Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

!!!!!!!OMG Welchia virus!!!!!!!


  • This topic is locked This topic is locked
9 replies to this topic

#1 fordsucks7

fordsucks7

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:spokane
  • Local time:01:22 PM

Posted 26 September 2010 - 02:13 AM

omg well all make this quick as i can about 2 days ago i noticed that my computer was so slow and even slower then it was like taking 6 or so minutes to log on and 10 minutes to log off and it would shut down well i went to my system 32 folder and there was a wins folder ohmy.gif and there is alot of weird processes running all of a sudden. heres the hijack this i no my computer is f'ed up im not doing a clean install i am in school and cant afford it so dont even think a bout posting "do a clean install killcomp.gif deadhorse.gif



Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesBitDefenderBitDefender Update Servicelivesrv.exe
C:Program FilesBitDefenderBitDefender 2009vsserv.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32UAService7.exe
C:Program FileskX Audio Driver3550kxmixer.exe
C:Program FilesBitDefenderBitDefender 2009bdagent.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSSystem32alg.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32dllhost.exe
C:WINDOWSsystem32msdtc.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesMozilla Firefoxplugin-container.exe
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:Program FilesOrbitdownloaderGrabPro.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:Program FilesBitDefenderBitDefender 2009IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O4 - HKLM..Run: [BitDefender Antiphishing Helper] "C:Program FilesBitDefenderBitDefender 2009IEShow.exe"
O4 - HKLM..Run: [kX Mixer] C:Program FileskX Audio Driver3550kxmixer.exe --startup
O4 - HKLM..Run: [BDAgent] "C:Program FilesBitDefenderBitDefender 2009bdagent.exe"
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O8 - Extra context menu item: &Download by Orbit - res://C:Program FilesOrbitdownloaderorbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:Program FilesOrbitdownloaderorbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:Program FilesOrbitdownloaderorbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:Program FilesOrbitdownloaderorbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:Program FilesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Open Link Target in Firefox - file://C:Documents and SettingsAdminApplication DataMozillaFirefoxProfilespu8ucftj.defaultextensions{5D558C43-550F-4b12-84AB-0D8ABDA9F975}firefoxviewlink.html
O8 - Extra context menu item: View This Page in Firefox - file://C:Documents and SettingsAdminApplication DataMozillaFirefoxProfilespu8ucftj.defaultextensions{5D558C43-550F-4b12-84AB-0D8ABDA9F975}firefoxviewpage.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:Program FilesCommon FilesBitDefenderBitDefender Arrakis ServerbinArrakis3.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:Program FilesCommon FilesBitDefenderBitDefender Update Servicelivesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:WINDOWSsystem32UAService7.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:Program FilesBitDefenderBitDefender 2009vsserv.exe

--
End of file - 5875 bytes

Okay all just get to the point about 4 days ago i really noticed it i couldn't logon or turn it off so i went to safe mode well i had malware bytes scan and protection bitdefender and spyware docter monitoring with security task manager after only finding two virus which is blsht but it was odd cause they were dll's that i had to have and then svchost went to a diff control and went up on security risk so i logged off and kept trying to get back on eventually i did but only to find out that my bitdefender was patched and now someone elses server. then nearly all the programs were saying being monitored and sending mopar to port 0 "mopar my name" then i was like what the hell so i went to services and there was a new a couple new one in the services and they were owned by LAWNMANserver and lawnmanworkstation but by that time all of my programs were out of my control i also noticed that under most of the logs under the description in security task manager they were saying "hook" or "heur" and bitdefender said was changer and with bitdefender you can nearly do anything on the computer!
Ive took screen's off a lot of weird process if you want too see just reply

This has been going on for over a week and ive been taking things in to my own hands ive ran all the regular programs like spybot,superantispyware,malwarebytes and a few other and i no that im infected very very.... badly this has been a on and off game about 3 months ago i had to reinstall everything including combofix. help is needed here's dds and gmer


DDS (Ver_09-09-29.01) - NTFSx86 NETWORK
Run by Admin at 23:41:45.59 on Mon 09/27/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.732 [GMT -7:00]

AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Admin\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
mWinlogon: SFCDisable=-99 (0xffffff9d)
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [kX Mixer] c:\program files\kx audio driver\3550\kxmixer.exe --startup
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [combofix] "c:\combofix\cf11320.cfxxe" /c "c:\combofix\C.bat"
mRunOnce: [combofix] "c:\combofix\cf11320.cfxxe" /c "c:\combofix\C.bat"
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Open Link Target in Firefox - file://c:\documents and settings\admin\application data\mozilla\firefox\profiles\pu8ucftj.default\extensions\{5d558c43-550f-4b12-84ab-0d8abda9f975}\firefoxviewlink.html
IE: View This Page in Firefox - file://c:\documents and settings\admin\application data\mozilla\firefox\profiles\pu8ucftj.default\extensions\{5d558c43-550f-4b12-84ab-0d8abda9f975}\firefoxviewpage.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\pu8ucftj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\admin\application data\mozilla\firefox\profiles\pu8ucftj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

S0 glwsk;glwsk;c:\windows\system32\drivers\saycpi.sys --> c:\windows\system32\drivers\saycpi.sys [?]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S2 Ias;Network Security;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-9-26 304464]
S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver;c:\windows\system32\drivers\a016mdm.sys --> c:\windows\system32\drivers\a016mdm.sys [?]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2008-7-17 118784]
S3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\drivers\atmfbus.sys --> c:\windows\system32\drivers\ATMFBUS.sys [?]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112]
S3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [2009-9-17 607496]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-9-26 20952]
S3 Partizan;Partizan;c:\windows\system32\drivers\partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-1 34384]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [2008-1-10 165248]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [2008-1-10 142976]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-2 135664]
S4 hpdj00;hpdj00;c:\docume~1\admin\locals~1\temp\hpdj00.exe -servicerunning=true -uninstall=hp officejet 5600 series -product=aio --> c:\docume~1\admin\locals~1\temp\hpdj00.exe -servicerunning=true -uninstall=HP Officejet 5600 series -product=aio [?]

=============== Created Last 30 ================

2010-09-27 20:52 <DIR> --d----- C:\ComboFix
2010-09-27 16:43 162,304 a------- c:\windows\system32\ztvunrar36.dll
2010-09-27 16:43 153,088 a------- c:\windows\system32\unrar3.dll
2010-09-27 16:43 77,312 a------- c:\windows\system32\ztvunace26.dll
2010-09-27 16:43 75,264 a------- c:\windows\system32\unacev2.dll
2010-09-27 16:43 69,632 a------- c:\windows\system32\ztvcabinet.dll
2010-09-27 16:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Simply Super Software
2010-09-27 16:43 <DIR> --d----- c:\docume~1\admin\applic~1\Simply Super Software
2010-09-27 16:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-09-27 16:00 <DIR> --d----- c:\docume~1\admin\applic~1\SUPERAntiSpyware.com
2010-09-27 16:00 <DIR> --d----- c:\program files\SUPERAntiSpyware
2010-09-26 23:58 <DIR> --d----- c:\program files\Atari
2010-09-26 18:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-26 18:54 20,952 a------- c:\windows\system32\drivers\mbam.sys
2010-09-26 12:43 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2010-09-26 12:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-09-25 23:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan
2010-09-25 23:46 <DIR> --d----- c:\program files\Security Task Manager
2010-09-25 11:34 <DIR> --d-hr-- c:\docume~1\alluse~1\applic~1\SecuROM
2010-09-23 23:24 139,264 a------- c:\windows\system32\eax.dll
2010-09-22 12:53 <DIR> --d----- c:\program files\SystemRequirementsLab
2010-09-22 12:03 <DIR> --d----- c:\program files\PowerISO
2010-09-15 22:33 <DIR> --d----- c:\docume~1\admin\applic~1\SanDisk
2010-09-15 22:04 <DIR> --d----- c:\windows\system32\NtmsData
2010-09-03 14:33 <DIR> --d----- c:\program files\Speccy
2010-08-30 21:31 8,192 a------- c:\windows\d3dx.dat
2010-08-29 10:49 4,122,368 a----r-- c:\windows\system32\drivers\alcxwdm.sys
2010-08-29 10:49 147,456 a------- c:\windows\system32\RtlCPAPI.dll
2010-08-29 10:49 577,536 a------- c:\windows\soundman.exe
2010-08-29 10:49 49,152 a------- c:\windows\system32\ChCfg.exe
2010-08-29 10:49 10,528,768 a------- c:\windows\system32\RTLCPL.exe
2010-08-29 10:49 141,016 a------- c:\windows\system32\alsndmgr.wav
2010-08-29 10:49 18,804,736 a------- c:\windows\system32\alsndmgr.cpl
2010-08-29 10:45 <DIR> --d----- c:\program files\Realtek AC97
2010-08-29 10:45 315,392 a------- c:\windows\alcupd.exe
2010-08-29 10:45 217,088 a------- c:\windows\alcrmv.exe

==================== Find3M ====================

2010-07-29 23:30 720,896 a------- c:\windows\iun6002ev.exe
2010-07-29 23:03 98,304 a------- c:\windows\system32\CmdLineExt.dll
2010-07-17 05:00 423,656 a------- c:\windows\system32\deployJava1.dll
2010-07-14 01:00 108,032 a------- c:\windows\system32\ff_vfw.dll
2010-07-06 16:23 23,348 a------- c:\windows\system32\emptyregdb.dat
2010-06-28 23:04 2 a--shrot c:\windows\winstart.bat
2008-10-16 11:46 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101620081017\index.dat

============= FINISH: 23:43:25.59 ===============




GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-28 19:34:33
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\kxtdypow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenProcess [0xBA41FC90]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenThread [0xBA41FD7E]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwTerminateProcess [0xBA41FBF4]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwTerminateThread [0xBA41FEC4]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xED2B9360, 0x37388D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[352] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E7000A
.text C:\WINDOWS\Explorer.EXE[352] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E8000A
.text C:\WINDOWS\Explorer.EXE[352] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E6000C
.text C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007F000A
.text C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00FE000A
.text C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 007E000C
.text C:\WINDOWS\System32\svchost.exe[1196] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0078000A
.text C:\WINDOWS\System32\svchost.exe[1196] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 019F000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x12 0x23 0x91 0x36 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xB2 0x7E 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE9 0x7C 0x2F 0x73 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0x39 0x98 0xD9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x8C 0x3B 0x7E 0x18 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB4 0xE7 0x33 0x37 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xE1 0x07 0x6B 0xCA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x93 0x47 0x19 0x26 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0xB0 0x09 0xFA 0xCC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xB2 0x7E 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE9 0x7C 0x2F 0x73 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0x39 0x98 0xD9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x8C 0x3B 0x7E 0x18 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB4 0xE7 0x33 0x37 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xE1 0x07 0x6B 0xCA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x93 0x47 0x19 0x26 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0xB0 0x09 0xFA 0xCC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xB2 0x7E 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE9 0x7C 0x2F 0x73 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x12 0x23 0x91 0x36 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xB2 0x7E 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE9 0x7C 0x2F 0x73 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@NoPopUpsOnBoot 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CD82FE4F-4E7D-A444-744C-27D302B24583}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CD82FE4F-4E7D-A444-744C-27D302B24583}@oaplplmjkilbbnioahbpdjimdlbjon 0x69 0x61 0x6C 0x6D ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CD82FE4F-4E7D-A444-744C-27D302B24583}@najmbopeoaihnnbdahlmneglfjda 0x69 0x61 0x6C 0x6D ...

---- EOF - GMER 1.0.15 ----


EDIT: Topics and posts merged ~BP

Edited by Budapest, 29 September 2010 - 12:30 AM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:22 PM

Posted 30 September 2010 - 07:10 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 fordsucks7

fordsucks7
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:spokane
  • Local time:01:22 PM

Posted 01 October 2010 - 04:49 PM

yes im here hi im really lost now though cause my brother is a computer tech and was helping me problems seem to be okay but i havent pluged the internet in cause im still terrified to connect or updat anything. What ever virus and rootkits i had were horrible i would love if you can look at a recent log if i post them? thank you

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:22 PM

Posted 01 October 2010 - 05:29 PM

Sure. Please run these two scanners
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
And

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Posted Image
m0le is a proud member of UNITE

#5 fordsucks7

fordsucks7
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:spokane
  • Local time:01:22 PM

Posted 01 October 2010 - 07:50 PM

sorry for taking so long but here they are

Attached Files



#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:22 PM

Posted 01 October 2010 - 08:04 PM

The log looks good.

I would connect to the internet now and test it. Not everything that is malware shows up and often symptoms are the only thing that alerts us to their presence.
Posted Image
m0le is a proud member of UNITE

#7 fordsucks7

fordsucks7
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:spokane
  • Local time:01:22 PM

Posted 01 October 2010 - 08:15 PM

all try and tell you the results
thank you

#8 fordsucks7

fordsucks7
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:spokane
  • Local time:01:22 PM

Posted 01 October 2010 - 08:19 PM

thank you m0le internet works great and best of all its not redirecting anymore glad to have you as my helper thumbup.gif

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:22 PM

Posted 01 October 2010 - 08:43 PM

No problem. thumbup2.gif

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Posted Image
m0le is a proud member of UNITE

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:22 PM

Posted 05 October 2010 - 07:45 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. smile.gif

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.

Edited by m0le, 05 October 2010 - 07:45 PM.

Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users