Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I need help to get rig of this virus![RESOLVED]


  • This topic is locked This topic is locked

#1
nicksantopaolo

nicksantopaolo

    Member

  • Member
  • PipPip
  • 29 posts
Hi,

I've noticed that this seems to be a problem for many other people too! Could u please help me get rid of this stupid se.dll trojan! It sets my home page to about.blank and loads of pop-ups keep apearing! My antivirus recognises it but then says access denied..

please help me!

thanks

nick

ps this is the log:

Logfile of HijackThis v1.99.1
Scan saved at 17:14:24, on 14/04/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\S3tray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\BUFFALO\Client Manager\ABRECEIVER\ABReceiver.exe
C:\WINNT\vsnpstd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\internat.exe
C:\Documents and Settings\Administrator\Application Data\tscm.exe
C:\WINNT\system32\alg.exe
C:\Program Files\BUFFALO\Client Manager\CLIENTMG\ESSIDSET.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\temp3\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1BB42F7F-EB5A-4F33-A705-97B161852335} - C:\WINNT\system32\joea.dll
O2 - BHO: (no name) - {225A2252-B6B4-C34D-BD1C-BFEEFFF7BBE8} - C:\WINNT\system32\kvfhve.dll
O2 - BHO: (no name) - {235A2250-B6B6-B749-BD1F-CDEEFF86BB90} - C:\WINNT\system32\kvfhve.dll
O2 - BHO: (no name) - {2630E63A-7D83-7A7B-8A29-5E27C396BFC2} - C:\WINNT\system32\oviuh.dll (file missing)
O2 - BHO: (no name) - {A10D0315-99AF-CA02-F82A-BEC9ADB26E95} - C:\WINNT\system32\wrp.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [S3TRAY] S3tray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [ABRECEIVER] "C:\Program Files\BUFFALO\Client Manager\ABRECEIVER\ABReceiver.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINNT\vsnpstd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Rtom] C:\Documents and Settings\Administrator\Application Data\tscm.exe
O4 - HKCU\..\Run: [Nqwwqghi] C:\WINNT\system32\alg.exe
O4 - Global Startup: Client Manager.lnk = C:\Program Files\BUFFALO\Client Manager\CLIENTMG\ESSIDSET.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: 213.159.117.202 (HKLM)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsec...an/TDECntrl.CAB
O18 - Filter: text/html - {983B0471-0DF7-44BB-9ACD-5312A2F1C698} - C:\WINNT\system32\joea.dll
O18 - Filter: text/plain - {983B0471-0DF7-44BB-9ACD-5312A2F1C698} - C:\WINNT\system32\joea.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

Edited by nicksantopaolo, 14 April 2005 - 10:15 AM.

  • 0

Advertisements


#2
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi Nick and welcome,
A couple things need you to do please,
First,

Download the DelDomains zip file and unzip it to your desktop.

DelDomains

Right-click on the deldomains.inf file and select 'Install'

Reboot your computer,


Next,

Download SpSeHjfix into a folder. Disconnect from the net and Close ALL OPEN PROGRAMS. Run 'SpSeHjfix' and click on "Start Disinfection". When it's finished it will reboot your machine to finish the cleaning process. The tool creates a log of the fix which will appear in the folder.

Reboot and post a fresh HJT log and the log that was created by 'SpSeHjfix'.
  • 0

#3
nicksantopaolo

nicksantopaolo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hi,

Ok I hope i've done this correctly, please bare with me im not the best on computers!

Kind Regards Nick

Logfile of HijackThis v1.99.1
Scan saved at 14:01:08, on 15/04/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\S3tray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\BUFFALO\Client Manager\ABRECEIVER\ABReceiver.exe
C:\WINNT\vsnpstd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\internat.exe
C:\Documents and Settings\Administrator\Application Data\tscm.exe
C:\WINNT\system32\alg.exe
C:\Program Files\BUFFALO\Client Manager\CLIENTMG\ESSIDSET.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\temp3\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {225A2252-B6B4-C34D-BD1C-BFEEFFF7BBE8} - C:\WINNT\system32\kvfhve.dll
O2 - BHO: (no name) - {235A2250-B6B6-B749-BD1F-CDEEFF86BB90} - C:\WINNT\system32\kvfhve.dll
O2 - BHO: (no name) - {2630E63A-7D83-7A7B-8A29-5E27C396BFC2} - C:\WINNT\system32\oviuh.dll (file missing)
O2 - BHO: (no name) - {A10D0315-99AF-CA02-F82A-BEC9ADB26E95} - C:\WINNT\system32\wrp.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [S3TRAY] S3tray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [ABRECEIVER] "C:\Program Files\BUFFALO\Client Manager\ABRECEIVER\ABReceiver.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINNT\vsnpstd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Rtom] C:\Documents and Settings\Administrator\Application Data\tscm.exe
O4 - HKCU\..\Run: [Nqwwqghi] C:\WINNT\system32\alg.exe
O4 - Global Startup: Client Manager.lnk = C:\Program Files\BUFFALO\Client Manager\CLIENTMG\ESSIDSET.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsec...an/TDECntrl.CAB
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe


(4/15/05 13:55:20) SPSeHjFix started v1.1.2
(4/15/05 13:55:20) OS: Win2000 Service Pack 4 (5.0.2195)
(4/15/05 13:55:20) Language: english
(4/15/05 13:55:20) Win-Path: C:\WINNT
(4/15/05 13:55:20) System-Path: C:\WINNT\system32
(4/15/05 13:55:20) Temp-Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
(4/15/05 13:55:23) Disinfection started
(4/15/05 13:55:23) Bad-Dll(IEP): c:\docume~1\admini~1\locals~1\temp\se.dll
(4/15/05 13:55:23) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINNT\system32\joea.dll
(4/15/05 13:55:23) Searchassistant Uninstaller - Keys Deleted
(4/15/05 13:55:23) UBF: 6 - UBB: 6 - UBR: 14
(4/15/05 13:55:23) FilterKey: HKCR\text/html (deleted)
(4/15/05 13:55:23) FilterKey: HKCR\CLSID\{983B0471-0DF7-44BB-9ACD-5312A2F1C698} (deleted)
(4/15/05 13:55:23) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)
(4/15/05 13:55:23) FilterKey: HKCR\text/plain (deleted)
(4/15/05 13:55:23) FilterKey: HKCR\CLSID\{983B0471-0DF7-44BB-9ACD-5312A2F1C698} (error while deleting)
(4/15/05 13:55:23) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting)
(4/15/05 13:55:23) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1BB42F7F-EB5A-4F33-A705-97B161852335} (deleted)
(4/15/05 13:55:23) BHO-Key: HKCR\CLSID\{1BB42F7F-EB5A-4F33-A705-97B161852335} (deleted)
(4/15/05 13:55:23) UBF: 4 - UBB: 5 - UBR: 14
(4/15/05 13:55:23) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\admini~1\locals~1\temp\se.dll/spage.html
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Default_Page_URL:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\admini~1\locals~1\temp\se.dll/spage.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(4/15/05 13:55:23) Stealth-String not found
(4/15/05 13:55:23) File added to delete: c:\winnt\system32\joea.dll
(4/15/05 13:55:23) Reboot


(4/15/05 13:58:30) SPSeHjFix started v1.1.2
(4/15/05 13:58:30) OS: Win2000 Service Pack 4 (5.0.2195)
(4/15/05 13:58:30) Language: english
(4/15/05 13:58:30) Win-Path: C:\WINNT
(4/15/05 13:58:30) System-Path: C:\WINNT\system32
(4/15/05 13:58:30) Temp-Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\

Thanks again I hope u can sort this awful mess....
  • 0

#4
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Looking better Nick,


Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
O2 - BHO: (no name) - {225A2252-B6B4-C34D-BD1C-BFEEFFF7BBE8} - C:\WINNT\system32\kvfhve.dll
O2 - BHO: (no name) - {235A2250-B6B6-B749-BD1F-CDEEFF86BB90} - C:\WINNT\system32\kvfhve.dll
O2 - BHO: (no name) - {2630E63A-7D83-7A7B-8A29-5E27C396BFC2} - C:\WINNT\system32\oviuh.dll (file missing)
O2 - BHO: (no name) - {A10D0315-99AF-CA02-F82A-BEC9ADB26E95} - C:\WINNT\system32\wrp.dll (file missing)
O4 - HKCU\..\Run: [Rtom] C:\Documents and Settings\Administrator\Application Data\tscm.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm


Next Reboot into SAFE MODE Make sure you can view all Hidden Files/Folders search for and delete the files highlighted in BOLD

C:\WINNT\system32\kvfhve.dll
C:\Documents and Settings\Administrator\Application Data\tscm.exe

Restart your computer, Post back a fresh log please
  • 0

#5
nicksantopaolo

nicksantopaolo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hi again,

Im not sure what u mean:

Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

Run HJT, then what is 'put a check next to the following' and 'click fix checked' ??

Also, how do u run windows in safe mode and have access to hidden files??

God im hopeless!! lol

Thanks again

Kind Regards

Nick
  • 0

#6
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Nah your not hopeless Nick we will get you through this,

Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

Run HJT, then what is 'put a check next to the following' and 'click fix checked' ??

Please see this Tutorial

Also, how do u run windows in safe mode

Click Here for instructions on how to do that,


and have access to hidden files


Click Here for instructions on how to do that,
  • 0

#7
nicksantopaolo

nicksantopaolo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hi

Hopefully this has worked:

Logfile of HijackThis v1.99.1
Scan saved at 02:11:45, on 16/04/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\S3tray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\BUFFALO\Client Manager\ABRECEIVER\ABReceiver.exe
C:\WINNT\vsnpstd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\alg.exe
C:\Program Files\BUFFALO\Client Manager\CLIENTMG\ESSIDSET.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\temp3\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {225A2252-B6B4-C34D-BD1C-BFEEFFF7BBE8} - C:\WINNT\system32\kvfhve.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [S3TRAY] S3tray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [ABRECEIVER] "C:\Program Files\BUFFALO\Client Manager\ABRECEIVER\ABReceiver.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINNT\vsnpstd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Nqwwqghi] C:\WINNT\system32\alg.exe
O4 - Global Startup: Client Manager.lnk = C:\Program Files\BUFFALO\Client Manager\CLIENTMG\ESSIDSET.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsec...an/TDECntrl.CAB
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe


Thanks

Nick
  • 0

#8
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
See that Nick I knew you could do it, Nice job !!!

OK now that we got through that just open HJT one more time please and the same way you did it before have it fix this one

O2 - BHO: (no name) - {225A2252-B6B4-C34D-BD1C-BFEEFFF7BBE8} - C:\WINNT\system32\kvfhve.dll (file missing)


Reboot and post back a fresh HJT log please
  • 0

#9
nicksantopaolo

nicksantopaolo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Ok cool we're making progress!

Logfile of HijackThis v1.99.1
Scan saved at 02:31:27, on 16/04/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\S3tray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\BUFFALO\Client Manager\ABRECEIVER\ABReceiver.exe
C:\WINNT\vsnpstd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\alg.exe
C:\Program Files\BUFFALO\Client Manager\CLIENTMG\ESSIDSET.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\temp3\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [S3TRAY] S3tray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [ABRECEIVER] "C:\Program Files\BUFFALO\Client Manager\ABRECEIVER\ABReceiver.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINNT\vsnpstd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Nqwwqghi] C:\WINNT\system32\alg.exe
O4 - Global Startup: Client Manager.lnk = C:\Program Files\BUFFALO\Client Manager\CLIENTMG\ESSIDSET.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsec...an/TDECntrl.CAB
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

Thank you

Nick
  • 0

#10
nicksantopaolo

nicksantopaolo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hi,

This got my computer back to normal, i.e i was able to set my home page back to what i wanted and not the [bleep] about.blank! however, i restarted my computer and it is back!! And when i go to a website, for example, geekstogo it keeps diverting to other dodgy sites so i have to press the 'back' button to get to geekstogo.....

I never suspected we had finished, however!!

Just thought I would report to you what was happening...

Thank you for your continued efforts!

nick
  • 0

Advertisements


#11
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Nick, Post back a fresh HJT log please
  • 0

#12
nicksantopaolo

nicksantopaolo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
hi

Logfile of HijackThis v1.99.1
Scan saved at 19:31:12, on 16/04/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\S3tray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\BUFFALO\Client Manager\ABRECEIVER\ABReceiver.exe
C:\WINNT\vsnpstd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\alg.exe
C:\Program Files\BUFFALO\Client Manager\CLIENTMG\ESSIDSET.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\temp3\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [S3TRAY] S3tray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [ABRECEIVER] "C:\Program Files\BUFFALO\Client Manager\ABRECEIVER\ABReceiver.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINNT\vsnpstd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Nqwwqghi] C:\WINNT\system32\alg.exe
O4 - Global Startup: Client Manager.lnk = C:\Program Files\BUFFALO\Client Manager\CLIENTMG\ESSIDSET.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsec...an/TDECntrl.CAB
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

thanks

nick
  • 0

#13
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Please download FindQoologic from here:
http://forums.net-in...=post&id=134981
Save it to the desktop and run Find-Qoologic2.bat. This will generate a log file; please post the entire contents of the log file here to this post please
  • 0

#14
nicksantopaolo

nicksantopaolo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hi

I've saved to my desktop, however it just saved it as as a internet expolorer file, and when doulble clicked it went to nothing. just a http file.

sorry, hopeless nick does it again! lol

thanks

nick
  • 0

#15
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Try it again Nick,
I just tested the link I posted earlier and it showing up as page not found.
Try this
Please download FindQoologic from here:
http://forums.net-in...=post&id=134981
Save it to the desktop and run Find-Qoologic2.bat. This will generate a log file; please post the entire contents of the log file here to this post please

When it has finished downloading it should open a folder and then click on find Qoologic2.bat.

It will save to the same folder in notbook double click on it and copy and paste the contents back to this topic please
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP