 ----a-w- c:\windows\system32\NCTAudioInformation2.dll
2010-08-26 02:39:27 467968 ----a-w- c:\windows\system32\NCTAudioRecord2.dll
2010-08-26 02:39:27 467456 ----a-w- c:\windows\system32\NCTAudioPlayer2.dll
2010-08-26 02:39:27 1986560 ----a-w- c:\windows\system32\NCTAudioFile2.dll
2010-08-26 02:39:26 634880 ----a-w- c:\windows\system32\NCTAudioEditor2.dll
2010-08-26 02:39:26 479744 ----a-w- c:\windows\system32\NCTAudioCDGrabber2.dll
2010-08-26 02:39:24 0 d-----w- c:\program files\Power Sound Editor Free
2010-08-25 01:44:08 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-25 01:41:08 0 d-----w- c:\programdata\Apple Computer
2010-08-25 01:39:07 0 d-----w- c:\program files\Bonjour
2010-08-25 01:38:35 0 d-----w- c:\programdata\Apple
2010-08-24 21:03:38 571904 ----a-w- c:\windows\system32\oleaut32.dll

==================== Find3M ====================

2010-09-19 03:12:27 35332 ----a-w- c:\windows\AsScrPro.exe
2010-09-19 03:11:54 35328 ----a-w- c:\windows\fonts\2bP78.com
2010-08-15 20:36:50 1506 ----a-w- c:\users\franco\appdata\roaming\wklnhst.dat
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-17 08:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 20:20:53 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-06-21 21:48:36 16384 --sha-w- c:\windows\temp\cookies\index.dat
2010-06-21 21:48:36 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2010-06-21 21:48:36 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 20:53:07.66 ===============

DDS log in normal mode:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Franco at 23:05:55.28 on Mon 09/20/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1014.206 [GMT -3:00]


============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\svchost.exe -k Akamai
C:\Windows\System32\AsusService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdateBeta.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.exe
C:\Users\Franco\AppData\Local\Temp\Tee.exe
C:\Users\Franco\AppData\Local\Temp\Tdx .exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431232
uDefault_Page_URL = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local
uWinlogon: Shell=c:\program files\asus\systemsetting\WallPaperAgent.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: : {89ea8c89-f143-45ba-bf3b-fbc4faad861c} - c:\windows\system32\dlocfa.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: ASUS Windows 7 Starter Helper: {d381ff29-7cfb-4d4e-b92a-c4eddc696614} - c:\program files\asus\systemsetting\StarterHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Google Update] "c:\users\franco\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr .exe" /background
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [uTorrent] "c:\program files\utorrent\uTorrent .exe"
uRun: [dtkuq] c:\users\franco\dtkuq.exe /L
uRun: [gaote] c:\users\franco\gaote.exe /W
uRun: [zegeh] c:\users\franco\zegeh.exe /T
uRun: [heuqoem] c:\users\franco\heuqoem.exe /M
uRun: [Metropolis] rundll32.exe c:\users\franco\appdata\local\temp\sshnas21.dll,GetHandle
uRun: [ASH24SXZ9S] c:\users\franco\appdata\local\temp\Ted .exe
uRun: [ciuon] c:\users\franco\ciuon.exe /k
uRun: [syvum] c:\users\franco\syvum.exe /u
uRun: [baowu] c:\users\franco\baowu.exe /n
uRun: [20W6RLKX65] c:\users\franco\appdata\local\temp\Tdx .exe
uRun: [tiedom] c:\users\franco\tiedom.exe /q
uRun: [reuege] c:\users\franco\reuege.exe /T
uRun: [ximit] c:\users\franco\ximit.exe /X
uRun: [boeagom] c:\users\franco\boeagom.exe /M
uRun: [vaime] c:\users\franco\vaime.exe /f
mRun: [ASUS Screen Saver Protector] c:\windows\AsScrPro.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe autorun
mRun: [LiveUpdate] AsusSender.exe c:\program files\asus\liveupdate\LiveUpdate.exe auto
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [HotkeyMon] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotKeyMon.exe
mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe
mRun: [SuperHybridEngine] AsusSender.exe c:\program files\eeepc\she\SuperHybridEngine.exe
mRun: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
mRun: [VizorHtmlDialog.exe] "c:\program files\trend micro\security\vizorhtmldialog.exe" "def" "eula" "c:\program files\trend micro\security\ui\pre_install_eula.html" "DEF" "DEF" "DEF"
mRun: [Trend Micro Client Framework] c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [OOBESetup] c:\program files\asus\ooberegbackup\ooberegbackup.exe /restore -"c:\program files\asus\ooberegbackup\OOBEReg.ini"
mRun: [Boingo Wi-Fi] "c:\program files\boingo\boingo wi-fi\Boingo.lnk"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APVXDWIN] "c:\program files\panda security\panda global protection 2011\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda global protection 2011\Inicio.exe"
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avldr - avldr.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

2 hrroufog;PCI Bus Controller
R? Amsp;Trend Micro Solution Platform
R? APPFLT;App Filter Plugin
R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? btusbflt;Bluetooth USB Filter
R? btwl2cap;Bluetooth L2CAP Service
R? DSAFLT;DSA Filter Plugin
R? FNETMON;NetMon Filter Plugin
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? IDSFLT;Ids Filter Plugin
R? NETFLTDI;Panda Net Driver [TDI Layer]
R? OberonGameConsoleService;Oberon Media Game Console service
R? Pavboot;Panda boot driver
R? WDC_SAM;WD SCSI Pass Thru driver
R? WNMFLT;Wifi Monitor Filter Plugin
S? Akamai;Akamai NetSession Interface
S? AsUpIO;AsUpIO
S? AsusService;Asus Launcher Service
S? GoogleUpdateBeta;Google Update Service
S? L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
S? NETIMFLT01060042;PANDA NDIS IM Filter Miniport v1.6.0.42
S? PavProc;Panda Process Protection Driver
S? PavPrSrv;Panda Process Protection Service
S? ShldDrv;Panda File Shield Driver
S? tmevtmgr;tmevtmgr
S? vwififlt;Virtual WiFi Filter Driver
S? vwifimp;Microsoft Virtual WiFi Miniport Service
S? WDDMService;WD SmartWare Drive Manager
S? WDSmartWareBackgroundService;WD SmartWare Background Service

============== File Associations ===============

JSEFile=c:\progra~1\pandas~1\pandag~1\PavScrip.exe "%1" %*
VBEFile=c:\progra~1\pandas~1\pandag~1\PavScrip.exe "%1" %*
VBSFile=c:\progra~1\pandas~1\pandag~1\PavScrip.exe "%1" %*

=============== Created Last 30 ================

2010-09-21 02:02:03 262144 --sh--r- c:\users\franco\vaime.exe
2010-09-21 02:01:50 83456 ----a-w- c:\users\franco\sbnat.exe
2010-09-21 02:01:50 143360 ----a-w- c:\users\franco\vanat.exe
2010-09-21 02:01:50 126976 ----a-w- c:\users\franco\cbnat.exe
2010-09-21 02:01:49 350227 ----a-w- c:\users\franco\kiehaw.exe
2010-09-20 16:15:24 40960 ----a-w- c:\windows\system32\ojfihyom.dll
2010-09-20 15:28:37 0 d-----w- c:\users\franco\appdata\roaming\Western Digital
2010-09-20 15:22:36 0 d-----w- c:\program files\Western Digital
2010-09-20 14:52:27 306 ----a-w- c:\users\franco\NetHood.lnk
2010-09-20 14:52:15 316 ----a-w- c:\users\franco\My Documents.lnk
2010-09-20 14:52:13 302 ----a-w- c:\users\franco\Music.lnk
2010-09-20 14:51:12 320 ----a-w- c:\users\franco\Local Settings.lnk
2010-09-20 14:51:07 302 ----a-w- c:\users\franco\Links.lnk
2010-09-20 14:14:43 310 ----a-w- c:\users\franco\Favorites.lnk
2010-09-20 14:14:40 310 ----a-w- c:\users\franco\Downloads.lnk
2010-09-20 14:14:35 310 ----a-w- c:\users\franco\Documents.lnk
2010-09-20 14:12:09 306 ----a-w- c:\users\franco\Desktop.lnk
2010-09-20 14:12:06 306 ----a-w- c:\users\franco\Cookies.lnk
2010-09-20 14:12:04 308 ----a-w- c:\users\franco\Contacts.lnk
2010-09-20 14:12:03 324 ----a-w- c:\users\franco\Application Data.lnk
2010-09-20 14:12:02 306 ----a-w- c:\users\franco\AppData.lnk
2010-09-20 14:12:00 296 ----a-w- c:\users\franco\...lnk
2010-09-20 14:11:56 294 ----a-w- c:\users\franco\..lnk
2010-09-20 14:04:24 262144 --sh--r- c:\users\franco\boeagomx.exe
2010-09-20 14:04:18 126 --sh--r- c:\users\franco\autorun.inf
2010-09-20 13:54:33 0 d-----w- c:\programdata\PC Tools
2010-09-19 03:16:36 72706 ----a-w- c:\programdata\g06un5RF.exe
2010-09-19 03:13:50 112 ----a-w- c:\programdata\nnd7Q8BW.dat
2010-09-19 03:12:34 745984 ----a-w- c:\windows\system32\dloCFA.dll
2010-09-19 03:12:34 0 ----a-w- c:\windows\system32\dloCFA.tmp
2010-09-19 02:58:49 166465432 ----a-w- c:\windows\MEMORY.DMP
2010-09-18 22:49:23 0 d-----w- c:\program files\GRETECH
2010-09-15 00:00:38 0 d-----w- c:\users\franco\Tracing
2010-09-14 21:06:22 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-14 21:05:50 0 d-----w- c:\users\franco\appdata\roaming\Dropbox
2010-09-08 20:51:59 0 d--h--w- c:\windows\AxInstSV
2010-09-02 21:38:21 0 d-----w- c:\users\franco\appdata\roaming\ooVoo Details
2010-09-02 21:37:55 0 d-----w- c:\program files\ooVoo
2010-08-27 22:25:39 0 d-----w- c:\program files\Conduit
2010-08-26 02:41:01 0 d-----w- c:\users\franco\appdata\roaming\Power Sound Editor Free
2010-08-26 02:39:28 522752 ----a-w- c:\windows\system32\NCTAudioTransform2.dll
2010-08-26 02:39:28 478208 ----a-w- c:\windows\system32\NCTAudioVisualization2.dll
2010-08-26 02:39:28 417792 ----a-w- c:\windows\system32\NCTTextToAudio2.dll
2010-08-26 02:39:28 348160 ----a-w- c:\windows\system32\NCTWMAFile2.dll
2010-08-26 02:39:28 113486 ----a-w- c:\windows\system32\NCTWMAProfiles.prx
2010-08-26 02:39:27 966144 ----a-w- c:\windows\system32\NCTAudioInformation2.dll
2010-08-26 02:39:27 467968 ----a-w- c:\windows\system32\NCTAudioRecord2.dll
2010-08-26 02:39:27 467456 ----a-w- c:\windows\system32\NCTAudioPlayer2.dll
2010-08-26 02:39:27 1986560 ----a-w- c:\windows\system32\NCTAudioFile2.dll
2010-08-26 02:39:26 634880 ----a-w- c:\windows\system32\NCTAudioEditor2.dll
2010-08-26 02:39:26 479744 ----a-w- c:\windows\system32\NCTAudioCDGrabber2.dll
2010-08-26 02:39:24 0 d-----w- c:\program files\Power Sound Editor Free
2010-08-25 01:44:08 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-25 01:41:08 0 d-----w- c:\programdata\Apple Computer
2010-08-25 01:39:07 0 d-----w- c:\program files\Bonjour
2010-08-25 01:38:35 0 d-----w- c:\programdata\Apple
2010-08-24 21:03:38 571904 ----a-w- c:\windows\system32\oleaut32.dll

==================== Find3M ====================

2010-09-19 03:12:27 35332 ----a-w- c:\windows\AsScrPro.exe
2010-09-19 03:11:54 35328 ----a-w- c:\windows\fonts\2bP78.com
2010-08-15 20:36:50 1506 ----a-w- c:\users\franco\appdata\roaming\wklnhst.dat
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-17 08:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 20:20:53 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-06-21 21:48:36 16384 --sha-w- c:\windows\temp\cookies\index.dat
2010-06-21 21:48:36 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2010-06-21 21:48:36 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 23:27:28.17 ===============


I am attaching the DDS file (attach= from safe mode and attach2=current), the Panda log and a PTCView log (from normal mode not safe)

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:36 PM

Posted 27 September 2010 - 09:14 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 cami f

cami f
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 30 September 2010 - 03:59 PM

Sorry. I just realized that you had answered, I had checked everyday since I posted it, but stopped two days ago. I can't run the scan in OTL, the program opens but once I press run scan nothing happens and then I can't close the program without using the task manager.





















extra.txt :


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:36 PM

Posted 01 October 2010 - 04:25 AM

Hi,


could you please try to run gmer then:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:36 PM

Posted 16 October 2010 - 04:08 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users