Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ie Popups- Hijackthis Log


  • Please log in to reply
9 replies to this topic

#1 r3d

r3d

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 04 January 2007 - 08:06 AM

Hello everyone! Nice 2 be here!

Well...This is my problem:
I am getting popups in IE from amaena , fp-gad network and stuff like that! I ran a scan with HT and I can't se where is my problem! I suspect on last few lines! Can any1 make me script for Brute force uninstaller?

This is the log:

Logfile of HijackThis v1.99.1
Scan saved at 13:51:45, on 4.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Novi\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - Global Startup: desktop(2).ini
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\progra~1\netdog\netd.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\netdog\netd.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\netdog\netd.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\netdog\netd.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\netdog\netd.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D48E209-9B95-47FD-8203-0E47D9CF5E59}: NameServer = 85.255.114.61 85.255.112.60
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3C735D8-789D-4739-8DF9-F024006E5F65}: NameServer = 85.255.114.61,85.255.112.60
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.61 85.255.112.60
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.61 85.255.112.60
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.61 85.255.112.60

Thx in advance!

BC AdBot (Login to Remove)

 


#2 r3d

r3d
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 04 January 2007 - 08:23 AM

Sry for posting! I saw in HT info page that lines that start with 017 are domain hijacks , fixed them and its now ok! Now my problem is redirect from google search. When I click any google search result it redirects me to domains like hrena.com or camouflageclothingongline.com! I can't find the source for this!
There is mine ComboFix log:

Novi - 07-01-04 14:12:36,54 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Novi\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-04 to 2007-01-04 ))))))))))))))))))))))))))))))))))


2007-01-03 23:59 <DIR> d-------- C:\Program Files\NetDog
2007-01-03 23:26 <DIR> d-------- C:\WINDOWS\system32\bfubackups
2007-01-03 14:16 <DIR> d-------- C:\NGSession
2006-12-31 19:46 <DIR> d-------- C:\Documents and Settings\Novi\Application Data\AdobeUM
2006-12-31 19:45 <DIR> d-------- C:\Documents and Settings\Novi\Application Data\Adobe
2006-12-31 17:26 <DIR> d-------- C:\Documents and Settings\Novi\Application Data\Lavasoft
2006-12-31 17:20 <DIR> d-------- C:\Documents and Settings\Novi\Application Data\Identities
2006-12-31 17:19 <DIR> dr-h----- C:\Documents and Settings\Novi\SendTo
2006-12-31 17:19 <DIR> dr-h----- C:\Documents and Settings\Novi\Recent
2006-12-31 17:19 <DIR> dr-h----- C:\Documents and Settings\Novi\Application Data\.
2006-12-31 17:19 <DIR> dr-h----- C:\Documents and Settings\Novi\Application Data
2006-12-31 17:19 <DIR> dr------- C:\Documents and Settings\Novi\Start Menu
2006-12-31 17:19 <DIR> dr------- C:\Documents and Settings\Novi\My Documents
2006-12-31 17:19 <DIR> dr------- C:\Documents and Settings\Novi\Favorites
2006-12-31 17:19 <DIR> d--h----- C:\Documents and Settings\Novi\Templates
2006-12-31 17:19 <DIR> d--h----- C:\Documents and Settings\Novi\PrintHood
2006-12-31 17:19 <DIR> d--h----- C:\Documents and Settings\Novi\NetHood
2006-12-31 17:19 <DIR> d--h----- C:\Documents and Settings\Novi\Local Settings
2006-12-31 17:19 <DIR> d---s---- C:\Documents and Settings\Novi\Cookies
2006-12-31 17:19 <DIR> d---s---- C:\Documents and Settings\Novi\Application Data\Microsoft
2006-12-31 17:19 <DIR> d-------- C:\Documents and Settings\Novi\Desktop
2006-12-31 17:19 <DIR> d-------- C:\Documents and Settings\Novi\Application Data\..
2006-12-31 17:19 <DIR> d-------- C:\Documents and Settings\Novi\..
2006-12-31 17:19 <DIR> d-------- C:\Documents and Settings\Novi\.
2006-12-31 17:12 141,312 --a------ C:\WINDOWS\system32prosvsys.exe
2006-12-30 12:53 <DIR> d-------- C:\Program Files\Lavasoft
2006-12-30 11:03 <DIR> d-------- C:\Program Files\EA GAMES
2006-12-30 11:02 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))




(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"OM_Monitor"="C:\\Program Files\\OLYMPUS\\OLYMPUS Master\\Monitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"VTTimer"="VTTimer.exe"
"VTTrayp"="VTtrayp.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"OM_Monitor"="C:\\Program Files\\OLYMPUS\\OLYMPUS Master\\FirstStart.exe"
"OM_Monitor"="C:\\Program Files\\OLYMPUS\\OLYMPUS Master\\FirstStart.exe"
"OM_Monitor"="C:\\Program Files\\OLYMPUS\\OLYMPUS Master\\FirstStart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AGRSMMSG"
"hkey"="HKLM"
"command"="AGRSMMSG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="raid_tool"
"hkey"="HKLM"
"command"="C:\\Program Files\\VIA\\RAID\\raid_tool.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=dword:00000002

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 07-01-04 14:16:23.56
C:\ComboFix.txt ... 07-01-04 14:16

Edited by r3d, 04 January 2007 - 08:30 AM.


#3 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 04 January 2007 - 01:22 PM

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout

http://downloads.subratam.org/Fixwareout.exe
or
http://swandog46.geekstogo.com/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, Hijack This will launch. Close Hijack This, and click OK to proceed. )

If you have connection problems after this

* Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step .
Double-click the Network Connections icon
Right-click the Local Area Connection icon and select Properties.
Hilight Internet Protocol (TCP/IP) and click the Properties button.
Be sure Obtain DNS server address automatically is selected.
OK your way out.

* Go to Start > Run and type in cmd
Click OK.
This will open a commad prompt.
Type or copy and paste the following line in the command window:

ipconfig /flushdns
Hit Enter
Exit the command window

Do that before you restart.

=============
At the end of the fix, you may need to restart your computer again.

Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new Hijack This log.

==================================
If you get an Autoexec nt error do the following

XP Fix - http://www.visualtour.com/downloads/

Scroll down to get XP Fix

And run FixWareout again.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#4 r3d

r3d
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 04 January 2007 - 03:32 PM

Solved 1 problem! I still have popups from amaena , fp-gad , e-pass and such sites!
New logs:

Fixwareout
Last edited 12/06/2006
Post this report in the forums please
...
Prerun check
[HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="cslsk.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sgwoukielc"="c:\\windows\\system32\\sgwoukielc.exe sgwoukielc"

...
...
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}905A2CF75A8E-24EA-6E94-FB3A-E32E07F9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}036A72466628-F6E8-C994-7205-1F6D1A2F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0833664B84EC-924A-9BC4-2796-B27B7F7A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}24F58B2F43FD-AB0A-C134-0F40-6B230555{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\qhbmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\onisacputes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\0mdm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\1mdm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xevol
...

Random Runs removed from HKLM
"dmbhq.exe"=-
...
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

Searching by size/names...


Search five digit cs, dm kd and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSLSK.EXE 51,714 2006-11-09
C:\WINDOWS\SYSTEM32\DMBHQ.EXE 60,952 2004-08-03
C:\WINDOWS\SYSTEM32\CSLSK.EXE 51,714 2006-11-09
C:\WINDOWS\SYSTEM32\DMBHQ.EXE 60,952 2004-08-03

Other suspects.
C:\WINDOWS\System32\{9F70E23E-A3BF-49E6-AE42-E8A57FC2A509}.exe

Misc files.

Checking for older varients covered by the Rem3 tool.
...
Postrun check
[HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""

...


And HT:

Logfile of HijackThis v1.99.1
Scan saved at 21:29, on 07-01-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Novi\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - Global Startup: desktop(2).ini
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\progra~1\netdog\netd.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\netdog\netd.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D48E209-9B95-47FD-8203-0E47D9CF5E59}: NameServer = 195.66.160.1 195.66.160.2

#5 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 04 January 2007 - 04:18 PM

You have no active AntiVirus!

Get the free AVG AntiVirus 7.5 install it, check for updates and run a full scan

AVG 7.5 - http://free.grisoft.com/freeweb.php/doc/2/
==================

Drop the use of the Windows firewall and get a good one that's Free - Zone Alarm

http://www.zonelabs.com/store/content/comp...kulist_download

=====================

Download Superantispyware

http://www.superantispyware.com/superantis...efreevspro.html

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
Click close and close again to exit the program.
Please paste that information here for me with a new HijackThis log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#6 r3d

r3d
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 05 January 2007 - 01:27 PM

I had kasperski anti virus , but uninstalled it bcs it slowed computer down real much! It took me 7 secs to open any window like IE or My computer! I knew some1 will notice that I don't have antivirus but forgot to post it :thumbsup: Btw you could just tell me to keep fixing and scanning with anti spyware progs 'till i get rid of malware , spyware, viruses etc.!

Edited by r3d, 05 January 2007 - 01:29 PM.


#7 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 05 January 2007 - 02:28 PM

If you refuse to have an AV then there is no sense doing anymore as youWILL get infected

You have not run SuperAntiSpy as requested
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#8 r3d

r3d
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 05 January 2007 - 03:14 PM

I was downloading Superantispy while I was writing the post.
There is mine Superantispy log:

SUPERAntiSpyware Scan Log
Generated 01/05/2007 at 08:58 PM

Application Version : 3.4.1000

Core Rules Database Version : 3159
Trace Rules Database Version: 1172

Scan type : Complete Scan
Total Scan Time : 00:34:17

Memory items scanned : 317
Memory threats detected : 0
Registry items scanned : 4672
Registry threats detected : 0
File items scanned : 40668
File threats detected : 160

Adware.Tracking Cookie
C:\Documents and Settings\Novi\Cookies\novi@indexstats[2].txt
C:\Documents and Settings\Novi\Cookies\novi@hitbox[1].txt
C:\Documents and Settings\Novi\Cookies\novi@mediaplex[1].txt
C:\Documents and Settings\Novi\Cookies\novi@zedo[1].txt
C:\Documents and Settings\Novi\Cookies\novi@fastclick[2].txt
C:\Documents and Settings\Novi\Cookies\novi@adrevolver[2].txt
C:\Documents and Settings\Novi\Cookies\novi@www.winantivirus[2].txt
C:\Documents and Settings\Novi\Cookies\novi@www.elitemadzone[2].txt
C:\Documents and Settings\Novi\Cookies\novi@stats1.reliablestats[2].txt
C:\Documents and Settings\Novi\Cookies\novi@media.fastclick[1].txt
C:\Documents and Settings\Novi\Cookies\novi@elitemadzone[1].txt
C:\Documents and Settings\Novi\Cookies\novi@revsci[2].txt
C:\Documents and Settings\Novi\Cookies\novi@adrevolver[1].txt
C:\Documents and Settings\Novi\Cookies\novi@advertising[1].txt
C:\Documents and Settings\Novi\Cookies\novi@tribalfusion[1].txt
C:\Documents and Settings\Novi\Cookies\novi@go.winantivirus[2].txt
C:\Documents and Settings\Novi\Cookies\novi@www.amaena[2].txt
C:\Documents and Settings\Novi\Cookies\novi@ad.yieldmanager[2].txt
C:\Documents and Settings\Novi\Cookies\novi@422[3].txt
C:\Documents and Settings\Novi\Cookies\novi@keywordmax[1].txt
C:\Documents and Settings\Novi\Cookies\novi@doubleclick[1].txt
C:\Documents and Settings\Novi\Cookies\novi@arhiva.elitesecurity[1].txt
C:\Documents and Settings\Novi\Cookies\novi@realmedia[1].txt
C:\Documents and Settings\Novi\Cookies\novi@www.belstat[2].txt
C:\Documents and Settings\Novi\Cookies\novi@adserver[1].txt
C:\Documents and Settings\Novi\Cookies\novi@banners.netcraft[1].txt
C:\Documents and Settings\Novi\Cookies\novi@www.elitesecurity[2].txt
C:\Documents and Settings\Novi\Cookies\novi@www.sestat[1].txt
C:\Documents and Settings\Novi\Cookies\novi@go.winantispyware[2].txt
C:\Documents and Settings\Novi\Cookies\novi@atdmt[2].txt
C:\Documents and Settings\Novi\Cookies\novi@422[2].txt
C:\Documents and Settings\Novi\Cookies\novi@ehg-nokiafin.hitbox[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@024sex[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@1sexin18[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@a.elite[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@ad.iskon[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@ad.yieldmanager[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@adbrite[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@ads.glasistre[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@ads.infomedia.co[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@adultcheck[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@adultfriendfinder[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@arhiva.elitesecurity[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@atwola[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@banner.grandonline[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@banner.onlinecasino[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@banner3.inet-traffic[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@belnk[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@bestads1.epass-key[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@bizrate[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@bosniasex[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@burstnet[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@burstnet[3].txt
C:\Documents and Settings\Lidija\Cookies\lidija@c.enhance[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@casalemedia[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@click.maxxandmore[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@click.tmfmoney[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@counter.cnw[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@cz11.clickzs[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@cz7.clickzs[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@data2.perf.overture[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@data3.perf.overture[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@dealtime.co[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@dealtime[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@discountrealitysites[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@dist.belnk[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@doubleclick[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@elitesecurity[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@fcstats.bcentral[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@fhg.best-sex-galleries[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@freesexnet[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@fresh-sex-girls[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@go.winantispyware[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@heavenlysoap.freestats[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@http.edge.vru4[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@image.masterstats[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@indextools[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@keywordmax[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@mycounter.tinycounter[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@roiservice[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@sex-xvideo[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@stats.drivecleaner[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@stats1.reliablestats[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@stats24[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@stats24[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@tacoda[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@tgp.xxxkey[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@toplist[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@tour.splash.sexsearch[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@uk-adultcash[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@vip.clickzs[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@vip2.clickzs[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@webpower[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@www.024sex[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@www.777-sex[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@www.adult-empire[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@www.bestads1[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@www.elitemadzone[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@www.elitesecurity[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@www.elitesecurity[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@www.epilot[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@www.free-sex-clips[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@www.infomedia.co[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@www.maturemomsex[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@www.mostsexymoms[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@www.precisioncounter[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@www.sexyschoolgirl[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@www.xxxmatureclips[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@www.xxxpower[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@www2.mystats[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@xiti[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@xxxcreatures[1].txt
C:\Documents and Settings\Lidija\Cookies\lidija@xxxpower[2].txt
C:\Documents and Settings\Lidija\Cookies\lidija@yadro[2].txt
C:\Documents and Settings\Lidija\Local Settings\Temp\Cookies\lidija@ads.glasistre[1].txt
C:\Documents and Settings\Lidija\Local Settings\Temp\Cookies\lidija@burstnet[2].txt
C:\Documents and Settings\Lidija\Local Settings\Temp\Cookies\lidija@tacoda[1].txt
C:\Documents and Settings\Lidija\Local Settings\Temp\Cookies\lidija@vip2.clickzs[2].txt
C:\Documents and Settings\Lidija\Local Settings\Temp\Cookies\lidija@www.burstnet[1].txt

Trojan.Downloader-Gen/Win
C:\DOCUMENTS AND SETTINGS\LIDIJA\LOCAL SETTINGS\TEMP\CHII.EXE

Trojan.Downloader-Gen
C:\DOCUMENTS AND SETTINGS\LIDIJA\LOCAL SETTINGS\TEMP\ICD22.TMP\IALDR32.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP128\A0184957.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP129\A0187245.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP131\A0192982.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP131\A0195051.EXE

Trojan.Media-Codec
C:\DOWNLOADS\MEDCODEC.EXE

Unclassified.Unknown Origin/System
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP127\A0174715.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP127\A0175715.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP127\A0175909.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP127\A0176909.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP127\A0177105.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP127\A0177317.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP127\A0178317.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP128\A0179317.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP128\A0179531.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP128\A0179630.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP128\A0180630.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP128\A0186267.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP129\A0188317.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP129\A0188653.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP129\A0188936.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP130\A0190226.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP130\A0190414.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP130\A0190732.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP130\A0190929.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP130\A0191223.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP131\A0191379.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP131\A0191722.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP131\A0192677.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP131\A0192768.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP131\A0194724.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP131\A0195013.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP131\A0195022.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP131\A0195082.EXE
C:\WINDOWS\SYSTEM32\DMBHQ.EXE
C:\WINDOWS\Prefetch\DMBHQ.EXE-10A240F0.pf

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP131\A0193315.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP131\A0193322.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP131\A0195041.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{26A90157-FB80-446B-AA08-8B566AC5FBB1}\RP131\A0195044.EXE


Loots of trojans :D

And new HT log:

Logfile of HijackThis v1.99.1
Scan saved at 21:10, on 07-01-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Novi\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: desktop(2).ini
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\progra~1\netdog\netd.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\netdog\netd.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D48E209-9B95-47FD-8203-0E47D9CF5E59}: NameServer = 195.66.160.1 195.66.160.2
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

I am still getting popups!!!

EDIT: ROFL. I fixed all trojans i found with Superantispy , did another scan and found 10 more trojan infected files :thumbsup: I am surprised that I didn't find any trojan I heard for!

Edited by r3d, 05 January 2007 - 03:17 PM.


#9 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 05 January 2007 - 03:16 PM

I must have an AV before we go any further
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#10 r3d

r3d
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 06 January 2007 - 07:02 AM

OK. Will post when I install AV!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users