Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pop Ups.. (eliteaej32.exe).. and other files..[RESOLVED]


  • This topic is locked This topic is locked

#1
FatherOfGod

FatherOfGod

    New Member

  • Member
  • Pip
  • 9 posts
Logfile of HijackThis v1.99.1
Scan saved at 08:02:48 p.m., on 10/05/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\pctspk.exe
C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe
C:\WINNT\System32\inavrm.exe
C:\WINNT\explorer.exe
C:\thingz\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://searchcentral...hp?v=4&aff=5016
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - Default URLSearchHook is missing
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Archivos de programa\GetRight\xx2gr.dll
O2 - BHO: CDllBho Object - {5A5B6916-ED71-4531-8018-E792DD44156E} - C:\WINNT\cmdex.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Archivos de programa\FlashGet\jccatch.dll
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [explorer] C:\WINNT\system32\explorer.exe -go -c7 -w1
O4 - HKLM\..\Run: [checkrun] C:\winnt\system32\eliteaej32.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINNT\System32\inavrm.exe
O8 - Extra context menu item: Descargar con Fl&ashGet - C:\Archivos de programa\FlashGet\jc_link.htm
O8 - Extra context menu item: Descargar todo con Flas&hGet - C:\Archivos de programa\FlashGet\jc_all.htm
O8 - Extra context menu item: Download with GetRight - C:\Archivos de programa\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Archivos de programa\GetRight\GRbrowse.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Archivos de programa\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Archivos de programa\FlashGet\flashget.exe
O9 - Extra button: @C:\Archivos de programa\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Archivos de programa\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O12 - Plugin for .bin: C:\Archivos de programa\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mp3: C:\Archivos de programa\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Archivos de programa\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://C: oo.mht!http://198.88.20.155...chm::/win32.exe
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c8.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://webcam.ont.ne.jp/kxhcm10.ocx
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://213.10.227.87...activex/AMC.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://sciencecenter...sCamControl.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {FDE6B956-B80A-4578-9A10-4C24609412F1} - http://access.gamesp...s/fullgames.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{31103A30-9CB8-4ED4-A6F4-8DE43D3E0EF7}: NameServer = 196.3.81.5 200.88.127.23
O18 - Filter: text/html - {169D1D38-8DFD-4479-BFFD-648C60EE37AF} - C:\Documents and Settings\CASA1\Configuración local\Datos de programa\microsoft\internet explorer\V0.26.dat
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O23 - Service: W2k PCtel speaker phone (pctspk) - PCtel, Inc. - C:\WINNT\system32\pctspk.exe
  • 0

Advertisements


#2
FatherOfGod

FatherOfGod

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Bump..
  • 0

#3
Guest_thatman_*

Guest_thatman_*
  • Guest
We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...p1/default.mspx
Apply the update, reboot, and post a fresh Hijack This log.


Kc :tazz:
  • 0

#4
FatherOfGod

FatherOfGod

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I managed to delete eliteaej32.exe and i did all the actualizations of windows update..
i get no more pop ups but there's a couple more files that i have to delete..


Logfile of HijackThis v1.99.1
Scan saved at 06:23:14 a.m., on 05/05/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\pctspk.exe
C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe
C:\WINNT\System32\wuauclt.exe
C:\thingz\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://searchcentral...hp?v=4&aff=5016
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - Default URLSearchHook is missing
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Archivos de programa\GetRight\xx2gr.dll
O2 - BHO: CDllBho Object - {5A5B6916-ED71-4531-8018-E792DD44156E} - C:\WINNT\uytuy.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Archivos de programa\FlashGet\jccatch.dll
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [explorer] C:\WINNT\system32\explorer.exe -go -c7 -w1
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\RunOnce: [DeleteYourSiteBar] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Archivos de programa\YourSiteBar\ysb.dll"
O8 - Extra context menu item: Descargar con Fl&ashGet - C:\Archivos de programa\FlashGet\jc_link.htm
O8 - Extra context menu item: Descargar todo con Flas&hGet - C:\Archivos de programa\FlashGet\jc_all.htm
O8 - Extra context menu item: Download with GetRight - C:\Archivos de programa\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Archivos de programa\GetRight\GRbrowse.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Archivos de programa\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Archivos de programa\FlashGet\flashget.exe
O9 - Extra button: @C:\Archivos de programa\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Archivos de programa\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O12 - Plugin for .bin: C:\Archivos de programa\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mp3: C:\Archivos de programa\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Archivos de programa\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted IP range: 67.19.178.84
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://C: oo.mht!http://198.88.20.155...chm::/win32.exe
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c8.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://webcam.ont.ne.jp/kxhcm10.ocx
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://213.10.227.87...activex/AMC.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://sciencecenter...sCamControl.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {FDE6B956-B80A-4578-9A10-4C24609412F1} - http://access.gamesp...s/fullgames.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{31103A30-9CB8-4ED4-A6F4-8DE43D3E0EF7}: NameServer = 196.3.81.5 200.88.127.23
O18 - Filter: text/html - {169D1D38-8DFD-4479-BFFD-648C60EE37AF} - C:\Documents and Settings\CASA1\Configuración local\Datos de programa\microsoft\internet explorer\V0.26.dat
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O23 - Service: W2k PCtel speaker phone (pctspk) - PCtel, Inc. - C:\WINNT\system32\pctspk.exe
  • 0

#5
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi FatherOfGod

Please read through the instructions before you start (you may want to print this out).

Download CWShredder (there is a link in my signature), unzip it, and save it on the Desktop.
Run CWShredder to fix your CWS problem.

Please set your system to show all files; please see here if you're unsure how to do this.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://searchcentral...hp?v=4&aff=5016
R3 - Default URLSearchHook is missing
O2 - BHO: CDllBho Object - {5A5B6916-ED71-4531-8018-E792DD44156E} - C:\WINNT\uytuy.dll
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O15 - Trusted IP range: 67.19.178.84
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://C: oo.mht!http://198.88.20.155...chm::/win32.exe
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c8.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O18 - Filter: text/html - {169D1D38-8DFD-4479-BFFD-648C60EE37AF} - C:\Documents and Settings\CASA1\Configuración local\Datos de programa\microsoft\internet explorer\V0.26.dat
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)

Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\Program Files\Media Access<--Delete the whole folder
Exit Explorer.

If you were unable to find any of the files then please follow these additional instructions:
Download Pocket Killbox and unzip it; save it to your Desktop.
Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes. Let the system reboot.
C:\WINNT\uytuy.dll
C:oo.mht!http://198.88.20.155...chm::/win32.exe
c:\ied_s7.cab
c:\x.cab
c:\ex.cab
C:\Documents and Settings\CASA1\Configuración local\Datos de programa\microsoft\internet explorer\V0.26.dat

Reboot as normal.

You have not even tryed to update yor system
We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...p1/default.mspx
Apply the update, reboot, and post a fresh Hijack This log.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
[b]Please post the logs From Panda virus scan and HJT.log
We will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#6
FatherOfGod

FatherOfGod

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
(Panda Scan Log)


