Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is it clean?


  • Please log in to reply
17 replies to this topic

#1 LordSoren

LordSoren

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 11 March 2014 - 09:29 PM

Good evening,

 

A friend of mine got a call from "microsoft" yesterday and they installed he gave them access to his  computer over the internet.  They installed "AVAST free antivirus" and "Malwarebytes" onto the computer before the call ended and he stopped using the computer.  He disconnected the computer shortly after realizing his mistake.  

 

I have run a few antivirus programs from a linux boot CD and they seem to think the computer is clean but I would like to get a second opinion it thats possible.  The utilities I have used are "AVG Rescue", "BitDefender Rescue" and "Kaspersky Rescue" from a boot disk created on a different machine using SARDU.

 

Thanks for any advice in advanced.



BC AdBot (Login to Remove)

 


m

#2 LordSoren

LordSoren
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 11 March 2014 - 09:31 PM

Sorry I forgot to mention that I also used BitDefender's online chrome plugin and it also said the computer was clean.



#3 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:38 AM

Posted 11 March 2014 - 10:29 PM

I have run a few antivirus programs from a linux boot CD

Why and also we are talking about computer of your friend or yours?



#4 LordSoren

LordSoren
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 11 March 2014 - 11:02 PM

Everything was on my friend's computer and I used the linux boot CD because at first he said the computer was "hijacked" which I thought meant one of those viruses that actually prevents you from even booting into windows - a screen that tell you to call some overseas number to give them your credit card so they can unlock the computer.

 

My computer seems is fine and is running BitDefender 2014 IS.



#5 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,589 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:38 PM

Posted 11 March 2014 - 11:10 PM

Please run these in the order provided.

 

 

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

 

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool,  If you get a message that RKill is an infection, do not be concerned. This message is just a fake warning given by the infection when it terminates programs that may potentially remove it. If you run into these infections warnings that close RKill, a trick is to leave the warning on the screen and then run RKill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that RKill can terminate the Infection that we are attempting to get rid of. So, please try running RKill until the malware is no longer running. You will then be able to proceed with the rest of the guide. Do not reboot your computer after running RKill as the malware programs will start again.


rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

* Double-click on the Rkill desktop icon to run the tool.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

 

 

 

Please Download  AdwCleaner


    NOTE : Please close or save all work, as the computer will be Rebooted
    Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
    Click on the Scan button. (only once)
    AdwCleaner will begin...be patient as the scan may take some time to complete.
    After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review. 
    Next: Click on the Clean button (only once) to remove the selected items.
    You will receive a message telling you that all programs will be close so that the infections can be removed.
    Click on OK, and then OK again to confirm the reboot.
    When cleaning process is complete a log (AdwCleaner[S0].txt ) of what was removed will be on your desktop.
    Please copy and the paste this log in your next post.

    A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

 

 

 

 

 

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

 

and last of all...(this scan may take 2 hours +....go find something to do....)

 

Please scan your computer with ESET Online Scanner
Disable active Antivirus and Antimalware programs How To Temporarily Disable Your Anti-virusHow To Temporarily Disable Your Anti-virus
This scan is best performed with Internet Explorer, as it uses ActiveX
If you will not use Internet Explorer, then please read item 3 in this post
1 - Open Internet Explorer and hold down Control (Ctrl) key and click on This Link  to open ESET OnlineScan in a new window.
2 - Click the ESET Online Scanner button.
3 - For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
a - Click on eset.exe  to download the ESET Smart Installer. Save it to your desktop.
b - Double click on the  icon on your desktop.
4 - Check "YES, I accept the Terms of Use."
5 - Click the Start button.
6 - Accept any security warnings from your browser.
7 - Under scan settings, check "Scan Archives" and "Remove found threats"
8 - Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology
9 - ESET will then download updates for itself, install itself, and begin scanning your computer.
10 - Please be patient as this will take some time (first time scans are always longer).
11 - When the scan completes, click List Threats
12 - Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
13 - Click the Back button and then Click the Finish button.
NOTE:Sometimes if ESET finds no infections it will not create a log.
If you lose the log it can be found at C:\Program Files\ESET\EsetOnlineScanner\log.txt
If no infections are found then please tell me -
You can ignore any ESET detection of AdwCleaner...it is a false positive detection.


Condobloke

Outback Australian  

 

fed up with Windows antics...??

 

LINUX IS THE ANSWER

 

I USE LINUX MINT 18.3  EXCLUSIVELY.

 Failure is not an option. It comes bundled with your Microsoft product.

 

Success is not Final, Failure is not Fatal,

 

It is the Courage to Continue that Counts.

W.C. 4th June 1940

 

 

 


#6 LordSoren

LordSoren
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 12 March 2014 - 12:13 AM

----- checkup.txt -----

 Results of screen317's Security Check version 0.99.80  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 51  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Google Chrome 33.0.1750.117  
 Google Chrome 33.0.1750.146  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 
----- AdwCleaner[S0].txt -----

# AdwCleaner v3.021 - Report created 12/03/2014 at 00:46:48
# Updated 10/03/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : The Browns - BROWNS
# Running from : C:\Users\The Browns\Downloads\New folder\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\sweetpacks bundle uninstaller
Folder Deleted : C:\Users\The Browns\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Google Chrome v33.0.1750.146
 
[ File : C:\Users\The Browns\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1173 octets] - [12/03/2014 00:44:04]
AdwCleaner[S0].txt - [1031 octets] - [12/03/2014 00:46:48]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1091 octets] ##########
 
 
----- JRT log -----
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Professional x64
Ran by The Browns on 2014-03-12 at  1:02:07.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014-03-12 at  1:06:54.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
----- ESET -----
 
I'll run this overnight and post the results in about 8 hours.


#7 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,589 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:38 PM

Posted 12 March 2014 - 01:01 AM

RKill ??    You missed it.  Leave it for now, we will run it later, accompanied by another scan.

 

Update ADOBE Reader
 http://get.adobe.com/reader/otherversions/   Untick the unnecessary McAfee Security Scan

OR.....install a 'lighter' reader such as Foxit :: http://www.foxitsoftware.com/downloads/....be SURE not to install any "Ask" crap....do a custom install and be aware of what you are agreeing to when you click ' next '


Condobloke

Outback Australian  

 

fed up with Windows antics...??

 

LINUX IS THE ANSWER

 

I USE LINUX MINT 18.3  EXCLUSIVELY.

 Failure is not an option. It comes bundled with your Microsoft product.

 

Success is not Final, Failure is not Fatal,

 

It is the Courage to Continue that Counts.

W.C. 4th June 1940

 

 

 


#8 LordSoren

LordSoren
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 12 March 2014 - 10:05 AM

I did run rKill but didn't see a request for a log.

 

----- rKill.txt ------

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/12/2014 12:41:02 AM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\DAODx.exe (PID: 1284) [WD-HEUR]
 * C:\Windows\SysWOW64\ASGT.exe (PID: 2056) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 03/12/2014 12:41:16 AM
Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)

 

----- ESET Threats ------

 

C:\Users\The Browns\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GK8CYOP8\stubinst_pkg_en-us[1].cab Win32/OpenCandy potentially unsafe application deleted - quarantined
C:\Users\The Browns\AppData\Local\Temp\mpb6802.tmp.exe Win32/MyPCBackup.A potentially unwanted application deleted - quarantined
C:\Users\The Browns\AppData\Local\Temp\nsw36BC.tmp\BunndleOfferManager.dll a variant of Win32/Bunndle potentially unsafe application deleted - quarantined
C:\Users\The Browns\AppData\Local\Temp\nsw36BC.tmp\OCSetupHlp.dll Win32/OpenCandy potentially unsafe application deleted - quarantined
C:\Users\The Browns\AppData\Local\Temp\nsw36BC.tmp\wajam_validate.exe a variant of Win32/Wajam.F potentially unwanted application deleted - quarantined
C:\Users\The Browns\Desktop\OLD COMPUTER FILES\Browns Documents\Downloads\spsetup117.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
C:\Users\The Browns\Desktop\OLD COMPUTER FILES\My Documents\Downloads\cbsidlm-cbsi134-Magical_Jelly_Bean_Keyfinder-ORG-10079600.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
C:\Users\The Browns\Desktop\OLD COMPUTER FILES\My Documents\Downloads\Produtools_Manuals_2_1 (1).exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
C:\Users\The Browns\Desktop\OLD COMPUTER FILES\My Documents\Downloads\Produtools_Manuals_2_1 (2).exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
C:\Users\The Browns\Desktop\OLD COMPUTER FILES\My Documents\Downloads\Produtools_Manuals_2_1.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
C:\Users\The Browns\Desktop\OLD COMPUTER FILES\My Documents\Downloads\Produtools_Manuals_2_1_B2.exe Win32/Conduit.SearchProtect.J potentially unwanted application deleted - quarantined
C:\Users\The Browns\Desktop\OLD COMPUTER FILES\My Documents\Downloads\spsetup117.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
C:\Users\The Browns\Downloads\Kobo_Desktop_TSV311MM8.exe a variant of Win32/Wajam.F potentially unwanted application deleted - quarantined
C:\Users\The Browns\Downloads\OffercastInstaller_AVR_U-0087-01-PlateauLines-0805-01-en_ (1).exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined
C:\Users\The Browns\Downloads\OffercastInstaller_AVR_U-0087-01-PlateauLines-0805-01-en_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined
C:\Users\The Browns\Downloads\UTPlayer.exe Win32/InstallMonetizer.AN potentially unwanted application deleted - quarantined

 

 

 

----- Adobe -----

 

Installing now
 



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:38 AM

Posted 12 March 2014 - 12:29 PM

...A friend of mine got a call from "microsoft" yesterday...


Cybercriminals often use the names of well-known companies, like ours, in their scams. They think it will convince you to give them money or your personal information. While they usually use email to trick you, they sometimes use the telephone, instead....We do not send unsolicited email messages or make unsolicited phone calls to request personal or financial information or fix your computer. If you receive an unsolicited email message or phone call that purports to be from Microsoft and requests that you send personal information or click links, delete the message or hang up the phone. Microsoft does not make unsolicited phone calls to help you fix your computer.

Avoid scams that use the Microsoft name fraudulently

Microsoft will not make unsolicited phone calls to help you with your computer. If you receive a phone call like this, hang up.

Don’t fall for phony phone tech support

Cybercriminals don't just send fraudulent email messages and set up fake websites. They might also call you on the telephone and claim to be from Microsoft. They might offer to help solve your computer problems or sell you a software license...Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes...Do not trust unsolicited calls. Do not provide any personal information.

Avoid tech support phone scams: What you need to know

...it's a scam. Microsoft doesn't call people because of errors on their computer. Neither do ISPs, security companies, or pretty much anyone else who might claim some role of internet authority or otherwise...

Ask Leo: I got a call from Microsoft and allowed them access to my computer. What do I do now?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,589 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:38 PM

Posted 12 March 2014 - 03:10 PM

You are quite right !....I did not request a log.......will fix that shortly.

 

Just two more....both are relatively quick....

 

(if you already have MalwareBytes installed, please update it, and then run it )

 

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from  http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

 

 

 

Download  MiniToolBox MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
•Flush DNS
•Report IE Proxy Settings
•Reset IE Proxy Settings
•Report FF Proxy Settings
•Reset FF Proxy Settings
•List content of Hosts
•List IP configuration
•List last 10 Event Viewer log
•List Installed Programs
•List Users, Partitions and Memory size.
•List Minidump Files
 
Click Go and copy / paste the result (Result.txt).


Condobloke

Outback Australian  

 

fed up with Windows antics...??

 

LINUX IS THE ANSWER

 

I USE LINUX MINT 18.3  EXCLUSIVELY.

 Failure is not an option. It comes bundled with your Microsoft product.

 

Success is not Final, Failure is not Fatal,

 

It is the Courage to Continue that Counts.

W.C. 4th June 1940

 

 

 


#11 LordSoren

LordSoren
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 12 March 2014 - 05:23 PM

----- Malwarebytes -----
Database version: v2014.03.12.11
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
The Browns :: BROWNS [administrator]
 
Protection: Disabled
 
2014-03-12 5:05:05 PM
mbam-log-2014-03-12 (17-05-05).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219587
Time elapsed: 2 minute(s), 27 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 1
C:\Users\The Browns\AppData\Local\Temp\CT3323737 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
 
Files Detected: 1
C:\Users\The Browns\AppData\Local\Temp\CT3323737\ddt.csf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
 
(end)
 
----- result.txt -----
 
MiniToolBox by Farbar  Version: 23-01-2014
Ran by The Browns (administrator) on 12-03-2014 at 18:21:35
Running from "C:\Users\The Browns\Downloads\New folder"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Browns
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : gateway.2wire.net
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : gateway.2wire.net
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : AC-22-0B-82-85-4F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::4b3:8ca:4ba5:bec2%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.199(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : March-12-14 3:19:35 AM
   Lease Expires . . . . . . . . . . : March-15-14 5:00:55 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 246161931
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-40-71-C8-AC-22-0B-82-85-4F
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.gateway.2wire.net:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : gateway.2wire.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:24b2:3788:3f57:fe38(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::24b2:3788:3f57:fe38%13(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  home
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2607:f8b0:400b:806::1004
 184.150.153.103
 184.150.153.88
 184.150.153.114
 184.150.153.93
 184.150.153.84
 184.150.153.98
 184.150.153.118
 184.150.153.113
 184.150.153.89
 184.150.153.108
 184.150.153.119
 184.150.153.94
 184.150.153.104
 184.150.153.109
 184.150.153.99
 184.150.153.123
 
 
Pinging google.com [184.150.153.103] with 32 bytes of data:
Reply from 184.150.153.103: bytes=32 time=19ms TTL=59
Reply from 184.150.153.103: bytes=32 time=16ms TTL=59
 
Ping statistics for 184.150.153.103:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 16ms, Maximum = 19ms, Average = 17ms
Server:  home
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=52ms TTL=49
Reply from 98.139.183.24: bytes=32 time=45ms TTL=49
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 45ms, Maximum = 52ms, Average = 48ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...ac 22 0b 82 85 4f ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.199     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.199    266
    192.168.1.199  255.255.255.255         On-link     192.168.1.199    266
    192.168.1.255  255.255.255.255         On-link     192.168.1.199    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.199    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.199    266
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 13     58 2001::/32                On-link
 13    306 2001:0:9d38:6ab8:24b2:3788:3f57:fe38/128
                                    On-link
 11    266 fe80::/64                On-link
 13    306 fe80::/64                On-link
 11    266 fe80::4b3:8ca:4ba5:bec2/128
                                    On-link
 13    306 fe80::24b2:3788:3f57:fe38/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    306 ff00::/8                 On-link
 11    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (03/12/2014 09:08:49 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (03/12/2014 09:08:46 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (03/12/2014 03:50:01 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (03/12/2014 03:49:14 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
 
Error: (03/12/2014 03:20:56 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (03/12/2014 03:00:17 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
 
