Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pc Infected By New.net ~ Also Having Problems Accessing Web Sites


  • This topic is locked This topic is locked
8 replies to this topic

#1 CBN

CBN

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 12 April 2006 - 02:22 AM

Hello.

My Internet Explorer fails sometimes to load some web sites, it says "done", but actually it isn't. Also, I found out my PC is infected with New.Net. How do I remove it? Here's my HijackThis log;

Logfile of HijackThis v1.99.1
Scan saved at 09:02:19, on 12/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\שונותל~1\תוכנות\DOWNLO~1\DAP\DAP.EXE
D:\שונות להכל\תוכנות\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vmule.com/homepage.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.bezeqint.net:8080
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\שונות להכל\תוכנות\תיקיה חדשה\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: ADefaultSearch Class - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\שונות להכל\תוכנות\Download Accelerator Plus\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\שונות להכל\תוכנות\תיקיה חדשהΛ.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SpeedOptimizer] D:\שונותל~1\תוכנות\DOWNLO~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [DAEMON Tools] "D:\שונות להכל\תוכנות\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [keyboard] C:\\keyboard3.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad3.exe
O4 - HKLM\..\Run: [newname] C:\\newname3.exe
O4 - HKLM\..\Run: [Installed] 103
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Download with &DAP - D:\שונותל~1\תוכנות\DOWNLO~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - D:\שונותל~1\תוכנות\DOWNLO~1\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\שונותל~1\תוכנות\DOWNLO~1\DAP\DAP.EXE
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7D297B9-9383-43A1-AA05-E78EB3B79124}: NameServer = 62.219.186.7 192.115.106.35
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: xeroxprt - C:\WINDOWS\SYSTEM32\xeroxprt.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\WFA\command.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Thanks in advance.

BC AdBot (Login to Remove)

 


#2 Jag11

Jag11

  • Members
  • 1,027 posts
  • OFFLINE
  •  
  • Location:127.0.0.1
  • Local time:08:55 AM

Posted 12 April 2006 - 05:06 AM

Please follow the instructions provided, you may want to print out these instructions or save it as a text document, and use them as a reference. If you have any questions regarding the fix, please ask us before proceeding. Please make sure that you follow this in the right order as I have listed.

=====================================

Download LSPFixSave it to your Desktop.
Download Ewido Anti-Malware
  • Install Ewido.
  • When installing, under Additional Options, uncheck:
    • Install background guard
    • Install scan via context menu
  • Launch Ewido.
  • The program will now open the main screen.
  • You will need to update ewido to the latest definition files
    • On the left hand side of the main screen click update.
    • Then click on the Start Update button.
  • The update will start and a progress bar will show the updates being installed.
  • After it has finished, close Ewido, we will use it later.
  • If you are having problems with the updater, you can use this link to manually update ewido Ewido manual updates.
=====================================

Download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

=====================================

Please copy (Ctrl C) and paste (Ctrl V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat. Please save it on your desktop.

sc stop cmdService
sc delete cmdService
exit

Double click FixServices.bat. A window will open and close. This is normal.

=====================================

Show Hidden Files and Folders

Click Start My Computer Tools Folder Options. Select the View tab.
  • Check - Show hidden files and folders
  • Uncheck - Hide file extensions for known types
  • Uncheck - Hide protected operating system files
Click Yes to confirm, then OK to exit.

=====================================

Boot into Safe Mode. Please restart your computer and before the Windows logo appear, tap F8 repeatedly. A menu should appear, select Safe Mode from the menu and then hit Enter on your keyboard. (this will take a while, so don't worry, just wait)

=====================================

Uninstall Programs

Click Start Control Panel Add/Remove Programs, and then Uninstall these programs (if present): New.Net
Accoona

=====================================

Run HijackThis

Please open HJT, click Do a system scan only, and then place a checkmark beside each of these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: ADefaultSearch Class - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [Installed] 103
O20 - Winlogon Notify: xeroxprt - C:\WINDOWS\SYSTEM32\xeroxprt.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\WFA\command.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)


After placing all the checkmarks, close all windows (except HJT), and then hit Fix Checked.

** While still running Hijackthis, verify if these entries still exist:

O10 - Hijacked Internet access by New.Net

If they exist, we would be required to run LSPFix.exe
  • Double click on LSPFix.exe on your Desktop to run it.
  • Once running, you will be required to tick the disclaimer - "I know what I'm doing".
  • You'll find a windows with 2 panes.
  • In the left pane which is labeled Keep, select all instances of:
    newdotnet7_22.dll or anything New.Net
  • Then click on the arrow pointing to the right, >>.
    This will move the entry to the right pane labeled Remove.
  • Click the "Finish" button to complete the fix.
=====================================

Delete Files and Folders

Locate and delete the following files and/or folders (if present):

a. Files :c:\secure32.html
C:\WINDOWS\SYSTEM32\xeroxprt.dll
C:\WINDOWS\WFA\command.exe
b. Folders :C:\Program Files\Network Monitor\
C:\Program Files\Accoona\
C:\Program Files\NewDotNet\
NOTE: Please let us know if there were any files or folders that you couldn't delete or find.

=====================================

Run Ewido
  • Open Ewido.
  • Click on scanner at the left side, then click on Complete System Scan.
    • Please don't use the computer while scanning
    • Sometimes Ewido reports legit files as malware, so you need to Remove these one-by-one, if you see a legit file being reported, just select None.
  • Once the scan has completed, click the button located on the bottom of the screen named Save report.
  • Save the report as .txt file to your Desktop.
  • Close Ewido.
=====================================

Go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • In the scriptline to execute field type or paste c:\bfu\alcanshorty.bfu
  • Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
=====================================

Restart your computer

=====================================

Post Logs

In your next reply, please include these log(s):
  • HijackThis (new)
  • Ewido
Please also provide details of any problems you encountered while performing the above steps and update us on how the computer behaves now.

Edited by Jag11, 12 April 2006 - 05:30 AM.

Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.

#3 CBN

CBN
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 14 April 2006 - 02:15 PM

Here's the logs;

ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 09:04:36, 14/04/2006
+ Report-Checksum: E2ED81EA

+ Scan result:

HKU\S-1-5-21-329068152-2077806209-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Ignored
[284] C:\WINDOWS\system32\xeroxprt.dll -> Logger.Goldun.hp : Ignored
C:\WINDOWS\tool2.exe -> Not-A-Virus.Hoax.Win32.Renos.bw : Ignored
C:\WINDOWS\toolbar.exe -> Downloader.Adload.w : Ignored
C:\WINDOWS\newfrn.exe -> Hijacker.Small : Ignored
C:\WINDOWS\DH.dll -> Hijacker.Small.jf : Ignored
C:\Documents and Settings\SexiOr\Local Settings\Temp?󡉜.tmp -> Hijacker.Small : Ignored
C:\Documents and Settings\SexiOr\Local Settings\Temp\temp.frF942 -> Adware.CommAd : Ignored
C:\mousepad3.exe -> Hijacker.VB.lv : Ignored
D:\שונות להכל\משחקים\שונות\כמה שטויות\icq\IPDBrute.exe -> Not-A-Virus.PSWTool.Win32.IpdBrute.20 : Ignored
D:\שונות להכל\תוכנות\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Ignored
HKLM\SOFTWARE\Classes\CLSID\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSave -> Adware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\WhenUSave -> Adware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\WhenUSave\Partners -> Adware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\WhenUSave\Partners\EEPE -> Adware.SaveNow : Cleaned with backup
HKU\S-1-5-21-329068152-2077806209-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup
HKU\S-1-5-21-329068152-2077806209-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup
HKU\S-1-5-21-329068152-2077806209-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup
C:\WINDOWS\system32\xeroxprt.dll -> Logger.Goldun.hp : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall7_14.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\SexiOr\Local Settings\Temp\temp.frF9A1 -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\SexiOr\Local Settings\Temp\Cookies\sexior@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\SexiOr\Local Settings\Temp\Cookies\sexior@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\SexiOr\Local Settings\Temp\Cookies\sexior@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\SexiOr\Cookies\sexior@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\SexiOr\Cookies\sexior@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\SexiOr\Cookies\sexior@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\SexiOr\Cookies\sexior@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\SexiOr\Cookies\sexior@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\SexiOr\Cookies\sexior@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\SexiOr\Cookies\sexior@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\SexiOr\Cookies\sexior@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\SexiOr\Cookies\sexior@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\SexiOr\Cookies\sexior@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned with backup
C:\Documents and Settings\SexiOr\Cookies\sexior@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\SexiOr\Cookies\sexior@counter5.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\SexiOr\Cookies\sexior@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\SexiOr\Cookies\sexior@paycounter[1].txt -> TrackingCookie.Paycounter : Cleaned with backup
C:\System Volume Information\_restore{69275003-1357-48C5-B317-2FF24B115D21}\RP133\A0088922.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{69275003-1357-48C5-B317-2FF24B115D21}\RP133\A0088924.dll -> Adware.NewDotNet : Cleaned with backup


::Report End


And here is the HijackThis log;

Logfile of HijackThis v1.99.1
Scan saved at 09:27:09, on 14/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\mousepad3.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\שונות להכל\תוכנות\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vmule.com/homepage.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.bezeqint.net:8080
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\שונות להכל\תוכנות\תיקיה חדשה\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\שונות להכל\תוכנות\Download Accelerator Plus\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\שונות להכל\תוכנות\תיקיה חדשהΛ.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SpeedOptimizer] D:\שונותל~1\תוכנות\DOWNLO~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [DAEMON Tools] "D:\שונות להכל\תוכנות\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [keyboard] C:\\keyboard3.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad3.exe
O4 - HKLM\..\Run: [newname] C:\\newname3.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Download with &DAP - D:\שונותל~1\תוכנות\DOWNLO~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - D:\שונותל~1\תוכנות\DOWNLO~1\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\שונותל~1\תוכנות\DOWNLO~1\DAP\DAP.EXE
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7D297B9-9383-43A1-AA05-E78EB3B79124}: NameServer = 62.219.186.7 192.115.106.35
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: xeroxprt - xeroxprt.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


Thanks a lot!

#4 Jag11

Jag11

  • Members
  • 1,027 posts
  • OFFLINE
  •  
  • Location:127.0.0.1
  • Local time:08:55 AM

Posted 14 April 2006 - 11:31 PM

Please follow the instructions provided, you may want to print out these instructions or save it as a text document, and use them as a reference. If you have any questions regarding the fix, please ask us before proceeding. Please make sure that you follow this in the right order as I have listed.

=====================================

Right-click Here and choose "Save As" (in IE it's "Save Target As").
  • Save it in this folder (c:\BFU)
=====================================

Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it FixME.reg. Please save it on your desktop.

REGEDIT4

[-HKEY_USER\S-1-5-21-329068152-2077806209-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7}]

Double click FixME.reg. It will ask you if you want to merge it to the registry, click Yes.

=====================================

Boot into Safe Mode. Please restart your computer and before the Windows logo appear, tap F8 repeatedly. A menu should appear, select Safe Mode from the menu and then hit Enter on your keyboard. (this will take a while, so don't worry, just wait)

=====================================

Run Brute Force Uninstaller

Go to Start My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • In the scriptline to execute field type or paste c:\bfu\alcanshorty.bfu
  • Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
=====================================

Run HijackThis

Please open HJT, click Do a system scan only, and then place a checkmark beside each of these entries:

O4 - HKLM\..\Run: [keyboard] C:\\keyboard3.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad3.exe
O4 - HKLM\..\Run: [newname] C:\\newname3.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O20 - Winlogon Notify: xeroxprt - xeroxprt.dll (file missing)


After placing all the checkmarks, close all windows (except HJT), and then hit Fix Checked. When it finishes, exit HJT.

=====================================

Delete these files -

C:\WINDOWS\system32\xeroxprt.dll
C:\WINDOWS\tool2.exe
C:\WINDOWS\toolbar.exe
C:\WINDOWS\newfrn.exe
C:\WINDOWS\DH.dll
D:\שונות להכל\משחקים\שונות\כמה שטויות\icq\IPDBrute.exe
D:\שונות להכל\תוכנות\DAEMON Tools\SetupDTSB.exe

=====================================

Restart your computer

=====================================

Post Logs

In your next reply, please include these log(s):
  • HijackThis (new)
Please also provide details of any problems you encountered while performing the above steps and update us on how the computer behaves now.

Edited by Jag11, 14 April 2006 - 11:31 PM.

Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.

#5 CBN

CBN
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 23 April 2006 - 01:26 PM

Oops, sorry. Anyway, here's the new HijackThis log;

Logfile of HijackThis v1.99.1
Scan saved at 22:28:55, on 22/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesMessengermsmsgs.exe
C:WINDOWSSystem32cisvc.exe
C:Program Filesewido anti-malwareewidoctrl.exe
C:WINDOWSsystem32 vsvc32.exe
C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesInternet Exploreriexplore.exe
D:שונות להכלתוכנותHijackThis.exe

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.vmule.com/homepage.html
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = proxy.bezeqint.net:8080
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:שונות להכלתוכנותתיקיה חדשהActiveXAcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar1.dll (file missing)
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:שונות להכלתוכנותDownload Accelerator PlusDAPDAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll (file missing)
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [MSConfig] C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto
O8 - Extra context menu item: &Download with &DAP - D:שונותל~1תוכנותDOWNLO~1DAPdapextie.htm
O8 - Extra context menu item: &Google Search - res://C:Program FilesGoogleGoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:Program FilesGoogleGoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:PROGRA~1MICROS~3OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Backward Links - res://C:Program FilesGoogleGoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:Program FilesGoogleGoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - D:שונותל~1תוכנותDOWNLO~1DAPdapextie2.htm
O8 - Extra context menu item: Similar Pages - res://C:Program FilesGoogleGoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:Program FilesGoogleGoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:PROGRA~1ICQICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:PROGRA~1ICQICQ.exe
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:שונותל~1תוכנותDOWNLO~1DAPDAP.EXE
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3OFFICE11REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
O17 - HKLMSystemCCSServicesTcpip..{F7D297B9-9383-43A1-AA05-E78EB3B79124}: NameServer = 192.115.106.35 62.219.186.7
O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll
O23 - Service: ewido security suite control - ewido networks - C:Program Filesewido anti-malwareewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32 vsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:Program FilesAnalog DevicesSoundMAXSMAgent.exe


What now?

#6 Jag11

Jag11

  • Members
  • 1,027 posts
  • OFFLINE
  •  
  • Location:127.0.0.1
  • Local time:08:55 AM

Posted 23 April 2006 - 09:50 PM

Hi,

I see that you disabled some startups using MsConfig, we need to see them because sometimes they can be malware. To enable them all again, do this -

Click Start > Run > type: MSconfig > OK
Select -> Normal Startup - load all device drivers and services
Click on OK, then when asked to reboot/restart, select "NO".

Then scan with HJT again and post it here.

Edited by Jag11, 23 April 2006 - 09:51 PM.

Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.

#7 CBN

CBN
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 26 April 2006 - 10:20 AM

OK, thanks, here's the new log.

Logfile of HijackThis v1.99.1
Scan saved at 18:11:10, on 26/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\ICQ\Icq.exe
D:\lhemule53\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\שונות להכל\תוכנות\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vmule.com/homepage.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.bezeqint.net:8080
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\שונות להכל\תוכנות\תיקיה חדשה\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\שונות להכל\תוכנות\Download Accelerator Plus\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpeedOptimizer] D:\שונותל~1\תוכנות\DOWNLO~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [eDonkey2000] D:\שונות להכל\תוכנות\Kazza Diat\eDonkey2000\eDonkey2000.exe -t
O4 - HKLM\..\Run: [DAEMON Tools] "D:\שונות להכל\תוכנות\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [BearShare] "D:\שונות להכל\תוכנות\תוכנת שתוף חדשה תותחנית\BearShare.exe" /pause
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\שונות להכל\תוכנות\תיקיה חדשה\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O8 - Extra context menu item: &Download with &DAP - D:\שונותל~1\תוכנות\DOWNLO~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - D:\שונותל~1\תוכנות\DOWNLO~1\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\שונותל~1\תוכנות\DOWNLO~1\DAP\DAP.EXE
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7D297B9-9383-43A1-AA05-E78EB3B79124}: NameServer = 192.115.106.35 62.219.186.7
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

#8 Jag11

Jag11

  • Members
  • 1,027 posts
  • OFFLINE
  •  
  • Location:127.0.0.1
  • Local time:08:55 AM

Posted 26 April 2006 - 11:50 PM

Do you what these folders are? They don't look like english letters, I wonder what they are?

D:\שונות להכל\תוכנות\

=====================================

Uninstall Programs

Click Start Control Panel Add/Remove Programs, and then remove the following program/s (if present):

* The first 2 entries are related to p2p programs. They are considered as malware, so our recommendation is to uninstall them. More info about P2P programs here. eDonkey
BearShare
TBONBin

=====================================

Run HijackThis

Please open HJT, click Do a system scan only, and then place a checkmark beside each of these entries:

O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r

* If you followed my recommendation about about these two P2P programs, fix these as well :

O4 - HKLM\..\Run: [eDonkey2000] D:\שונות להכל\תוכנות\Kazza Diat\eDonkey2000\eDonkey2000.exe -t
O4 - HKLM\..\Run: [BearShare] "D:\שונות להכל\תוכנות\תוכנת שתוף חדשה תותחנית\BearShare.exe" /pause

After placing all the checkmarks, close all windows (except HJT), and then hit Fix Checked. When it finishes, exit HJT.

=====================================

* Delete these folders (if found) -

C:\Program Files\TBONBin\
D:\שונות להכל\תוכנות\Kazza Diat\

* Delete this file (if found) -

D:\שונות להכל\תוכנות\תוכנת שתוף חדשה תותחנית\BearShare.exe

=====================================

Run an online scan at Kaspersky
  • Please go here to run Kaspersky Online Virus Scanner.
  • You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended
  • Scan Options:
  • Scan Archives
  • Scan Mail Bases
[*]Click OK
[*]Now under select a target to scan, select My Computer.
[*]This will scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.
[*]Now click on the Save as Text button, and save it to your Desktop.
[*]Copy and paste that information in your next post.
[/list]=====================================

In your next reply, please include these log(s):
  • HijackThis (new)
  • Kaspersky
.
Good luck,
Jet Ian


Posted Image
.

Edited by Jag11, 26 April 2006 - 11:51 PM.

Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.

#9 Jag11

Jag11

  • Members
  • 1,027 posts
  • OFFLINE
  •  
  • Location:127.0.0.1
  • Local time:08:55 AM

Posted 03 May 2006 - 08:21 AM

Due to the lack of feedback, this topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Jet Ian
Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users