Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Removal of nasty things [CLOSED]


  • This topic is locked This topic is locked

#1
Jonandmelissa

Jonandmelissa

    New Member

  • Member
  • Pip
  • 3 posts
Hi. My husband got a dialer (and a bad phone bill). We also got spy sheriff. Problem one...I can't get rid of the background. Problem two, in trying to fix his computer I installed adaware and Microsoft Anti-Spyware. They seem to keep find viruses, a worm and spyware/dialers. I used panda and here is it's findings:

Incident Status Location

Spyware:spyware/smitfraud No disinfected C:\WINDOWS\System32\OLEEXT.dll
Virus:W32/Smitfraud.E Disinfected Operating system
Adware:adware/cws No disinfected C:\DOCUMENTS AND SETTINGS\JONATHAN\FAVORITES\FUN & GAMES\Betting.lnk
Spyware:spyware/smitfraud No disinfected C:\WINDOWS\SYSTEM32\oleext.dll
Adware:adware/psguard No disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\PSGuard spyware remover.lnk
Adware:adware/wupd No disinfected C:\PROGRAM FILES\ErrorGuard
Adware:adware/spywareno No disinfected Windows Registry
Dialer:Dialer.CTY No disinfected C:\Documents and Settings\Jonathan\Local Settings\Temp\pplhgkpd.exe
Dialer:Dialer.NO No disinfected C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\5TKOLF2V\gdnUS1104[1].exe
Dialer:Dialer.BEW No disinfected C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\CD83SHOP\fr[2].htm
Adware:Adware/WUpd No disinfected C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\CD83SHOP\index[1].htm
Spyware:Spyware/ISTBar No disinfected C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\CD83SHOP\index[2].htm
Spyware:Spyware/XXXToolbar No disinfected C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\CD83SHOP\prompt[2].php
Adware:Adware/nCase No disinfected C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\CD83SHOP\prompt_ie_win[1].js
Virus:Exploit/LoadImage Disinfected C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\CD83SHOP\sploit[1].anr
Spyware:Spyware/ISTBar No disinfected C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\GLUFWL6N\index[4].htm
Spyware:Spyware/ISTBar No disinfected C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\NORP198I\0006_regular[1].cab[istactivex.dll]
Adware:Adware/nCase No disinfected C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\NORP198I\init[1].js
Virus:Exploit/LoadImage Disinfected C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\NORP198I\psg[1].anr
Virus:Exploit/LoadImage Disinfected C:\Documents and Settings\Melissa\Local Settings\Temporary Internet Files\Content.IE5\012F45IJ\psg[1].anr
Adware:Adware/WUpd No disinfected C:\Documents and Settings\Melissa\Local Settings\Temporary Internet Files\Content.IE5\KBIXMZMD\index[2].htm
Spyware:Spyware/ISTBar No disinfected C:\Documents and Settings\Melissa\Local Settings\Temporary Internet Files\Content.IE5\UJ83GNCP\index[1].htm
Adware:Adware/nCase No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\0E5DBFB8-075E-40C1-B64C-09094E\8896730F-34A5-4DE6-9CEE-27500F
Virus:Trj/Agent.AFI Disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\218DA8E9-C184-41F3-ADFB-14FF23\22BA16D1-E3D2-41AD-A542-0F774F
Virus:Trj/Agent.AFI Disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\218DA8E9-C184-41F3-ADFB-14FF23\557C9529-6071-4405-8A62-288539
Adware:Adware/SpywareNo No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\218DA8E9-C184-41F3-ADFB-14FF23\867AFC95-996C-4901-9399-C4EC4F
Adware:Adware/SpywareNo No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\218DA8E9-C184-41F3-ADFB-14FF23\AB993EC9-65D5-4968-B725-8D9703
Adware:Adware/SpySheriff No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\218DA8E9-C184-41F3-ADFB-14FF23\E6955D1F-6AAF-4107-9939-BA7A40
Adware:Adware/SpySheriff No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\42488EA5-B0B7-49F9-BA80-EE6188\52115DE8-1742-4192-ABB1-73B5D1
Adware:Adware/SpywareNo No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\42488EA5-B0B7-49F9-BA80-EE6188\70CF19DE-6C3E-4A64-B3D7-06DD2C
Adware:Adware/SpywareNo No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\42488EA5-B0B7-49F9-BA80-EE6188\BDCDF9D5-E8BC-4DC9-90D2-E6573C
Spyware:Spyware/ISTBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\45BF0FC7-655D-4FB3-B17A-32CAFB\09E9463D-EAE7-446B-A315-900358
Virus:Trj/Agent.AFI Disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\F4FD701F-231F-47EE-BE98-D026D4\3FF3694B-8C40-4C17-81D9-BEC2A6
Adware:Adware/Popuper No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\F4FD701F-231F-47EE-BE98-D026D4\476C81A4-57F1-4FD8-9FB5-54E473
Adware:Adware/SpywareNo No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\F4FD701F-231F-47EE-BE98-D026D4\84E5C561-1154-4244-B834-503C16
Adware:Adware/SpySheriff No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\F4FD701F-231F-47EE-BE98-D026D4\C5C498C8-3903-47F7-9630-28C1D2
Adware:Adware/SpywareNo No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\F4FD701F-231F-47EE-BE98-D026D4\C90F722A-991D-4B01-BCF3-473218
Adware:Adware/SpySheriff No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\F4FD701F-231F-47EE-BE98-D026D4\D012E26D-A805-4166-B528-F8F2AB
Virus:Trj/Agent.AFI Disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\F4FD701F-231F-47EE-BE98-D026D4\E419A546-2F72-4E41-B7BF-297BF8
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP260\A0021718.exe
Virus:Trj/Clicker.FU Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP260\A0021722.exe
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP260\A0021725.srg
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP260\A0021730.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP261\A0021747.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP261\A0021755.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP261\A0021768.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP263\A0022242.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP263\A0022256.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP265\A0023255.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP265\A0024255.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP267\A0024269.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP267\A0024286.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP267\A0024296.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0025297.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP275\A0025335.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP275\A0025347.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP276\A0025366.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP277\A0026346.exe
Dialer:Dialer.AVV No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP277\A0026357.dll
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP278\A0027347.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP282\A0027379.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP282\A0027380.exe
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP283\A0027407.srg
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP283\A0027428.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP283\A0027429.exe
Virus:W32/Smitfraud.E Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP286\snapshot\MFEX-1.DAT
Dialer:Dialer.NO No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gdnUS1104.exe
Dialer:Dialer.NO No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gdnUS2089.exe
Dialer:Dialer.NO No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\gdnUS2089.exe
Dialer:Dialer.NO No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.3\gdnUS2089.exe
Dialer:Dialer.NO No disinfected C:\WINDOWS\Downloaded Program Files\gdnUS1104.exe
Dialer:Dialer.NO No disinfected C:\WINDOWS\Downloaded Program Files\gdnUS2089.exe
Virus:Trj/Clicker.FU Disinfected C:\WINDOWS\SYSTEM32\gclib.exe
Virus:W32/Smitfraud.E Disinfected C:\WINDOWS\SYSTEM32\wininet.dll
Virus:Trj/Mitglieder.DQ Disinfected C:\WINDOWS\SYSTEM32\wiwshost.exe
Here is my hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 12:25:38 PM, on 9/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Documents and Settings\Jonathan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s...ch?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s...ch?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s...ch?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: JunoBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\Juno\Toolbar.dll
O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [vmtuner] gclib.exe
O4 - HKLM\..\Run: [lCVh$v/fC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\lhpjmch.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Juno_uoltray] C:\Program Files\Juno\exec.exe regrun
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -w
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

The thing is, we stopped going on-line altogether and we are still getting this, even when adaware cleans stuff, a few days later it finds it again. I ran clean-up etc. Please help.
  • 0

Advertisements


#2
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello and welcome!!

First, I need you to disable Microsoft Anti-spyware protection since it might interfere with the fixes:
  • Right-click on the Microsoft Anti-Spyware tray icon by your clock (looks like a target).
  • Click on "Security Agents Status".
  • Click on "Disable real-time protection".
  • Next,
  • Click on the Options menu, then Settings.
  • Select "Real Time Protection" from the left column.
  • Uncheck "Enable (MSAS) Security Agents" and "Enable real-time spyware threat protection".
  • Click the Save button.
Finally, Right-click on the MSAS tray icon, select "Shutdown Microsoft Antispyware", and click "Yes" in the dialog that comes up.

Then to the SpySheriff fix.

Please print these instructions out, or write them down, as you can't read them during the fix.

Download smitRem.exe and save the file to your desktop.
Double-click on the file to extract it to it's own folder on the desktop.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Download the latest version of Ad-Aware from HERE (if you already have Ad-Aware installed, make sure that it is the latest version 1.0.6 and always go online and update it before you run it).

If it's NOT the version 1.0.6, can you then uninstall your current version/delete folder: C:\Program Files\Lavasoft & empty recycle bin. Finally install the latest version.

1. Launch Ad-Aware SE and run the WebUpdate feature. (Click on the Globe icon, Click "connect", Click "OK", Click "Finish".)

IF you are having problems with the updating, get the manual updates here; http://download.lava...public/defs.zip

Next, please reboot your computer in Safe Mode by doing the following;

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

===================================================
Run a scan with HiJackThis and check the following objects for removal;

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s...ch?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s...ch?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s...ch?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s...ch?r=minisearch
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [vmtuner] gclib.exe
O4 - HKLM\..\Run: [lCVh$v/fC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\lhpjmch.exe


Close any other open windows and/or open browsers, making sure that only HiJackThis is running. Make sure that the above mentioned objects are all checked, then hit "Fix Checked".
===================================================
  • Clean out temporary files:
  • Click Start -> Run and type in: cleanmgr
  • Click "Ok".
  • Let it scan your system.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only ones checked.
  • Click "OK" to remove them.
  • Click "Yes" to confirm the deletion.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Launch Ad-Aware:

2. Set up the Configurations as follows:
  • Click the Gear wheel at the top of the Ad-Aware window
  • Click General > Safety & Settings: Check (Green) all three.
  • Click Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
3. Click on "Proceed"
4. Click on "Scan Now"
5. Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
6. Select "Search for low-risk threats"
7. Run the scanner using the Full Scan (Perform full system scan) mode.
8. When the scan has completed, select Next.
9. In the Scanning Results window, select the "Scan Summary" tab.
10. Check the box next to every "target family" for removal.
11. Click "Next", Click "OK".

Exit the program.

Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • Clean anything it finds.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

Go to -> Start -> Control Panel -> Add/Remove programs and uninstall if present:

ISTsvc

Then navigate to, and delete these files/folders using Windows Explorer:

c:\windows\system\BHOmod.dll
gclib.exe <= Locate using Windows Search
C:\Program Files\ISTsvc\ <= Entire Folder


Empty recycle bin.

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Boot up into normal mode and post a fresh HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.

Let me know how's it running now. :tazz:
  • 0

#3
Jonandmelissa

Jonandmelissa

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hi! Thank you so much for helping us. Boy! I found a lot of ugly stuff. Okay here is the hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 5:40:20 PM, on 9/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jonathan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s...ch?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s...ch?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s...ch?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: JunoBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\Juno\Toolbar.dll
O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Juno_uoltray] C:\Program Files\Juno\exec.exe regrun
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -w
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED571B9D-3813-4DF8-93F1-664AF777D2E0}: NameServer = 64.136.28.120 64.136.20.120
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

The eWido log:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:27:38 PM, 9/5/2005
+ Report-Checksum: C9FC92A9

+ Scan result:

HKLM\SOFTWARE\Classes\Interface\{A36A5936-CFD9-4B41-86BD-319A1931887F} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{09CA52B3-703C-4B17-9690-C13F736E3DCD} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
C:\Documents and Settings\Jonathan\Desktop\backups\backup-20050905-163637-720.dll -> TrojanDownloader.Agent.mk : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\F4FD701F-231F-47EE-BE98-D026D4\84E5C561-1154-4244-B834-503C16 -> Spyware.SpywareNo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP277\A0026357.dll -> TrojanDownloader.Agent.li : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP283\A0027618.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP285\A0027709.exe -> Trojan.Small.ev : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP286\A0027716.exe -> Trojan.Small.ev : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP287\A0028718.exe -> Trojan.LowZones : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP287\A0028719.exe -> Worm.Bagle.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP287\A0028800.dll -> TrojanDownloader.Agent.mk : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gdnUS1104.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gdnUS2089.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\gdnUS2089.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\gdnUS2089.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\gdnUS1104.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\gdnUS2089.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINDOWS\SYSTEM\bhomod00.dll -> TrojanDownloader.Agent.mk : Cleaned with backup
C:\WINDOWS\SYSTEM\bhomod01.dll -> TrojanDownloader.Agent.mk : Cleaned with backup


::Report End

And finally the Smitfiles log:


smitRem log file
version 2.3

by noahdfear

The current date is: Mon 09/05/2005
The current time is: 16:41:23.93

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Wininet.dll ~~~

CLEAN! :tazz:


Thanks again for all the help you are giving us. Are we clean, yet.

If it helps, I know you can see this....but we had a bagel worm.

Thanks!
  • 0

#4
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Do you have any problems at the moment?
  • 0

#5
Jonandmelissa

Jonandmelissa

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
No, everything seems fine. I did Ad Aware and we only found tracking cookies. What can I do to oprevent future occurances of things of this nature? I have dial-up so a good firewall could be tricky, right. PLease let me know any processes or programs that would help. Thanks so much fo everything!
  • 0

#6
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
I think I want to make one check before saying your system is clean :)

I always post a "prevention speech" when the log is clean, so that users can keep their system's that way.. :tazz:

Download cureit;
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Run drweb - cureit
Double-click the "drweb-cureit.exe" and click "ok" in the prompt window that will open, asking "start the express scan now".
It will first make a quick scan of your system, let it clean what it finds, and when it says "done" in the lower left corner click on all your drive's.
A red dot will mark the selected drive(s) . Then hit the pedestrian who now has turned green.
Click on the green man in the right corner, it will scan ALL your drive's, hit yes to all.

Reboot.

Post a fresh HiJackThis log once finished.
  • 0

#7
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP