Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected: Trojan-downloader.win32.peregar.nx- How Do I Remove?


  • This topic is locked This topic is locked
2 replies to this topic

#1 gnowelyk

gnowelyk

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 17 June 2008 - 08:22 PM

Hi! I believe my computer has malware on it. When I open a folder on my computer, I get this message: "Attention, -! Some dangerous trojan horses detected in your system. Microsoft Windows XP files corrupted. This may lead to the destruction of important files in C:\WINDOWS. Download protection software now!

Click OK to download the antispyware. (Recommended)"

According to the Kaspersky Online Scanner, my computer is infected- "Infected: Trojan-Downloader.Win32.Peregar.nx"

Here is the Kaspersky Online Scanner's log-

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, June 17, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, June 17, 2008 23:22:51
Records in database: 877234
--------------------------------------------------------------------------------

Scan settngs:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Critical Areas:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Kyle\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics:
Files scanned: 28108
Threat name: 1
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 00:34:14


File name / Threat name / Threats count
C:\WINDOWS\apsaxu.dll/C:\WINDOWS\apsaxu.dll Infected: Trojan-Downloader.Win32.Peregar.nx 2
C:\WINDOWS\apsaxu.dll Infected: Trojan-Downloader.Win32.Peregar.nx 1

The selected area was scanned.


================================================
Here is HiJackThis's "main.txt" log:

Deckard's System Scanner v20071014.68
Run by Kyle on 2008-06-17 17:44:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
58: 2008-06-18 00:44:54 UTC - RP183 - Deckard's System Scanner Restore Point
57: 2008-06-17 18:24:20 UTC - RP182 - Software Distribution Service 3.0
56: 2008-06-16 04:28:04 UTC - RP181 - System Checkpoint
55: 2008-06-14 04:29:18 UTC - RP180 - Software Distribution Service 3.0
54: 2008-06-13 18:47:00 UTC - RP179 - System Checkpoint


-- First Restore Point --
1: 2008-04-19 01:18:54 UTC - RP126 - Printer Driver Microsoft XPS Document Writer Installed


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Kyle.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:47:44 PM, on 6/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
G:\Nexon\npkcmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\RunDll32.exe
F:\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Kyle\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kyle.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SVC plugin - {465DACD9-7035-4824-AE3E-F883EBE97261} - C:\WINDOWS\apsaxu.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [AudCtrl] RunDll32 AudCtrl.dll,RCMonitor
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: ImageMixer for HDD Camcorder.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - G:\Nexon\npkcmsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Kyle/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--
End of file - 5781 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "regedit.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 BTNetFilter (Bluetooth Network Filter) - c:\windows\system32\drivers\btnetfilter.sys
S3 USBIO (USBIO Driver (usbio.sys)) - c:\windows\system32\drivers\usbio.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_01571028&REV_02\3&172E68DD&0&FD
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_01571028&REV_02\3&172E68DD&0&FD
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-06-17 11:25:04 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-06-10 20:19:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-17 and 2008-06-17 -----------------------------

2008-06-17 17:47:17 0 d-------- C:\Program Files\Trend Micro
2008-06-16 04:35:45 967 --a------ C:\WINDOWS\ScUnin.pif
2008-06-16 04:35:45 94208 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-06-16 04:35:45 35382 --a------ C:\WINDOWS\scunin.dat
2008-06-08 21:58:51 0 d-------- C:\Documents and Settings\Kyle\Application Data\Viewpoint
2008-06-08 04:20:32 0 d-------- C:\Program Files\Google Video
2008-06-06 15:28:54 45056 --a------ C:\WINDOWS\system32\Wnaspi32.dll <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-06-06 15:28:54 16877 --a------ C:\WINDOWS\system32\drivers\Aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-06-06 15:28:54 3535 --a------ C:\WINDOWS\system\Wowpost.exe
2008-06-06 15:28:54 4455 --a------ C:\WINDOWS\system\Winaspi.dll
2008-06-06 00:12:44 0 d-------- C:\boilsoft_tmp
2008-06-06 00:08:45 0 d-------- C:\Documents and Settings\Kyle\Application Data\AVS4YOU
2008-06-06 00:08:35 0 d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-06-06 00:07:22 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-06-06 00:03:34 0 d-------- C:\Temp
2008-06-05 23:55:15 254464 --a------ C:\WINDOWS\apsaxu.dll
2008-06-05 23:55:14 48 --a------ C:\smp.bat
2008-06-05 22:38:39 196608 --a------ C:\WINDOWS\system32\NCTWMVFile.dll <Not Verified; NCT Company Ltd.; NCTWMVFile ActiveX DLL>
2008-06-05 22:38:39 139264 --a------ C:\WINDOWS\system32\NCTVideoFile.dll <Not Verified; NCT Company Ltd.; NCTVideoFile ActiveX DLL>
2008-06-05 22:38:39 106496 --a------ C:\WINDOWS\system32\NCTVideoCoreU.dll <Not Verified; NCT Company Ltd.; NCTVideoCoreU ActiveX DLL>
2008-06-05 22:38:39 2260992 --a------ C:\WINDOWS\system32\NCTVideoCompress.dll <Not Verified; NCT Company Ltd.; NCTVideoCompress ActiveX DLL>
2008-06-05 22:38:39 1245184 --a------ C:\WINDOWS\system32\NCTRMFile.dll <Not Verified; NCT Company Ltd.; NCTRMFile ActiveX DLL>
2008-06-05 22:38:39 282624 --a------ C:\WINDOWS\system32\NCTQuickTimeFile.dll <Not Verified; Online Media Technologies Company Ltd.; NCTQuickTimeFile Module>
2008-06-05 22:38:39 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>
2008-06-05 22:38:38 991232 --a------ C:\WINDOWS\system32\NCTVideoCoreM.dll <Not Verified; NCT Company Ltd.; NCTVideoCoreM ActiveX DLL>
2008-06-05 22:38:38 294912 --a------ C:\WINDOWS\system32\NCTAVIFile.dll <Not Verified; NCT Company Ltd.; NCTAVIFile ActiveX DLL>
2008-06-05 22:38:38 1986560 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll <Not Verified; NCT Company Ltd.; NCTAudioFile2 ActiveX DLL>
2008-06-05 22:38:38 2564096 --a------ C:\WINDOWS\system32\NCTAudioCompress3.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioCompress3 Module>
2008-06-05 22:38:38 1810432 --a------ C:\WINDOWS\system32\NCTAudioCompress2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioCompress2 Module>
2008-06-05 22:35:45 0 d-------- C:\Program Files\ImTOO
2008-05-19 15:55:54 0 d-------- C:\Program Files\StarForge
2008-05-19 15:55:49 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-05-19 15:55:49 286720 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>


-- Find3M Report ---------------------------------------------------------------

2008-06-17 14:53:58 0 d-------- C:\Program Files\Starcraft
2008-06-13 16:48:06 0 d-------- C:\Documents and Settings\Kyle\Application Data\uTorrent
2008-06-07 12:39:42 1481 --a------ C:\WINDOWS\mozver.dat
2008-06-06 00:07:22 0 d-------- C:\Program Files\Common Files
2008-05-25 16:04:45 0 d-------- C:\Program Files\Java
2008-04-26 18:23:47 0 d-------- C:\Program Files\IVT Corporation
2008-04-26 18:23:40 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-26 02:10:01 0 d-------- C:\Program Files\AoA Audio Extractor
2008-04-25 15:40:16 0 d-------- C:\Documents and Settings\Kyle\Application Data\Apple Computer
2008-04-22 18:23:45 0 d-------- C:\Program Files\Apple Software Update
2008-04-20 00:32:04 0 d-------- C:\Program Files\MSXML 6.0
2008-04-18 20:04:11 0 d-------- C:\Documents and Settings\Kyle\Application Data\Publish Providers
2008-04-18 20:01:58 0 d-------- C:\Documents and Settings\Kyle\Application Data\Sony
2008-04-18 18:53:55 0 d-------- C:\Program Files\Vstplugins
2008-04-18 18:53:05 0 d-------- C:\Program Files\Sony
2008-04-18 18:22:47 0 d-------- C:\Program Files\MSBuild
2008-04-18 18:19:19 0 d-------- C:\Program Files\Reference Assemblies
2008-04-18 17:54:05 0 d-------- C:\Documents and Settings\Kyle\Application Data\Sony Setup
2008-04-18 17:53:28 0 d-------- C:\Program Files\Sony Setup


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{465DACD9-7035-4824-AE3E-F883EBE97261}]
06/05/2008 11:55 PM 254464 --a------ C:\WINDOWS\apsaxu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 02:00 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 08:20 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/03/2004 03:32 PM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/29/2002 05:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/29/2002 05:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/29/2002 05:00 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [04/03/2002 01:01 AM]
"AudCtrl"="AudCtrl.dll" [03/21/2002 06:53 PM C:\WINDOWS\system32\AudCtrl.dll]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/29/2008 12:37 AM]
"iTunesHelper"="F:\iTunes\iTunesHelper.exe" [03/30/2008 11:36 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"Aim6"="" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [4/26/2008 6:23:48 PM]
ImageMixer for HDD Camcorder.lnk - C:\Program Files\PIXELA\ImageMixer for HDD Camcorder\IMx3Launcher.exe [1/25/2008 7:42:13 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a20a3c0f-2d00-11dd-a0cb-001167588cf7}]
Auto\command- qq.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL qq.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

8754 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-17 17:48:26 ------------

And here is HiJackThis's "extra.txt" log:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.60GHz
CPU 1: Intel® Pentium® 4 CPU 2.60GHz
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 1023 MiB / 574.76 MiB
Pagefile Memory (total/avail): 2461.77 MiB / 2177.14 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1891.4 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.26 GiB total, 24.41 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 146.48 GiB total, 46 GiB free.
G: is Fixed (NTFS) - 151.61 GiB total, 98.67 GiB free.

\\.\PHYSICALDRIVE1 - MAXTOR STM3320620A - 298.09 GiB - 2 partitions
\PARTITION0 - Installable File System - 146.48 GiB - F:
\PARTITION1 - Installable File System - 151.61 GiB - G:

\\.\PHYSICALDRIVE0 - ST340015A - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"F:\\LimeWire\\LimeWire.exe"="F:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"G:\\Nexon\\MapleStory.exe"="G:\\Nexon\\MapleStory.exe:*:Enabled:MapleStory"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"F:\\uTorrent\\utorrent.exe"="F:\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"F:\\iTunes\\iTunes.exe"="F:\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Starcraft\\StarCraft.exe"="C:\\Program Files\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Kyle\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DELL-PC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Kyle
LOGONSERVER=\\DELL-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Kyle\LOCALS~1\Temp
TMP=C:\DOCUME~1\Kyle\LOCALS~1\Temp
USERDOMAIN=DELL-PC
USERNAME=Kyle
USERPROFILE=C:\Documents and Settings\Kyle
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Kyle (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /W /U /S /R
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "F:\uTorrent\uninstall.exe"
Action Replay Code Manager --> "F:\Action Replay Code Manager\unins000.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AoA Audio Extractor 1.0 --> "C:\Program Files\AoA Audio Extractor\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
BlueSoleil --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\Setup.exe" -l0x9
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CD/DVD-ROM Generator 1.20 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\CD_DVD-ROM Generator 1.20\Uninst.isu"
Collab --> F:\Image-Line\Collab\uninstall.exe
FL Studio 6 --> F:\Image-Line\uninstall.exe
Fraps (remove only) --> "C:\Fraps\uninstall.exe"
Google Video Uploader --> "C:\Program Files\Google Video\Uninstall.exe"
Guitar Hero Explorer --> MsiExec.exe /I{2B072A33-D445-46D5-9442-7B41F5171AAC}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HouseCall 6.6 --> "C:\Documents and Settings\Kyle\Application Data\HouseCall 6.6\uninstaller.exe"
ImageMixer for HDD Camcorder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44E5B47F-870E-4E38-A458-8A5FC4DCFECF}\Setup.exe" -l0x9 UNINSTALL -removeonly
ImgBurn (Remove Only) --> "C:\Program Files\ImgBurn\uninstall.exe"
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Mabinogi --> G:\Nexon\Mabinogi.exe /uninstall
MapleStory --> MsiExec.exe /I{0A41BC21-EA0F-4B0B-BEA4-2997B80DB0D9}
Media Player Codec Pack 2.2.0 --> C:\WINDOWS\system32\C2MP\Uninst.exe
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual Studio 2005 Tools for Office Runtime --> MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPEG to DVD Converter --> C:\Program Files\ImTOO\MPEG to DVD Converter\Uninstall.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Pdf995 --> C:\Program Files\pdf995\setup.exe uninstall
PopCap Browser Plugin --> C:\Program Files\PopCap Games\PopCap Browser Plugin\Uninstall.exe
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RollerCoaster Tycoon 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}\Setup.exe" -l0x9
Shoddy Battle --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://shoddybattle.com/client/shoddybattle.jnlp"
Sibelius 5 --> MsiExec.exe /X{C23B8C30-E05E-4CB5-8188-F27CC3B2DD3E}
Sibelius Scorch --> MsiExec.exe /I{51C65CD6-A344-41B5-81E2-3CCAC8024F68}
Sony Vegas Pro 8.0 --> MsiExec.exe /X{7C9AD221-994C-45B2-B46D-26F5735158CF}
Sound Blaster Live! --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}\setup.exe" -l0x9
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
StarCraft X-tra Editor Version 2.5 --> "C:\Program Files\Starcraft\SCXEDeinst\unins000.exe"
StarForge --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\StarForge\ST6UNST.LOG"
Swiff Player 1.5 --> "C:\Program Files\GlobFX\Swiff Player\unins000.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Visual Studio 2005 Tools for Office Second Edition Runtime --> C:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type1952 / Warning
Event Submitted/Written: 06/17/2008 04:18:52 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type1951 / Error
Event Submitted/Written: 06/16/2008 10:06:16 PM
Event ID/Source: 5000 / .NET Runtime 2.0 Error Reporting
Event Description:
EventType clr20r3, P1 ghex.exe, P2 0.4.3.0, P3 4619a86d, P4 ghex, P5 0.4.3.0, P6 4619a83f, P7 1b5, P8 8, P9 clr20r30, P10 clr20r31.

Event Record #/Type1950 / Error
Event Submitted/Written: 06/16/2008 01:43:54 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application starcraft.exe, version 1.15.2.1, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [starcraft.exe!ws!]

Event Record #/Type1949 / Error
Event Submitted/Written: 06/16/2008 01:43:21 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application starcraft.exe, version 1.15.2.1, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [starcraft.exe!ws!]

Event Record #/Type1943 / Warning
Event Submitted/Written: 06/16/2008 04:57:00 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type9719 / Warning
Event Submitted/Written: 06/17/2008 05:47:57 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%DELL-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DELL-PC27 can't undo changes that you allow.

For more information please see the following:
%DELL-PC275

Scan ID: {72E585C2-5801-4844-9AC2-ACC6E59D5CE3}

User: DELL-PC\Kyle

Name: %DELL-PC271

ID: %DELL-PC272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DELL-PC276

Alert Type: %DELL-PC278

Detection Type: 1.1.1593.02

Event Record #/Type9718 / Warning
Event Submitted/Written: 06/17/2008 05:47:57 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%DELL-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DELL-PC27 can't undo changes that you allow.

For more information please see the following:
%DELL-PC275

Scan ID: {02E40D50-26B9-42A7-A546-F8AA664292DA}

User: DELL-PC\Kyle

Name: %DELL-PC271

ID: %DELL-PC272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DELL-PC276

Alert Type: %DELL-PC278

Detection Type: 1.1.1593.02

Event Record #/Type9717 / Warning
Event Submitted/Written: 06/17/2008 05:47:57 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%DELL-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DELL-PC27 can't undo changes that you allow.

For more information please see the following:
%DELL-PC275

Scan ID: {A3BA74C9-1681-4EAA-87E8-CF8338F745BA}

User: DELL-PC\Kyle

Name: %DELL-PC271

ID: %DELL-PC272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DELL-PC276

Alert Type: %DELL-PC278

Detection Type: 1.1.1593.02

Event Record #/Type9716 / Warning
Event Submitted/Written: 06/17/2008 05:47:55 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%DELL-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DELL-PC27 can't undo changes that you allow.

For more information please see the following:
%DELL-PC275

Scan ID: {B4E67DE0-A0AC-4DB4-B603-C7D2F0C971DC}

User: DELL-PC\Kyle

Name: %DELL-PC271

ID: %DELL-PC272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DELL-PC276

Alert Type: %DELL-PC278

Detection Type: 1.1.1593.02

Event Record #/Type9715 / Warning
Event Submitted/Written: 06/17/2008 05:47:55 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%DELL-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DELL-PC27 can't undo changes that you allow.

For more information please see the following:
%DELL-PC275

Scan ID: {4A68BABF-5DD1-4A43-B76E-12FAEC1B8EBB}

User: DELL-PC\Kyle

Name: %DELL-PC271

ID: %DELL-PC272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DELL-PC276

Alert Type: %DELL-PC278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-06-17 17:48:26 ------------

Thanks in advance!

Attached Files



BC AdBot (Login to Remove)

 


#2 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 06 July 2008 - 11:48 AM

Hello gnowelyk,

I apologise for the delay, the forum is too busy.

If you still need help post back a new HijackThis log.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#3 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 11 July 2008 - 01:00 PM

Due to the lack of feedback, this Topic is now closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users