anit virus advertising virus
Page 1 of 4
Page 1 of 4 • 1, 2, 3, 4
- ericshinIntermediate
-
OS : microsoft windows xp
Posts : 80
Rubies : 3755
Likes : 0
some antivirus ad popped up when i opened firefox and clicked into a site i know well. so i used mbam and avira. that thing hasnt popped up ever since but my internet has slowed down to a crawl. im not sure if its the work of the virus, maybe its just the service provider. i don't know what this thing is called coz i panicked and did a virus scan right away. but just in case heres the mbam log:
Malwarebytes' Anti-Malware 1.41
Database version: 3168
Windows 5.1.2600
14/11/2009 10:28:24 p.m.
mbam-log-2009-11-14 (22-28-24).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 165505
Time elapsed: 29 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\User\Local Settings\Temp\BNeB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\BNeF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
thanks
Malwarebytes' Anti-Malware 1.41
Database version: 3168
Windows 5.1.2600
14/11/2009 10:28:24 p.m.
mbam-log-2009-11-14 (22-28-24).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 165505
Time elapsed: 29 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\User\Local Settings\Temp\BNeB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\BNeF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
thanks
Last edited by ericshin on 15th November 2009, 10:30 am; edited 2 times in total (Reason for editing : forgot to thank)
- NazzgullTech Colleague
-
OS : Windows 7 Professional
Posts : 2329
Rubies : 13522
Likes : 1
Hi,
please read THIS post, and post your HijackThis log file in this topic.
Wait for instructions given only by DragonMaster Jay, Origin or Belahzur
please read THIS post, and post your HijackThis log file in this topic.
Wait for instructions given only by DragonMaster Jay, Origin or Belahzur

- ericshinIntermediate
-
OS : microsoft windows xp
Posts : 80
Rubies : 3755
Likes : 0
My nvidia firewall says there's a high risk. Then it says theres an application called svchost - Microsoft Windows operating system. Then it gives me the opton to allow or deny. What do i do?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:57 p.m., on 21/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\DAEMON Tools\daemon.exe
D:\Documents and Settings\User\My Documents\winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.EXE
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Documents and Settings\User\Desktop\New Folder (2)\winlogon.scr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=5129
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Documents and Settings\User\My Documents\Real player\rpbrowserrecordplugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] "D:\Documents and Settings\User\My Documents\winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX3900 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.EXE /FU "C:\WINDOWS\TEMP\E_S86.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe
--
End of file - 6216 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:57 p.m., on 21/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\DAEMON Tools\daemon.exe
D:\Documents and Settings\User\My Documents\winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.EXE
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Documents and Settings\User\Desktop\New Folder (2)\winlogon.scr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=5129
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Documents and Settings\User\My Documents\Real player\rpbrowserrecordplugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] "D:\Documents and Settings\User\My Documents\winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX3900 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.EXE /FU "C:\WINDOWS\TEMP\E_S86.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe
--
End of file - 6216 bytes
- BelahzurSite Admin
-
OS : 7 Home Premium x64
Posts : 34948
Rubies : 218219
Likes : 18
Please download and run this tool.
Download Malwarebytes' Anti-Malware from Here
Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.
Post the contents of the MBAM Log.
Download Malwarebytes' Anti-Malware from Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.
Post the contents of the MBAM Log.
Site Admin / Security Administrator
[Prework] - Please PM me if I fail to respond within 24hrs.


- ericshinIntermediate
-
OS : microsoft windows xp
Posts : 80
Rubies : 3755
Likes : 0
Malwarebytes' Anti-Malware 1.41
Database version: 3210
Windows 5.1.2600 Service Pack 3
22/11/2009 2:18:59 p.m.
mbam-log-2009-11-22 (14-18-58).txt
Scan type: Quick Scan
Objects scanned: 106029
Time elapsed: 6 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
I did a scan before with mbam in my first post and it said there were two infected files but now there isn't now but my avira detected something called op[1] only a few days ago and said it was a virus or trojan or something like that. Should i allow svchost through my firewall even though it says high risk?
Database version: 3210
Windows 5.1.2600 Service Pack 3
22/11/2009 2:18:59 p.m.
mbam-log-2009-11-22 (14-18-58).txt
Scan type: Quick Scan
Objects scanned: 106029
Time elapsed: 6 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
I did a scan before with mbam in my first post and it said there were two infected files but now there isn't now but my avira detected something called op[1] only a few days ago and said it was a virus or trojan or something like that. Should i allow svchost through my firewall even though it says high risk?
- BelahzurSite Admin
-
OS : 7 Home Premium x64
Posts : 34948
Rubies : 218219
Likes : 18
Hello.
No, block it..for now, it may be for something else.
No, block it..for now, it may be for something else.
- Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
Link 1
Link 2 - Double click DDS.scr to run.
- When complete, two logs will open. Save both of the report to your Desktop.
- Copy and paste BOTH LOGS back here, use more than one post if needed.
Site Admin / Security Administrator
[Prework] - Please PM me if I fail to respond within 24hrs.


- ericshinIntermediate
-
OS : microsoft windows xp
Posts : 80
Rubies : 3755
Likes : 0
DDS (Ver_09-10-26.01) - NTFSx86
Run by User at 20:32:44.40 on Sun 22/11/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.64.1033.18.1023.622 [GMT 13:00]
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\DAEMON Tools\daemon.exe
D:\Documents and Settings\User\My Documents\winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.EXE
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Documents and Settings\User\Desktop\dds.scr
============== Pseudo HJT Report ===============
uInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=5129
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - d:\documents and settings\user\my documents\real player\rpbrowserrecordplugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nTrayFw] c:\program files\nvidia corporation\networkaccessmanager\bin\nTrayFw.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [DAEMON Tools] "d:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [WinampAgent] "d:\documents and settings\user\my documents\winamp\winampa.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [EPSON Stylus CX3900 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibep.exe /fu "c:\windows\temp\E_S86.tmp" /EF "HKLM"
mRun: [avgnt] "d:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Malwarebytes Anti-Malware (reboot)] "d:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - d:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - d:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office11\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\5reuey1j.default\
FF - component: d:\documents and settings\user\my documents\real player\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: d:\documents and settings\user\my documents\real player\netscape6\nppl3260.dll
FF - plugin: d:\documents and settings\user\my documents\real player\netscape6\nprjplug.dll
FF - plugin: d:\documents and settings\user\my documents\real player\netscape6\nprpjplug.dll
FF - plugin: d:\program files\adobe\acrobat 7.0\reader\browser\nppdf32.dll
============= SERVICES / DRIVERS ===============
R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2009-5-28 22360]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2009-5-28 45416]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\avira\antivir desktop\sched.exe [2009-5-28 108289]
=============== Created Last 30 ================
==================== Find3M ====================
2009-11-21 05:50:51 96384 ----a-w- c:\windows\system32\drivers\sptd8717.sys
============= FINISH: 20:33:14.29 ===============
Run by User at 20:32:44.40 on Sun 22/11/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.64.1033.18.1023.622 [GMT 13:00]
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\DAEMON Tools\daemon.exe
D:\Documents and Settings\User\My Documents\winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.EXE
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Documents and Settings\User\Desktop\dds.scr
============== Pseudo HJT Report ===============
uInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=5129
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - d:\documents and settings\user\my documents\real player\rpbrowserrecordplugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nTrayFw] c:\program files\nvidia corporation\networkaccessmanager\bin\nTrayFw.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [DAEMON Tools] "d:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [WinampAgent] "d:\documents and settings\user\my documents\winamp\winampa.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [EPSON Stylus CX3900 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibep.exe /fu "c:\windows\temp\E_S86.tmp" /EF "HKLM"
mRun: [avgnt] "d:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Malwarebytes Anti-Malware (reboot)] "d:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - d:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - d:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office11\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\5reuey1j.default\
FF - component: d:\documents and settings\user\my documents\real player\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: d:\documents and settings\user\my documents\real player\netscape6\nppl3260.dll
FF - plugin: d:\documents and settings\user\my documents\real player\netscape6\nprjplug.dll
FF - plugin: d:\documents and settings\user\my documents\real player\netscape6\nprpjplug.dll
FF - plugin: d:\program files\adobe\acrobat 7.0\reader\browser\nppdf32.dll
============= SERVICES / DRIVERS ===============
R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2009-5-28 22360]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2009-5-28 45416]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\avira\antivir desktop\sched.exe [2009-5-28 108289]
=============== Created Last 30 ================
==================== Find3M ====================
2009-11-21 05:50:51 96384 ----a-w- c:\windows\system32\drivers\sptd8717.sys
============= FINISH: 20:33:14.29 ===============
- ericshinIntermediate
-
OS : microsoft windows xp
Posts : 80
Rubies : 3755
Likes : 0
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-10-26.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/15/2007 10:26:05 PM
System Uptime: 11/22/2009 8:25:57 PM (0 hours ago)
Motherboard: ASUSTeK Computer INC. | | A8N5X
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket 939 | 2010/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 10 GiB total, 2.959 GiB free.
D: is FIXED (NTFS) - 65 GiB total, 2.457 GiB free.
E: is CDROM ()
G: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_10DE&DEV_005B&SUBSYS_815A1043&REV_A3\3&2411E6FE&0&11
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_10DE&DEV_005B&SUBSYS_815A1043&REV_A3\3&2411E6FE&0&11
Service:
==== System Restore Points ===================
RP68: 11/21/2009 6:44:31 PM - Installed Windows XP Service Pack 3.
==== Installed Programs ======================
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Age of Empires III
Age of Empires III - The Asian Dynasties
Avira AntiVir Personal - Free Antivirus
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Dawn of War - Soulstorm
Diablo II
Doom 3
Earth's Special Forces
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
EPSON Web-To-Page
ESCX3900 User's Guide
ESF Bot 3.1
Fable - The Lost Chapters
GameSpy Arcade
GOM Player
Grand Theft Auto Vice City
Half-Life
HijackThis 2.0.2
Hitman Blood Money
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft Halo
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.0.15)
MSXML 4.0 SP2 Parser and SDK
Neverwinter Nights 2
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
PIF DESIGNER
POD-Bot 2.5
RealPlayer
Realtek AC'97 Audio
Sierra Utilities
TypeFaster Typing Tutor
WebFldrs XP
Winamp
Windows XP Service Pack 3
WinRAR archiver
Xfire (remove only)
==== Event Viewer Messages From Past Week ========
11/21/2009 6:52:49 PM, error: Service Control Manager [7023] - The Portable Media Serial Number service terminated with the following error: The specified module could not be found.
11/21/2009 6:37:24 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bfb22cf7, parameter3 b2067b28, parameter4 00000000.
11/21/2009 6:37:00 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bfb22cf7, parameter3 b998fb28, parameter4 00000000.
11/15/2009 1:04:29 AM, error: Dhcp [1002] - The IP address lease 10.1.1.3 for the Network Card with network address 0013D4871E03 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
==== End Of File ===========================
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-10-26.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/15/2007 10:26:05 PM
System Uptime: 11/22/2009 8:25:57 PM (0 hours ago)
Motherboard: ASUSTeK Computer INC. | | A8N5X
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket 939 | 2010/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 10 GiB total, 2.959 GiB free.
D: is FIXED (NTFS) - 65 GiB total, 2.457 GiB free.
E: is CDROM ()
G: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_10DE&DEV_005B&SUBSYS_815A1043&REV_A3\3&2411E6FE&0&11
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_10DE&DEV_005B&SUBSYS_815A1043&REV_A3\3&2411E6FE&0&11
Service:
==== System Restore Points ===================
RP68: 11/21/2009 6:44:31 PM - Installed Windows XP Service Pack 3.
==== Installed Programs ======================
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Age of Empires III
Age of Empires III - The Asian Dynasties
Avira AntiVir Personal - Free Antivirus
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Dawn of War - Soulstorm
Diablo II
Doom 3
Earth's Special Forces
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
EPSON Web-To-Page
ESCX3900 User's Guide
ESF Bot 3.1
Fable - The Lost Chapters
GameSpy Arcade
GOM Player
Grand Theft Auto Vice City
Half-Life
HijackThis 2.0.2
Hitman Blood Money
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft Halo
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.0.15)
MSXML 4.0 SP2 Parser and SDK
Neverwinter Nights 2
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
PIF DESIGNER
POD-Bot 2.5
RealPlayer
Realtek AC'97 Audio
Sierra Utilities
TypeFaster Typing Tutor
WebFldrs XP
Winamp
Windows XP Service Pack 3
WinRAR archiver
Xfire (remove only)
==== Event Viewer Messages From Past Week ========
11/21/2009 6:52:49 PM, error: Service Control Manager [7023] - The Portable Media Serial Number service terminated with the following error: The specified module could not be found.
11/21/2009 6:37:24 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bfb22cf7, parameter3 b2067b28, parameter4 00000000.
11/21/2009 6:37:00 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bfb22cf7, parameter3 b998fb28, parameter4 00000000.
11/15/2009 1:04:29 AM, error: Dhcp [1002] - The IP address lease 10.1.1.3 for the Network Card with network address 0013D4871E03 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
==== End Of File ===========================
- ericshinIntermediate
-
OS : microsoft windows xp
Posts : 80
Rubies : 3755
Likes : 0
yeah, i'm pretty sure me internet speed has decreased by a lot ever since that advertising thing has popped up coz it takes me like 10 minutes to watch a 4 1/2 minute video off youtube or metacafe.
And also when i check on line for the internet usage the i've used, it says that i haven't used any at all for the last week or so even though i've been coming on here and played a few online games.
My internet also cuts off after a while so i can't open firefox until i restart the computer. This never happend before.
I've also got 2 "trojans.agents" in the quarantine of mbam. should i delete them?
thanks
And also when i check on line for the internet usage the i've used, it says that i haven't used any at all for the last week or so even though i've been coming on here and played a few online games.
My internet also cuts off after a while so i can't open firefox until i restart the computer. This never happend before.
I've also got 2 "trojans.agents" in the quarantine of mbam. should i delete them?
thanks
Page 1 of 4 • 1, 2, 3, 4
Similar topics
Create an account or log in to leave a reply
You need to be a member in order to leave a reply.
Page 1 of 4
Permissions in this forum:
You cannot reply to topics in this forum