Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Coolwwwsearch Variant


  • This topic is locked This topic is locked
6 replies to this topic

#1 nrkn

nrkn

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 02 March 2006 - 05:19 PM

Hi,

I have done all the usual stuff but this variant seems to be nastier than usual, it just keeps reappearing. I think it is a CoolWWWSearch variant of some kind but it might be something else acting as a dropper for CoolWWWSearch; it is also dropping a bunch of trojans which are easy enough to remove but which keep reappearing. I can obtain a full list of these if required but I am away from the infected computer at the moment. It's a resiliant little bugger, whatever it is.

Logfile of HijackThis v1.99.1
Scan saved at 7:16:06 PM, on 3/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\system32\svxhost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\oem\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com.tw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...B_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [MICROSFT ANTIVIRUS UPDATE SUPPORT] MSGUPDATED.EXE
O4 - HKLM\..\Run: [AdobeReaderPro] svxhost.exe
O4 - HKLM\..\Run: [Mirsft sdce] servs.exe
O4 - HKLM\..\Run: [Windows Update System Shell] svhostcs32.exe
O4 - HKLM\..\Run: [Real One Player1] Realplayer1.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\iwaqao.exe reg_run
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunServices: [MICROSFT ANTIVIRUS UPDATE SUPPORT] MSGUPDATED.EXE
O4 - HKLM\..\RunServices: [Windows Update] update32.exe
O4 - HKLM\..\RunServices: [AdobeReaderPro] svxhost.exe
O4 - HKLM\..\RunServices: [Mirsft sdce] servs.exe
O4 - HKLM\..\RunServices: [Windows Update System Shell] svhostcs32.exe
O4 - HKLM\..\RunServices: [Real One Player1] Realplayer1.exe
O4 - HKCU\..\Run: [Real One Player1] Realplayer1.exe
O4 - HKCU\..\Run: [Windows Update System Shell] svhostcs32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\mv0ul9d91.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

BC AdBot (Login to Remove)

 


m

#2 nrkn

nrkn
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 02 March 2006 - 06:04 PM

Some of the things that were present before I cleaned the system were:

morphine
qoologic-t (and AA, and AC)
ircbot-bw
sabot
rbot
trojano
trojan-gen

#3 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:56 AM

Posted 03 March 2006 - 08:22 AM

Hello and welcome..

You have load of infections there: we need more than couple steps to get them cleared - please be patient with me and reply in timely manners.

FIRST STEP:

Please download Look2Me-Destroyer to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of C:\Look2Me-Destroyer.txt and a fresh HiJackThis log. :thumbsup:
If you receive a message from your Firewall about this program accessing the Internet, please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
Hi there, stranger!

#4 nrkn

nrkn
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 05 March 2006 - 05:55 PM

Hi,

Thank you very much. I will follow your instructions and post the logs next time I have access to the infected machine, hopefully soon :thumbsup:

Thanks again

#5 nrkn

nrkn
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 06 March 2006 - 08:15 PM

Look2Me-Destroyer V1.0.7

Scanning for infected files.....
Scan started at 3/7/2006 2:05:07 PM

Infected! C:\WINDOWS\system32\n22ulcf91f2.dll
Infected! C:\WINDOWS\system32\ifwphbk.dll
Infected! C:\WINDOWS\system32\mbrd2x40.dll
Infected! C:\WINDOWS\system32\kcdest.dll
Infected! C:\WINDOWS\system32\onbc16gt.dll
Infected! C:\WINDOWS\system32\rNsmontr.dll
Infected! C:\WINDOWS\system32\mftext40.dll
Infected! C:\WINDOWS\system32\n22ulcf91f2.dll
Infected! C:\WINDOWS\system32\o8lu0i39e8.dll
Infected! C:\WINDOWS\system32\kmdhe220.dll
Infected! C:\WINDOWS\system32\olengl32.dll
Infected! C:\WINDOWS\system32\arsldpc.dll
Infected! C:\WINDOWS\system32\iypromon.dll
Infected! C:\WINDOWS\system32\iaircl.dll
Infected! C:\WINDOWS\system32\cUbview.dll
Infected! C:\WINDOWS\system32\uxrv80a.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP12\A0002050.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP12\A0002064.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002073.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002091.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002103.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002116.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002130.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002161.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002175.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002185.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002189.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002199.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002207.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002219.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002239.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002259.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002287.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002828.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP15\A0002842.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP15\A0002851.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP15\A0002867.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP16\A0006298.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP17\A0006333.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP18\A0006338.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP18\A0006347.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP18\A0006369.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP18\A0006383.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP18\A0006384.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP18\A0006399.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP18\A0006400.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP19\A0006417.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP19\A0006419.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP19\A0006439.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP20\A0006453.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP20\A0006464.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP22\A0006475.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP22\A0006485.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP22\A0006515.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP23\A0006528.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP23\A0006537.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP24\A0006549.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP26\A0006565.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP26\A0006578.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP27\A0006604.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP27\A0006616.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP29\A0006822.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP29\A0006851.dll
Infected! C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP29\A0006860.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\n22ulcf91f2.dll
C:\WINDOWS\system32\n22ulcf91f2.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\ifwphbk.dll
C:\WINDOWS\system32\ifwphbk.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mbrd2x40.dll
C:\WINDOWS\system32\mbrd2x40.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\kcdest.dll
C:\WINDOWS\system32\kcdest.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\onbc16gt.dll
C:\WINDOWS\system32\onbc16gt.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\rNsmontr.dll
C:\WINDOWS\system32\rNsmontr.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mftext40.dll
C:\WINDOWS\system32\mftext40.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\n22ulcf91f2.dll
C:\WINDOWS\system32\n22ulcf91f2.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\o8lu0i39e8.dll
C:\WINDOWS\system32\o8lu0i39e8.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\kmdhe220.dll
C:\WINDOWS\system32\kmdhe220.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\olengl32.dll
C:\WINDOWS\system32\olengl32.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\arsldpc.dll
C:\WINDOWS\system32\arsldpc.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\iypromon.dll
C:\WINDOWS\system32\iypromon.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\iaircl.dll
C:\WINDOWS\system32\iaircl.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\cUbview.dll
C:\WINDOWS\system32\cUbview.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\uxrv80a.dll
C:\WINDOWS\system32\uxrv80a.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP12\A0002050.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP12\A0002050.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP12\A0002064.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP12\A0002064.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002073.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002073.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002091.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002091.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002103.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002103.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002116.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002116.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002130.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002130.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002161.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002161.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002175.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002175.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002185.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002185.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002189.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002189.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002199.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002199.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002207.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002207.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002219.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002219.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002239.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002239.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002259.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002259.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002287.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002287.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002828.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP14\A0002828.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP15\A0002842.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP15\A0002842.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP15\A0002851.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP15\A0002851.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP15\A0002867.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP15\A0002867.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP16\A0006298.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP16\A0006298.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP17\A0006333.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP17\A0006333.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP18\A0006338.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP18\A0006338.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP18\A0006347.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP18\A0006347.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP18\A0006369.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP18\A0006369.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP18\A0006383.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP18\A0006383.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP18\A0006384.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP18\A0006384.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP18\A0006399.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP18\A0006399.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP18\A0006400.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP18\A0006400.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP19\A0006417.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP19\A0006417.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP19\A0006419.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP19\A0006419.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP19\A0006439.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP19\A0006439.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP20\A0006453.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP20\A0006453.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP20\A0006464.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP20\A0006464.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP22\A0006475.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP22\A0006475.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP22\A0006485.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP22\A0006485.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP22\A0006515.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP22\A0006515.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP23\A0006528.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP23\A0006528.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP23\A0006537.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP23\A0006537.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP24\A0006549.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP24\A0006549.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP26\A0006565.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP26\A0006565.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP26\A0006578.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP26\A0006578.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP27\A0006604.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP27\A0006604.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP27\A0006616.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP27\A0006616.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP29\A0006822.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP29\A0006822.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP29\A0006851.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP29\A0006851.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP29\A0006860.dll
C:\System Volume Information\_restore{AD240EE4-5C82-4C6B-BB82-08DACD18738B}\RP29\A0006860.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Paths

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{39B79CF3-7309-49F4-9F35-7E9A45C02990}"
HKCR\Clsid\{39B79CF3-7309-49F4-9F35-7E9A45C02990}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{12BAB43D-D0BE-4778-BA04-03B74C9A6324}"
HKCR\Clsid\{12BAB43D-D0BE-4778-BA04-03B74C9A6324}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0F603ECA-D8DA-4311-950B-53244D83647F}"
HKCR\Clsid\{0F603ECA-D8DA-4311-950B-53244D83647F}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{4FFB6A78-6888-471F-856F-76F40F518FA9}"
HKCR\Clsid\{4FFB6A78-6888-471F-856F-76F40F518FA9}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5AC150E2-3E12-471D-A978-B93CA62E1CEE}"
HKCR\Clsid\{5AC150E2-3E12-471D-A978-B93CA62E1CEE}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{B7D56DC9-FB7B-4D60-843E-F65CDC2760E0}"
HKCR\Clsid\{B7D56DC9-FB7B-4D60-843E-F65CDC2760E0}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded



Logfile of HijackThis v1.99.1
Scan saved at 2:08:55 PM, on 3/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\system32\svxhost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\mousepad.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\oem\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com.tw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...B_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [MICROSFT ANTIVIRUS UPDATE SUPPORT] MSGUPDATED.EXE
O4 - HKLM\..\Run: [AdobeReaderPro] svxhost.exe
O4 - HKLM\..\Run: [Mirsft sdce] servs.exe
O4 - HKLM\..\Run: [Windows Update System Shell] svhostcs32.exe
O4 - HKLM\..\Run: [Real One Player1] Realplayer1.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\iwaqao.exe reg_run
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [keyboard] C:\\keyboard.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad.exe
O4 - HKLM\..\RunServices: [MICROSFT ANTIVIRUS UPDATE SUPPORT] MSGUPDATED.EXE
O4 - HKLM\..\RunServices: [Windows Update] update32.exe
O4 - HKLM\..\RunServices: [AdobeReaderPro] svxhost.exe
O4 - HKLM\..\RunServices: [Mirsft sdce] servs.exe
O4 - HKLM\..\RunServices: [Windows Update System Shell] svhostcs32.exe
O4 - HKLM\..\RunServices: [Real One Player1] Realplayer1.exe
O4 - HKCU\..\Run: [Real One Player1] Realplayer1.exe
O4 - HKCU\..\Run: [Windows Update System Shell] svhostcs32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O17 - HKLM\System\CCS\Services\Tcpip\..\{35F1AF40-FD1D-48C5-8D22-60933E6FB1ED}: NameServer = 202.74.207.10 202.74.207.100
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

#6 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:56 AM

Posted 07 March 2006 - 02:01 AM

Hi, lets continue :thumbsup:

==

Please print these instructions out, or write them down, as you can't read them during the fix.

Please download the trial version of Ewido Anti-malware here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

==

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


==

Launch Ad-Aware SE and run a Full System Scan. Remove EVERYTHING it finds.

Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Close Ewido Anti-malware.

==

Now, reboot back into Normal mode, open the Report.txt file and copy & paste it's content to this thread along with a fresh HijackThis log, please. :flowers:
Hi there, stranger!

#7 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:56 AM

Posted 17 March 2006 - 09:02 AM

Due to lack of feedback, this thread has been closed. If you're the original poster and need this Topic reopened, please PM a Staff member with the address of this thread.
Hi there, stranger!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users