Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't remove Rogue Antispyware


  • This topic is locked This topic is locked
14 replies to this topic

#1 krishna505

krishna505

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 27 November 2008 - 10:24 PM

My computer is infected with a rogue antispyware which is in my quick launch menu items list (A red circle with white cross). I googled around for it and tried remove it every possible way, but I couldn't remove it. It doesn't let me install any other valid anti-virsus tools. It doesn't even let me access other anti-virus URLs. Here is my hijackthis log. Your help is greatly appreciated. Thanks for your time in advance.

====================================================================================
Logfile of random's system information tool 1.04 (written by random/random)
Run by db2admin at 2008-11-27 19:50:30
Microsoft Windows XP Professional Service Pack 3
System drive C: has 46 GB (61%) free of 76 GB
Total RAM: 2038 MB (69% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2006-10-20 118784]
"DLCICATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItime.dll []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-05-18 162584]
"dlcimon.exe"=C:\Program Files\Dell AIO Printer 946\dlcimon.exe [2006-02-14 430080]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-03-16 1392640]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2007-04-15 159744]
"KADxMain"=C:\WINDOWS\system32\KADxMain.exe [2006-11-02 282624]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-04 44032]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-05-18 138008]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"brastk"=C:\WINDOWS\system32\brastk.exe [2008-11-22 10240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-01-11 623992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Speed Launch]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe [2006-10-23 46200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\brastk]
C:\WINDOWS\system32\brastk.exe [2008-11-22 10240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe [2007-05-14 1191936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Document Manager]
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe [2007-01-30 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2007-05-18 138008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe [2007-01-22 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIE2004]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIE2007]
C:\Program Files\Winferno\Secure IE\SIEPulse.exe [2008-03-11 71320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\WINDOWS\stsystra.exe [2007-02-18 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
C:\PROGRA~1\WinZip\WZQKPICK.EXE [2008-04-28 415072]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Start HTML Search Server.lnk - C:\Program Files\SQLLIB\bin\db2nq.exe
VPN Client.lnk - C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karna.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-05-18 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
wvauth

