|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
![]() |
|
Topic Tools |
#1
|
|||
|
|||
Desperately seeking help....
Can someone please help me. My dh downloaded 2 programs that came with abunch of garbage that is now stuck in my add/remove programs list. Can someone please take a look at my HJT lista nd tell me what I need to fix it.
Thank you VERY much inadvance. Logfile of HijackThis v1.98.2 Scan saved at 3:24:06 AM, on 8/16/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\csrss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\wanmpsvc.exe D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe D:\Program Files\Common Files\AOL\ACS\AOLDial.exe D:\Program Files\Real\RealPlayer\RealPlay.exe D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe D:\WINDOWS\System32\rictract.exe D:\Program Files\Warez P2P Client\Warez.exe D:\WINDOWS\System32\robdmod.exe D:\PROGRA~1\Web Offer\wo.exe D:\WINDOWS\System32\wbem\wmiprvse.exe D:\WINDOWS\explorer.exe D:\PROGRA~1\Lycos\IEagent\csAOLldr.exe D:\PROGRA~1\Lycos\IEagent\csAOLldr.exe D:\PROGRA~1\Lycos\IEagent\csAOLldr.exe D:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe d:\windows\temp\f8X.exe d:\windows\temp\xX6Dqz.exe d:\windows\temp\SvPWxFOwg.exe D:\Program Files\Common Files\WinTools\WToolsA.exe D:\Program Files\Common Files\WinTools\WSup.exe D:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\HiJack This\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hkcu R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groups.msn.com/mygroups R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hklm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hklm R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://groups.msn.com/people?pgmarket=en-us R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: HyperSearchHook - {6BBC3526-3C01-425D-9005-CB3BAA51DDB4} - D:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll O2 - BHO: (no name) - SOFTWARE - (no file) O2 - BHO: CSIECore Class - {00000000-0000-0000-0000-000000000221} - D:\PROGRA~1\Lycos\IEagent\CSIE.DLL O2 - BHO: HyperBHO - {4B2F5308-2CB0-40E2-8030-59936ED5D22C} - D:\Program Files\Common Files\Hyperbar\Hyperbar.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Search404 Class - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - D:\Program Files\404Search\404Search.dll (file missing) O2 - BHO: G1.GZ - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - D:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.dll O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - D:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - D:\Documents and Settings\trevor\Local Settings\Temp\wvb8ZUeRh.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [Microsoft Works Update Detection] D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [AOLDialer] D:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AOL Spyware Protection] "D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [IBX] D:\windows\temp\IBX.exe O4 - HKLM\..\Run: [jB2YEY80x] D:\windows\temp\jB2YEY80x.exe O4 - HKLM\..\Run: [5FYYDGJ4M23#37] D:\WINDOWS\System32\Ubi05I5Y.exe O4 - HKLM\..\Run: [o73V3tW] rictract.exe O4 - HKLM\..\Run: [WinTools] D:\Program Files\Common Files\WinTools\WToolsA.exe O4 - HKLM\..\Run: [ClrSchLoader] D:\PROGRA~1\Lycos\IEagent\Loader.exe O4 - HKLM\..\Run: [f8X] d:\windows\temp\f8X.exe O4 - HKLM\..\Run: [xX6Dqz] d:\windows\temp\xX6Dqz.exe O4 - HKLM\..\Run: [SvPWxFOwg] d:\windows\temp\SvPWxFOwg.exe O4 - HKLM\..\RunOnce: [AAW] "D:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Aware.exe" "+b1" O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ares] "D:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [warez] "D:\Program Files\Warez P2P Client\Warez.exe" -h O4 - HKCU\..\Run: [Zws9Rja3Q] robdmod.exe O4 - HKCU\..\Run: [eZWO] D:\PROGRA~1\Web Offer\wo.exe O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\spydoctor.exe" /Q O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = D:\Program Files\America Online 9.0a\aoltray.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &AOL Toolbar search - res://D:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar3.dll/cmsearch.html O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414 O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar3.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar3.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar3.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://d:\program files\google\GoogleToolbar3.dll/cmtrans.html O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - D:\WINDOWS\System32\ms.exe (file missing) O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - D:\WINDOWS\System32\ms.exe (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab O16 - DPF: {610FB8B8-2427-4375-BCF9-2F7AE17173A6} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - http://www.photodex.com/pxplay.cab O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents...r/imloader.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab |
#2
|
|||
|
|||
Hi there...
You have the Peper virus so please get and run the Peper Fix. from my list and then run "Adaware" and "CWshreader" and then post a fresh log for a bit more cleaning..thanks |
#3
|
|||
|
|||
boot into safe mode (tapping f8 at startup) and remove the following :
D:\WINDOWS\System32\robdmod.exe D:\PROGRA~1\Web Offer\wo.exe D:\PROGRA~1\Lycos\IEagent\csAOLldr.exe D:\PROGRA~1\Lycos\IEagent\csAOLldr.exe d:\windows\temp\f8X.exe d:\windows\temp\xX6Dqz.exe d:\windows\temp\SvPWxFOwg.exe D:\Program Files\Common Files\WinTools\WToolsA.exe D:\Program Files\Common Files\WinTools\WSup.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hkcu R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groups.msn.com/mygroups R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hklm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hklm R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://groups.msn.com/people?pgmarket=en-us R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: HyperSearchHook - {6BBC3526-3C01-425D-9005-CB3BAA51DDB4} - D:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll O2 - BHO: (no name) - SOFTWARE - (no file) O2 - BHO: CSIECore Class - {00000000-0000-0000-0000-000000000221} - D:\PROGRA~1\Lycos\IEagent\CSIE.DLL O2 - BHO: HyperBHO - {4B2F5308-2CB0-40E2-8030-59936ED5D22C} - D:\Program Files\Common Files\Hyperbar\Hyperbar.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Search404 Class - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - D:\Program Files\404Search\404Search.dll (file missing) O2 - BHO: G1.GZ - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - D:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.dll O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - D:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - D:\Documents and Settings\trevor\Local Settings\Temp\wvb8ZUeRh.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [IBX] D:\windows\temp\IBX.exe O4 - HKLM\..\Run: [jB2YEY80x] D:\windows\temp\jB2YEY80x.exe O4 - HKLM\..\Run: [5FYYDGJ4M23#37] D:\WINDOWS\System32\Ubi05I5Y.exe O4 - HKLM\..\Run: [o73V3tW] rictract.exe O4 - HKLM\..\Run: [WinTools] D:\Program Files\Common Files\WinTools\WToolsA.exe O4 - HKLM\..\Run: [ClrSchLoader] D:\PROGRA~1\Lycos\IEagent\Loader.exe O4 - HKLM\..\Run: [f8X] d:\windows\temp\f8X.exe O4 - HKLM\..\Run: [xX6Dqz] d:\windows\temp\xX6Dqz.exe O4 - HKLM\..\Run: [SvPWxFOwg] d:\windows\temp\SvPWxFOwg.exe O4 - HKLM\..\RunOnce: [AAW] "D:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Aware.exe" "+b1" O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ares] "D:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [warez] "D:\Program Files\Warez P2P Client\Warez.exe" -h O4 - HKCU\..\Run: [Zws9Rja3Q] robdmod.exe O4 - HKCU\..\Run: [eZWO] D:\PROGRA~1\Web Offer\wo.exe O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\spydoctor.exe" /Q O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = D:\Program Files\America Online 9.0a\aoltray.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar3.dll/cmsearch.html O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414 O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar3.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar3.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar3.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://d:\program files\google\GoogleToolbar3.dll/cmtrans.html O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - D:\WINDOWS\System32\ms.exe (file missing) O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - D:\WINDOWS\System32\ms.exe (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yah...nst20040510.cab O16 - DPF: {610FB8B8-2427-4375-BCF9-2F7AE17173A6} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yah...utocomplete.cab O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - http://www.photodex.com/pxplay.cab O2 - BHO: G1.GZ - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - D:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.dll O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - D:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O4 - HKLM\..\Run: [IBX] D:\windows\temp\IBX.exe O4 - HKLM\..\Run: [jB2YEY80x] D:\windows\temp\jB2YEY80x.exe O4 - HKLM\..\Run: [5FYYDGJ4M23#37] D:\WINDOWS\System32\Ubi05I5Y.exe O4 - HKLM\..\Run: [o73V3tW] rictract.exe O4 - HKLM\..\Run: [WinTools] D:\Program Files\Common Files\WinTools\WToolsA.exe O4 - HKLM\..\Run: [f8X] d:\windows\temp\f8X.exe O4 - HKLM\..\Run: [xX6Dqz] d:\windows\temp\xX6Dqz.exe O4 - HKLM\..\Run: [SvPWxFOwg] d:\windows\temp\SvPWxFOwg.exe O4 - HKCU\..\Run: [Zws9Rja3Q] robdmod.exe O4 - HKCU\..\Run: [eZWO] D:\PROGRA~1\Web Offer\wo.exe if you dont use AOL remove O4 - HKLM\..\Run: [AOLDialer] D:\Program Files\Common Files\AOL\ACS\AOLDial.exe computer should run much better. Run HTJ and post your results here Last edited by tmbm; August 16th, 2004 at 02:09 PM. |
#4
|
|||
|
|||
Just so i don't do anything wrong should I do the peper fixer first or just run in safe mode and take those off?
|
#5
|
|||
|
|||
Hi DoubleShimmer ,
Good idead to double-check. ![]() Delete Wintools from Add/Remove Programs. ( if present) Run the Peper Remover, then CWShredder, then Adaware as per Pancake. Empty TEMP folders before running Adaware: Remove all the files and sub-folders from the below TEMP Folders: D:\Documents and Settings\trevor\Local Settings\Temp\ D:\temp ( if present ) D:\windows\temp The TIF ( Temporary Internet Files) can also be emptied via: Internet Explorer--Tools--Internet Options--General tab--"Delete Files", Also tick the "delete all offline content" box . Reboot inbetween cleaners. Post back a new HJT log , please. Cheers |
#6
|
|||
|
|||
Here is my new list after running the above instructions
![]() Logfile of HijackThis v1.98.2 Scan saved at 12:01:00 PM, on 8/16/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe D:\windows\temp\IBX.exe D:\windows\temp\jB2YEY80x.exe D:\WINDOWS\System32\rictract.exe D:\windows\temp\f8X.exe D:\windows\temp\xX6Dqz.exe D:\windows\temp\SvPWxFOwg.exe D:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe D:\documents and settings\trevor\local settings\temp\L7OIEF.exe D:\documents and settings\trevor\local settings\temp\5Fy2LLrcN.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\wanmpsvc.exe D:\Program Files\Common Files\WinTools\WToolsS.exe D:\documents and settings\trevor\local settings\temp\qdh.exe D:\WINDOWS\System32\robdmod.exe D:\PROGRA~1\ezula\mmod.exe D:\Program Files\VBouncer\VirtualBouncer.exe D:\Program Files\Common Files\WinTools\WSup.exe D:\Program Files\ClearSearch\csAOLldr.exe D:\PROGRA~1\WEBOFF~1\wo.exe D:\Program Files\Common Files\WinTools\WToolsA.exe D:\WINDOWS\explorer.exe C:\Program Files\HiJack This\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://D:\PROGRA~1\Toolbar\toolbar.dll/sa O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - D:\PROGRA~1\Toolbar\toolbar.dll O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - D:\Program Files\SEP\sep.dll O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - D:\Documents and Settings\trevor\Local Settings\Temp\wvb8ZUeRh.dll O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - D:\Program Files\SEP\sep.dll O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - D:\PROGRA~1\Toolbar\toolbar.dll O4 - HKLM\..\Run: [Microsoft Works Update Detection] D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [AOLDialer] D:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AOL Spyware Protection] "D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [L7OIEF] D:\documents and settings\trevor\local settings\temp\L7OIEF.exe O4 - HKLM\..\Run: [5Fy2LLrcN] D:\documents and settings\trevor\local settings\temp\5Fy2LLrcN.exe O4 - HKLM\..\Run: [qdh] D:\documents and settings\trevor\local settings\temp\qdh.exe O4 - HKLM\..\Run: [Bakra] D:\WINDOWS\System32\IEHost.exe O4 - HKLM\..\Run: [Pcsv] D:\WINDOWS\system32\pcs\pcsvc.exe O4 - HKLM\..\Run: [Dpi] D:\Program Files\Common Files\Dpi\dpi.exe O4 - HKLM\..\Run: [WinTools] D:\Program Files\Common Files\WinTools\WToolsA.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44297DA} - http://bannerfarm.ace.advertising.co...1141040727.EXE O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents...r/imloader.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - (no file) Hopefully most of this is gone. When i open my IE I am still getting this little box that says "loading skin" and then my IE toolbar gets some kind of snowy scene on it. I don't want it to pop up anymore how can I remove this? Thank you soooo much for everyone's help, I am eternally grateful!! |
#7
|
|||
|
|||
Hi DoubleShimmer ,
Reboot into Safe Mode.....( tap F8 key during reboot, until the boot menu appears...use the arrow keys to choose "Safe Mode" from the menu......,then press the "Enter" key) 2. Make sure you set windows to see Hidden files and Folders, Directions HERE 3. Close ALL browser Windows, only have HijackThis running. Check the boxes beside the below entries, then click on "Fix checked" . R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://D:\PROGRA~1\Toolbar\toolbar.dll/sa O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - D:\PROGRA~1\Toolbar\toolbar.dll O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - D:\Program Files\SEP\sep.dll O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - D:\Documents and Settings\trevor\Local Settings\Temp\wvb8ZUeRh.dll O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - D:\Program Files\SEP\sep.dll O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - D:\PROGRA~1\Toolbar\toolbar.dll O4 - HKLM\..\Run: [L7OIEF] D:\documents and settings\trevor\local settings\temp\L7OIEF.exe O4 - HKLM\..\Run: [5Fy2LLrcN] D:\documents and settings\trevor\local settings\temp\5Fy2LLrcN.exe O4 - HKLM\..\Run: [qdh] D:\documents and settings\trevor\local settings\temp\qdh.exe O4 - HKLM\..\Run: [Bakra] D:\WINDOWS\System32\IEHost.exe O4 - HKLM\..\Run: [Pcsv] D:\WINDOWS\system32\pcs\pcsvc.exe O4 - HKLM\..\Run: [Dpi] D:\Program Files\Common Files\Dpi\dpi.exe O4 - HKLM\..\Run: [WinTools] D:\Program Files\Common Files\WinTools\WToolsA.exe O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44297DA} - http://bannerfarm.ace.advertising.c...r1141040727.EXE O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - (no file) Close HijackThis. 3. Then delete the below files and Folders in Safe Mode: D:\PROGRAM FIles\Toolbar <--- delete the Toolbar folder D:\WINDOWS\System32\IEHost.exe <--- delete the file D:\WINDOWS\system32\pcs <--- delete the pcs folder D:\Program Files\Common Files\Dpi <--- delete the Dpi folder D:\Program Files\Common Files\WinTools <--- delete the WinTools folder Remove all the files and sub-folders from the below TEMP Folders: D:\Documents and Settings\trevor\Local Settings\Temp\ D:\temp ( if present ) D:\windows\temp The TIF ( Temporary Internet Files) can also be emptied via: Internet Explorer--Tools--Internet Options--General tab--"Delete Files", Also tick the "delete all offline content" box . Reboot computer What hasppened to Spybot S+D and Incredimail ,Google bar? Did you remove what tmbm said..... Cheers |
#8
|
|||
|
|||
Yes I did do what tmbm said. Is his ok? I figured I can always redownload them if they are gone. I didn't have any problems with the puter till my dh decided to download 2 programs onto the computer 1. Ares and 2.Warez I guess they are some kind of p2p file sharing sites. I was against but can't tell him anything, LOL.
Thank you I am going to do what you have directed me to now. I just restarted and will let you see the HJT log from my reboot. here it is.... Logfile of HijackThis v1.98.2 Scan saved at 1:24:44 PM, on 8/16/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\spoolsv.exe D:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\wanmpsvc.exe D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe D:\Program Files\Common Files\AOL\ACS\AOLDial.exe D:\Program Files\Real\RealPlayer\RealPlay.exe D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe D:\documents and settings\trevor\local settings\temp\L7OIEF.exe D:\documents and settings\trevor\local settings\temp\5Fy2LLrcN.exe D:\WINDOWS\system32\pcs\pcsvc.exe C:\Program Files\HiJack This\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groups.msn.com/MyGroups.msnw R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file) O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - D:\Documents and Settings\trevor\Local Settings\Temp\JkG.dll O4 - HKLM\..\Run: [Microsoft Works Update Detection] D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [AOLDialer] D:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AOL Spyware Protection] "D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [L7OIEF] D:\documents and settings\trevor\local settings\temp\L7OIEF.exe O4 - HKLM\..\Run: [5Fy2LLrcN] D:\documents and settings\trevor\local settings\temp\5Fy2LLrcN.exe O4 - HKLM\..\Run: [Pcsv] D:\WINDOWS\system32\pcs\pcsvc.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0) - O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents...r/imloader.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab I will soon return with a new log, lol. |
#9
|
|||
|
|||
I did everything you said in the last post you left and here is my new log. I also made the hidden files visible like you said. I had a few files that I didn't find in some places so I'm assuming they are gone already. I will post the ones that weren't found after the HJT log.
Logfile of HijackThis v1.98.2 Scan saved at 2:00:05 PM, on 8/16/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe D:\Program Files\Common Files\AOL\ACS\AOLDial.exe D:\Program Files\Real\RealPlayer\RealPlay.exe D:\Program Files\QuickTime\qttask.exe D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe D:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\wanmpsvc.exe C:\Program Files\HiJack This\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groups.msn.com/MyGroups.msnw R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file) O4 - HKLM\..\Run: [Microsoft Works Update Detection] D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [AOLDialer] D:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AOL Spyware Protection] "D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0) - O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents...r/imloader.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab These are the files that were not found: D:\PROGRAM FIles\Toolbar <--- delete the Toolbar folder D:\WINDOWS\System32\IEHost.exe <--- delete the file D:\WINDOWS\system32\pcs <--- delete the pcs folder D:\Program Files\Common Files\WinTools <--- delete the WinTools folder |
#10
|
|||
|
|||
Hi ,
Looking much better, ![]() Download Ad-aware to finish cleaning up. It is critical that you UPDATE Ad-aware, before scanning. Ad-aware download HERE and please read :HOW TO PERFORM A FULL SYSTEM SCAN With Ad-aware 6 Build 181 Remove all that Ad-aware finds. Reboot computer and post back a new HJT log to this thread, please. Cheers |
#11
|
|||
|
|||
Ok here is my Ad-aware scan, then rebooted and ran HJT. Did I get it all? LOL
Here is my HJT log as of now. Logfile of HijackThis v1.98.2 Scan saved at 6:20:40 PM, on 8/16/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe D:\Program Files\Common Files\AOL\ACS\AOLDial.exe D:\Program Files\Real\RealPlayer\RealPlay.exe D:\Program Files\QuickTime\qttask.exe D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe D:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\wanmpsvc.exe C:\Program Files\HiJack This\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groups.msn.com/MyGroups.msnw R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file) O4 - HKLM\..\Run: [Microsoft Works Update Detection] D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [AOLDialer] D:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AOL Spyware Protection] "D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0) - O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents...r/imloader.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab |
#12
|
|||
|
|||
if you just did what i said it would of been alot quicker
|
#13
|
|||
|
|||
Hi DoubleShimmer ,
[q] from, tmbm: if you just did what i said it would of been alot quicker[/q] Heres what tmbm had you partly remove that needs to be restored.... Google Toolbar, Windows MediaPlayer Toolbar, Spybot S+D, Incredimail, Yahoo messenger, My apologies, ..I should have edited his post. If you want to restore them , you can use HijackThis. Print the list below, open HijackThis, and click on "config"--> "Backups" Look for and highlight each entry, then click "Restore". ( Or you can download and reinstall the above programs. ) Restore these: O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = D:\Program Files\America Online 9.0a\aoltray.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar3.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar3.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar3.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar3.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://d:\program files\google\GoogleToolbar3.dll/cmtrans.html O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe 2. YOur HJT log looks good, well done ![]() Only these minor ones left,....Close IE, open HJT and FIX the below. R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file) Close HJT, Reboot. Post back a new log after restore , if you want. Cheers ![]() |
![]() |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
![]() |
||||
Topic | Topic Starter | Forum | Replies | Last Post |
Desperately Seeking Help | LoppyThug | Windows Vista | 6 | February 14th, 2008 05:53 AM |
Desperately seeking help :( | WinT | Windows 98 | 31 | July 6th, 2006 07:12 PM |
Please HELP . Desperately seeking help | shinkansen | Windows XP | 1 | November 4th, 2004 05:35 PM |
Desperately Seeking . . . Help | carlygirl1973 | Malware Removal | 1 | June 27th, 2004 04:13 AM |
desperately seeking help | pcbuyer | The Anything Else Board | 2 | January 9th, 2003 08:02 PM |
All times are GMT +1. The time now is 09:59 PM.