Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PCGuard removal [CLOSED]


  • This topic is locked This topic is locked

#1
Gone in 60 seconds

Gone in 60 seconds

    New Member

  • Member
  • Pip
  • 4 posts
Hello
I m sure this is a regular question but my first post so sorry if I m covering old ground, I have been hit with a Trojan Virus (PCGuard I think) it controls the explorer default screen add a button to the quick fuctions list and resets the desktop screen as an advertisement for spyware, and disable the properties function to change it back.

I ve run AVG and EWido scans and pressed the heal functions for three identified finds then rebooted, the explorer default home page is back to normal and the button has been removed, but I still have no desktop control over choice of background - can anyone help really annoying - and dont want to rebuild!!

:tazz:

Thanks in advance...
  • 0

Advertisements


#2
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi Gone in 60 Seconds and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.

1. If you haven't logged in go to Geeks to Go and do so. Then proceed to item a.

If you already have logged in, go directly to item a.
  • Click on My Controls at the top right hand corner of the window.
  • In the left hand column, click "View Topics"
  • If you click on the title of your post, you will be taken there
2. Also, while at the My Controls page, check the box to the right of your post and then scroll down.
.Where it says "unsubscribe" click the pull-down menu and select "immediate email notification"

3. Please DELETE your current HJT program from its present location.

4. Download and run the following HijackThis autoinstall program from Here HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!
  • Run HijackThis
  • Click SCAN and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')
  • POST the log into this thread using 'Add Reply' (Ctrl-V to 'paste')

DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS MOST OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER


Regards,

Trevuren

  • 0

#3
Gone in 60 seconds

Gone in 60 seconds

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Sorry for the delay I ve pasted the log below...thanks once again

Logfile of HijackThis v1.99.1
Scan saved at 19:42:43, on 08/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ccs.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\SkyNet Systems\SkyNet VPN\cvpnd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ICO.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Cisco Aironet\ADU.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\JAMESM~1.SKY\LOCALS~1\Temp\se.dll/space.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.c...earch.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\JAMESM~1.SKY\LOCALS~1\Temp\se.dll/space.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.c...earch.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-vaio.sony-europe.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {629399D6-207B-4BF6-8F45-E76CFF8FE11B} - C:\WINDOWS\System32\efaj.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ADU] "C:\Program Files\Cisco Aironet\ADU.exe" -nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: SkyNet Systems Ltd SkyNet VPN.lnk = C:\Program Files\SkyNet Systems\SkyNet VPN\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\bmi_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bmi_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bmi_lsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://mia.bt.com/d...oterisSetup.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://192.168.50.14...sCamControl.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skynetsystems.co.uk
O17 - HKLM\Software\..\Telephony: DomainName = skynetsystems.co.uk
O17 - HKLM\System\CCS\Services\Tcpip\..\{09336A87-02D0-4937-8A7E-CED9E604E088}: NameServer = 194.168.12.21,194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E0B69B0-CE51-4741-975D-C982E721A29C}: NameServer = 172.29.1.11
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = skynetsystems.co.uk
O17 - HKLM\System\CS1\Services\Tcpip\..\{09336A87-02D0-4937-8A7E-CED9E604E088}: NameServer = 194.168.12.21,194.168.8.100
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = skynetsystems.co.uk
O17 - HKLM\System\CS2\Services\Tcpip\..\{09336A87-02D0-4937-8A7E-CED9E604E088}: NameServer = 194.168.12.21,194.168.8.100
O18 - Filter: text/html - {9B6761D5-4328-4879-A9CA-8482C0A76ED3} - C:\WINDOWS\System32\efaj.dll
O18 - Filter: text/plain - {9B6761D5-4328-4879-A9CA-8482C0A76ED3} - C:\WINDOWS\System32\efaj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Cisco Configuration Service (CCS) - Unknown owner - C:\WINDOWS\System32\ccs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\SkyNet Systems\SkyNet VPN\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
  • 0

#4
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. Download CWShredder

If you are using anything other than Windows xp you may need a zip program.
Please download the evaluation version of
Winzip.


2. Download SpSeHjfix.zip to the desktop.
  • Then right click on the desktop and select new >folder, name it spfix
  • Unzip SpSeHjfix.zip into the new folder.
3. Disconnect from the net and Close ALL OPEN PROGRAMS.
  • Run 'SpSeHjfix'. and click on "Start Disinfection".
  • When it's finished it will reboot your machine to finish the cleaning process.
  • The tool creates a log of the fix which will appear in the folder.
If it doesn't find any of the SE files or any hidden reinstallers it will say system clean and not go on to next stage.

4. Once it is finished, run CWShredder - Hit The FIX button!

5. Reboot and post a new HJT log and the log that was created by 'SpSeHjfix'.

Warning Note: On a few occasions it has been reported that after using the SPSEHjfix you cannot open Internet Explorer. To fix this, go into Control Panel >Internet Options >Programs & press reset web settings, then you can set your home page to what you want on the general tab.

Regards,

Trevuren

  • 0

#5
Gone in 60 seconds

Gone in 60 seconds

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hello
The SPSE didnt find anything to fix;


(9/8/05 20:21:10) SPSeHjFix started v1.1.2
(9/8/05 20:21:10) OS: WinXP Service Pack 1 (5.1.2600)
(9/8/05 20:21:10) Language: english
(9/8/05 20:21:10) Win-Path: C:\WINDOWS
(9/8/05 20:21:10) System-Path: C:\WINDOWS\System32
(9/8/05 20:21:10) Temp-Path: C:\DOCUME~1\JAMESM~1.SKY\LOCALS~1\Temp\
(9/8/05 20:21:17) Disinfection started
(9/8/05 20:21:17) Bad-Dll(IEP): (not found)
(9/8/05 20:21:17) Bad-Dll(IEP) in BHO: (not found)
(9/8/05 20:21:17) UBF: 5 - UBB: 0 - UBR: 14
(9/8/05 20:21:17) UBF: 5 - UBB: 0 - UBR: 14
(9/8/05 20:21:17) Bad IE-pages: (none)
(9/8/05 20:21:17) Stealth-String not found
(9/8/05 20:21:17) Not infected->END

again applied log from hijacker;

Logfile of HijackThis v1.99.1
Scan saved at 20:31:58, on 08/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ccs.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\SkyNet Systems\SkyNet VPN\cvpnd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ICO.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Cisco Aironet\ADU.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.c...earch.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.c...earch.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-vaio.sony-europe.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ADU] "C:\Program Files\Cisco Aironet\ADU.exe" -nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: SkyNet Systems Ltd SkyNet VPN.lnk = C:\Program Files\SkyNet Systems\SkyNet VPN\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\bmi_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bmi_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bmi_lsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://mia.bt.com/d...oterisSetup.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://192.168.50.14...sCamControl.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skynetsystems.co.uk
O17 - HKLM\Software\..\Telephony: DomainName = skynetsystems.co.uk
O17 - HKLM\System\CCS\Services\Tcpip\..\{09336A87-02D0-4937-8A7E-CED9E604E088}: NameServer = 194.168.12.21,194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E0B69B0-CE51-4741-975D-C982E721A29C}: NameServer = 172.29.1.11
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = skynetsystems.co.uk
O17 - HKLM\System\CS1\Services\Tcpip\..\{09336A87-02D0-4937-8A7E-CED9E604E088}: NameServer = 194.168.12.21,194.168.8.100
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = skynetsystems.co.uk
O17 - HKLM\System\CS2\Services\Tcpip\..\{09336A87-02D0-4937-8A7E-CED9E604E088}: NameServer = 194.168.12.21,194.168.8.100
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Cisco Configuration Service (CCS) - Unknown owner - C:\WINDOWS\System32\ccs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\SkyNet Systems\SkyNet VPN\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

Strange prior to your fix advice I ran some scanners and cleaned up the Trojen (well tried) the desktop screen is no longer the PSGuard adaware one just plain black, but still no desktop control?

Your ongoing help is appreciated..James
  • 0

#6
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
The CWS infection was removed by the scan. Check the R1 entries in both logs and you will see a difference. I must ask you not to go trying out fixes or programs while I am helping you. You may end up complicating things a lot more. There is often a certain sequence to follow to avoid such problems and if it is interrrupted, things usually don't go well.
  • Download the following self-extracting file smitRem.exe and save the file to your DESKTOP.
    • Double click the Smitrem.exe icon on your Desktop.
    • Then click Run>Start and a Smitrem folder will apear on your desktop also.
  • Place a shortcut to Panda ActiveScan on your desktop.

  • Download the trial version of Ewido Security Suite

  • Please read Ewido Setup Instructions
    • Install the program
    • Update the definitions to the newest files.
    • DO NOT RUN IT YET
  • Install Ad-Aware SE 1.06, follow these download and setup instructions.
  • REBOOT your computer in SafeMode by doing the following:
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    • Instead of Windows loading as normal, a menu should appear
    • Select the first option, to run Windows in Safe Mode.
  • Now open HJT, click SCAN and place a checkmark next to each of the following items:

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.c...earch.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.c...earch.yahoo.com
    O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe



  • Click the Fix Checked box and EXIT HJT

  • Using Windows Explorer, please locate and DELETE the following files/folders (with all their content), if they are still present:

    C:\Program Files\PSGuard<==Folder

  • Open the smitRem folder
    • Double click the RunThis.bat file to start the tool.
    • Follow the prompts on screen.
    • Wait for the tool to complete and disk cleanup to finish.

    NOTE:The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

  • Open Ad-aware and do a full scan. Remove all it finds.

  • Run Ewido:
    • Click on scanner
    • Click on Complete System Scan and the scan will begin.
    • NOTE: During some scans with ewido it is finding cases of false positives.
    • You will need to step through the process of cleaning files one-by-one.
    • If ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • If you are unsure of any entry found select none for now.
    • When the scan is finished, click the Save report button at the bottom of the screen.
    • Save the report to your desktop
    • Close Ewido
  • Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

  • REBOOT back into Normal Mode

  • Click the Panda ActiveScan shortcut
    • Do a full system scan.
    • Make sure the autoclean box is checked!
  • Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
Let me know if any problems persist.

Regards,

Trevuren

  • 0

#7
Gone in 60 seconds

Gone in 60 seconds

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
:) Thank you Thank you Thank you!!! All back!

Logs for your info below :tazz:


Ad-Aware SE Build 1.06r1
Logfile Created on:08 September 2005 22:02:50
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R64 31.08.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):3 total references
Malware.Psguard(TAC index:7):10 total references
Tracking Cookie(TAC index:3):59 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R47 24.05.2005
Internal build : 55
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 476246 Bytes
Total size : 1439523 Bytes
Signature data size : 1408291 Bytes
Reference data size : 30720 Bytes
Signatures total : 40174
CSI Fingerprints total : 886
CSI data size : 30371 Bytes
Target categories : 15
Target families : 679

08-09-2005 21:56:21 Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R64 31.08.2005
Internal build : 75
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 515324 Bytes
Total size : 1551493 Bytes
Signature data size : 1518382 Bytes
Reference data size : 32599 Bytes
Signatures total : 43181
CSI Fingerprints total : 1032
CSI data size : 36709 Bytes
Target categories : 15
Target families : 740


08-09-2005 21:56:31 Success
Update successfully downloaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:52 %
Total physical memory:523248 kb
Available physical memory:270868 kb
Total page file size:1279104 kb
Available on page file:1169964 kb
Total virtual memory:2097024 kb
Available virtual memory:2044800 kb
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Move deleted files to Recycle Bin
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


08-09-2005 22:02:50 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 1528
ThreadCreationTime : 08-09-2005 20:25:46
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1588
ThreadCreationTime : 08-09-2005 20:25:50
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1612
ThreadCreationTime : 08-09-2005 20:25:52
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1656
ThreadCreationTime : 08-09-2005 20:25:55
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1668
ThreadCreationTime : 08-09-2005 20:25:55
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1900
ThreadCreationTime : 08-09-2005 20:25:58
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1972
ThreadCreationTime : 08-09-2005 20:25:59
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 236
ThreadCreationTime : 08-09-2005 20:26:00
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 284
ThreadCreationTime : 08-09-2005 20:26:01
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 840
ThreadCreationTime : 08-09-2005 20:35:37
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:11 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 1556
ThreadCreationTime : 08-09-2005 20:41:01
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:12 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 336
ThreadCreationTime : 08-09-2005 20:54:47
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{057e242f-2947-4e0a-8e61-a11345d97ea6}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{206538f7-f98c-4a46-a7d4-4a37fcdc932b}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{2c462d06-3ba0-48bb-9282-bb6519fe86e9}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a20f5672-7486-4d27-bd2b-e555e4692c5f}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6e2a22c-b3a8-43a4-b5ec-a5bb671ab3f7}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{cf1674cc-ec9a-4aee-996e-65a8f7c0b0e4}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f4364eec-31f5-4b8b-a7e0-3b6394c9d23f}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{982392f9-9c65-48b4-b667-3459c46630d1}

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-329068152-1897051121-682003330-1179\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 11
Objects found so far: 11


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@casalemedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:112
Value : Cookie:jamesm@casalemedia.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@perf.overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:jamesm@perf.overture.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@cgi-bin[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:74
Value : Cookie:jamesm@imrworldwide.com/cgi-bin

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@bs.serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:jamesm@bs.serving-sys.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:477
Value : Cookie:jamesm@advertising.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@247realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:jamesm@247realmedia.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@adserver.adreactor[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:jamesm@adserver.adreactor.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@counter.hitslink[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:jamesm@counter.hitslink.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@adviva[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:99
Value : Cookie:jamesm@adviva.net/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@ehg-idg.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:15
Value : Cookie:jamesm@ehg-idg.hitbox.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@tradedoubler[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:26
Value : Cookie:jamesm@tradedoubler.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@servedby.advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:398
Value : Cookie:jamesm@servedby.advertising.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@overture[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:jamesm@overture.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@apmebf[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:24
Value : Cookie:jamesm@apmebf.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@cgi-bin[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:jamesm@www.best-free-sex.net/cgi-bin/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@server.iad.liveperson[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:jamesm@server.iad.liveperson.net/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@mediaplex[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:jamesm@mediaplex.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@statse.webtrendslive[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:16
Value : Cookie:jamesm@statse.webtrendslive.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@ehg-bizjournals.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:jamesm@ehg-bizjournals.hitbox.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@etype.adbureau[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:jamesm@etype.adbureau.net/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@phg.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:15
Value : Cookie:jamesm@phg.hitbox.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@estat[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:jamesm@estat.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@counter13.sextracker[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:jamesm@counter13.sextracker.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@pro-market[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:jamesm@pro-market.net/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@tribalfusion[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:16
Value : Cookie:jamesm@tribalfusion.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@as-eu.falkag[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:jamesm@as-eu.falkag.net/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@adserver.primelocation[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:169
Value : Cookie:jamesm@adserver.primelocation.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:jamesm@atdmt.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@edge.ru4[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:jamesm@edge.ru4.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@maxserving[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:jamesm@maxserving.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@ehg-autotrader.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:jamesm@ehg-autotrader.hitbox.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@ads.pointroll[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:24
Value : Cookie:jamesm@ads.pointroll.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@commission-junction[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:jamesm@commission-junction.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@xxxtoolbar[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:jamesm@xxxtoolbar.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@questionmarket[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:jamesm@questionmarket.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@www.123count[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:jamesm@www.123count.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@adtech[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:jamesm@adtech.de/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@adserver.akqa[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:jamesm@adserver.akqa.net/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@centrport[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:jamesm@centrport.net/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@bluestreak[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:jamesm@bluestreak.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@counter2.hitslink[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:jamesm@counter2.hitslink.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@serving-sys[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:94
Value : Cookie:jamesm@serving-sys.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@sexlist[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:jamesm@sexlist.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@ehg-ciscosystems.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:31
Value : Cookie:jamesm@ehg-ciscosystems.hitbox.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@fastclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:100
Value : Cookie:jamesm@fastclick.net/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:30
Value : Cookie:jamesm@hitbox.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@ehg-mothercare.hitbox[3].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:188
Value : Cookie:jamesm@ehg-mothercare.hitbox.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@ehg-tigerdirect2.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:jamesm@ehg-tigerdirect2.hitbox.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@zedo[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:14
Value : Cookie:jamesm@zedo.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:jamesm@doubleclick.net/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@statcounter[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:11
Value : Cookie:jamesm@statcounter.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@bfast[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:jamesm@bfast.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@sextracker[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:jamesm@sextracker.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@ehg-bbc.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:jamesm@ehg-bbc.hitbox.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@cs.sexcounter[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:jamesm@cs.sexcounter.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@counter6.sextracker[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:jamesm@counter6.sextracker.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@z1.adserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:jamesm@z1.adserver.com/