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Java\jre1.5.0_13\bin\java.exe"="C:\Program Files\Java\jre1.5.0_13\bin\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\Program Files\Java\jdk1.5.0_13\bin\java.exe"="C:\Program Files\Java\jdk1.5.0_13\bin\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\eclipse\eclipse.exe"="C:\eclipse\eclipse.exe:*:Enabled:eclipse"
"C:\Nexon\MapleStory\MapleStory.exe"="C:\Nexon\MapleStory\MapleStory.exe:*:Enabled:MapleStory"
"C:\Program Files\IBM\Rational\ClearCase701\CCRC\jre\bin\javaw.exe"="C:\Program Files\IBM\Rational\ClearCase701\CCRC\jre\bin\javaw.exe:*:Enabled:Java launcher"
"C:\Program Files\Java\jdk1.5.0_16\bin\javaw.exe"="C:\Program Files\Java\jdk1.5.0_16\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\Program Files\Java\jdk1.5.0_16\jre\bin\javaw.exe"="C:\Program Files\Java\jdk1.5.0_16\jre\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\Program Files\Java\jdk1.5.0_16\bin\java.exe"="C:\Program Files\Java\jdk1.5.0_16\bin\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-11-27 19:50:31 ----D---- C:\Program Files\trend micro
2008-11-27 19:50:30 ----D---- C:\rsit
2008-11-26 22:25:46 ----D---- C:\Program Files\Common Files\DistributeShield
2008-11-26 22:25:45 ----D---- C:\Program Files\Common Files\DVDnextCOPY2
2008-11-26 22:25:45 ----D---- C:\DVDneXtCopy
2008-11-26 22:25:41 ----D---- C:\Program Files\DVDneXtCOPY2
2008-11-26 22:08:51 ----D---- C:\Documents and Settings\db2admin\Application Data\Ahead
2008-11-26 22:05:05 ----D---- C:\Program Files\Common Files\Nero
2008-11-26 22:04:09 ----A---- C:\WINDOWS\system32\TwnLib20.dll
2008-11-26 22:04:04 ----N---- C:\WINDOWS\system32\ImagXRA7.dll
2008-11-26 22:04:04 ----N---- C:\WINDOWS\system32\ImagXR7.dll
2008-11-26 22:04:03 ----N---- C:\WINDOWS\system32\ImagXpr7.dll
2008-11-26 22:04:03 ----N---- C:\WINDOWS\system32\ImagX7.dll
2008-11-26 22:04:02 ----A---- C:\WINDOWS\system32\NeroCheck.exe
2008-11-26 22:03:56 ----D---- C:\Program Files\Common Files\Ahead
2008-11-26 22:03:55 ----D---- C:\Program Files\Ahead
2008-11-26 10:12:03 ----D---- C:\Release1.4-1
2008-11-26 10:11:49 ----D---- C:\Release1.2
2008-11-22 18:24:34 ----D---- C:\HardDisk_Backup
2008-11-19 21:10:01 ----HDC---- C:\WINDOWS\ie8
2008-11-18 20:33:34 ----D---- C:\WatchNow
2008-11-18 15:32:46 ----D---- C:\WorkSpace_CMA1.1
2008-11-18 14:57:10 ----D---- C:\kgajula_release1.1_DEV
2008-11-18 14:53:56 ----D---- C:\kgajula_softhomes1.1_DEV
2008-11-18 14:43:26 ----D---- C:\kgajula_softhomes_1.1_DEV
2008-11-18 14:30:28 ----D---- C:\Release1.1
2008-11-18 13:14:33 ----A---- C:\WINDOWS\system32\wini10894.exe
2008-11-18 09:57:20 ----D---- C:\WINDOWS\pss
2008-11-18 09:11:16 ----SHD---- C:\WINDOWS\CSC
2008-11-18 09:11:04 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-17 20:00:36 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-11-17 18:59:45 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-11-17 09:39:39 ----D---- C:\Documents and Settings\db2admin\Application Data\Yahoo!
2008-11-17 09:39:39 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-11-17 02:00:55 ----D---- C:\Program Files\Yahoo!
2008-11-17 00:34:31 ----D---- C:\Documents and Settings\db2admin\Application Data\Winferno
2008-11-17 00:32:06 ----A---- C:\WINDOWS\system32\WINUTIL5.dll
2008-11-17 00:32:06 ----A---- C:\WINDOWS\system32\WINLCTL5.dll
2008-11-17 00:32:04 ----A---- C:\WINDOWS\system32\TLBINF32.DLL
2008-11-17 00:32:03 ----D---- C:\Program Files\Winferno
2008-11-16 23:37:15 ----A---- C:\WINDOWS\brastk.exe
2008-11-16 23:34:35 ----A---- C:\WINDOWS\system32\brastk.exe
2008-11-12 10:00:51 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 10:00:44 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 10:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-09 19:18:15 ----D---- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-11-09 19:17:35 ----D---- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-11-09 19:16:23 ----D---- C:\Documents and Settings\db2admin\Application Data\Jasc Software Inc
2008-11-09 19:15:40 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-11-09 19:15:01 ----D---- C:\Program Files\Common Files\Jasc Software Inc
2008-11-09 19:14:56 ----D---- C:\Program Files\Jasc Software Inc
2008-11-09 19:14:08 ----D---- C:\Program Files\Dl_cats
2008-11-09 19:12:42 ----A---- C:\WINDOWS\system32\wiafbdrv.dll
2008-11-09 19:12:18 ----A---- C:\WINDOWS\system32\dlcivs.dll
2008-11-09 19:12:18 ----A---- C:\WINDOWS\system32\dlciusb1.dll
2008-11-09 19:12:17 ----A---- C:\WINDOWS\system32\dlciserv.dll
2008-11-09 19:12:17 ----A---- C:\WINDOWS\system32\dlciprox.dll
2008-11-09 19:12:17 ----A---- C:\WINDOWS\system32\dlcipplc.dll
2008-11-09 19:12:17 ----A---- C:\WINDOWS\system32\dlcipmui.dll
2008-11-09 19:12:17 ----A---- C:\WINDOWS\system32\dlciih.exe
2008-11-09 19:12:16 ----A---- C:\WINDOWS\system32\dlcihbn3.dll
2008-11-09 19:12:16 ----A---- C:\WINDOWS\system32\dlcicoms.exe
2008-11-09 19:12:16 ----A---- C:\WINDOWS\system32\dlcicomm.dll
2008-11-09 19:12:16 ----A---- C:\WINDOWS\system32\dlcicomc.dll
2008-11-09 19:12:16 ----A---- C:\WINDOWS\system32\dlcicfg.exe
2008-11-09 19:12:15 ----A---- C:\WINDOWS\system32\dlciutil.dll
2008-11-09 19:12:15 ----A---- C:\WINDOWS\system32\dlcilmpm.dll
2008-11-09 19:12:11 ----A---- C:\WINDOWS\system32\dlcijswr.dll
2008-11-09 19:12:10 ----A---- C:\WINDOWS\system32\dlciinsr.dll
2008-11-09 19:12:10 ----A---- C:\WINDOWS\system32\dlciinsb.dll
2008-11-09 19:12:10 ----A---- C:\WINDOWS\system32\dlciins.dll
2008-11-09 19:12:09 ----A---- C:\WINDOWS\system32\dlcigf.dll
2008-11-09 19:12:09 ----A---- C:\WINDOWS\system32\dlcicur.dll
2008-11-09 19:12:09 ----A---- C:\WINDOWS\system32\dlcicub.dll
2008-11-09 19:12:09 ----A---- C:\WINDOWS\system32\dlcicu.dll
2008-11-09 19:12:06 ----A---- C:\WINDOWS\system32\dlcicfg.dll
2008-11-09 19:12:04 ----D---- C:\Program Files\Dell AIO Printer 946
2008-11-09 19:10:55 ----D---- C:\Temp
2008-11-07 10:11:13 ----D---- C:\kgajula_ima_jars
2008-11-06 01:22:14 ----D---- C:\Program Files\IE Source
2008-11-05 22:33:23 ----D---- C:\Program Files\Microsoft Diagnostics and Recovery Toolset
2008-11-03 22:08:56 ----D---- C:\Program Files\Windows Resource Kits
2008-11-03 08:03:43 ----D---- C:\Documents and Settings\db2admin\Application Data\vlc
2008-11-03 08:02:12 ----D---- C:\Program Files\VideoLAN

======List of files/folders modified in the last 1 months======

2008-11-27 19:50:31 ----RD---- C:\Program Files
2008-11-27 19:50:12 ----D---- C:\WINDOWS\Temp
2008-11-27 14:34:10 ----D---- C:\WINDOWS\Prefetch
2008-11-27 13:20:18 ----D---- C:\Program Files\Mozilla Firefox
2008-11-27 12:21:19 ----D---- C:\WINDOWS\system32
2008-11-27 12:21:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-27 12:19:45 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-27 12:17:45 ----D---- C:\MDT
2008-11-27 12:17:10 ----D---- C:\WINDOWS\Registration
2008-11-27 12:17:09 ----D---- C:\WINDOWS
2008-11-27 12:17:09 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt
2008-11-26 22:25:46 ----D---- C:\Program Files\Common Files
2008-11-26 21:58:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-26 09:57:45 ----D---- C:\eclipse
2008-11-25 22:13:51 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-25 18:17:56 ----HD---- C:\WINDOWS\inf
2008-11-25 18:17:56 ----D---- C:\WINDOWS\Help
2008-11-25 17:08:27 ----SHD---- C:\WINDOWS\Installer
2008-11-25 17:06:03 ----RASH---- C:\boot.ini
2008-11-25 17:06:03 ----A---- C:\WINDOWS\win.ini
2008-11-25 17:06:03 ----A---- C:\WINDOWS\system.ini
2008-11-24 18:57:52 ----D---- C:\Documents and Settings\db2admin\Application Data\Wave Systems Corp
2008-11-20 10:00:27 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-20 00:49:23 ----D---- C:\WINDOWS\system32\en-US
2008-11-20 00:49:23 ----D---- C:\WINDOWS\Media
2008-11-20 00:49:23 ----D---- C:\Program Files\Internet Explorer
2008-11-18 15:29:38 ----D---- C:\kgajula_softhomes_integrated_DEV
2008-11-18 12:57:28 ----D---- C:\WINDOWS\system32\drivers
2008-11-18 12:48:28 ----D---- C:\Personal
2008-11-18 11:49:33 ----D---- C:\kgajula_IMA_Jars_DEV
2008-11-18 01:39:12 ----AC---- C:\WINDOWS\OEWABLog.txt
2008-11-18 01:33:23 ----D---- C:\Documents and Settings
2008-11-12 10:06:13 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-12 10:00:53 ----A---- C:\WINDOWS\imsins.BAK
2008-11-12 10:00:50 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 10:00:22 ----D---- C:\WINDOWS\WinSxS
2008-11-11 09:02:12 ----D---- C:\projects
2008-11-10 11:35:57 ----D---- C:\WorkSpace_CMA
2008-11-09 19:18:16 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-09 19:15:01 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-09 19:15:01 ----D---- C:\Program Files\Common Files\InstallShield
2008-11-09 19:13:00 ----D---- C:\WINDOWS\twain_32
2008-11-08 16:44:14 ----D---- C:\Production_Release
2008-11-06 21:35:02 ----RSD---- C:\WINDOWS\Fonts
2008-11-03 18:10:25 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 BASFND;BASFND; \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys []
R2 BCMWLNPF;Broadcom Netgroup Packet Filter; C:\WINDOWS\system32\drivers\bcmwlnpf.sys [2007-03-16 33664]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-01-31 12672]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2007-04-15 132608]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-03-18 160256]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-03-16 604928]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 dfmirage;dfmirage; C:\WINDOWS\system32\DRIVERS\dfmirage.sys [2005-11-27 31896]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 DXEC01;DXEC01; C:\WINDOWS\system32\drivers\dxec01.sys [2006-11-02 97536]
R3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-01-30 56320]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-01-31 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-01-31 209152]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-05-18 5707744]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-02-18 1228296]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-01-31 730112]
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 IPSECSHM;Nortel IPSECSHM Adapter; C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-04-03 1516584]
R2 DB2JDS;DB2 JDBC Applet Server; C:\Program Files\SQLLIB\bin\db2jds.exe [2004-10-01 160256]
R2 DB2NTSECSERVER;DB2 Security Server; C:\Program Files\SQLLIB\bin\db2sec.exe [2004-10-01 6144]
R2 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt --defaults-file=C:\Program Files\MySQL\MySQL Server 5.0\my.ini MySQL []
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2007-05-14 475136]
R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe [2007-02-18 90112]
R2 tcsd_win32.exe;NTRU TSS v1.2.1.12 TCS; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [2007-02-01 1466368]
R2 Wave UCSPlus;Wave UCSPlus; C:\WINDOWS\system32\dllhost.exe [2008-04-13 5120]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-03-16 20480]
R3 dlci_device;dlci_device; C:\WINDOWS\system32\dlcicoms.exe [2006-05-11 491520]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DB2ControlCenterServer;DB2 JDBC Applet Server - Control Center; C:\Program Files\SQLLIB\bin\db2ccs.exe [2004-10-01 160256]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-11-15 654848]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SecureStorageService;SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2007-01-29 487424]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

====================================================================================

Attached Files

  • Attached File  log.txt   23.75KB   22 downloads


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 29 November 2008 - 06:33 AM

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...


Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please reboot into Safe Mode
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.



NEXT


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall



Post these logs in your next reply..

1. SDFix
2. ComboFix
3. A fresh HijackThis log

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 04 December 2008 - 07:01 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 06 December 2008 - 11:04 PM

re-open as per user request.. Please download both tools from other pc and transfer it to your pc via cd/tumbdrive.. Then run both of it and post the logs here

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 krishna505

krishna505
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 07 December 2008 - 02:35 AM

I burned both files to a CD and tried to run them on the infected PC. But it didn't work. However, I'm able to run other executable files. The virus seems to be very malicious. Could you please suggest me a way to get around this issue ? Thank you so much for your help.

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 07 December 2008 - 04:37 AM

I'm able to run other executable files.


What do you mean by that?.. Elaborate please.. Can you copy/paste ComboFix into the Desktop >> rename it to Combo-Run and then run it, then post the log it produced here..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 krishna505

krishna505
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 07 December 2008 - 04:05 PM

As you suggested I renamed the files and ran them. Please find the attached logs. I believe the virus has been removed now. I've also scanned the computer with malware-bytes, found nothing. Can I go ahead install anti-virus now ?

Attached Files



#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 07 December 2008 - 09:11 PM

That's very good to hear... Yup.. Install ONE antivirus in that computer..


Please tell me, what do you know about this program? If you know nothing about it, please uninstall Winferno from the computer..

c:\program files\Winferno



Please download JavaRa to your desktop and unzip it to its own folder. <<MIRROR>>
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
Then, please download and install the latest Java from HERE



NEXT


Please do this step before you sleep or when you don't use the computer as it will take quite a while..

Please run the Kaspersky Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

  • Click on SCAN NOW
  • Click Accept.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  • The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As
  • Next, in the Save as prompt, Save in area, select: Desktop.
  • In the File name area use KScan, or something similar.
  • In Save as type: click the drop arrow and select: Text file [*.txt]
  • Then, click: Save
Posted Image

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 krishna505

krishna505
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 08 December 2008 - 11:37 AM

I've installed McCafe Anti-virus and also McCafe IE security tool

McCafe is installed under c:\program files\Winferno. So I believe that's not harmful.

Do I still need to install Kaspersky Online Scanner ?

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 08 December 2008 - 11:43 AM

Well, that's great.. but yeah, I still need you to run Kaspersky Online.. Don't worry, I believe your computer is good now, just want to make sure everything is good..

Anyway, Kaspersky online is not a real antivirus.. Its just an online scanner :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 krishna505

krishna505
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 10 December 2008 - 10:56 AM

Kaspersky online-scan is taking very long time. I'll post the log as soon as it's done scanning.

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 10 December 2008 - 10:05 PM

Ok. I'll wait for it

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 krishna505

krishna505
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 12 December 2008 - 03:39 PM

Please find the report below. I'm surprised that online scanner found virus threats on my computer, though McCafe couldn't detect them. And it's even more surprising that most of them are under SDFix folder. Please let me know about the next step. Thank you.


KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, December 11, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, December 09, 2008 21:19:47
Records in database: 1448136
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
X:\
Z:\
Scan statistics
Files scanned 311428
Threat name 8
Infected objects 11
Suspicious objects 0
Duration of the scan 19:34:33

File name Threat name Threats count
C:\HardDisk_Backup\ConsultingBusiness\License\l-mqt82.exe Infected: Virus.Win32.Sality.aa 1
C:\HardDisk_Backup\Downloads\qtp 9.0\QuickTest\program files\Mercury Interactive\QuickTest Professional\AddinsUpgrade\QTP90NET82UPGRADE.exe Infected: Virus.Win32.Sality.aa 1
C:\SDFix\backups\backups.zip Infected: Backdoor.Win32.UltimateDefender.a 1
C:\SDFix\backups\backups.zip Infected: Trojan-Downloader.Win32.FraudLoad.vdoj 1
C:\SDFix\backups\backups.zip Infected: Backdoor.Win32.Small.gjm 1
C:\SDFix\backups\catchme.zip Infected: Backdoor.Win32.UltimateDefender.a 2
C:\SDFix\backups\catchme.zip Infected: Backdoor.Win32.TDSS.blh 1
C:\SDFix\backups\catchme.zip Infected: Backdoor.Win32.TDSS.asz 1
C:\SDFix\backups\catchme.zip Infected: Backdoor.Win32.TDSS.atb 1
C:\SDFix\backups\catchme.zip Infected: Rootkit.Win32.Clbd.lc 1
The selected area was scanned.

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 12 December 2008 - 11:47 PM

This is not awesome.. Lets do another scan...


Please download Dr.Web CureIt to the Desktop:
  • Please reboot into Safe Mode
  • Once you are in Safe Mode, double-click the launch.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, please do a re-scan.. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Move incurable
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit. Open DrWeb.csv as a Notepad and post its content here

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 18 December 2008 - 10:37 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users