Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer running slow, wallpaper changed, mozilla crash report and more.


  • Please log in to reply
7 replies to this topic

#1 daewezzy

daewezzy

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 07 March 2009 - 05:27 PM

Hi everyone, well before posting this I ran MBAM because my wallpaper changed to a different one saying: "Dangerous Spyware. Many virses were found on your computer...". Every time I tried to open firefox I would get this Mozilla Crash Report. On my quick launch, I'd get a pop up saying "Warning! Security Report...". And my computer is running extremely slow.

Surprisingly I was able to run MBAM, here's my log:

Malwarebytes' Anti-Malware 1.33
Database version: 1825
Windows 5.1.2600 Service Pack 3

3/7/2009 2:16:03 PM
mbam-log-2009-03-07 (14-16-03).txt

Scan type: Quick Scan
Objects scanned: 94378
Time elapsed: 19 minute(s), 39 second(s)

Memory Processes Infected: 11
Memory Modules Infected: 10
Registry Keys Infected: 12
Registry Values Infected: 21
Registry Data Items Infected: 19
Folders Infected: 1
Files Infected: 69

Memory Processes Infected:
C:\WINDOWS\Temp\B777.tmp (Backdoor.KeyStart) -> Unloaded process successfully.
C:\WINDOWS\Temp\winlognn.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\icna1h7n.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\kcdwgx4ceu5.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\sgpv0sd2v0x.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\rm2bml1pp.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\yu796z295.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\drivers\services.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\Documents and Settings\Mom & Dad\Start Menu\Programs\Startup\userinit.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\Mom & Dad\svchost.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\mubodigi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vodesome.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\midirude.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\jenupiso.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mikolobe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\Fzajifureqijolo.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\hs3i7jdgfd.dll (Trojan.FakeAlert) -> Delete on reboot.
c:\WINDOWS\system32\bopedisu.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\crypts.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\autochk.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{edb50bfc-70ec-43cd-9793-e4b9ac332d33} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{edb50bfc-70ec-43cd-9793-e4b9ac332d33} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c5bf49a2-94f3-42bd-f434-3604812c8955} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{edb50bfc-70ec-43cd-9793-e4b9ac332d33} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf49a2-94f3-42bd-f434-3604812c8955} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5bf49a2-94f3-42bd-f434-3604812c8955} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0cbd5696 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vurodamufu (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm0f8e650a (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5bf49a2-94f3-42bd-f434-3604812c8955} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkuzac (Trojan.FakeAlert) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jsf8uiw3jnjgffght (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jsf8uiw3jnjgffght (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jsf8uiw3jnjgffght (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ia5o0ig3jmnb2pvir4wlty9sdnp2k926v32vg0ew47dx8 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[system] (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[system] (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wyodicoziqow (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[system] (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\jenupiso.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\jenupiso.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\mikolobe.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\mikolobe.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\mikolobe.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: c:\windows\system32\bopedisu.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: system32\bopedisu.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\drivers\services.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\drivers\services.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\twain32 (Backdoor.Bot) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\mubodigi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\igidobum.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\midirude.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\jenupiso.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vodesome.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hs3i7jdgfd.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\WINDOWS\system32\mikolobe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\Fzajifureqijolo.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\Temp\B777.tmp (Backdoor.KeyStart) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\winlognn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\icna1h7n.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\kcdwgx4ceu5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\sgpv0sd2v0x.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\rm2bml1pp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\yu796z295.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\bopedisu.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\Jr0561cq.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ootpnl.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\qniii.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\tcrnwc.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\yiar.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\iwlvl5ucv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1ej7Gx46.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\3657255448.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\7714.tmp (Backdoor.KeyStart) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\DAA.tmp (Backdoor.KeyStart) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\UACe555.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom & Dad_2\Local Settings\Temp\s2ob8l9uc0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom & Dad_2\Local Settings\Temp\sg5x8u77r.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom & Dad_2\Local Settings\Temp\yo710p.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom & Dad_2\Local Settings\Temp\yu6be5m.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom & Dad_2\Local Settings\Temp\yyuwdv6aqz3ox.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom & Dad_2\Local Settings\Temp\il3dss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\e.exe (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\145881902.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\168694402.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom & Dad_2\Local Settings\Temporary Internet Files\Content.IE5\7E9VZRDH\725f[1].exe (Backdoor.KeyStart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom & Dad\Local Settings\Temporary Internet Files\Content.IE5\GL430Z8Z\ccsuper2[1].htm (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom & Dad\Local Settings\Temporary Internet Files\Content.IE5\KL6BCTIJ\load[1].php (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom & Dad\Local Settings\Temporary Internet Files\Content.IE5\QJUVQ92V\725f[1].exe (Backdoor.KeyStart) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain32\local.ds (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain32\user.ds (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain32\user.ds.lll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\services.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\udigemidar.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Mom & Dad\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\autochk.dll (Trojan.Agent) -> Delete on reboot.
C:\xltwpuh.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntdll64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4CQcaf8p.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\cyieqw.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twex.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\crypts.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\userinit.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom & Dad_2\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom & Dad\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom & Dad_2\Start Menu\Programs\Startup\ChkDisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom & Dad\Start Menu\Programs\Startup\ChkDisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom & Dad_2\Start Menu\Programs\Startup\userinit.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom & Dad\Start Menu\Programs\Startup\userinit.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom & Dad_2\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom & Dad_2\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mom & Dad\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

As of right now, everything is running fine. Still a little slower than usual. I'm able to use FireFox again without having that "Mozilla Crash Report" pop up. I was just wondering if there's anything else I should run? I scanned my computer countless times with both MBAM and SUPERAntiSpyware and it just seems like none if this is going away.

Thanks.

BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:48 AM

Posted 07 March 2009 - 05:32 PM

Hello.

You have a backdoor infeciton.

Posted ImageBackdoor Threat

IMPORTANT NOTE: Unfortunatly One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do want to continue you should do the following: We will probably need to move you to the HJT-Malware Removal forum afterwards.

Run MBAM again and this time Update It and run a Full Scan.

Next please run SmitfraudFix.

Cleaning with SmitfraudFix (#2)

You can find complete instructions for running SmitFraudFix in the link below:
http://www.bleepingcomputer.com/forums/t/17258/how-to-remove-the-smitfraud-generic-zlob-quicknavigate-virtual-maid/

SmitfraudFix Download Link
Close all open windows as a restart is required.
  • Your computer needs to be in Safe Mode before we can run this tool.
  • Double click the icon to run it.
  • Select Option 2 by typing 2 and hitting Enter.
  • The scan will progress. Answer Yes to any prompts you receive. This will include running disk cleanup and removing infected files.
  • The tool will restart your computer.
  • Upon reboot, a log file located at C:\rapport.txt will open. Copy its contents into your next reply.
Post back with:
-MBAM Full Scan log
-SmitfraudFix log


With Regards,
Extremeboy

Edited by extremeboy, 07 March 2009 - 05:33 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 daewezzy

daewezzy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 07 March 2009 - 10:46 PM

MBAM Full Scan Log:

Malwarebytes' Anti-Malware 1.33
Database version: 1825
Windows 5.1.2600 Service Pack 3

3/7/2009 6:21:57 PM
mbam-log-2009-03-07 (18-21-57).txt

Scan type: Full Scan (C:\|)
Objects scanned: 163475
Time elapsed: 51 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SmitfraudFix Log:

SmitFraudFix v2.400

Scan done at 18:50:13.95, Sat 03/07/2009
Run from
C:\Documents and Settings\Mom & Dad\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts




VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files


IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


RK


DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{103BD032-93C5-4FC2-B1B8-A3B8C2975DA5}: DhcpNameServer=68.6.16.25 68.6.16.30 68.2.16.30
HKLM\SYSTEM\CS1\Services\Tcpip\..\{103BD032-93C5-4FC2-B1B8-A3B8C2975DA5}: DhcpNameServer=68.6.16.25 68.6.16.30 68.2.16.30
HKLM\SYSTEM\CS3\Services\Tcpip\..\{103BD032-93C5-4FC2-B1B8-A3B8C2975DA5}: DhcpNameServer=68.6.16.25 68.6.16.30 68.2.16.30
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.6.16.25 68.6.16.30 68.2.16.30
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.6.16.25 68.6.16.30 68.2.16.30
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.6.16.25 68.6.16.30 68.2.16.30


Deleting Temp Files

I don't know if I did the SmitfraudFix scan correctly. I ran it while in Safe mode, but after a while my screen just turns black and it says stuff on the top about Safe mode and stuff.

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:48 AM

Posted 08 March 2009 - 10:59 AM

Hello.

I don't know if I did the SmitfraudFix scan correctly. I ran it while in Safe mode, but after a while my screen just turns black and it says stuff on the top about Safe mode and stuff.

Yes, that's fine. It's normal.

How's your computer running now? Let's run SAS now.

Download and Run SUPERAntiSpyware
We will run a scan with SuperAntiSpyware.
  • Download SUPERAntiSpyware to your desktop.
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation. Delete the installer after use.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates".
    If you encounter any problems while downloading the updates, manually download and unzip them from here.
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under Scan for Harmful Software, click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive (or whatever drive your system is installed on).
  • On the right, under Complete Scan, choose Perform Complete Scan.
  • Click Next to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
  • Make sure everything has a checkmark next to it and click Next.
  • A notification will appear saying that "Quarantine and Removal is Complete". Click OK and then click the Finish button to return to the main menu.
  • If asked if you want to reboot, click Yes.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Post back with:
-SAS log
-How's your computer running now?


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 daewezzy

daewezzy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 08 March 2009 - 03:10 PM

SAS Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/08/2009 at 11:58 AM

Application Version : 4.25.1014

Core Rules Database Version : 3788
Trace Rules Database Version: 1745

Scan type : Complete Scan
Total Scan Time : 01:18:00

Memory items scanned : 387
Memory threats detected : 1
Registry items scanned : 5466
Registry threats detected : 30
File items scanned : 112662
File threats detected : 82

Adware.Vundo/Variant
C:\WINDOWS\SYSTEM32\RTRLTO.DLL
C:\WINDOWS\SYSTEM32\RTRLTO.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@c7.zedo[2].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@media6degrees[2].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@advertising[2].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@xml.trafficengine[2].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@shopica[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@mediabuys.yourdegree[2].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@eas.apm.emediate[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@exittracking[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@enhance[2].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@trafficmp[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@ads.imarketservices[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@adecn[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@lynxtrack[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@atdmt[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@specificclick[2].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@counter[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@doubleclick[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@html[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@5527.49660657.clickshield[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@ad.zanox[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@apmebf[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@a1.interclick[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@ad.yieldmanager[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@atwola[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@at.atwola[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@interclick[2].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@zedo[2].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@azjmp[2].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@adserver.adtechus[2].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@revsci[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@2o7[2].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@adrevolver[2].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@bluestreak[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@media.adrevolver[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@ads.nebuadserving[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@www.burstbeacon[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@tribalfusion[2].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@gadget[2].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@www.burstnet[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@questionmarket[2].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@cdn4.specificclick[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@247realmedia[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@www.shopica[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@adserve.internetgiveawaygroup[2].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@affiliates.commissionaccount[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@mediaplex[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@specificmedia[2].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@realmedia[1].txt
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\Cookies\mom & dad@ad.yieldmanager[1].txt
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\Cookies\mom & dad@overture[1].txt
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\Cookies\mom & dad@pro-market[2].txt
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\Cookies\mom & dad@toseeka[2].txt
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\Cookies\mom & dad@www.toseeka[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adecn[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@azjmp[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@c7.zedo[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@exittracking[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@imediablast[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@partner.finditquick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@sales.liveperson[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@tms.bhtraffic[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.popunderserver[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[2].txt

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\MS Juan
HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO
HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\DJZERO#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\me
HKLM\SOFTWARE\Microsoft\MS Juan\me#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\me#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\me#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\me#LBL
HKLM\SOFTWARE\Microsoft\MS Juan\me#MN
HKLM\SOFTWARE\Microsoft\MS Juan\mm
HKLM\SOFTWARE\Microsoft\MS Juan\mm#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\mm#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\mm#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\s4
HKLM\SOFTWARE\Microsoft\MS Juan\s4#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\s4#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\s4#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\se
HKLM\SOFTWARE\Microsoft\MS Juan\se#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\se#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\se#CNT
HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan
HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#LTM
HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#CDY
HKLM\SOFTWARE\Microsoft\MS Juan\TrackDJuan#CNT
HKLM\SOFTWARE\Microsoft\MS Track System
HKLM\SOFTWARE\Microsoft\MS Track System#Uid

Rogue.Component/Trace
HKU\S-1-5-21-602162358-2025429265-839522115-1003\Software\Microsoft\FIAS4051

Trojan.Unknown Origin
C:\DOCUMENTS AND SETTINGS\MOM & DAD\LOCAL SETTINGS\TEMP\BQPS08IQ.EXE
C:\DOCUMENTS AND SETTINGS\MOM & DAD\LOCAL SETTINGS\TEMP\XL7E7TE7.EXE
C:\WINDOWS\SYSTEM32\4CQCAF8P.EXE
C:\WINDOWS\Prefetch\4CQCAF8P.EXE-049A5BBC.pf

Trojan.Agent/Gen-Dropper
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\CVYBMTLZ\INSTALL[1].EXE

Trojan.Dropper/Gen-PHP
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\KH2VG9E7\LOAD[1].PHP

Rootkit.Mailer/Gen
C:\WINDOWS\SYSTEM32\DRIVERS\FFE41E0F.SYS

Adware.Vundo/Variant-129
C:\WINDOWS\SYSTEM32\PIWIHIVO.DLL

Trace.Known Threat Sources
C:\Documents and Settings\Mom & Dad\Local Settings\Temporary Internet Files\Content.IE5\W9M30LYZ\l.s.bg1z[1].gif
C:\Documents and Settings\Mom & Dad\Local Settings\Temporary Internet Files\Content.IE5\KL6BCTIJ\l.s.bg2z[1].gif
C:\Documents and Settings\Mom & Dad\Local Settings\Temporary Internet Files\Content.IE5\6WDJ32TN\shopica_logo_top[1].gif
C:\Documents and Settings\Mom & Dad\Local Settings\Temporary Internet Files\Content.IE5\4NYNA00Y\shopica_logo_bott[1].gif
C:\Documents and Settings\Mom & Dad\Local Settings\Temporary Internet Files\Content.IE5\3RMK6FI1\sp[1].gif
C:\Documents and Settings\Mom & Dad\Local Settings\Temporary Internet Files\Content.IE5\CDUBCLAB\footer_dots[1].gif

Well my computer seems to be running better, but I'm still pretty nervous about that backdoor trojan.

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:48 AM

Posted 08 March 2009 - 03:19 PM

Hello.

Well my computer seems to be running better, but I'm still pretty nervous about that backdoor trojan.

Well, I can't really do much about that but remove any infections I see. If you don't want to be nervous just backup your data and format the drive.

Please run GMER scan for me.

Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
  • After the reboot, run Gmer again and click on the Rootkit tab.[list]
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
If GMER doesn't work in Normal Mode try running it in Safe Mode

Important!:Please do not select the Show all checkbox during the scan..

note to myself (Extremeboy): Run ATFCleaner before using SAS next time....

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 philsner99

philsner99

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 14 March 2009 - 10:41 AM

Thanks for the direction, extremeboy. I had a smitfraud infection hiding deep in my system even after a thorough cleansing with numerous resources on these forums. Your efforts are greatly appreciated, even by us lurkers!

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:48 AM

Posted 19 March 2009 - 07:53 PM

You're welcome :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users