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 57
Objects found so far: 68



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@apmebf[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\jamesm\Cookies\jamesm@apmebf[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jamesm@cgi-bin[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\jamesm\Cookies\jamesm@cgi-bin[2].txt

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 70


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 70


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 70




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Malware.Psguard Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\desktop\general
Value : Wallpaper

Malware.Psguard Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Display Inline Images

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 72

22:19:04 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:16:14.231
Objects scanned:169142
Objects identified:72
Objects ignored:0
New critical objects:72


Logfile of HijackThis v1.99.1
Scan saved at 21:28:29, on 08/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.c...earch.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.c...earch.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-vaio.sony-europe.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ADU] "C:\Program Files\Cisco Aironet\ADU.exe" -nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: SkyNet Systems Ltd SkyNet VPN.lnk = C:\Program Files\SkyNet Systems\SkyNet VPN\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\bmi_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bmi_lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bmi_lsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://mia.bt.com/d...oterisSetup.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://192.168.50.14...sCamControl.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skynetsystems.co.uk
O17 - HKLM\Software\..\Telephony: DomainName = skynetsystems.co.uk
O17 - HKLM\System\CCS\Services\Tcpip\..\{09336A87-02D0-4937-8A7E-CED9E604E088}: NameServer = 194.168.12.21,194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E0B69B0-CE51-4741-975D-C982E721A29C}: NameServer = 172.29.1.11
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = skynetsystems.co.uk
O17 - HKLM\System\CS1\Services\Tcpip\..\{09336A87-02D0-4937-8A7E-CED9E604E088}: NameServer = 194.168.12.21,194.168.8.100
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = skynetsystems.co.uk
O17 - HKLM\System\CS2\Services\Tcpip\..\{09336A87-02D0-4937-8A7E-CED9E604E088}: NameServer = 194.168.12.21,194.168.8.100
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Cisco Configuration Service (CCS) - Unknown owner - C:\WINDOWS\System32\ccs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\SkyNet Systems\SkyNet VPN\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
  • 0

#8
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
  • First we need to make all files and folders VISIBLE:
    • Go to start>control panel>folder options>view (tab)
    • Choose to "show hidden files and folders,"
    • Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
    • Close the window with ok
  • Please RUN HijackThis.
    . Click the SCAN button to produce a log.

  • Place a check mark beside each one of the following items:

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.c...earch.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.c...earch.yahoo.com
    O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe


  • Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.

  • Reboot Your System in Safe Mode

    How to use the F8 method to Start Your Computer in Safe Mode

    • Restart the computer.
    • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
    • Use the arrow keys to select the Safe mode menu item
    • Press Enter.
  • Using Windows Explorer, locate the following files/folders, and DELETE them (if they are present):

    C:\Program Files\PSGuard<==Folder

  • Exit Explorer, and REBOOT BACK INTO NORMAL MODE

  • Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now.
Regards,

Trevuren

  • 0

#9
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP