Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log File Review


  • This topic is locked This topic is locked
7 replies to this topic

#1 DILLONY

DILLONY

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 11 August 2009 - 06:00 PM

I've been attempting to get rid of a virus/malware. It was Antivirus 2009, but I don't think that I've gotten rid of it completely. Could you all review this and let me know what other steps should be taken?

Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:51:00 PM, on 8/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\smss.exe
O2 - BHO: (no name) - {00CFA62C-0EB9-40EF-914B-97B03C4E4009} - (no file)
O2 - BHO: (no name) - {0202074A-3BA3-48E3-A838-1A76A3242BBB} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {070EE040-37AC-4A16-81AB-379AB15574AB} - (no file)
O2 - BHO: (no name) - {14C809EB-643A-445C-BE31-E3E229FAB242} - (no file)
O2 - BHO: (no name) - {1CA275EE-1959-43A1-BE98-9A2C841EF2FE} - (no file)
O2 - BHO: (no name) - {2FF84772-6382-4C6A-9813-FE7BEB7A6F30} - (no file)
O2 - BHO: (no name) - {32341E7E-C319-46DE-91D0-E30BB1A3CABA} - (no file)
O2 - BHO: (no name) - {3BCF63E5-B17B-4D3B-BFB8-7823ADD2E33A} - (no file)
O2 - BHO: (no name) - {4A9E5FBD-29CB-440E-A800-AD2BF7384746} - (no file)
O2 - BHO: (no name) - {4D755F88-B95A-43CA-A3DB-81C2B2185AA1} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5EE0E171-FA26-4EFE-8307-4C3783341297} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O2 - BHO: (no name) - {613D7245-C6AA-449C-ADA8-530140405F61} - (no file)
O2 - BHO: (no name) - {6AA973CB-906C-44D3-8EF5-CF78F96BDAF0} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.135\IPSBHO.DLL
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O2 - BHO: {727d5ad2-a053-bbfb-07a4-8d7c1feb9e68} - {86e9bef1-c7d8-4a70-bfbb-350a2da5d727} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {93b54346-e85d-42a7-ba1e-fe68551351ca} - (no file)
O2 - BHO: (no name) - {9492B8C3-36F4-4CE2-B264-541137FAC953} - (no file)
O2 - BHO: (no name) - {96CB0DF9-5462-457D-8B4E-33A68D106896} - (no file)
O2 - BHO: (no name) - {9953DB4D-4578-4037-AC5D-D6E00AC5AA91} - (no file)
O2 - BHO: (no name) - {A16B137D-0A00-4824-8B6C-DD5CAAC94E62} - (no file)
O2 - BHO: (no name) - {A398187E-90C6-45F5-8CF3-7DA64E855DFC} - (no file)
O2 - BHO: (no name) - {A7A5BF2E-4DE6-4CBA-A099-C89B920DB651} - (no file)
O2 - BHO: (no name) - {A9076534-391A-4061-A6F7-078A50F638D3} - (no file)
O2 - BHO: (no name) - {AC6BA50D-9674-4A11-ADEF-9D7E0DA8DF13} - (no file)
O2 - BHO: (no name) - {AF357B1F-FAAA-4FB3-B28F-D54ACC4B390D} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O2 - BHO: (no name) - {B2D87786-4B70-46A8-A912-221261C50AD2} - (no file)
O2 - BHO: (no name) - {B4D9514E-D181-47AA-A652-0AEF1876B816} - (no file)
O2 - BHO: (no name) - {BB73DC76-044C-4333-A6A1-E0F69D5005D1} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C347247A-7D58-4C3E-A0D2-72A1DE62F582} - (no file)
O2 - BHO: (no name) - {CD0A304A-FBB3-4A1C-9B4B-9180C5E6798E} - (no file)
O2 - BHO: (no name) - {D11E8589-D0B8-4A4C-878D-6764B133302E} - (no file)
O2 - BHO: (no name) - {D2158252-569E-481E-99DD-E5EFD8C21EDC} - (no file)
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: (no name) - {D31CE647-D4B0-48C5-BB90-5659A33590A6} - (no file)
O2 - BHO: (no name) - {D5C9426D-D82D-4305-BDE8-FE6BCFD16E7D} - (no file)
O2 - BHO: (no name) - {D8A3D39C-8111-474D-988D-FC038892780A} - (no file)
O2 - BHO: (no name) - {DAE0F0B1-87A6-4F7F-A6BF-2A93031B57F3} - (no file)
O2 - BHO: (no name) - {DCF8D8CC-6127-407A-B78A-0B59EB099F02} - (no file)
O2 - BHO: (no name) - {E94702A9-D75F-43C6-90BE-A55127E78B69} - (no file)
O2 - BHO: (no name) - {EB8ED593-0A67-40CD-8D0B-66CE870F3B8B} - (no file)
O2 - BHO: (no name) - {ED369454-DBCE-4E07-8422-606086F68342} - (no file)
O2 - BHO: (no name) - {F0AD9A59-0344-4897-AB96-3B5AB2FA9EBF} - (no file)
O2 - BHO: (no name) - {FBD62B19-51E3-4822-8E62-83C87F545DC8} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.314.0\SeekmoSA.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [hosapepeja] Rundll32.exe "C:\WINDOWS\system32\nemibeba.dll",s
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [17726714] C:\Documents and Settings\All Users\Application Data\17726714\17726714.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [hosapepeja] Rundll32.exe "C:\WINDOWS\system32\nemibeba.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [hosapepeja] Rundll32.exe "C:\WINDOWS\system32\nemibeba.dll",s (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: printkey.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - 
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156110994343
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O20 - AppInit_DLLs: ,C:\WINDOWS\system32\welotuno.dll,C:\WINDOWS\system32\ribalofe.dll wylzwg.dll ciiloe.dll uqyxbg.dll rdqbql.dll eehweh.dll
O20 - Winlogon Notify: geButtTm - geButtTm.dll (file missing)
O20 - Winlogon Notify: pmnnkLbA - C:\WINDOWS\
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10186 bytes


