ArcadeFAQSearchLogin
Register
It is currently Tue Dec 01, 2009 12:47 pm

View unanswered posts | View active topics


Board index » Malware Analysis » Analyze Malwares

All times are UTC + 5:30 hours [ DST ]


Welcome
Welcome to <strong>Malware Analysis Forum</strong>.

You are currently viewing our boards as a guest, which gives you limited access to view most discussions and access our other features. By joining our free community, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, and access many other special features. Registration is fast, simple, and absolutely free, so please, <a href="/profile.php?mode=register">join our community today</a>!


Post new topic Reply to topic  Page 1 of 1
  [ 1 post ] 
  Previous topic | Next topic 
Author Message
maliciousbrains
 Post subject: gamecodec4441.exe
PostPosted: Fri Apr 11, 2008 10:36 pm 
Offline
Site Admin
User avatar

Joined: Thu Mar 27, 2008 1:06 pm
Posts: 163
Location: India
File Name: gamecodec4441.exe

VirusTotal Result: 10/31 (32.26%)
AntiVir 7.6.0.85 2008.04.11 DR/Dldr.DNSChanger.Gen
AVG 7.5.0.516 2008.04.11 DNSChanger.AA
BitDefender 7.2 2008.04.11 Dropped:Trojan.Downloader.Zlob.ABOU
F-Prot 4.4.2.54 2008.04.10 W32/Trojan2.AIES
F-Secure 6.70.13260.0 2008.04.11 W32/Malware
Kaspersky 7.0.0.125 2008.04.11 Trojan.Win32.DNSChanger.arn
Norman 5.80.02 2008.04.11 W32/Malware
Prevx1 V2 2008.04.11 Generic.Dropper.xCodec
VBA32 3.12.6.4 2008.04.06 MalwareScope.Trojan.DnsChange.2
Webwasher-Gateway 6.6.2 2008.04.11 Trojan.Dropper.Dldr.DNSChanger.Gen

File Info:
File size: 236318 bytes
MD5...: e89c33de832611039b8e310a0a5c78d8
SHA1..: a0b674cf0852570f888e1b55173e53836fc96fb0
SHA256: 669ffcb1ebeadbba30bb88118ddd397b1d45aa1b734e2e2d785776821e27b787
SHA512: 969b279aa1ba15bc81d16ef16c289d0f56111da1ea7d2f2be00a12f18571d907
5327cabc90d4329f2711d592ebafe9b99545e9886fea850b81af9629662b3d36

PE Header
Signature: 00004550
Machine: 014C - Intel 386
Number of sections: 0005
Time/Date stamp: 47ACC8BC
Pointer to symbol table: 00000000
Number of symbols: 00000000
Size of optional header: 00E0
Characteristics: 010F
Magic: 010B
Linker version (major): 06
Linker version (minor): 00
Size of code: 00005E00
Size of initialized data: 00028400
Size of uninitialized data: 00000400
Address of entry point: 00003247
Base of code: 00001000
Base of data: 00007000
Image base: 00400000
Section alignment: 00001000
File alignment: 00000200
OS version (major): 0004
OS version (minor): 0000
Image version (major): 0000
Image version (minor): 0000
Sub system version (major): 0004
Sub system version (minor): 0000
Win32 version: 00000000
Size of image: 0003E000
Size of headers: 00000400
Checksum: 00000000
Sub system: 0002 - Windows graphical user interface (GUI) subsystem
DLL characteristics: 0000
Size of stack reserve: 00100000
Size of stack commit: 00001000
Size of heap reserve: 00100000
Size of heap commit: 00001000
Loader flags: 00000000
Number of RVA: 00000010

PE Sections
Section VirtSize VirtAddr PhysSize PhysAddr Flags
.text 00005CA2 00001000 00005E00 00000400 60000020
.rdata 0000129C 00007000 00001400 00006200 40000040
.data 00025C78 00009000 00000400 00007600 C0000040
.ndata 0000A000 0002F000 00000000 00000000 C0000080
.rsrc 000041F8 00039000 00004200 00007A00 40000040

Import table (libraries: 8)
KERNEL32.dll (imports: 59)
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA
USER32.dll (imports: 62)
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow
GDI32.dll (imports: 8)
SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
SHELL32.dll (imports: 6)
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation
ADVAPI32.dll (imports: 9)
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
COMCTL32.dll (imports: 4)
ImageList_AddMasked
ImageList_Destroy
#17
ImageList_Create
ole32.dll (imports: 4)
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
VERSION.dll (imports: 3)
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Process Details:
Process ID 684
Filename C:\gamecodec4441.exe
Filesize 236318 bytes
MD5 e89c33de832611039b8e310a0a5c78d8
Start Reason AnalysisTarget

New Files Created:
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\nsr1D.tmp
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\notepad.exe.dat
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\calc.exe.dat
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\freebsd.exe.dat
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\linux
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\nsm23.tmp\dcryptdll.dll
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\notepad.exe
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\nsm23.tmp\dcryptdll.dll
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\calc.exe
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\freebsd.exe
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\nsm23.tmp\nsExec.dll
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\nsm23.tmp\ns2B.tmp
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\nsm23.tmp\modern-header.bmp

Opened Files:
\\.\PIPE\lsarpc
\\.\PIPE\ntsvcs
C:\gamecodec4441.exe
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\linux
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\notepad.exe.dat
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\calc.exe.dat
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\freebsd.exe.dat
\SystemRoot\AppPatch\sysmain.sdb
\SystemRoot\AppPatch\systest.sdb
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\notepad.exe
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\nsm23.tmp\ns2B.tmp
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\nsm23.tmp\ns2B.tmp

Deleted Files:
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\nsr1B.tmp
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\nsm23.tmp
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\nsm23.tmp\ns2B.tmp
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\linux
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\calc.exe.dat
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\notepad.exe.dat
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\freebsd.exe.dat
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\freebsd.exe
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\notepad.exe
C:\DOCUME~1\Sandbox\LOCALS~1\Temp\calc.exe

Chronological order of File System Activity:
Get File Attributes: C:\WINDOWS\ Flags: (SECURITY_ANONYMOUS)
Open File: \\.\PIPE\lsarpc (OPEN_EXISTING)
Open File: \\.\PIPE\ntsvcs (OPEN_EXISTING)
Delete File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\nsr1B.tmp
Get File Attributes: C:\gamecodec4441.exe Flags: (SECURITY_ANONYMOUS)
Open File: C:\gamecodec4441.exe (OPEN_EXISTING)
Create File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\nsr1D.tmp
Find File: C:\Program Files\VideoKey\Uninstall.exe
Get File Attributes: C:\DOCUME~1 Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:\DOCUME~1\Sandbox Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:\DOCUME~1\Sandbox\LOCALS~1 Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:\DOCUME~1\Sandbox\LOCALS~1\Temp Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\notepad.exe.dat Flags: (SECURITY_ANONYMOUS)
Create File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\notepad.exe.dat
Set File Time: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\notepad.exe.dat
Get File Attributes: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\calc.exe.dat Flags: (SECURITY_ANONYMOUS)
Create File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\calc.exe.dat
Set File Time: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\calc.exe.dat
Get File Attributes: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\freebsd.exe.dat Flags: (SECURITY_ANONYMOUS)
Create File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\freebsd.exe.dat
Set File Time: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\freebsd.exe.dat
Get File Attributes: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\linux Flags: (SECURITY_ANONYMOUS)
Create File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\linux
Set File Time: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\linux
Find File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\nsm23.tmp
Delete File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\nsm23.tmp
Get File Attributes: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\nsm23.tmp\dcryptdll.dll Flags: (SECURITY_ANONYMOUS)
Create File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\nsm23.tmp\dcryptdll.dll
Open File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\linux (OPEN_EXISTING)
Open File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\notepad.exe.dat (OPEN_EXISTING)
Create File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\notepad.exe
Create File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\nsm23.tmp\dcryptdll.dll
Open File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\calc.exe.dat (OPEN_EXISTING)
Create File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\calc.exe
Open File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\freebsd.exe.dat (OPEN_EXISTING)
Create File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\freebsd.exe
Open File: \SystemRoot\AppPatch\sysmain.sdb (OPEN_EXISTING)
Open File: \SystemRoot\AppPatch\systest.sdb (OPEN_EXISTING)
Open File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\notepad.exe ()
Find File: notepad.exe
Get File Attributes: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\nsm23.tmp\nsExec.dll Flags: (SECURITY_ANONYMOUS)
Create File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\nsm23.tmp\nsExec.dll
Copy File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\nsm23.tmp\nsExec.dll to C:\DOCUME~1\Sandbox\LOCALS~1\Temp\nsm23.tmp\ns2B.tmp
Open File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\nsm23.tmp\ns2B.tmp (OPEN_EXISTING)
Open File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\nsm23.tmp\ns2B.tmp ()
Find File: ns2B.tmp
Delete File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\nsm23.tmp\ns2B.tmp
Find File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\lzma.exe
Find File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp
Find File: C:\DOCUME~1\Sandbox\LOCALS~1
Find File: C:\DOCUME~1\Sandbox
Find File: C:\DOCUME~1
Get File Attributes: C:\ Flags: (SECURITY_ANONYMOUS)
Find File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\linux
Set File Attributes: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\linux Flags: (FILE_ATTRIBUTE_ARCHIVE,SECURITY_ANONYMOUS)
Delete File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\linux
Find File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\calc.exe.dat
Set File Attributes: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\calc.exe.dat Flags: (FILE_ATTRIBUTE_ARCHIVE,SECURITY_ANONYMOUS)
Delete File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\calc.exe.dat
Find File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\notepad.exe.dat
Set File Attributes: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\notepad.exe.dat Flags: (FILE_ATTRIBUTE_ARCHIVE,SECURITY_ANONYMOUS)
Delete File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\notepad.exe.dat
Find File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\freebsd.exe.dat
Set File Attributes: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\freebsd.exe.dat Flags: (FILE_ATTRIBUTE_ARCHIVE,SECURITY_ANONYMOUS)
Delete File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\freebsd.exe.dat
Find File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\freebsd.exe
Get File Attributes: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\freebsd.exe Flags: (SECURITY_ANONYMOUS)
Set File Attributes: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\freebsd.exe Flags: (FILE_ATTRIBUTE_ARCHIVE,SECURITY_ANONYMOUS)
Delete File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\freebsd.exe
Find File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\notepad.exe
Get File Attributes: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\notepad.exe Flags: (SECURITY_ANONYMOUS)
Set File Attributes: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\notepad.exe Flags: (FILE_ATTRIBUTE_ARCHIVE,SECURITY_ANONYMOUS)
Delete File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\notepad.exe
Find File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\calc.exe
Get File Attributes: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\calc.exe Flags: (SECURITY_ANONYMOUS)
Set File Attributes: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\calc.exe Flags: (FILE_ATTRIBUTE_ARCHIVE,SECURITY_ANONYMOUS)
Delete File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\calc.exe
Get File Attributes: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\nsm23.tmp\modern-header.bmp Flags: (SECURITY_ANONYMOUS)
Create File: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\nsm23.tmp\modern-header.bmp
Set File Time: C:\DOCUME~1\Sandbox\LOCALS~1\Temp\nsm23.tmp\modern-header.bmp

Read INI File:
WIN.INI [windows] ScrollInset =
WIN.INI [windows] DragDelay =
WIN.INI [windows] DragMinDist =
WIN.INI [windows] ScrollDelay =
WIN.INI [windows] ScrollInterval =
WIN.INI [richedit30] flags =

Mutexes:
Creates Mutex: __B_GJ

Registry Changes:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows "AppInit_DLLs" = [REG_EXPAND_SZ, value: bauhgnem.dll,eohsom.dll,fyom.dll,sauhad.dll,ijougiemnaw.dll,taijoad.dll,lnaixnauhqq.dll,idtj.dll,vhqq.dll,atgnehz.dll,rsqq.dll,tsqc.dll,vauyiqvlnaix.dll,wQ.dll,fmxh.dll,cty.dll,pahzij.dll,jz.dll,bz.dll,pyomielnux.dll,mhtd.dll,qnefnaiº_CHAR(0x03)_

Registry Reads:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion "ProgramFilesDir"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion "CurrentVersion"

Process Management:
Creates Process - Filename () CommandLine: (C:\DOCUME~1\Sandbox\LOCALS~1\Temp\notepad.exe) As User: () Creation Flags: ()
Creates Process - Filename () CommandLine: ("C:\DOCUME~1\Sandbox\LOCALS~1\Temp\nsm23.tmp\ns2B.tmp" C:\DOCUME~1\Sandbox\LOCALS~1\Temp\calc.exe) As User: () Creation Flags: (CREATE_NEW_CONSOLE)
Kill Process - Filename () CommandLine: () Target PID: (1260) As User: () Creation Flags: ()
Enum Processes
Enum Modules - Target PID: (1472)

Process Started:
Process ID 516
Filename C:\DOCUME~1\Sandbox\LOCALS~1\Temp\notepad.exe
Filesize 31744 bytes
MD5 689440d45ef2c11e17e11b508cb762f5
Start Reason CreateProcess

New Files Created:
C:\WINDOWS\System32\DRIVERS\msacpe.sys

Opened Files:
\\.\PIPE\lsarpc
\\.\fpidsdos

Chronological order:
Open File: \\.\PIPE\lsarpc (OPEN_EXISTING)
Open File: \\.\fpidsdos (OPEN_EXISTING)
Get File Attributes: C:\WINDOWS\System32\DRIVERS\msacpe.sys Flags: (SECURITY_ANONYMOUS)
Move File: to C:\WINDOWS\System32\DRIVERS\msacpe.sys

Read INI File:
WIN.INI [dohs] dohs =

Mutexes:
Creates Mutex: _M_204msosdohs00.dll
Creates Mutex: __B_WL

Registry Reads:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mseqsy "ImagePath"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mseqsy "Start"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows "AppInit_Dlls"

Process Started:
Process ID 1260
Filename C:\DOCUME~1\Sandbox\LOCALS~1\Temp\nsm23.tmp\ns2B.tmp C:\DOCUME~1\Sandbox\LOCALS~1\Temp\calc.exe
Filesize 6144 bytes
MD5 886cbcd0829ffb358168911f9cb1b149
Start Reason CreateProcess

_________________
.:: MaliciousBrains ::.
http://www.malwareinfo.org

There are no patches or service packs for IGNORANCE!!

Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 1 post ] 

Board index » Malware Analysis » Analyze Malwares

All times are UTC + 5:30 hours [ DST ]

Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Donate Now
Donate Now
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Hosted by FreeForums.org | Create a free forum