Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue screens of death - rootkit?


  • This topic is locked This topic is locked
8 replies to this topic

#1 Noraa1

Noraa1

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 01 February 2012 - 01:34 AM

Hi,
Recently I've had three blue screens of deaths in the period of a week. When I reboot the computer, I am asked to send an error report to Microsoft about the crash. I do so and am told (two out of three of the blue screens) that the crash was caused by a driver called spooldr.sys. It also told me I should do a scan for viruses and trojans, which I did, to no avail.
I performed a search of my computer for "spooldr.sys" using search companion with the options "Search system folders" and "Search hidden files and folders" ticked,but it came up empty handed.
After the other BSOD, Microsoft (after sending an error report) said it could not pin point the issue.
BSOD Stop code: 0x0000000C5 (0x00083D60, 0x00000002, 0x00000000, 0x8054BF8F)
(I'm unsure of the "B" in the stop code above, I had taken a photo of the BSOD, but the end was a bit blurry).

I performed a check disk, the only part that required fixing was the following:
Cleaning up minor inconsistencies on the drive.
Cleaning up 1057 unused index entries from index $SII of file 0x9.
Cleaning up 1057 unused index entries from index $SDH of file 0x9.
Cleaning up 1057 unused security descriptors.
Everything else was verified.

In the months leading up to all this, I also experienced strange behaviour from my computer. I had an issue where the internet slowed down so much that if I tried to use RDP to connect to another computer, I might have more than a minute of lag or the sessions would just become disconnected. Other computers, connect to the internet via the same router did not experience this. I finally resolved the issue by opening up a command prompt and running "netsh winsock reset". This fixed it for a couple of weeks, and then the internet started to slow down again, so I did the "netsh winsock reset" command again.

August last year I did a scan with Malware Bytes and if found the following:
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn (PUM.Hijack.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

September last year I did a scan with SAS and it found and cleaned Trojan.Agent/Gen-Koobface[Bonkers].

If I do a scan with either Malware Bytes or SAS now it comes up clean.

Here is my DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by aaron at 16:01:00 on 2012-01-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.369 [GMT 11:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Panasonic\Panasonic-DMS\RPT Network Printer Port\Msgsrv.exe
C:\Program Files\Citrix\ICA Client\redirector.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Documents and Settings\aaron\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\aaron\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Windows Internet Explorer provided by iPAC Solutions
uStart Page = hxxp://www.google.com.au/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CtxIEInterceptorBHO Class: {2c4631ff-5cc8-4ebc-a0df-34c92291759e} - c:\program files\citrix\ica client\IEInterceptor.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [Akamai NetSession Interface] "c:\documents and settings\aaron\local settings\application data\akamai\netsession_win.exe"
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RPT Msgsrv] "c:\program files\panasonic\panasonic-dms\rpt network printer port\Msgsrv.exe" /NRPT Network Printer /S
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\redirector.exe" /startup
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [IERESETATTRIB] %SystemRoot%\system32\cmd.exe /d /q /c %SystemRoot%\system32\ieudinit.exe -ResetFileAttributes
mRunOnce: [Installing-ie8] c:\docume~1\aaron\locals~1\temp\IE8-WindowsXP-x86-ENU.exe /passive
mRunOnce: [NoIE4StubProcessing] c:\windows\system32\reg.exe delete "hklm\software\microsoft\active setup\Installed Components" /v "NoIE4StubProcessing" /f
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\aaron\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
uPolicies-explorer: NoMovingBands = 1 (0x1)
uPolicies-explorer: PromptRunasInstallNetPath = 1 (0x1)
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
uPolicies-explorer: DisableLocalMachineRunOnce = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
Trusted Zone: caltrack.net\online
Trusted Zone: gpk.net.au\connect
Trusted Zone: microsoft.com\*.update
Trusted Zone: p4desktop-aaron
Trusted Zone: services.net.au\apps3
Trusted Zone: windowsupdate.com\download
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://192.168.1.252:4343/officescan/console/ClientInstall/WinNTChk.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {0A77F16C-2B1B-4133-BA25-3572133147F5} - hxxp://configurator.apcc.com/products/powerstruxure/configurator/webtest/APCACC.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4571C6A3-CB9E-11D0-BDE2-0000F4B02CED} - hxxp://configurator.apcc.com/products/powerstruxure/configurator/shared/cabs/attarxinf.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6022B0FE-B1BD-4306-9A21-E5C8171DDB3E} - hxxp://edgesight1/edgesight/app/smgr/remote/downloads/CSMCore.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7E0FDFBB-87D4-43A1-9AD4-41F0EA8AFF7B} - hxxps://online.caltrack.net/net6helper.cab
DPF: {8818CF4D-2190-49C3-B7EB-B9F2AE198CB1} - hxxp://gpk.net.au/VNC/WebVNC/download/cab/serverx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} - hxxp://iso9000.caltrack.net/TSWeb/msrdp.cab
DPF: {9BBB3919-F518-4D06-8209-299FC243FC2A} - hxxps://ad1.services.net.au:4343/SMB/console/html/root/AtxEnc.cab
DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} - hxxps://192.168.1.252:4343/SMB/console/html/root/AtxEnc.cab
DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBED3C} - hxxps://ad1.services.net.au:4343/SMB/console/html/root/AtxConsole.cab
DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBED40} - hxxps://192.168.1.252:4343/SMB/console/html/root/AtxConsole.cab
DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} - hxxp://mail.lycos.com/hanmail-ax/AttachMail.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - hxxp://www.live365.com/players/play365.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://trendmicro.webex.com/client/T26L/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.3.254
TCP: Interfaces\{785AEA4D-FC17-463E-86ED-8C08B20F1FA4} : DhcpNameServer = 192.168.1.201
TCP: Interfaces\{AE4C9063-2849-417F-AA18-C7CF42A80430} : DhcpNameServer = 192.168.3.254
TCP: Interfaces\{AE9479B3-8EFA-408E-8129-AA2509692B7C} : DhcpNameServer = 192.168.1.201
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: c:\progra~1\citrix\icacli~1\RSHook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 192.168.1.202 mail1.services.net.au
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2011-6-29 66776]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-5-14 94360]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 arusb(TP-LINK);Wireless Network Adapter Service(TP-LINK);c:\windows\system32\drivers\arusb.sys [2008-10-22 598528]
S3 bsusbser;Basecom USB Device for Legacy Serial Communication;c:\windows\system32\drivers\bsusbser.sys [2009-11-3 99456]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys --> c:\windows\system32\drivers\net6im51.sys [?]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2010-10-22 25088]
.
=============== Created Last 30 ================
.
2012-01-24 04:50:53 0 ----a-w- c:\documents and settings\aaron\ntuser.tmp
2012-01-24 01:05:56 -------- dc-h--w- c:\windows\ie8
2012-01-23 22:00:47 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{bf4021e7-d9eb-4a7b-97c5-2fff22e9c60d}\offreg.dll
2012-01-23 21:51:43 6557240 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{bf4021e7-d9eb-4a7b-97c5-2fff22e9c60d}\mpengine.dll
2012-01-11 05:26:16 -------- d-----w- c:\documents and settings\all users\application data\Citrix
2012-01-11 05:24:31 -------- d-----w- c:\program files\common files\Citrix
2012-01-03 13:10:44 182672 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-12-10 04:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-15 03:29:56 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-13 21:42:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-11-01 05:53:29 60 ----a-w- c:\windows\wpd99.drv
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
.
============= FINISH: 16:03:51.34 ===============

Thanks in advance.

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:55 AM

Posted 04 February 2012 - 05:38 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Noraa1

Noraa1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 05 February 2012 - 04:54 PM

Hi m0le,
Thanks for agreeing to help.
Cheers,
Noraa1

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:55 AM

Posted 05 February 2012 - 07:41 PM

There appears to be no rootkit here but let's run a few scans and see

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


Then


Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 Noraa1

Noraa1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 06 February 2012 - 03:37 AM

Hi m0le.
The TDSSKiller scan turneup clean. Here is the log:
12:40:31.0682 2168 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
12:40:31.0729 2168 ============================================================
12:40:31.0744 2168 Current date / time: 2012/02/06 12:40:31.0729
12:40:31.0744 2168 SystemInfo:
12:40:31.0744 2168
12:40:31.0744 2168 OS Version: 5.1.2600 ServicePack: 3.0
12:40:31.0744 2168 Product type: Workstation
12:40:31.0744 2168 ComputerName: P4DESKTOP-AARON
12:40:31.0744 2168 UserName: aaron
12:40:31.0744 2168 Windows directory: C:\WINDOWS
12:40:31.0744 2168 System windows directory: C:\WINDOWS
12:40:31.0744 2168 Processor architecture: Intel x86
12:40:31.0744 2168 Number of processors: 1
12:40:31.0744 2168 Page size: 0x1000
12:40:31.0744 2168 Boot type: Normal boot
12:40:31.0744 2168 ============================================================
12:40:35.0526 2168 Drive \Device\Harddisk0\DR0 - Size: 0x1BF286DE00 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:40:35.0557 2168 \Device\Harddisk0\DR0:
12:40:35.0557 2168 MBR used
12:40:35.0557 2168 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF8F8C1
12:40:35.0635 2168 Initialize success
12:40:35.0635 2168 ============================================================
13:02:26.0463 0740 ============================================================
13:02:26.0463 0740 Scan started
13:02:26.0463 0740 Mode: Manual;
13:02:26.0463 0740 ============================================================
13:02:27.0026 0740 Abiosdsk - ok
13:02:27.0104 0740 abp480n5 - ok
13:02:27.0229 0740 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:02:27.0244 0740 ACPI - ok
13:02:27.0354 0740 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:02:27.0354 0740 ACPIEC - ok
13:02:27.0479 0740 adpu160m - ok
13:02:27.0573 0740 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:02:27.0588 0740 aec - ok
13:02:27.0698 0740 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:02:27.0698 0740 AFD - ok
13:02:27.0807 0740 Aha154x - ok
13:02:27.0901 0740 aic78u2 - ok
13:02:27.0979 0740 aic78xx - ok
13:02:28.0276 0740 ALCXWDM (36223c0ff66afd94d1d73fcb8fdfe91e) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
13:02:28.0416 0740 ALCXWDM - ok
13:02:28.0510 0740 AliIde - ok
13:02:28.0604 0740 amsint - ok
13:02:29.0119 0740 arusb(TP-LINK) (a947ff19567c674c6f99369e3f1212bb) C:\WINDOWS\system32\DRIVERS\arusb.sys
13:02:29.0151 0740 arusb(TP-LINK) - ok
13:02:29.0213 0740 asc - ok
13:02:29.0307 0740 asc3350p - ok
13:02:29.0385 0740 asc3550 - ok
13:02:29.0573 0740 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:02:29.0573 0740 AsyncMac - ok
13:02:29.0635 0740 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:02:29.0635 0740 atapi - ok
13:02:29.0698 0740 Atdisk - ok
13:02:29.0791 0740 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:02:29.0807 0740 Atmarpc - ok
13:02:29.0885 0740 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:02:29.0901 0740 audstub - ok
13:02:29.0979 0740 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
13:02:29.0979 0740 BANTExt - ok
13:02:30.0104 0740 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:02:30.0104 0740 Beep - ok
13:02:30.0260 0740 bsusbser (b9daec1d8a8a65740c222419c8d808fe) C:\WINDOWS\system32\DRIVERS\bsusbser.sys
13:02:30.0276 0740 bsusbser - ok
13:02:30.0369 0740 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
13:02:30.0369 0740 BthEnum - ok
13:02:30.0432 0740 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
13:02:30.0432 0740 BTHMODEM - ok
13:02:30.0510 0740 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
13:02:30.0510 0740 BthPan - ok
13:02:30.0651 0740 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
13:02:30.0666 0740 BTHPORT - ok
13:02:30.0807 0740 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
13:02:30.0807 0740 BTHUSB - ok
13:02:30.0932 0740 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:02:30.0963 0740 cbidf2k - ok
13:02:31.0041 0740 cd20xrnt - ok
13:02:31.0432 0740 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:02:31.0432 0740 Cdaudio - ok
13:02:31.0604 0740 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:02:31.0604 0740 Cdfs - ok
13:02:31.0666 0740 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:02:31.0666 0740 Cdrom - ok
13:02:31.0713 0740 Changer - ok
13:02:31.0823 0740 CmdIde - ok
13:02:31.0979 0740 cmuda (53f4cc55f3c255439c5973e31f0adce7) C:\WINDOWS\system32\drivers\cmuda.sys
13:02:32.0026 0740 cmuda - ok
13:02:32.0104 0740 Cpqarray - ok
13:02:32.0213 0740 ctxusbm (4e08a98dba0b1249c2eb4b191978a9a4) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
13:02:32.0213 0740 ctxusbm - ok
13:02:32.0307 0740 dac2w2k - ok
13:02:32.0369 0740 dac960nt - ok
13:02:32.0448 0740 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:02:32.0448 0740 Disk - ok
13:02:32.0541 0740 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:02:32.0557 0740 dmboot - ok
13:02:32.0651 0740 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:02:32.0666 0740 dmio - ok
13:02:33.0010 0740 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:02:33.0026 0740 dmload - ok
13:02:33.0104 0740 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:02:33.0104 0740 DMusic - ok
13:02:33.0213 0740 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
13:02:33.0229 0740 DNE - ok
13:02:33.0307 0740 dpti2o - ok
13:02:33.0369 0740 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:02:33.0369 0740 drmkaud - ok
13:02:33.0432 0740 eamon (e31464ce787e3a0ffea55baa591897f0) C:\WINDOWS\system32\DRIVERS\eamon.sys
13:02:33.0448 0740 eamon - ok
13:02:33.0557 0740 ehdrv (2c95a7a87e4272c1fff9baf579677db3) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
13:02:33.0557 0740 ehdrv - ok
13:02:33.0651 0740 epfwtdir (4699a50183b792d994be657c68f18e9e) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
13:02:33.0666 0740 epfwtdir - ok
13:02:33.0776 0740 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:02:33.0776 0740 Fastfat - ok
13:02:34.0135 0740 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:02:34.0135 0740 Fdc - ok
13:02:34.0291 0740 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:02:34.0291 0740 Fips - ok
13:02:34.0369 0740 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:02:34.0369 0740 Flpydisk - ok
13:02:34.0432 0740 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:02:34.0432 0740 FltMgr - ok
13:02:34.0526 0740 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:02:34.0526 0740 Fs_Rec - ok
13:02:34.0604 0740 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:02:34.0604 0740 Ftdisk - ok
13:02:34.0698 0740 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:02:34.0698 0740 Gpc - ok
13:02:34.0791 0740 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:02:34.0791 0740 HidUsb - ok
13:02:34.0854 0740 hpn - ok
13:02:34.0948 0740 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:02:34.0963 0740 HTTP - ok
13:02:35.0088 0740 hwdatacard (07853191b1bdee5b39be4cfcfe3b9ad4) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
13:02:35.0088 0740 hwdatacard - ok
13:02:35.0166 0740 i2omgmt - ok
13:02:35.0244 0740 i2omp - ok
13:02:35.0323 0740 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:02:35.0323 0740 i8042prt - ok
13:02:35.0385 0740 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:02:35.0385 0740 Imapi - ok
13:02:35.0479 0740 incdrm (c46e8cf2bf9688d5332dd14cf42acd61) C:\WINDOWS\system32\drivers\incdrm.sys
13:02:35.0479 0740 incdrm - ok
13:02:35.0541 0740 ini910u - ok
13:02:35.0619 0740 IntelIde - ok
13:02:35.0698 0740 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:02:35.0698 0740 intelppm - ok
13:02:35.0776 0740 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:02:35.0776 0740 Ip6Fw - ok
13:02:36.0088 0740 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:02:36.0104 0740 IpFilterDriver - ok
13:02:36.0276 0740 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:02:36.0276 0740 IpInIp - ok
13:02:36.0354 0740 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:02:36.0354 0740 IpNat - ok
13:02:36.0448 0740 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:02:36.0448 0740 IPSec - ok
13:02:36.0510 0740 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:02:36.0526 0740 IRENUM - ok
13:02:36.0573 0740 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:02:36.0573 0740 isapnp - ok
13:02:36.0635 0740 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:02:36.0635 0740 Kbdclass - ok
13:02:36.0713 0740 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:02:36.0713 0740 kmixer - ok
13:02:36.0854 0740 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:02:36.0869 0740 KSecDD - ok
13:02:36.0963 0740 lbrtfdc - ok
13:02:37.0104 0740 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:02:37.0104 0740 mnmdd - ok
13:02:37.0198 0740 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:02:37.0198 0740 Modem - ok
13:02:37.0244 0740 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:02:37.0260 0740 Mouclass - ok
13:02:37.0323 0740 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:02:37.0323 0740 mouhid - ok
13:02:37.0416 0740 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:02:37.0416 0740 MountMgr - ok
13:02:37.0463 0740 mraid35x - ok
13:02:37.0557 0740 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:02:37.0557 0740 MRxDAV - ok
13:02:37.0729 0740 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:02:37.0744 0740 MRxSmb - ok
13:02:38.0088 0740 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:02:38.0104 0740 Msfs - ok
13:02:38.0198 0740 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:02:38.0291 0740 MSKSSRV - ok
13:02:38.0354 0740 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:02:38.0354 0740 MSPCLOCK - ok
13:02:38.0416 0740 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:02:38.0416 0740 MSPQM - ok
13:02:38.0494 0740 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:02:38.0494 0740 mssmbios - ok
13:02:38.0573 0740 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:02:38.0573 0740 Mup - ok
13:02:38.0682 0740 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:02:38.0682 0740 NDIS - ok
13:02:38.0776 0740 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:02:38.0791 0740 NdisTapi - ok
13:02:38.0916 0740 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:02:38.0916 0740 Ndisuio - ok
13:02:38.0979 0740 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:02:38.0979 0740 NdisWan - ok
13:02:39.0088 0740 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:02:39.0104 0740 NDProxy - ok
13:02:39.0182 0740 Net6IM - ok
13:02:39.0244 0740 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:02:39.0244 0740 NetBIOS - ok
13:02:39.0307 0740 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:02:39.0323 0740 NetBT - ok
13:02:39.0463 0740 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:02:39.0479 0740 Npfs - ok
13:02:39.0573 0740 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:02:39.0588 0740 Ntfs - ok
13:02:39.0698 0740 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:02:39.0698 0740 Null - ok
13:02:39.0838 0740 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:02:40.0026 0740 NwlnkFlt - ok
13:02:40.0229 0740 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:02:40.0244 0740 NwlnkFwd - ok
13:02:40.0323 0740 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:02:40.0338 0740 Parport - ok
13:02:40.0416 0740 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:02:40.0416 0740 PartMgr - ok
13:02:40.0479 0740 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:02:40.0494 0740 ParVdm - ok
13:02:40.0557 0740 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:02:40.0557 0740 PCI - ok
13:02:40.0619 0740 PCIDump - ok
13:02:40.0729 0740 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:02:40.0729 0740 PCIIde - ok
13:02:40.0838 0740 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:02:40.0854 0740 Pcmcia - ok
13:02:40.0932 0740 PDCOMP - ok
13:02:40.0979 0740 PDFRAME - ok
13:02:41.0057 0740 PDRELI - ok
13:02:41.0119 0740 PDRFRAME - ok
13:02:41.0198 0740 perc2 - ok
13:02:41.0260 0740 perc2hib - ok
13:02:41.0401 0740 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:02:41.0401 0740 PptpMiniport - ok
13:02:41.0463 0740 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:02:41.0479 0740 PSched - ok
13:02:41.0557 0740 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:02:41.0573 0740 Ptilink - ok
13:02:41.0635 0740 ql1080 - ok
13:02:41.0713 0740 Ql10wnt - ok
13:02:42.0010 0740 ql12160 - ok
13:02:42.0151 0740 ql1240 - ok
13:02:42.0307 0740 ql1280 - ok
13:02:42.0369 0740 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:02:42.0369 0740 RasAcd - ok
13:02:42.0432 0740 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:02:42.0432 0740 Rasl2tp - ok
13:02:42.0494 0740 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:02:42.0510 0740 RasPppoe - ok
13:02:42.0573 0740 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:02:42.0573 0740 Raspti - ok
13:02:42.0651 0740 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:02:42.0666 0740 Rdbss - ok
13:02:42.0744 0740 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:02:42.0760 0740 RDPCDD - ok
13:02:42.0869 0740 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:02:42.0869 0740 rdpdr - ok
13:02:42.0979 0740 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:02:42.0979 0740 RDPWD - ok
13:02:43.0057 0740 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:02:43.0057 0740 redbook - ok
13:02:43.0182 0740 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
13:02:43.0182 0740 RFCOMM - ok
13:02:43.0323 0740 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:02:43.0323 0740 SASDIFSV - ok
13:02:43.0354 0740 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:02:43.0354 0740 SASKUTIL - ok
13:02:43.0479 0740 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:02:43.0494 0740 Secdrv - ok
13:02:43.0604 0740 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:02:43.0604 0740 serenum - ok
13:02:43.0682 0740 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:02:43.0682 0740 Serial - ok
13:02:43.0776 0740 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:02:43.0791 0740 Sfloppy - ok
13:02:44.0088 0740 Simbad - ok
13:02:44.0323 0740 SiS315 (616d38411c3576b2d404b5c1747eecc2) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
13:02:44.0338 0740 SiS315 - ok
13:02:44.0463 0740 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
13:02:44.0463 0740 SISAGP - ok
13:02:44.0526 0740 SiSkp (5a99cd5760a548454108f5d056415634) C:\WINDOWS\system32\DRIVERS\srvkp.sys
13:02:44.0526 0740 SiSkp - ok
13:02:44.0619 0740 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
13:02:44.0619 0740 SISNIC - ok
13:02:44.0682 0740 Sparrow - ok
13:02:44.0776 0740 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:02:44.0776 0740 splitter - ok
13:02:44.0901 0740 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\System32\Drivers\sptd.sys
13:02:44.0932 0740 sptd - ok
13:02:45.0010 0740 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:02:45.0010 0740 sr - ok
13:02:45.0151 0740 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:02:45.0166 0740 Srv - ok
13:02:45.0276 0740 sscdbus (92b69020fc480219683d429dca068d71) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
13:02:45.0291 0740 sscdbus - ok
13:02:45.0401 0740 sscdmdfl (77a2869d40cc84af711c321f9b0c7a78) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
13:02:45.0401 0740 sscdmdfl - ok
13:02:45.0479 0740 sscdmdm (b4255635195a8413fcde7af5b7c4e382) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
13:02:45.0479 0740 sscdmdm - ok
13:02:45.0588 0740 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
13:02:45.0588 0740 StarOpen - ok
13:02:45.0666 0740 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:02:45.0666 0740 swenum - ok
13:02:45.0729 0740 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:02:45.0744 0740 swmidi - ok
13:02:46.0026 0740 symc810 - ok
13:02:46.0166 0740 symc8xx - ok
13:02:46.0323 0740 sym_hi - ok
13:02:46.0416 0740 sym_u3 - ok
13:02:46.0494 0740 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:02:46.0494 0740 sysaudio - ok
13:02:46.0619 0740 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:02:46.0635 0740 Tcpip - ok
13:02:46.0729 0740 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:02:46.0744 0740 TDPIPE - ok
13:02:46.0823 0740 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:02:46.0823 0740 TDTCP - ok
13:02:46.0901 0740 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys
13:02:46.0901 0740 teamviewervpn - ok
13:02:46.0948 0740 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:02:46.0963 0740 TermDD - ok
13:02:47.0041 0740 TosIde - ok
13:02:47.0151 0740 U81xbus (8452977e2331af70652c3a4c28d2706d) C:\WINDOWS\system32\DRIVERS\U81xbus.sys
13:02:47.0151 0740 U81xbus - ok
13:02:47.0213 0740 U81xmgmt (f0eea020cc5986260b87cb92050af160) C:\WINDOWS\system32\DRIVERS\U81xmgmt.sys
13:02:47.0213 0740 U81xmgmt - ok
13:02:47.0291 0740 U81xobex (aa1eb6bfd8176c25c04b803542bcd7ac) C:\WINDOWS\system32\DRIVERS\U81xobex.sys
13:02:47.0307 0740 U81xobex - ok
13:02:47.0416 0740 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
13:02:47.0416 0740 uagp35 - ok
13:02:47.0479 0740 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:02:47.0479 0740 Udfs - ok
13:02:47.0573 0740 ultra - ok
13:02:47.0698 0740 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:02:47.0729 0740 Update - ok
13:02:48.0119 0740 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:02:48.0135 0740 usbccgp - ok
13:02:48.0307 0740 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:02:48.0307 0740 usbehci - ok
13:02:48.0369 0740 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:02:48.0369 0740 usbhub - ok
13:02:48.0432 0740 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:02:48.0432 0740 usbohci - ok
13:02:48.0510 0740 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:02:48.0510 0740 usbprint - ok
13:02:48.0604 0740 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:02:48.0619 0740 usbscan - ok
13:02:48.0682 0740 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:02:48.0698 0740 USBSTOR - ok
13:02:48.0760 0740 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
13:02:48.0776 0740 usb_rndisx - ok
13:02:48.0854 0740 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:02:48.0854 0740 VgaSave - ok
13:02:48.0916 0740 ViaIde - ok
13:02:48.0994 0740 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:02:48.0994 0740 VolSnap - ok
13:02:49.0104 0740 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:02:49.0104 0740 Wanarp - ok
13:02:49.0198 0740 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
13:02:49.0198 0740 wceusbsh - ok
13:02:49.0276 0740 WDICA - ok
13:02:49.0354 0740 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:02:49.0354 0740 wdmaud - ok
13:02:49.0604 0740 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
13:02:49.0604 0740 WpdUsb - ok
13:02:49.0713 0740 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:02:49.0729 0740 WS2IFSL - ok
13:02:50.0104 0740 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:02:50.0119 0740 WudfPf - ok
13:02:50.0307 0740 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:02:50.0307 0740 WudfRd - ok
13:02:50.0432 0740 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:02:50.0619 0740 \Device\Harddisk0\DR0 - ok
13:02:50.0651 0740 Boot (0x1200) (ef52a9ef2b3848061e1bfdcca461bd95) \Device\Harddisk0\DR0\Partition0
13:02:50.0651 0740 \Device\Harddisk0\DR0\Partition0 - ok
13:02:50.0651 0740 ============================================================
13:02:50.0651 0740 Scan finished
13:02:50.0651 0740 ============================================================
13:02:50.0698 3364 Detected object count: 0
13:02:50.0698 3364 Actual detected object count: 0

Here is the log from aswMBR:
aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-06 13:17:14
-----------------------------
13:17:14.979 OS Version: Windows 5.1.2600 Service Pack 3
13:17:14.979 Number of processors: 1 586 0x209
13:17:14.979 ComputerName: P4DESKTOP-AARON UserName: aaron
13:17:16.651 Initialize success
13:21:32.744 AVAST engine defs: 12020503
13:48:15.354 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:48:15.354 Disk 0 Vendor: WDC_WD1200JB-00EVA0 15.05R15 Size: 114472MB BusType: 3
13:48:15.385 Disk 0 MBR read successfully
13:48:15.385 Disk 0 MBR scan
13:48:15.432 Disk 0 Windows XP default MBR code
13:48:15.448 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114463 MB offset 63
13:48:15.448 Disk 0 scanning sectors +234420480
13:48:15.510 Disk 0 scanning C:\WINDOWS\system32\drivers
13:48:40.213 Service scanning
13:48:41.823 Modules scanning
13:49:00.635 Disk 0 trace - called modules:
13:49:00.682 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:49:00.682 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8579fab8]
13:49:01.213 3 CLASSPNP.SYS[f77fefd7] -> nt!IofCallDriver -> \Device\0000005f[0x8577ff18]
13:49:01.213 5 ACPI.sys[f7775620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8573b940]
13:49:02.463 AVAST engine scan C:\WINDOWS
13:49:40.463 AVAST engine scan C:\WINDOWS\system32
13:56:10.510 AVAST engine scan C:\WINDOWS\system32\drivers
13:56:54.494 AVAST engine scan C:\Documents and Settings\aaron
15:08:02.557 AVAST engine scan C:\Documents and Settings\All Users
15:14:24.010 Scan finished successfully
19:30:20.994 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\aaron\Desktop\MBR.dat"
19:30:21.026 The log file has been saved successfully to "C:\Documents and Settings\aaron\Desktop\aswMBR.txt"

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:55 AM

Posted 06 February 2012 - 06:08 PM

They're clean too. :)

The STOP code looks to be non-malware and I think you would be better to post this in the XP forum and let them diagnose it.

I will keep this open for five days, after that please PM me if you need to.
Posted Image
m0le is a proud member of UNITE

#7 Noraa1

Noraa1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 06 February 2012 - 06:11 PM

Thanks for your help m0le.

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:55 AM

Posted 06 February 2012 - 06:51 PM

:thumbup2:
Posted Image
m0le is a proud member of UNITE

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:55 AM

Posted 11 February 2012 - 07:30 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users