Incident Status Location

Adware:Adware/QoolShown No disinfected C:\WINNT\System32\sgetphb.dll
Adware:Adware/ClkOptimizer No disinfected C:\WINNT\System32\inavrm.exe
Spyware:Spyware/Cydoor No disinfected C:\WINNT\System32\adcache
Spyware:Spyware/New.net No disinfected C:\WINNT\NDNuninstall*.exe
Adware:Adware/SaveNow No disinfected C:\DOCUME~1\CASA1\CONFIG~1\Temp\auf0.exe
Spyware:Spyware/BargainBuddy No disinfected Windows Registry
Adware:Adware/nCase No disinfected C:\WINNT\System32\FLEOK
Spyware:Spyware/Dyfuca No disinfected C:\DOCUME~1\CASA1\CONFIG~1\Temp\optimize.exe
Adware:Adware/XPlugin No disinfected Windows Registry
Spyware:Spyware/ISTbar No disinfected C:\DOCUME~1\CASA1\CONFIG~1\Temp\iinstall.exe
Adware:Adware/PurityScan No disinfected C:\WINNT\System32\vbsys2.dll
Adware:Adware/PortalScan No disinfected Windows Registry
Adware:Adware/SAHAgent No disinfected C:\DOCUME~1\CASA1\CONFIG~1\Temp\sahage*
Adware:Adware/BHO No disinfected Windows Registry
Adware:Adware/Apropos No disinfected C:\WINNT\System32\cache\cxtpls_loader.exe
Adware:Adware/WinTools No disinfected C:\DOCUME~1\CASA1\CONFIG~1\Temp\down.cab
Adware:Adware/VirtualBouncer No disinfected C:\Documents and Settings\All Users\Datos de programa\VBouncer
Adware:Adware/Sqwire No disinfected C:\WINNT\System32\tsuninst.exe
Adware:Adware/SideFind No disinfected Windows Registry
Adware:Adware/Twain-Tech No disinfected C:\DOCUME~1\CASA1\CONFIG~1\Temp\THI*.tmp
Adware:Adware/WUpd No disinfected C:\WINNT\Downloaded Program Files\WinCtlAdX.dll
Adware:Adware/EliteBar No disinfected Windows Registry
Spyware:Spyware/YourSiteBar No disinfected C:\WINNT\DOWNLO~1\YSBACT~1.DLL
Spyware:Spyware/SurfSideKick No disinfected Windows Registry
Adware:Adware/AlwaysupdatednewsNo disinfected C:\WINNT\System32\NBA Giveaway.ico
Adware:Adware/SearchTheWeb No disinfected C:\WINNT\System32\Cache\mswinstall.exe
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\CASA1\Configuración local\Archivos temporales de Internet\Ssk.log
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\1kHyAW.exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\2jPbxg.exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\3GhVI2.exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\3GsZyV.exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\5AYCCi.exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\5ctJnC.exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\61SZnR.exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\8PFlI8.exe
Adware:Adware/Apropos No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\auf0.exe
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\bb.exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\BVRGhk.exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\CeqY3I.exe
Spyware:Spyware/Dyfuca No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\cln24.tmp
Adware:Adware/nCase No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\Del64.tmp
Adware:Adware/nCase No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\Del66.tmp
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\down.cab[WToolsB.dll]
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\exjIyu.exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\FAGmDA.exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\ffBg6d.exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\fIAohfD.exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\gbuc40.exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\GLF6GLF6.EXE
Adware:Adware/SideFind No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\GLFFGLFF.EXE
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\HL1Ivt.exe
Spyware:Spyware/YourSiteBar No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\ICD4.tmp\ysbactivex.dll
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\JBfGDM.exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\jdr2BG.exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\lquBfF.exe
Virus:Trj/Agent.NE Disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\mmn32.exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\nnGet3.exe
Virus:Trj/Downloader.ALQ Disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\nnx64.exe
Spyware:Spyware/Dyfuca No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\optimize.exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\pekdns.exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\PimeAq.exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\qb3Ema.exe
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\sahagent-cdt1004.exe
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\setup4002b.cab
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\setup4002b.cab[lkir8l2gm_.dll]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\setup4002b.cab[abasa5jrp_.exe]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\setup4002b.cab[u6f6uftuc_.exe]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\setup4002b.cab[hochkaod3_.exe]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\setup4002b.cab[u6f6uftuc_.ini]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\setup4002b.cab[hochkaod3_.ini]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\setup4002b.cab[setup4002b.ini]
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\setup4002b.cab[webinstaller.dll]
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\suicidetb.exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\TCu40v.exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\temp.fr02CF
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\VvFcAF.exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\wTAiqd.exe
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\WToolsB.dll
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\CASA1\Configuración local\Temp\YcYTPj.exe
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\CASA1\Datos de programa\Sskknwrd.dll
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\CASA1\Datos de programa\Sskuknwrd.dll
Virus:Trj/Agent.NE Disinfected C:\thingz\hijackthis\backups\backup-20050505-114551-744.dll
Adware:Adware/Apropos No disinfected C:\WINNT\cxtpls_loader.exe
Adware:Adware/PortalScan No disinfected C:\WINNT\Downloaded Program Files\aun_0015.exe
Spyware:Spyware/ISTbar No disinfected C:\WINNT\Downloaded Program Files\CONFLICT.1\ysbactivex.dll
Adware:Adware/SAHAgent No disinfected C:\WINNT\Downloaded Program Files\setup4002b.ini
Adware:Adware/WUpd No disinfected C:\WINNT\Downloaded Program Files\WinCtlAdX.dll
Spyware:Spyware/YourSiteBar No disinfected C:\WINNT\Downloaded Program Files\YSBactivex.dll
Virus:Trj/Downloader.ALQ Disinfected C:\WINNT\gaSrve.exe
Adware:Adware/MediaTickets No disinfected C:\WINNT\LastGood\Downloaded Program Files\eied.inf
Adware:Adware/PurityScan No disinfected C:\WINNT\LastGood\Downloaded Program Files\start.INF
Adware:Adware/WUpd No disinfected C:\WINNT\LastGood\Downloaded Program Files\WinCtlAdX.dll
Spyware:Spyware/New.net No disinfected C:\WINNT\NDNuninstall4_85.exe
Spyware:Spyware/ISTbar No disinfected C:\WINNT\rojigcpj.exe
Virus:Bck/Webdor.AC Disinfected C:\WINNT\shch.exe
Adware:Adware/SAHAgent No disinfected C:\WINNT\system32\abasa5jrp.exe
Adware:Adware/SAHAgent No disinfected C:\WINNT\system32\abasa5jrp.ini
Adware:Adware/eZula No disinfected C:\WINNT\system32\Cache\Advtg.exe
Adware:Adware/Apropos No disinfected C:\WINNT\system32\Cache\cxtpls_loader.exe
Adware:Adware/PortalScan No disinfected C:\WINNT\system32\Cache\InstallAPS.exe
Spyware:Spyware/BargainBuddy No disinfected C:\WINNT\system32\Cache\installer_MARKETING17.exe
Adware:Adware/SearchTheWeb No disinfected C:\WINNT\system32\Cache\mswinstall.exe
Adware:Adware/nCase No disinfected C:\WINNT\system32\Cache\saie1101.exe
Spyware:Spyware/SurfSideKick No disinfected C:\WINNT\system32\Cache\SSK_B5 Ventura Marketing 3.EXE
Spyware:Spyware/BetterInet No disinfected C:\WINNT\system32\Cache\thin-8-1-x-x.exe
Adware:Adware/VirtualBouncer No disinfected C:\WINNT\system32\Cache\wrapperouter.exe
Adware:Adware/StartPage.DD No disinfected C:\WINNT\system32\config\systemprofile\Configuración local\Archivos temporales de Internet\Content.IE5\K9AZODQF\protector_update[1].exe
Adware:Adware/EliteBar No disinfected C:\WINNT\system32\config\systemprofile\Configuración local\Archivos temporales de Internet\Content.IE5\K9AZODQF\protector_update[2].exe
Adware:Adware/Startpage.CM No disinfected C:\WINNT\system32\elitefmt32.exe
Adware:Adware/Startpage.CM No disinfected C:\WINNT\system32\elitelvj32.exe
Adware:Adware/StartPage.DD No disinfected C:\WINNT\system32\eliteohl32.exe
Adware:Adware/StartPage.DD No disinfected C:\WINNT\system32\eliteota32.exe
Adware:Adware/StartPage.DD No disinfected C:\WINNT\system32\elitesxf32.exe
Adware:Adware/SAHAgent No disinfected C:\WINNT\system32\hochkaod3.exe
Adware:Adware/SAHAgent No disinfected C:\WINNT\system32\hochkaod3.ini
Adware:Adware/ClkOptimizer No disinfected C:\WINNT\system32\inavrm.exe
Adware:Adware/SAHAgent No disinfected C:\WINNT\system32\lkir8l2gm.dll
Virus:Trj/Fasic.A Disinfected C:\WINNT\system32\mmiz.exe
Adware:Adware/AlwaysupdatednewsNo disinfected C:\WINNT\system32\NBA Giveaway.ico
Adware:Adware/nCase No disinfected C:\WINNT\system32\saieau.dat
Adware:Adware/nCase No disinfected C:\WINNT\system32\saie_kyf.dat
Adware:Adware/QoolShown No disinfected C:\WINNT\system32\sgetphb.dll
Adware:Adware/XPlugin No disinfected C:\WINNT\system32\tksrv99.exe
Spyware:Spyware/ISTbar No disinfected C:\WINNT\system32\tsuninst.exe
Adware:Adware/SAHAgent No disinfected C:\WINNT\system32\u6f6uftuc.ini
Adware:Adware/PurityScan No disinfected C:\WINNT\system32\vbsys.dll_old
Adware:Adware/PurityScan No disinfected C:\WINNT\system32\vbsys2.dll
Adware:Adware/PortalScan No disinfected C:\WINNT\system32\winupdt.008
Adware:Adware/PortalScan No disinfected C:\WINNT\system32\winupdt.bin
Adware:Adware/ClkOptimizer No disinfected C:\WINNT\system32\wvgpq.dat
Adware:Adware/SAHAgent No disinfected C:\WINNT\u6f6uftuc.exe
Virus:W32/Sober.V.worm Disinfected Hotmail\Elementos eliminados\Registration Confirmation\[account_info-text.zip][Winzipped-Text_Data.txt .pif]
Virus:W32/Bagle.CF.worm Disinfected Hotmail\Elementos eliminados\[7.zip][14_04_2005.exe]
Virus:W32/Bagle.CI.worm Disinfected Hotmail\Elementos eliminados\[8.zip][14_04_2005.exe]
Virus:W32/Sober.V.worm Disinfected Hotmail\Elementos eliminados\Registration Confirmation\[account_info-text.zip][Winzipped-Text_Data.txt .pif]
  • 0

#7
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi FatherOfGod

I NEED TO SEE A HJT.log with THE WINDOWS UPDATE

You can delete all the items from the Panda scan

Kc :tazz:
  • 0

#8
FatherOfGod

FatherOfGod

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hey Thanx For the help man!.. but i cant find the HJT.log, can you tell me in wich folder is it?
  • 0

#9
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi FatherOfGod

C:\thingz\hijackthis\HijackThis.exe

Kc :tazz:
  • 0

#10
FatherOfGod

FatherOfGod

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
oh. you meant hijackthis log, i tought it was a log from housecall's scan..

Logfile of HijackThis v1.99.1
Scan saved at 12:38:35 p.m., on 06/05/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\pctspk.exe
C:\WINNT\Explorer.EXE
C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe
C:\WINNT\System32\inavrm.exe
C:\thingz\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O1 - Hosts: 62.75.224.159 www.bns1.net
O1 - Hosts: 62.75.224.159 www.bns2.net
O1 - Hosts: 62.75.224.159 www.bns3.net
O1 - Hosts: 62.75.224.159 www.bns4.net
O1 - Hosts: 62.75.224.159 www.bns5.net
O1 - Hosts: 62.75.224.159 www.bns6.net
O1 - Hosts: 62.75.224.159 www.bns7.net
O1 - Hosts: 62.75.224.159 www.bns8.net
O1 - Hosts: 62.75.224.159 www.cms1.net
O1 - Hosts: 62.75.224.159 www.cms2.net
O1 - Hosts: 62.75.224.159 www.cms3.net
O1 - Hosts: 62.75.224.159 www.cms4.net
O1 - Hosts: 62.75.224.159 www.cms5.net
O1 - Hosts: 62.75.224.159 www.cms6.net
O1 - Hosts: 62.75.224.159 www.cms7.net
O1 - Hosts: 62.75.224.159 www.cms8.net
O1 - Hosts: 62.75.224.159 www.rg1.com
O1 - Hosts: 62.75.224.159 www.rg2.com
O1 - Hosts: 62.75.224.159 www.rg3.com
O1 - Hosts: 62.75.224.159 www.rg4.com
O1 - Hosts: 62.75.224.159 www.rg5.com
O1 - Hosts: 62.75.224.159 www.rg6.com
O1 - Hosts: 62.75.224.159 www.rg7.com
O1 - Hosts: 62.75.224.159 www.rg8.com
O1 - Hosts: 62.75.224.159 jcms.cydoor.com
O1 - Hosts: 62.75.224.159 cydoor.com
O1 - Hosts: 62.75.224.159 jnova.cjt1.net
O1 - Hosts: 62.75.224.159 jcontent.bns1.m7z.net
O1 - Hosts: 62.75.224.159 j.2004CMS.com
O1 - Hosts: 62.75.224.159 2004CMS.com
O1 - Hosts: 62.75.224.159 bns1.m7z.net
O1 - Hosts: 62.75.224.159 m7z.net
O1 - Hosts: 62.75.224.159 jcontent.bns1.net
O1 - Hosts: 62.75.224.159 jbns2.cydoor.com
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Archivos de programa\GetRight\xx2gr.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Archivos de programa\FlashGet\jccatch.dll
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [explorer] C:\WINNT\system32\explorer.exe -go -c7 -w1
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINNT\System32\inavrm.exe
O4 - HKLM\..\RunOnce: [DeleteYourSiteBar] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Archivos de programa\YourSiteBar\ysb.dll"
O8 - Extra context menu item: Descargar con Fl&ashGet - C:\Archivos de programa\FlashGet\jc_link.htm
O8 - Extra context menu item: Descargar todo con Flas&hGet - C:\Archivos de programa\FlashGet\jc_all.htm
O8 - Extra context menu item: Download with GetRight - C:\Archivos de programa\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Archivos de programa\GetRight\GRbrowse.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Archivos de programa\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Archivos de programa\FlashGet\flashget.exe
O9 - Extra button: @C:\Archivos de programa\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Archivos de programa\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O12 - Plugin for .bin: C:\Archivos de programa\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mp3: C:\Archivos de programa\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Archivos de programa\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: http://darksoft-ds.myfreewebs.net
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://webcam.ont.ne.jp/kxhcm10.ocx
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://213.10.227.87...activex/AMC.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://sciencecenter...sCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O23 - Service: W2k PCtel speaker phone (pctspk) - PCtel, Inc. - C:\WINNT\system32\pctspk.exe
  • 0

Advertisements


#11
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi FatherOfGod

This is the last time I will ask you to update windows to SP1-A

Please read through the instructions before you start (you may want to print this out).

Please set your system to show all files; please see here if you're unsure how to do this.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O1 - Hosts: 62.75.224.159 www.bns1.net
O1 - Hosts: 62.75.224.159 www.bns2.net
O1 - Hosts: 62.75.224.159 www.bns3.net
O1 - Hosts: 62.75.224.159 www.bns4.net
O1 - Hosts: 62.75.224.159 www.bns5.net
O1 - Hosts: 62.75.224.159 www.bns6.net
O1 - Hosts: 62.75.224.159 www.bns7.net
O1 - Hosts: 62.75.224.159 www.bns8.net
O1 - Hosts: 62.75.224.159 www.cms1.net
O1 - Hosts: 62.75.224.159 www.cms2.net
O1 - Hosts: 62.75.224.159 www.cms3.net
O1 - Hosts: 62.75.224.159 www.cms4.net
O1 - Hosts: 62.75.224.159 www.cms5.net
O1 - Hosts: 62.75.224.159 www.cms6.net
O1 - Hosts: 62.75.224.159 www.cms7.net
O1 - Hosts: 62.75.224.159 www.cms8.net
O1 - Hosts: 62.75.224.159 www.rg1.com
O1 - Hosts: 62.75.224.159 www.rg2.com
O1 - Hosts: 62.75.224.159 www.rg3.com
O1 - Hosts: 62.75.224.159 www.rg4.com
O1 - Hosts: 62.75.224.159 www.rg5.com
O1 - Hosts: 62.75.224.159 www.rg6.com
O1 - Hosts: 62.75.224.159 www.rg7.com
O1 - Hosts: 62.75.224.159 www.rg8.com
O1 - Hosts: 62.75.224.159 jcms.cydoor.com
O1 - Hosts: 62.75.224.159 cydoor.com
O1 - Hosts: 62.75.224.159 jnova.cjt1.net
O1 - Hosts: 62.75.224.159 jcontent.bns1.m7z.net
O1 - Hosts: 62.75.224.159 j.2004CMS.com
O1 - Hosts: 62.75.224.159 2004CMS.com
O1 - Hosts: 62.75.224.159 bns1.m7z.net
O1 - Hosts: 62.75.224.159 m7z.net
O1 - Hosts: 62.75.224.159 jcontent.bns1.net
O1 - Hosts: 62.75.224.159 jbns2.cydoor.com
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINNT\System32\inavrm.exe
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://213.10.227.87...activex/AMC.cab
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)

Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\Program Files\Media Access<--Delete the whole folder
Exit Explorer.

If you were unable to find any of the files then please follow these additional instructions:
Download Pocket Killbox and unzip it; save it to your Desktop.
Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes. Let the system reboot.
C:\WINNT\System32\inavrm.exe

Reboot as normal.

Download the Hoster from here Press "Restore Original Hosts. and press "OK". Exit Program.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#12
FatherOfGod

FatherOfGod

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi thatman, the link you gave me first to update to sp1-a takes me to the windows update site, and i dont see any update called service pack 1-a, so i suppose it's already installed.. i can take a screenshot if you want.

Edited by FatherOfGod, 16 May 2005 - 01:57 PM.

  • 0

#13
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi FatherOfGod

Try downloading the Service Pack from here and install it from your desktop.

http://www.softpedia...Pack-SP1a.shtml

Remember do not install Service Pack 2, as you will have major problems if you install that service pack without being clean first.

After installing SP1a reboot and post a new HJT. log.

Kc :tazz:
  • 0

#14
FatherOfGod

FatherOfGod

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
ok i'm downloading it..

Edited by FatherOfGod, 16 May 2005 - 09:48 PM.

  • 0

#15
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi FatherOfGod

Will be were waiting


Kc :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP