Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Virus that turns explorer.exe off-- need help with hijackthis to remove it thoroughly please!
   
BullGuard Antivirus Forum > Virus > Virus Questions > Virus that turns explorer.exe off-- need help with hijackthis to remove it thoroughly please!  
Forum Quick Jump
 
New Topic Locked Topic Printable version of : Virus that turns explorer.exe off-- need help with hijackthis to remove it thoroughly please!
[ << Previous Thread | Next Thread >> ]

shanellate
New Member


Date Joined Jun 2008
Total Posts : 5
  		   Posted 7-14-2008 7:32 (GMT +2)    Quote: Virus that turns explorer.exe off-- need help with hijackthis to remove it thoroughly please!Alert an admin about: Virus that turns explorer.exe off-- need help with hijackthis to remove it thoroughly please!
Hello,
My computer was infected by this virus that keeps on turning explorer.exe off. I was able to turn explorer.exe on again by using task manager to manually turn explorer.exe on again, but it will turn itself off. So, I scanned with anti-virus but nothing came out of it. Feeling lost, I looked around the forum to see how others with problem like this dealt with the issue. With help from all of you, I was able to use ComboFix to stop the explorer.exe problem (http://www.bullguard.com/forum/5/Unknown-Virus---turns-off-expl_56682.html) -- I followed the instructions in this thread closely. After running ComboFix, I ran DSS to check the status, and I am unable to continue from there. Please help me to get rid of this awful virus!
Thank you in advance.
Zee
 
Log from DSS:
 
Deckard's System Scanner v20071014.68
Run by Zee on 2008-07-14 13:06:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------
[color=red]Percentage of Memory in Use: 83% (more than 75%).[/color]
[color=red]Total Physical Memory: 254 MiB (512 MiB recommended).[/color]

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-14 13:07:29
Platform: Windows XP  (5.01.2600)
MSIE: Internet Explorer (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
D:\GSA Cleandrive\CleanDrive.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Lim Zee Hui\Desktop\dss.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=runonce&pver=6.0&plcid=0x0809
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PREAT IE LightFrame - {43D29D14-460E-4F3A-9037-E60F11EF12F0} - C:\WINDOWS\system32\LightFrame3IECOM.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [GSA Cleandrive] "D:\GSA Cleandrive\Cleandrive.exe" /MIN
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] D:\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - (file missing)
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPWDSVC.EXE
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVSCAN.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBSERV.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9361 bytes
-- Files created between 2008-06-14 and 2008-07-14 -----------------------------
2008-07-14 12:08:45     68096 --a------ C:\WINDOWS\zip.exe
2008-07-14 12:08:45    161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-14 12:08:45     98816 --a------ C:\WINDOWS\sed.exe
2008-07-14 12:08:45     80412 --a------ C:\WINDOWS\grep.exe
2008-07-14 12:08:45     89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-14 12:08:44     49152 --a------ C:\WINDOWS\VFind.exe
2008-07-14 12:08:44    212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-14 12:08:44    136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-14 00:11:02         0 d-------- C:\Documents and Settings\Lim Zee Hui\DoctorWeb
2008-07-13 23:53:14         0 d-------- C:\WINDOWS\ERUNT
2008-07-13 22:32:11         0 d-------- C:\Documents and Settings\Lim Zee Hui\Application Data\Uniblue
2008-07-13 21:14:58         0 d--hs---- C:\WINDOWS\CSC
2008-07-13 19:52:43   3670016 --a------ C:\Documents and Settings\Lim Zee Hui\ntuser.dat
2008-07-03 19:41:30         0 d-------- C:\WINDOWS\Prefetch
2008-07-03 18:29:22         0 d-------- C:\WINDOWS\System32\bits
2008-07-03 18:26:45         0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-03 17:53:06         0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-07-03 14:42:10         0 d-------- C:\unzipped
2008-06-19 18:43:12         0 d-------- C:\Documents and Settings\Father & Mother\Application Data\GetRightToGo

-- Find3M Report ---------------------------------------------------------------
2008-07-14 12:17:25         0 d-------- C:\Program Files\Common Files
2008-07-12 23:23:04         0 d-------- C:\Program Files\Windows Live Safety Center
2008-07-03 15:15:33         0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-26 19:05:02         0 d-------- C:\Program Files\Olympus
2008-06-26 19:04:59         0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-23 13:13:14         0 d-------- C:\Documents and Settings\Lim Zee Hui\Application Data\Adobe
2008-06-20 01:08:48         0 d-------- C:\Program Files\Shockwave.com
2008-06-04 22:42:33         0 d-------- C:\Program Files\ReflexiveArcade
2008-05-13 19:46:05     65552 --a------ C:\WINDOWS\System32\KeOS386.DLL
2008-04-27 20:40:24     61372 --a------ C:\WINDOWS\War3Unin.dat
2008-04-27 18:59:59      2829 --a------ C:\WINDOWS\War3Unin.pif
2008-04-27 18:59:58    139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-04-27 15:58:43     37348 --a------ C:\WINDOWS\System32\tcpipbak.reg

-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [07/04/2003 12:07 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [26/07/2006 03:03 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [17/01/2008 11:42 AM]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [17/05/2004 04:56 AM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [06/04/2007 09:56 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [23/08/2001 08:00 PM]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [23/08/2001 08:00 PM]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [23/08/2001 08:00 PM]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [23/08/2001 08:00 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [23/08/2001 08:00 PM]
"GSA Cleandrive"="D:\GSA Cleandrive\Cleandrive.exe" [24/06/2008 02:58 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [02/08/2001 07:14 AM]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 12:54 PM]
"Uniblue RegistryBooster 2"="D:\RegistryBooster 2\RegistryBooster.exe" [05/05/2008 12:22 PM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [04/02/2007 7:17:01 PM]
BTTray.lnk - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe [01/10/2004 3:12:18 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"=1 (0x1)
"NoStrCmpLogical"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"=1 (0x1)
"NoStrCmpLogical"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoInstrumentation"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LightFrame 3.lnk]
backup=C:\WINDOWS\pss\LightFrame 3.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AME_CSA"=rundll32 amecsa.cpl,RUN_DLL
"Microsoft Windows System"=Wincbr.exe
"Intel Driver"=Wincbr.exe
 

-- End of Deckard's System Scanner: finished at 2008-07-14 13:08:03 ------------
 
 
 

Post Edited (shanellate) : 14-07-2008 05:33:48 GMT

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13154
  		   Posted 7-14-2008 9:00 (GMT +2)    Quote: Virus that turns explorer.exe off-- need help with hijackthis to remove it thoroughly please!Alert an admin about: Virus that turns explorer.exe off-- need help with hijackthis to remove it thoroughly please!
Hello smile
 
 
Please post combofix log

Do NOT post your problem in someone elses thread.
Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Back to Top
 

shanellate
New Member


Date Joined Jun 2008
Total Posts : 5
  		   Posted 7-14-2008 9:36 (GMT +2)    Quote: Virus that turns explorer.exe off-- need help with hijackthis to remove it thoroughly please!Alert an admin about: Virus that turns explorer.exe off-- need help with hijackthis to remove it thoroughly please!
Hi Touch,
Thank you for your prompt response! :D
Zee

ComboFix 08-07-13.6 - Lim Zee Hui 2008-07-14 12:10:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.74 [GMT 8:00]
Running from: C:\Documents and Settings\Lim Zee Hui\Desktop\2ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Lim Zee Hui\My Documents\My Videos\Desktop.ini
C:\WINDOWS\config.ini
C:\WINDOWS\system32\geBSjijk.dll
C:\WINDOWS\system32\hgGaAttt.dll
C:\WINDOWS\system32\ssqNEULe.dll
C:\WINDOWS\system32\UCbLlUvw.ini
C:\WINDOWS\system32\UCbLlUvw.ini2
C:\WINDOWS\system32\wvUlLbCU.dll
D:\LiveUpdateCopy.exe

.
((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))
.

2008-07-14 11:58 . 2008-07-14 11:58 <DIR> d-------- C:\Deckard
2008-07-14 00:11 . 2008-07-14 06:03 <DIR> d-------- C:\Documents and Settings\Lim Zee Hui\DoctorWeb
2008-07-13 23:53 . 2008-07-13 23:53 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-13 22:32 . 2008-07-13 22:32 <DIR> d-------- C:\Documents and Settings\Lim Zee Hui\Application Data\Uniblue
2008-07-03 18:29 . 2008-07-03 18:29 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-03 18:28 . 2004-07-02 06:08 361,984 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-07-03 18:28 . 2004-07-02 06:08 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2008-07-03 18:28 . 2004-07-01 07:59 158,720 --a------ C:\WINDOWS\system32\xpob2res.dll
2008-07-03 18:28 . 2004-07-02 06:08 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-07-03 18:28 . 2004-07-02 06:08 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-07-03 18:28 . 2004-07-02 06:08 7,680 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-07-03 18:28 . 2004-07-02 06:08 7,680 --a------ C:\WINDOWS\system32\bitsprx2.dll
2008-07-03 18:28 . 2004-07-02 06:08 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-07-03 18:28 . 2004-07-02 06:08 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2008-07-03 18:27 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-07-03 18:27 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-07-03 18:27 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-07-03 18:27 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-07-03 18:27 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-07-03 18:27 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-07-03 18:27 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-07-03 18:27 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-07-03 18:27 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-03 17:53 . 2008-07-03 17:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-07-03 14:42 . 2008-07-03 14:42 <DIR> d-------- C:\unzipped
2008-07-03 14:27 . 2008-07-13 19:49 1,278 --a------ C:\WINDOWS\mgutil_reg.ini
2008-07-03 14:26 . 2008-07-13 19:49 142 --a------ C:\WINDOWS\mgutil_win.ini
2008-06-19 18:43 . 2008-06-19 18:43 <DIR> d-------- C:\Documents and Settings\Father & Mother\Application Data\GetRightToGo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-13 16:34 58,880 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp
2008-07-13 16:34 16,384 ----a-w C:\WINDOWS\Internet Logs\xDB2C.tmp
2008-07-13 15:16 358,400 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp
2008-07-13 15:16 2,097,152 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp
2008-07-13 14:35 312,320 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp
2008-07-13 14:35 100,864 ----a-w C:\WINDOWS\Internet Logs\xDB28.tmp
2008-07-13 14:04 47,104 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp
2008-07-13 14:04 14,336 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp
2008-07-13 13:18 3,101,696 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp
2008-07-13 13:18 12,800 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp
2008-07-13 13:13 50,176 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp
2008-07-13 11:53 39,424 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp
2008-07-13 11:53 3,123,712 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp
2008-07-13 11:51 3,121,152 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp
2008-07-13 10:32 3,101,696 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp
2008-07-13 10:32 14,848 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp
2008-07-13 08:40 90,624 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp
2008-07-13 08:40 3,101,696 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2008-07-13 01:53 413,184 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2008-07-13 01:53 3,119,104 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2008-07-12 15:23 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-07-12 04:47 21,504 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2008-07-12 04:46 3,103,744 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-07-12 04:34 39,424 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-07-12 04:34 3,103,744 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-07-10 18:34 3,103,744 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-07-10 18:34 153,600 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-07-10 12:00 3,101,696 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-07-10 12:00 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-07-10 11:52 3,103,744 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-07-10 11:52 16,896 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-07-10 11:45 3,102,208 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-07-10 11:45 204,288 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-07-10 10:36 3,101,696 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp
2008-07-10 09:37 3,100,672 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-07-09 15:09 3,102,208 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-07-09 15:09 27,648 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-07-09 14:07 41,472 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-07-09 14:07 3,101,696 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-07-09 08:22 3,100,672 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-07-09 08:18 3,108,864 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-07-09 08:18 105,984 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-07-08 14:17 3,101,696 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-07-08 14:17 28,160 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-07-08 04:59 3,111,424 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-07-03 09:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-03 07:15 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-26 11:05 --------- d-----w C:\Program Files\Olympus
2008-06-26 11:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-20 15:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-19 17:08 --------- d-----w C:\Program Files\Shockwave.com
2008-06-10 04:57 --------- d-----w C:\Documents and Settings\Father & Mother\Application Data\Flood Light Games
2008-06-10 04:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Flood Light Games
2008-06-10 04:56 --------- d-----w C:\Documents and Settings\Father & Mother\Application Data\PlayFirst
2008-06-09 14:43 --------- d-----w C:\Documents and Settings\Father & Mother\Application Data\ViquaSoft
2008-06-04 14:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-06-04 14:42 --------- d-----w C:\Program Files\ReflexiveArcade
2008-06-04 14:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-05-31 15:38 --------- d-----w C:\Documents and Settings\Guest\Application Data\Grisoft
2008-05-23 15:59 28,064 ----a-w C:\Documents and Settings\Father & Mother\Application Data\GDIPFONTCACHEV1.DAT
2008-05-13 11:46 65,552 ----a-w C:\WINDOWS\system32\KeOS386.DLL
2008-04-27 10:59 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-04-27 10:59 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-04-27 07:58 37,348 ----a-w C:\WINDOWS\system32\tcpipbak.reg
2007-02-21 08:42 31,088 ----a-w C:\Documents and Settings\Lim Zee Hui\Application Data\GDIPFONTCACHEV1.DAT
2007-12-30 16:29 11,270 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-23 20:00 13312]
"GSA Cleandrive"="D:\GSA Cleandrive\Cleandrive.exe" [2008-06-24 14:58 2977280]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 07:14 1077277]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"Uniblue RegistryBooster 2"="D:\RegistryBooster 2\RegistryBooster.exe" [2008-05-05 12:22 1923352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 00:07 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 03:03 49263]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-17 11:42 58728]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2004-05-17 04:56 697624]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-04-06 21:56 100056]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2001-08-23 20:00 208949]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2001-08-23 20:00 77824]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2001-08-23 20:00 737360]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2001-08-23 20:00 737360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 07:14 1077277]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-02-04 19:17:01 113664]
BTTray.lnk - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe [2004-10-01 15:12:18 565309]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 1 (0x1)
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoStrCmpLogical"= 1 (0x1)
"NoInstrumentation"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LightFrame 3.lnk]
backup=C:\WINDOWS\pss\LightFrame 3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2003-04-07 00:19 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AME_CSA"=rundll32 amecsa.cpl,RUN_DLL
"Microsoft Windows System"=Wincbr.exe
"Intel Driver"=Wincbr.exe

R3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\System32\DRIVERS\AmeAtmPc.sys [2002-02-22 11:14]
S1 HWIODRV;HWIODRV;C:\WINDOWS\System32\HWIODRV.SYS []
S3 AtmElan;ATM Emulated LAN;C:\WINDOWS\System32\DRIVERS\atmlane.sys [2001-08-23 20:00]
S3 AtmLane;ATM LAN Emulation;C:\WINDOWS\System32\DRIVERS\atmlane.sys [2001-08-23 20:00]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\System32\DRIVERS\usbprint.sys [2001-08-17 14:00]

.
Contents of the 'Scheduled Tasks' folder
"2007-06-15 16:52:05 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Lim Zee Ying.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 12:16:45
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
.
**************************************************************************
.
Completion time: 2008-07-14 13:00:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-14 05:00:43

Pre-Run: 5,871,001,600 bytes free
Post-Run: 6,140,096,512 bytes free

209

Post Edited (shanellate) : 14-07-2008 07:36:46 GMT

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13154
  		   Posted 7-14-2008 9:41 (GMT +2)    Quote: Virus that turns explorer.exe off-- need help with hijackthis to remove it thoroughly please!Alert an admin about: Virus that turns explorer.exe off-- need help with hijackthis to remove it thoroughly please!
Looks clean smile
 
 
How are things running ?

Do NOT post your problem in someone elses thread.
Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Back to Top
 

shanellate
New Member


Date Joined Jun 2008
Total Posts : 5
  		   Posted 7-14-2008 9:51 (GMT +2)    Quote: Virus that turns explorer.exe off-- need help with hijackthis to remove it thoroughly please!Alert an admin about: Virus that turns explorer.exe off-- need help with hijackthis to remove it thoroughly please!
Oh its thoroughly clean? Thats great! :D Things are running fine, I probably just need to fine tune it up by deleting unwanted programmes..
Back to Top
 

shanellate
New Member


Date Joined Jun 2008
Total Posts : 5
  		   Posted 7-14-2008 9:59 (GMT +2)    Quote: Virus that turns explorer.exe off-- need help with hijackthis to remove it thoroughly please!Alert an admin about: Virus that turns explorer.exe off-- need help with hijackthis to remove it thoroughly please!
And thank you Touch, you've been a great help to the community :D
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13154
  		   Posted 7-14-2008 10:07 (GMT +2)    Quote: Virus that turns explorer.exe off-- need help with hijackthis to remove it thoroughly please!Alert an admin about: Virus that turns explorer.exe off-- need help with hijackthis to remove it thoroughly please!
My pleasure smile
 
 
Please  read Tony Klein's excellent article  about how to prevent against  spyware/hijackers in the future
http://www.castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html   

Do NOT post your problem in someone elses thread.
Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Back to Top
 

shanellate
New Member


Date Joined Jun 2008
Total Posts : 5
  		   Posted 7-14-2008 10:11 (GMT +2)    Quote: Virus that turns explorer.exe off-- need help with hijackthis to remove it thoroughly please!Alert an admin about: Virus that turns explorer.exe off-- need help with hijackthis to remove it thoroughly please!
thank you again :D
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13154
  		   Posted 7-15-2008 11:32 (GMT +2)    Quote: Virus that turns explorer.exe off-- need help with hijackthis to remove it thoroughly please!Alert an admin about: Virus that turns explorer.exe off-- need help with hijackthis to remove it thoroughly please!
Glad to help smile
 
 
Since your problem appears to be resolved, this thread will now be closed.
If you need this topic reopened, please PM a Moderator and we will reopen it for you


Do NOT post your problem in someone elses thread.
Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Back to Top
 
New Topic Locked Topic Printable version of : Virus that turns explorer.exe off-- need help with hijackthis to remove it thoroughly please!
 
Forum Information
Currently it is Monday, October 13, 2008 4:06 PM (GMT +2)
There are a total of 62.769 posts in 15.649 threads.
In the last 3 days there were 20 new threads and 63 reply posts. View Active Threads
Who's Online
This forum has 26723 registered members. Please welcome our newest member, Brian Howe.
43 Guest(s), 1 Registered Member(s) are currently online.  Details
Brian Howe
5 Latest Threads
Can't live w/o you Touch~Haha~Help! (0)13-10-2008 13:45:46 (Maggie8)
Help with strange virus please! (8)13-10-2008 12:54:46 (ii-ii-iii)
My computer programmes and internet connection slow (3)13-10-2008 10:47:35 (Tinszel)
Computer Security for Secondary School Students (0)13-10-2008 08:36:24 (antivirus_guru)
Slow computer and internet explorer not working very well (4)13-10-2008 07:09:23 (seamanben)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard