Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan On Computer


  • This topic is locked This topic is locked
4 replies to this topic

#1 bobbylight

bobbylight

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 18 September 2007 - 12:19 PM

I have been having problems with my computer. It creates pop ups with Internet explorer, but i dont even use IE. Here is a logfile, hopefully you guys can help..Thanks so much in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:53 AM, on 9/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\TEMP\win2B.tmp.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\NVTray\NVTray.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\cleanmgr.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\twgqaanq.dll",forkonce
O4 - HKLM\..\Run: [whuvqlwx] rundll32.exe "C:\Program Files\whuvqlwx\wfwdgxgz.dll",Init
O4 - HKLM\..\Run: [xkjypkpy] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\xkjypkpy.dll"
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win2B.tmp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKCU\..\Run: [NVTray] C:\Program Files\NVTray\NVTray.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O4 - Global Startup: NETGEAR WPN311 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\jkdiiryp.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PCI Latency Tool Service (LtcyCfgSvc) - Unknown owner - C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

--
End of file - 6655 bytes

BC AdBot (Login to Remove)

 


#2 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 PM

Posted 19 September 2007 - 10:35 AM

Hello bobbylight

Copy and Paste this post into a new text document or print it for reference

1. Please download this latest version of VundoFix to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files,
    click YES
  • Once you click yes, your desktop will go blank as it starts removing
    Vundo.
  • When completed, it will prompt that it will reboot your computer,
    click OK.
  • Please post the contents of C:\vundofix.txt in your next reply
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button."
when VundoFix appears at reboot.


2. Now Download ComboFix.exe to your desktop.
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Doubleclick combofix.exe to launch the application.

Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.


3. Post this Combofix log in your next reply along with the vundofix.txt

Thank you.

#3 bobbylight

bobbylight
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 25 September 2007 - 10:19 PM

I have been working on this problem, and since ran vundofix. It said that there were no found errors. Here is a copy of the combofix log, and another hijack log below the dotted line. Thanks

ComboFix 07-09-21.2 - "Jordan" 2007-09-25 21:06:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1614 [GMT -6:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\yxavmvyh.dll
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\Cxdcebah
C:\Program Files\Cxdcebah\vtjchsys.dll
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\zshefiza
C:\Program Files\zshefiza\fopcnqvm.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\install.exe
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\aqexbwud.exe
C:\WINDOWS\system32\cexfnayk.exe
C:\WINDOWS\system32\ddcbbby.dll
C:\WINDOWS\system32\ewbqabtx.exe
C:\WINDOWS\system32\ghmgehmy.exe
C:\WINDOWS\system32\gyfjrhkc.exe
C:\WINDOWS\system32\hgggfee.dll
C:\WINDOWS\system32\ljjkkij.dll
C:\WINDOWS\system32\mljjhgf.dll
C:\WINDOWS\system32\nusrmgr.exe
C:\WINDOWS\system32\qdfuojbh.exe
C:\WINDOWS\system32\rtlmxxgb.exe
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\ttsqxaol.dll
C:\WINDOWS\system32\vldpmvww
C:\WINDOWS\system32\vldpmvww\bg1.gif
C:\WINDOWS\system32\vldpmvww\bgtop.gif
C:\WINDOWS\system32\vldpmvww\bottom1.gif
C:\WINDOWS\system32\vldpmvww\essentials.gif
C:\WINDOWS\system32\vldpmvww\icon1.ico
C:\WINDOWS\system32\vldpmvww\install1.gif
C:\WINDOWS\system32\vldpmvww\left1.gif
C:\WINDOWS\system32\vldpmvww\li.gif
C:\WINDOWS\system32\vldpmvww\logo.gif
C:\WINDOWS\system32\vldpmvww\main.htm
C:\WINDOWS\system32\vldpmvww\mainframe.htm
C:\WINDOWS\system32\vldpmvww\reinstall1.gif
C:\WINDOWS\system32\vldpmvww\right1.gif
C:\WINDOWS\system32\vldpmvww\s1.htm
C:\WINDOWS\system32\vldpmvww\s2.htm
C:\WINDOWS\system32\vldpmvww\s3.htm
C:\WINDOWS\system32\vldpmvww\SMTop1.gif
C:\WINDOWS\system32\vldpmvww\SMTop2.gif
C:\WINDOWS\system32\vldpmvww\SMTop3.gif
C:\WINDOWS\system32\vldpmvww\SMTop4.gif
C:\WINDOWS\system32\vldpmvww\soft1_off.gif
C:\WINDOWS\system32\vldpmvww\soft1_off_ext.gif
C:\WINDOWS\system32\vldpmvww\soft1_on.gif
C:\WINDOWS\system32\vldpmvww\soft1_on_ext.gif
C:\WINDOWS\system32\vldpmvww\soft2_off.gif
C:\WINDOWS\system32\vldpmvww\soft2_off_ext.gif
C:\WINDOWS\system32\vldpmvww\soft2_on.gif
C:\WINDOWS\system32\vldpmvww\soft2_on_ext.gif
C:\WINDOWS\system32\vldpmvww\soft3_off.gif
C:\WINDOWS\system32\vldpmvww\soft3_off_ext.gif
C:\WINDOWS\system32\vldpmvww\soft3_on.gif
C:\WINDOWS\system32\vldpmvww\soft3_on_ext.gif
C:\WINDOWS\system32\vldpmvww\softbottom_off.gif
C:\WINDOWS\system32\vldpmvww\softbottom_on.gif
C:\WINDOWS\system32\vldpmvww\softleft_off.gif
C:\WINDOWS\system32\vldpmvww\softleft_on.gif
C:\WINDOWS\system32\vldpmvww\top1.gif
C:\WINDOWS\system32\vldpmvww\top2.gif
C:\WINDOWS\system32\vldpmvww\turnoff1.gif
C:\WINDOWS\system32\vldpmvww\turnon1.gif
C:\WINDOWS\system32\vldpmvww\vldpmvww1.exe
C:\WINDOWS\system32\vldpmvww\vldpmvww2.exe
C:\WINDOWS\system32\vldpmvww\vldpmvww3.exe
C:\WINDOWS\system32\winrkp32.dll
C:\WINDOWS\system32\wvuvwur.dll
C:\WINDOWS\system32\xpdx.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService
-------\xpdx


((((((((((((((((((((((((( Files Created from 2007-08-26 to 2007-09-26 )))))))))))))))))))))))))))))))
.

2007-09-25 21:04 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-25 21:01 15,360 --a------ C:\WINDOWS\system32\drvgogr.dll
2007-09-25 21:01 104,448 --a------ C:\WINDOWS\system32\drvgog.dll
2007-09-25 17:34 <DIR> d-------- C:\bfu
2007-09-25 17:31 15,360 --a------ C:\WINDOWS\system32\drvkanr.dll
2007-09-25 17:31 103,936 --a------ C:\WINDOWS\system32\drvkan.dll
2007-09-25 17:30 35,328 --a------ C:\WINDOWS\system32\pmnljii.dll
2007-09-25 15:30 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-09-25 15:17 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-25 14:50 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-09-24 18:44 6,448 ---hs---- C:\WINDOWS\system32\ehhkj.bak2
2007-09-24 17:49 <DIR> d-------- C:\DOCUME~1\Captain Underpants\Application Data\Prevx
2007-09-19 22:29 2,015,633 ---hs---- C:\WINDOWS\system32\qstwa.bak1
2007-09-19 22:24 34,816 --a------ C:\WINDOWS\system32\opnnonn.dll
2007-09-19 22:24 <DIR> d-------- C:\Program Files\ubmtszox
2007-09-19 18:20 3,718 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-18 22:08 <DIR> d-------- C:\DOCUME~1\Jordan\Application Data\Prevx
2007-09-18 22:07 <DIR> d-------- C:\Program Files\Prevx2
2007-09-18 22:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prevx
2007-09-18 20:14 <DIR> d-------- C:\DOCUME~1\Jordan\Application Data\Uniblue
2007-09-18 20:07 <DIR> d-------- C:\Program Files\xgpmbcry
2007-09-18 15:16 1,997,896 ---hs---- C:\WINDOWS\system32\ycbeg.ini2
2007-09-18 12:06 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-09-18 12:06 <DIR> d-------- C:\DOCUME~1\Jordan\Application Data\PC Tools
2007-09-18 12:02 <DIR> d-------- C:\DOCUME~1\Jordan\Application Data\GetRightToGo
2007-09-18 11:30 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-09-18 11:06 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-18 00:11 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-18 00:11 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-09-18 00:11 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-18 00:09 <DIR> d-------- C:\WINDOWS\system32\okqipwgf
2007-09-18 00:09 <DIR> d-------- C:\Program Files\Ftjlhiqw
2007-09-18 00:08 <DIR> d-------- C:\Program Files\whuvqlwx
2007-09-17 18:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-09-17 17:42 <DIR> d-------- C:\DOCUME~1\Jordan\Application Data\vlc
2007-09-17 10:46 <DIR> d-------- C:\DOCUME~1\Jordan\.housecall6.6
2007-09-17 08:55 2,006,704 ---hs---- C:\WINDOWS\system32\ycbeg.bak2
2007-09-17 07:55 <DIR> d---s---- C:\DOCUME~1\Jordan\UserData
2007-09-16 20:55 6,448 ---hs---- C:\WINDOWS\system32\ycbeg.bak1
2007-09-15 20:05 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2007-09-15 20:05 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2007-09-15 20:05 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2007-08-31 14:57 10,240 --a------ C:\WINDOWS\CTDCRES.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-25 15:53 --------- d-------- C:\Program Files\Bonjour
2007-09-25 15:52 --------- d-------- C:\Program Files\QuickTime
2007-09-25 15:52 --------- d-------- C:\Program Files\PCI Latency Tool 3
2007-09-25 15:52 --------- d-------- C:\Program Files\NVTray
2007-09-25 15:52 --------- d-------- C:\Program Files\iTunes
2007-09-24 16:58 --------- d-------- C:\DOCUME~1\Jordan\Application Data\LimeWire
2007-09-17 18:06 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\oldFLEXnet
2007-09-17 15:48 --------- d-------- C:\Program Files\Show.kit 2.1
2007-09-17 15:00 --------- d-------- C:\Program Files\Windows XP Home-Pro-2003 SP2 Crack
2007-09-14 20:46 --------- d---s---- C:\Program Files\Xfire
2007-08-31 14:58 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-08-31 14:58 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-08-31 14:58 --------- d-------- C:\DOCUME~1\Captain Underpants\Application Data\Creative
2007-08-31 14:57 --------- d-------- C:\Program Files\Creative
2007-08-31 14:54 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-18 18:44 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ALM
2007-08-18 18:41 --------- d-------- C:\Program Files\Adobe CS3
2007-08-13 23:06 --------- d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire
2007-08-10 02:09 --------- d-------- C:\DOCUME~1\Jordan\Application Data\Hamachi
2007-08-06 22:18 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Xfire
2007-08-06 16:10 --------- d-------- C:\DOCUME~1\Jordan\Application Data\Ventrilo
2007-08-06 15:54 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-05 23:42 --------- d-------- C:\Program Files\iPod
2007-08-05 23:40 --------- d-------- C:\Program Files\Common Files\Apple
2007-08-05 23:40 --------- d-------- C:\Program Files\Apple Software Update
2007-08-05 23:40 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-08-05 23:35 --------- d-------- C:\DOCUME~1\Captain Underpants\Application Data\LimeWire
2007-08-02 17:12 --------- d-------- C:\Program Files\AltoMP3 Gold
2007-08-02 17:06 --------- d-------- C:\DOCUME~1\Captain Underpants\Application Data\Apple Computer
2007-08-02 05:13 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
2007-08-02 05:12 --------- d-------- C:\Program Files\Common Files\Macromedia Shared
2007-07-31 19:19 --------- d-------- C:\DOCUME~1\Captain Underpants\Application Data\Hamachi
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a--c--- C:\WINDOWS\system32\wups.dll
2007-07-27 14:29 --------- d-------- C:\DOCUME~1\Jordan\Application Data\Apple Computer
2007-07-26 23:23 --------- d-------- C:\DOCUME~1\Jordan\Application Data\InstallShield
2007-07-18 22:05 4608 --a------ C:\WINDOWS\system32\w95inf32.dll
2007-06-26 00:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-03-13 16:46 20607 --a------ C:\Program Files\Illustrator CS3 Read Me.html
2006-07-05 06:33 472000 --a--c--- C:\WINDOWS\inf\WPN311\WPN311.sys
2006-04-25 18:30 469824 --a--c--- C:\WINDOWS\inf\WG311T\WG311T13.sys
2006-04-25 18:30 35232 --a--c--- C:\WINDOWS\inf\WG311T\ME_INST.EXE
2006-04-25 18:30 26112 --a--c--- C:\WINDOWS\inf\WG311T\install.exe
2006-03-31 15:38 35232 --a--c--- C:\WINDOWS\inf\WPN311\ME_INST.EXE
2006-03-31 15:38 26112 --a--c--- C:\WINDOWS\inf\WPN311\install.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04397AD3-BA27-4BD1-8AB4-AF2B5A55140E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F8C5BB1-8D81-497D-8E4C-4F81490B8FB8}]
2007-09-19 22:24 34816 --a------ C:\WINDOWS\system32\opnnonn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{837B45D6-BF85-457D-AABF-6D2E7815F791}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1655EFB-CDF5-4E55-80BA-BE62C4BCC120}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA61D317-ADC3-4824-B3B2-63B176638A29}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF2EC416-9F1D-4D1A-AA69-85098392D02A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26]
"nwiz"="nwiz.exe" []
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2006-10-30 14:12]
"NvMediaCenter"="NvMCTray.dll" [2007-04-19 13:26 C:\WINDOWS\system32\nvmctray.dll]
"DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 18:04]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 01:00]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44]
"CTHelper"="CTHELPER.EXE" [2003-10-06 00:57 C:\WINDOWS\system32\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"PrevxOne"="C:\Program Files\Prevx2\PXConsole.exe" [2007-09-17 15:26]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 06:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVTray"="C:\Program Files\NVTray\NVTray.exe" [2006-08-31 09:28]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
NETGEAR WG311T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG311T\wlancfg5.exe [2006-04-28 18:50:50]
NETGEAR WPN311 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN311\wlancfg5.exe [2006-09-15 18:13:20]

C:\DOCUME~1\Jordan\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F8C5BB1-8D81-497D-8E4C-4F81490B8FB8}"= C:\WINDOWS\system32\opnnonn.dll [2007-09-19 22:24 34816]
"{8CEFE835-8EBF-420F-AFA2-807008E32917}"= C:\WINDOWS\system32\pmnljii.dll [2007-09-25 17:30 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllmk]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnonn]
opnnonn.dll 2007-09-19 22:24 34816 C:\WINDOWS\system32\opnnonn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnljii]
pmnljii.dll 2007-09-25 17:30 35328 C:\WINDOWS\system32\pmnljii.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqopom]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtursrr]
vtursrr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwim32]
winwim32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rock N Roll^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

R0 PrevxDriver;PREVX Kernel Mode Agent;C:\WINDOWS\system32\DRIVERS\pxfsf.sys
R0 SI3132;SiI-3132 SATALink Controller;C:\WINDOWS\system32\DRIVERS\SI3132.sys
R1 PREVXTdi;PREVX TDI filter;C:\WINDOWS\system32\DRIVERS\pxtdi.sys
R1 PXRDDriver;PREVX Rootkitscan driver;C:\WINDOWS\system32\DRIVERS\pxrd.sys
R2 LtcyCfgSvc;PCI Latency Tool Service;C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe
R2 PfDetNT;PfDetNT;\??\C:\WINDOWS\system32\drivers\PfModNT.sys
R3 LtcyCfgWDM;PCI Latency Tool Driver Service;C:\WINDOWS\system32\DRIVERS\LtcyCfgWDM.sys
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys
S3 PREVXEmulator;PREVX Emulator driver;C:\WINDOWS\system32\DRIVERS\PxEmu.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-20 19:23:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-25 21:09:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-25 21:11:33 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-25 21:11
.
--- E O F ---



---------------------------------------------------------------Hijack log------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:32 PM, on 9/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\NVTray\NVTray.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {04397AD3-BA27-4BD1-8AB4-AF2B5A55140E} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4F8C5BB1-8D81-497D-8E4C-4F81490B8FB8} - C:\WINDOWS\system32\opnnonn.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - (no file)
O2 - BHO: (no name) - {A1655EFB-CDF5-4E55-80BA-BE62C4BCC120} - (no file)
O2 - BHO: (no name) - {EA61D317-ADC3-4824-B3B2-63B176638A29} - (no file)
O2 - BHO: (no name) - {FF2EC416-9F1D-4D1A-AA69-85098392D02A} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [NVTray] C:\Program Files\NVTray\NVTray.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O4 - Global Startup: NETGEAR WPN311 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: mllmk - C:\WINDOWS\
O20 - Winlogon Notify: opnnonn - C:\WINDOWS\SYSTEM32\opnnonn.dll
O20 - Winlogon Notify: pmnljii - C:\WINDOWS\SYSTEM32\pmnljii.dll
O20 - Winlogon Notify: ssqopom - C:\WINDOWS\
O20 - Winlogon Notify: vtursrr - vtursrr.dll (file missing)
O20 - Winlogon Notify: winwim32 - winwim32.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PCI Latency Tool Service (LtcyCfgSvc) - Unknown owner - C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PREVXAgent - Prevx - C:\Program Files\Prevx2\PXAgent.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

--
End of file - 6936 bytes

#4 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 PM

Posted 26 September 2007 - 01:16 PM

Hello bobbylight

Copy and Paste this post into a new text document or print it for reference

1. Please Open notepad - don't use any other text editor

I would like you to now Copy/paste the text in the quotebox below into notepad:

File::
C:\WINDOWS\system32\drvgogr.dll
C:\WINDOWS\system32\drvgog.dll
C:\WINDOWS\system32\drvkanr.dll
C:\WINDOWS\system32\drvkan.dll
C:\WINDOWS\system32\pmnljii.dll
C:\WINDOWS\system32\ehhkj.bak2
C:\WINDOWS\system32\qstwa.bak1
C:\WINDOWS\system32\opnnonn.dll
C:\WINDOWS\system32\ycbeg.ini2
C:\WINDOWS\system32\ycbeg.bak2
C:\WINDOWS\system32\ycbeg.bak1

Folder::
C:\Program Files\ubmtszox
C:\Program Files\xgpmbcry
C:\WINDOWS\system32\okqipwgf
C:\Program Files\Ftjlhiqw
C:\Program Files\whuvqlwx

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04397AD3-BA27-4BD1-8AB4-AF2B5A55140E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F8C5BB1-8D81-497D-8E4C-4F81490B8FB8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{837B45D6-BF85-457D-AABF-6D2E7815F791}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1655EFB-CDF5-4E55-80BA-BE62C4BCC120}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA61D317-ADC3-4824-B3B2-63B176638A29}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF2EC416-9F1D-4D1A-AA69-85098392D02A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F8C5BB1-8D81-497D-8E4C-4F81490B8FB8}"=-
"{8CEFE835-8EBF-420F-AFA2-807008E32917}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllmk]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnonn]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnljii]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqopom]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtursrr]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwim32]



Name the file CFScript and Save it to your Desktop

Posted Image
Refering to the picture above, drag CFScript.txt into ComboFix.exe



2. Please Run ComboFix and post the resultant log along with a new HijackThis log in your next reply

Thank you

#5 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 PM

Posted 05 October 2007 - 11:38 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users