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:27 AM

Posted 11 August 2009 - 07:52 PM

Hello DILLONY,
  • Welcome to Bleeping Computer.
  • Sorry for delayed response. Forums have been really busy.
  • My name is fireman4it or fireman and I will be helping you with your Malware problem.
  • As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts.
Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions after it is approved.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 DILLONY

DILLONY
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 12 August 2009 - 01:21 PM

Ok, thank you.

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:27 AM

Posted 12 August 2009 - 03:37 PM

Hello Dillony,

1.
We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy
2.
Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

3.
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

4.
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

* When done, DDS will open two (2) logs:

1. DDS.txt
2. Attach.txt

Save both reports to your desktop post the contents of the DDS.txt log. Save the other report incase I need to look at it later.


Things to include in your next reply:
Combofix.txt
Gmer log
DDS.txt
Attach.txt
How is your computer running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 DILLONY

DILLONY
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 13 August 2009 - 03:09 PM

Here are the requested files.

I can run in SafeMode, however in Normal mode, I get the blue screen of death.

Thanks.

ComboFix 09-08-10.06 - Compaq_Owner 08/13/2009 14:36.1.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.277 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Compaq_Owner\Application Data\Install.dat
c:\windows\system32\bccbayxx.ini
c:\windows\system32\bikyptmu.ini
c:\windows\system32\drivers\str.sys
c:\windows\system32\lSuDNqss.ini
c:\windows\system32\mclidiww.ini
c:\windows\system32\onqnirtd.ini
c:\windows\system32\tBIlonpo.ini
c:\windows\system32\UtvuCcdd.ini
c:\windows\system32\vsfocebivkphpw.dat
c:\windows\system32\vsfocevdyvbnri.dat
c:\windows\system32\XaKUBcfe.ini
c:\windows\wiaserviv.log
C:\xcrashdump.dat
D:\Autorun.inf


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_vsfocefighdkln
-------\Service_vsfocefighdkln


((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.

2009-08-13 19:16 . 2009-08-13 19:16 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\ICS
2009-08-13 04:48 . 2009-08-13 04:48 3942047 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-11 23:38 . 2009-08-13 03:23 46640 ----a-w- c:\windows\system32\msln.exe
2009-08-11 22:27 . 2009-08-11 22:27 34816 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\Quarantine\AP8E655F17.dll
2009-08-11 22:25 . 2009-08-11 22:25 56485 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\Quarantine\AP1755F670.exe
2009-08-11 22:23 . 2009-08-11 22:23 80896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\Quarantine\AP4EE5349C.sys
2009-08-11 22:08 . 2009-08-11 22:08 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Symantec
2009-08-11 21:50 . 2009-08-11 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-08-11 21:49 . 2009-08-11 21:49 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Downloaded Installations
2009-08-11 21:49 . 2009-08-11 21:48 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-08-11 21:49 . 2009-08-11 21:55 -------- d-----w- c:\windows\LastGood.Tmp
2009-08-11 21:47 . 2009-08-11 21:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-08-11 21:34 . 2009-08-11 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-08-11 20:34 . 2009-08-11 21:50 674234368 --sha-w- C:\NRTPage.sys
2009-08-07 11:28 . 2009-08-11 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\18707344
2009-08-06 15:22 . 2009-08-06 15:22 76544 ----a-w- c:\windows\system32\drivers\wfoqsv.sys
2009-07-30 16:58 . 2008-11-27 23:47 -------- d---a-w- c:\windows\system32\images
2009-07-28 15:52 . 2009-07-28 15:52 1914000 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-07-28 15:51 . 2009-07-28 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-28 15:51 . 2009-07-28 15:51 -------- d-----w- c:\program files\NOS
2009-07-27 23:31 . 2009-07-31 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\17726714
2009-07-24 19:44 . 2009-07-24 19:44 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\WMTools Downloaded Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 19:28 . 2006-05-25 06:14 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-13 07:42 . 2008-05-29 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-13 07:42 . 2009-01-26 18:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-13 04:10 . 2008-05-29 18:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-11 21:47 . 2006-05-25 06:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-11 21:44 . 2008-12-29 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-11 21:35 . 2006-08-20 22:07 -------- d-----w- c:\program files\Trend Micro
2009-08-07 15:16 . 2008-12-30 01:08 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-08-03 18:36 . 2009-01-26 18:59 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 18:36 . 2009-01-26 18:59 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-31 14:42 . 2009-05-27 15:25 -------- d-----w- c:\program files\HP Games
2009-06-17 14:46 . 2009-06-17 14:46 -------- d-----w- c:\program files\Microsoft
2009-06-17 14:43 . 2009-06-17 14:44 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-17 14:43 . 2006-05-25 05:22 -------- d-----w- c:\program files\Java
2009-06-17 14:42 . 2009-06-17 14:42 152576 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2008-12-20 20:22 . 2008-12-20 20:22 13173 ----a-w- c:\program files\Common Files\aranejim.bin
2008-12-20 20:22 . 2008-12-20 20:22 10372 ----a-w- c:\program files\Common Files\hozyx.dat
2008-11-15 17:28 . 2008-11-15 17:28 10677 ----a-w- c:\program files\Common Files\oquqaxagu.bin
2008-11-15 16:37 . 2008-11-15 16:37 12300 ----a-w- c:\program files\Common Files\onyluh.sys
2008-11-15 16:37 . 2008-11-15 16:37 10733 ----a-w- c:\program files\Common Files\bovekifez.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"<NO NAME>"="c:\program files\Internet Explorer\iexplore.exe" [2008-08-23 635848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-09-13 185632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-11-12 995328]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-03-08 16010240]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-25 27136]

c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
printkey.exe [2004-5-20 589824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprecovr \SystemRoot\sprecovr.txt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"SeaPort"=2 (0x2)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"N360"=2 (0x2)
"MDM"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"getPlus® Helper"=3 (0x3)
"EraserSvc10910"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"\\\\Office\\C\\storage\\ONLINE\\BTZip.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"=
"c:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 0 (0x0)

S2 0204331250026702mcinstcleanup;McAfee Application Installer Cleanup (0204331250026702);c:\docume~1\COMPAQ~1\LOCALS~1\Temp\020433~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\COMPAQ~1\LOCALS~1\Temp\020433~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 AntipPro2009_12;AntipyPro_12;c:\windows\svchast.exe --> c:\windows\svchast.exe [?]
S2 mdkwjgt;mdkwjgt;c:\windows\system32\drivers\wfoqsv.sys [8/6/2009 10:22 AM 76544]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [7/28/2009 10:51 AM 66056]
.
Contents of the 'Scheduled Tasks' folder

2009-08-11 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 17:20]
.
- - - - ORPHANS REMOVED - - - -

BHO-{00CFA62C-0EB9-40EF-914B-97B03C4E4009} - (no file)
BHO-{0202074A-3BA3-48E3-A838-1A76A3242BBB} - (no file)
BHO-{070EE040-37AC-4A16-81AB-379AB15574AB} - (no file)
BHO-{14C809EB-643A-445C-BE31-E3E229FAB242} - (no file)
BHO-{1CA275EE-1959-43A1-BE98-9A2C841EF2FE} - (no file)
BHO-{2FF84772-6382-4C6A-9813-FE7BEB7A6F30} - (no file)
BHO-{3BCF63E5-B17B-4D3B-BFB8-7823ADD2E33A} - (no file)
BHO-{4A9E5FBD-29CB-440E-A800-AD2BF7384746} - (no file)
BHO-{4D755F88-B95A-43CA-A3DB-81C2B2185AA1} - (no file)
BHO-{5EE0E171-FA26-4EFE-8307-4C3783341297} - (no file)
BHO-{613D7245-C6AA-449C-ADA8-530140405F61} - (no file)
BHO-{6AA973CB-906C-44D3-8EF5-CF78F96BDAF0} - (no file)
BHO-{86e9bef1-c7d8-4a70-bfbb-350a2da5d727} - (no file)
BHO-{93b54346-e85d-42a7-ba1e-fe68551351ca} - (no file)
BHO-{9492B8C3-36F4-4CE2-B264-541137FAC953} - (no file)
BHO-{96CB0DF9-5462-457D-8B4E-33A68D106896} - (no file)
BHO-{9953DB4D-4578-4037-AC5D-D6E00AC5AA91} - (no file)
BHO-{A16B137D-0A00-4824-8B6C-DD5CAAC94E62} - (no file)
BHO-{A398187E-90C6-45F5-8CF3-7DA64E855DFC} - (no file)
BHO-{A7A5BF2E-4DE6-4CBA-A099-C89B920DB651} - (no file)
BHO-{A9076534-391A-4061-A6F7-078A50F638D3} - (no file)
BHO-{AC6BA50D-9674-4A11-ADEF-9D7E0DA8DF13} - (no file)
BHO-{AF357B1F-FAAA-4FB3-B28F-D54ACC4B390D} - (no file)
BHO-{B2D87786-4B70-46A8-A912-221261C50AD2} - (no file)
BHO-{B4D9514E-D181-47AA-A652-0AEF1876B816} - (no file)
BHO-{BB73DC76-044C-4333-A6A1-E0F69D5005D1} - (no file)
BHO-{C347247A-7D58-4C3E-A0D2-72A1DE62F582} - (no file)
BHO-{CD0A304A-FBB3-4A1C-9B4B-9180C5E6798E} - (no file)
BHO-{D11E8589-D0B8-4A4C-878D-6764B133302E} - (no file)
BHO-{D2158252-569E-481E-99DD-E5EFD8C21EDC} - (no file)
BHO-{D31CE647-D4B0-48C5-BB90-5659A33590A6} - (no file)
BHO-{D5C9426D-D82D-4305-BDE8-FE6BCFD16E7D} - (no file)
BHO-{D8A3D39C-8111-474D-988D-FC038892780A} - (no file)
BHO-{DAE0F0B1-87A6-4F7F-A6BF-2A93031B57F3} - (no file)
BHO-{DCF8D8CC-6127-407A-B78A-0B59EB099F02} - (no file)
BHO-{E94702A9-D75F-43C6-90BE-A55127E78B69} - (no file)
BHO-{EB8ED593-0A67-40CD-8D0B-66CE870F3B8B} - (no file)
BHO-{ED369454-DBCE-4E07-8422-606086F68342} - (no file)
BHO-{F0AD9A59-0344-4897-AB96-3B5AB2FA9EBF} - (no file)
BHO-{FBD62B19-51E3-4822-8E62-83C87F545DC8} - (no file)
Notify-geButtTm - geButtTm.dll
Notify-pmnnkLbA - (no file)


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
IE: &Windows Live Search
IE: E&xport to Microsoft Excel
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 14:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-08-13 14:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-13 19:51

Pre-Run: 98,781,741,056 bytes free
Post-Run: 98,732,417,024 bytes free

212 --- E O F --- 2008-11-16 09:01

Attached Files


Edited by PropagandaPanda, 13 August 2009 - 05:52 PM.


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:27 AM

Posted 13 August 2009 - 06:11 PM

Hello Dillony,

1.
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Norton or Mcafee.

2.
We need to run a CFScript.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Driver::
AntipPro2009_12

File::
c:\windows\svchast.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
[-HKEY_CLASSES_ROOT\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\InProcServer32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[-HKEY_CLASSES_ROOT\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InProcServer32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
[-HKEY_CLASSES_ROOT\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\InProcServer32]

DirLook::
c:\documents and settings\All Users\Application Data\17726714


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

3.
Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

c:\windows\system32\drivers\wfoqsv.sys

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

4.
Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

5.
Do you have a WindowsXP installation disk or did you machine come with a installation disk?

Things to include in your next reply:
Combofix.txt
JOtti results
Mbam log
DDS log
Do you have a XP disk or installation disk?
Are you still getting Blue screen of Death in Normal mode? If so could you please copy down what error it gives you on the screen.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:27 AM

Posted 16 August 2009 - 10:21 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.

Thanks for understanding :thumbup2:

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:27 AM

Posted 18 August 2009 - 06:21 PM

Hello.

There had been no reply from the topic starter in 5 days. Due to inactivity, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users