• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
crom

just cant seem to get rid of that hijack

5 posts in this topic

for a couple of weeks i've been having consistent problems with a hijack.

ok this is what happens.

 

i start IE, my home pge is redirected, i get 1 instant pop up then another a little later. if i search on google i get an extra page from some dodgy search engine.

 

so i think it looks a bit like a CWS hijack. so i run CWS shredder, nothing showing up. it says im clean. so i run adaware. it tells me i have got a CWS infection. so i remove it using adaware. it doesnt get rid of it ( though it says it has), so i stop the .exe process using the task manager and run adaware again, that gets it. i then run a hijack this scan and remove what i think are the dodgy files and reboot, when i reconnect to the net, first time no problem, second time i open IE it's back. adaware shows up the cws infection but each time ive done this( about 10) the registy entries which return are different and the sys 32 .exe process is also different.

 

clearly im missing something, i'm no expert so possibly im not cleaning it off properly. or perhaps it has simply replicated all over my machine. i've been having problems with hangs, cpu use overloads, crashed programs, particularly IE and bearshare. i also can't open notepad from the desktop. so if anyone can advise me i'd be grateful.

 

this is my present hijack this log:

 

 

 

Scan saved at 1:37:57 PM, on 7/8/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\crypserv.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\RegSrvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\system32\ZCfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\HP\HP Software Update\HPWuSchd.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE

C:\Program Files\Logitech\ImageStudio\LogiTray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\sysqm32.exe

C:\WINDOWS\System32\klugvanz.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\system32\addqn32.exe

C:\Program Files\BearShare\BearShare.exe

C:\Program Files\BearShare\BearShare.exe

C:\PROGRA~1\BEARSH~2\BEARSH~1.EXE

C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\gray crampton\Desktop\tools\hjt\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\biswm.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://biswm.dll/index.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://biswm.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\biswm.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://biswm.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\biswm.dll/sp.html#96676

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = https://blueadit.bluewin.ch/adsl/router/index_e.html

O2 - BHO: (no name) - {8F3C4101-454D-4602-8817-B42AA1A3B9D4} - C:\WINDOWS\system32\ntxi32.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\Windows Registry Repair Pro.exe -X

O4 - HKLM\..\Run: [sysqm32.exe] C:\WINDOWS\system32\sysqm32.exe

O4 - HKLM\..\Run: [pspuppupw] C:\WINDOWS\System32\klugvanz.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKLM\..\RunOnce: [apihv.exe] C:\WINDOWS\apihv.exe

O4 - HKLM\..\RunOnce: [addyt.exe] C:\WINDOWS\addyt.exe

O4 - HKLM\..\RunOnce: [appgz.exe] C:\WINDOWS\appgz.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...dia/zoomviewer/

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5...b?1078108027151

O16 - DPF: {1E8E209A-6120-4EF1-B0B6-A65191D905B9} (CInstallManager Class) - http://www.stream-it.bluewin.ch/Installs/InstallManager.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://www.smgradio.com/core/player/abasetup144.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

 

 

i think, in fact im sure that the following are connected to my problem:

 

C:\WINDOWS\system32\addqn32.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\biswm.dll/sp.html#96676

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://biswm.dll/index.html#96676

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://biswm.dll/index.html#96676

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\biswm.dll/sp.html#96676

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://biswm.dll/index.html#96676

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\biswm.dll/sp.html#96676

 

O2 - BHO: (no name) - {8F3C4101-454D-4602-8817-B42AA1A3B9D4} - C:\WINDOWS\system32\ntxi32.dll

 

 

clearly there must be more. or at leat some process i'm missing. please help. i read somewhere that the reason i'm vulnerable to this is because of ms java, which i understand is no longer supported. if this is so then help to disable r remove it in order to secure the vulnerability would be very useful.

Share this post


Link to post
Share on other sites

Here's how to fix it:

 

Download About:buster from http://downloads.subratam.org/AboutBuster.zip and unzip it to your desktop.

 

Click here for instructions on how to boot into safe mode.

 

Boot up in safe mode.

 

Run About:buster, click OK, Start, and OK again to start the scan. Let it scan and fix everything it finds.

 

Reboot your computer in normal mode.

 

Post a new log.

 

If you are using HJT 1.97.7, download the latest version (1.98.0) before posting your new log.

Share this post


Link to post
Share on other sites

hi, thanks for the help.

i take it tht all the .dll and .dat entries removed by about buster were copies set to mug my browser again. if you could explain it to me i'd be grateful. the new log is below, these are the ones i'm eyeing for removal. any more advice you can give me would be greatly appreciated, particularly about the vulnerability which allowed this pest to get me

 

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {8F3C4101-454D-4602-8817-B42AA1A3B9D4} - C:\WINDOWS\system32\ntxi32.dll (file missing)

 

 

Scan saved at 2:31:29 PM, on 7/8/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\crypserv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\RegSrvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\ZCfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\HP\HP Software Update\HPWuSchd.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE

C:\Program Files\Logitech\ImageStudio\LogiTray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\klugvanz.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe

C:\Documents and Settings\gray crampton\Desktop\HijackThis.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Messenger\msmsgs.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://blueadit.bluewin.ch/adsl/router/index_e.html

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {8F3C4101-454D-4602-8817-B42AA1A3B9D4} - C:\WINDOWS\system32\ntxi32.dll (file missing)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\Windows Registry Repair Pro.exe -X

O4 - HKLM\..\Run: [pspuppupw] C:\WINDOWS\System32\klugvanz.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...dia/zoomviewer/

O16 - DPF: {1E8E209A-6120-4EF1-B0B6-A65191D905B9} (CInstallManager Class) - http://www.stream-it.bluewin.ch/Installs/InstallManager.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab

O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://www.smgradio.com/core/player/abasetup144.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll

Share this post


Link to post
Share on other sites

That's a lot better, but there's still some more stuff to fix.

 

First I recommend you put Hijackthis in it's own folder, otherwise it will scatter backups all over your desktop.

 

Run Hijackthis and Scan again. Put a check (tick) against the following items:

 

R3 - Default URLSearchHook is missing

 

O2 - BHO: (no name) - {8F3C4101-454D-4602-8817-B42AA1A3B9D4} - C:\WINDOWS\system32\ntxi32.dll (file missing)

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

 

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

 

O4 - HKLM\..\Run: [pspuppupw] C:\WINDOWS\System32\klugvanz.exe

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

 

Close all windows apart from Hijackthis and click "Fix Checked".

 

Reboot your computer.

 

Find and delete this file: C:\WINDOWS\System32\klugvanz.exe (You may need to show hidden files and folders see

here for details.)

 

When you've done all that, post a new Hijackthis log.

 

 

i take it tht all the .dll and .dat entries removed by about buster were copies set to mug my browser again.

That's right.

 

any more advice you can give me would be greatly appreciated, particularly about the vulnerability which allowed this pest to get me

I'll try and dig up some more info for you now. :)

Edited by expertec

Share this post


Link to post
Share on other sites
The latest and greatest nuisance on the Internet, the browser hijacker that won't stop, the trojan from hell... name it what you want, but fact is that a company naming itself 'Coolwebsearch' (CWS) is producing a quickly growing strain of trojans that exploit a hole in the Microsoft Java VM, and change your homepage.

 

You need to remove the MS Java VM, and replace it with sun Java see http://www.spywareinfo.com/~merijn/uninstmsjava.html for more info.

 

Read the article at http://www.spywareinfo.com/articles/hijacked/prevent.php to prevent yourself being Hijacked in future.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0