Microsoft Office Sessions:
=========================
 
=========================== Installed Programs ============================
 
Adobe Flash Player 11 ActiveX (Version: 11.3.300.268)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
AI Suite II (Version: 2.01.01)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Fuel (Version: 2012.0928.1532.26058)
AMD VISION Engine Control Center (Version: 2012.0928.1532.26058)
Asmedia ASM104x USB 3.0 Host Controller Driver (Version: 1.14.8.0)
ASUS Boot Setting (Version: 1.00.09)
ASUS GPU Tweak (Version: 2.2.9.3)
avast! Free Antivirus (Version: 9.0.2013)
Avery Wizard 5.0 (Version: 5.0.3)
BufferChm (Version: 140.0.298.000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Localization All (Version: 2012.0928.1532.26058)
Catalyst Control Center Profiles Desktop (Version: 2012.0928.1532.26058)
CCC Help English (Version: 2012.0928.1531.26058)
ccc-utility64 (Version: 2012.0928.1532.26058)
CPUID ASUS CPU-Z 1.61 (Version: 1.61)
Destinations (Version: 140.0.0.0)
Disk Unlocker (Version: 2.1.3)
DocProc (Version: 140.0.185.000)
ESET Online Scanner v3
Google Chrome (Version: 33.0.1750.146)
Google Update Helper (Version: 1.3.22.5)
HP Imaging Device Functions 14.5 (Version: 14.5)
HP Scanjet G3110 (Version: 14.5)
HP Update (Version: 5.005.000.002)
hpg3110 (Version: 140.000.000.000)
HydraVision (Version: 4.2.242.0)
Java 7 Update 51 (Version: 7.0.510)
Java Auto Updater (Version: 2.1.9.8)
Kobo (Version: 2.1.7)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
OCR Software by I.R.I.S. 14.5 (Version: 14.5)
QuickBooks (Version: 23.0.4012.2305)
QuickBooks Pro 2013 (Version: 23.0.4012.2305)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.5)
Realtek Ethernet Controller Driver (Version: 7.61.612.2012)
Realtek High Definition Audio Driver (Version: 6.0.1.6699)
RealUpgrade 1.1 (Version: 1.1.0)
Scan (Version: 14.0.1.0)
TurboTax 2013 (Version: 1.00.0000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.30729)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (Version: 1)
WebReg (Version: 140.0.297.017)
Windows Driver Package - Hewlett-Packard Image  (05/15/2008 11.5.0.116) (Version: 05/15/2008 11.5.0.116)
WinZip 17.0 (Version: 17.0.10283)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 15%
Total physical RAM: 16284.25 MB
Available physical RAM: 13823.41 MB
Total Pagefile: 32566.67 MB
Available Pagefile: 29411.64 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.92 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:931.41 GB) (Free:815.06 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\BROWNS
 
Administrator            Guest                    The Browns               
 
========================= Minidump Files ==================================
 
No minidump file found
 
 
**** End of log ****
 


#12 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,589 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:38 PM

Posted 13 March 2014 - 04:25 AM

Remove Avast !

 

How to uninstall our software using avastclear:
  1. Download avastclear.exe on your desktop
  2. Start Windows in Safe Mode
  3. Open (execute) the uninstall utility
  4. If you installed avast! in a different folder than the default, browse for it. (Note: Be careful! The content of any folder you choose will be deleted!)
  5. Click REMOVE
  6. Restart your computer

Look in your add/remove programs area for::

Avery Wizard      Do you know this program?....if not...remove it

Destinations        Do you know this program.....if not remove it

Scan (Version: 14.0.1.0)     do you know this program....if not, remove it

 

 

In your opening statement you said   "They installed "AVAST free antivirus" and "Malwarebytes" onto the computer before the call ended and he stopped using the computer.  He disconnected the computer shortly after realizing his mistake.  "

Does this mean that "they" actually TOOK CONTROL of the computer......that they actually had control of the computer via a 'remote' program where they could control the mouse movements etc etc ????.......(a program such as "LogMeIn" is quite often used)...

 

I would counsel you to read quiteman7's post......in particular   ::

What to do if you already gave information to a tech support person

If you think that you might have downloaded malware from a phone tech support scam website or allowed a cybercriminal to access your computer, take these steps:

  • Change your computer's password, change the password on your main email account, and change the password for any financial accounts, especially your bank and credit card.

 

Also look in the extensions for the Chrome browser to see if anything unusual or unknown is present there.

 

How is the computer running now...??/...We have removed a lot of malware ,pups,etc etc....but none of this was due to the 'microsoft" people...

 

Also run TFC for me...this will just tidy up general clutter.

 

Please download TFC, or Temp File CleanerTFC, by Old Timer
Usage Instructions:

Download TFC from the download link above and save the file on your desktop.
Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
Double-click on the TFC icon.
When the program opens, click on the Start button. TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
When done, press OK and reboot your computer and finish the cleanup.

 

 

 


Condobloke

Outback Australian  

 

fed up with Windows antics...??

 

LINUX IS THE ANSWER

 

I USE LINUX MINT 18.3  EXCLUSIVELY.

 Failure is not an option. It comes bundled with your Microsoft product.

 

Success is not Final, Failure is not Fatal,

 

It is the Courage to Continue that Counts.

W.C. 4th June 1940

 

 

 


#13 LordSoren

LordSoren
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 13 March 2014 - 09:40 AM

----- AVAST! -----

Removed without trouble

 

----- Installed Programs -----

Avery Wizard      Do you know this program?....if not...remove it  -- Recognized and retained

Destinations        Do you know this program.....if not remove it  -- Not found in Add/Remove programs?  It goes from CPUID ASUS CPU-Z 1.61 to Disk Unlocker with nothing between.

Scan (Version: 14.0.1.0)     do you know this program....if not, remove it  -- Recognized and retained

 

----- Remote Access -----

As I was not present when the computer was compromised, I can only go off what my friend mentioned to me and thats what he said to me.  I found TightVNC running on the computer and have changed the passwords - Both Primary and View-Only - on that application, knowing that it is a remote viewing/administration program.  The program runs on every startup but doesn't have an entry in the start menu (eg: startup) so I assume it is launched in the registry on startup.

 

Passwords have been reset, credit card and banking companies have been informed already.  This was done even before he contacted me.

 

----- General -----

The computer in general is running fine and seems to have been preforming well even when I first started it up.  I have not witnessed any malicious or questionable actions take place on the computer.  Chrome extensions seem normal:

  • BitDefender Quickscan 0.9.9.140 (I installed this)
  • Google Docs 0.5
  • Google Mail Checker 4.4.0
  • Outlook.com Notifier 0.2


#14 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,589 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:38 PM

Posted 13 March 2014 - 05:14 PM

I think we can safely assume you have TightVnc version 2....

 

Create a registry backup using Erunt.

Please Download ::   ERUNT

This will make a backup of your Registry.

 

Then...follow the procedure here : (http://www.tightvnc.com/faq.php#uninstall)

Uninstall procedure for TightVNC versions 2.x:
  1. Log in as an Administrator (or as a user with similar permissions).
  2. If TightVNC Server is running, close it. If it is running but not showing the tray icon, choose Process Manager, locate all tvnserver.exe process and shutdown each one of them.
  3. If TightVNC Server was registered as a system service, unregister it.. 

    THIS will help with UNREGISTERING the TightVNC Server

  4. Remove the whole \Program Files\TightVNC directory (or wherever TightVNC was installed).
  5. Remove all TightVNC shortcuts from the Start\All Programs menu.
  6. Remove the settings from the registry if desired. The settings can be found in HKEY_LOCAL_MACHINE\Software\TightVNC and/or HKEY_CURRENT_USER\Software\TightVNC

 

 

Let me know how it goes.

 

 


Condobloke

Outback Australian  

 

fed up with Windows antics...??

 

LINUX IS THE ANSWER

 

I USE LINUX MINT 18.3  EXCLUSIVELY.

 Failure is not an option. It comes bundled with your Microsoft product.

 

Success is not Final, Failure is not Fatal,

 

It is the Courage to Continue that Counts.

W.C. 4th June 1940

 

 

 


#15 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,589 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:38 PM

Posted 17 March 2014 - 06:33 PM

G'day....are you having any problems......or perhaps you have elected to leave the machine as is...??

 

Let me know please.


Condobloke

Outback Australian  

 

fed up with Windows antics...??

 

LINUX IS THE ANSWER

 

I USE LINUX MINT 18.3  EXCLUSIVELY.

 Failure is not an option. It comes bundled with your Microsoft product.

 

Success is not Final, Failure is not Fatal,

 

It is the Courage to Continue that Counts.

W.C. 4th June 1940

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users