Solved: Personal Guard 2009

sagu · 10-Nov-2009, 12:27 AM #1

Hey,

Somehow Personal Guard 2009 has weaseled its way onto my computer. I've taken a look through the forums, and most of the solutions are specific to the individual computer, so if I could get some help to remove this beastly thing, that would be great.

Also, since I've had this problem before, is there anyway to protect my computer against these sorts of viruses?

Thank you! Here's my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:53 PM, on 11/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WTouch\WTouchService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe logon.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mulohufor] Rundll32.exe "c:\windows\system32\dejufedu.dll",a
O4 - HKLM\..\Run: [personalguard] C:\Program Files\Personal Guard 2009\personalguard.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O20 - AppInit_DLLs: kulepive.dll c:\windows\system32\dejufedu.dll
O21 - SSODL: SysNet - {D46B2ED7-94D0-4D30-B1C6-517B5365E692} - C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll (file missing)
O21 - SSODL: pikuhifes - {7eb934b0-9ad3-4d49-abd5-9299189c4420} - c:\windows\system32\dejufedu.dll
O22 - SharedTaskScheduler: jugezatag - {52bc325f-680e-4022-b24d-fbf928a47178} - c:\windows\system32\zabegulo.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {7eb934b0-9ad3-4d49-abd5-9299189c4420} - c:\windows\system32\dejufedu.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe

--
End of file - 12595 bytes

NeonFx · 10-Nov-2009, 02:23 AM #2

Hello there

Welcome to the Tech Support Guy forums.
My name is NeonFx. I'll be glad to help you with your computer problems. Logs can take some time to research, so please be patient with me.

Please note the following:

The fixes are specific to your problem and should only be used on this machine.
Please continue to review my answers until I tell you your machine appears to be clean. Absence of symptoms does not necessarily mean that the system is completely clean.
It's often worth reading through these instructions and printing them for ease of reference. I may ask you to boot into Safe Mode where you will be unable to follow my instructions online.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

Step 1

Download OTS to your Desktop

Close ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program.
Check the box that says Scan All Users
Under Additional Scans check the following:
- Reg - Desktop Components
- Reg - Disabled MS Config Items
- Reg - NetSvcs
- Reg - Shell Spawning
- Reg - Uninstall List
- File - Lop Check
- File - Purity Scan
- Evnt - EvtViewer (last 10)
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post. To do so click on the blue "Reply" button or "Go Advanced" and click on the "Manage Attachments" button

To ensure that I get all the information this log will need to be attached. If it is too large to attach then upload it to Dropio and post the sharing link/url (The Drop's URL will be similar to : http:://drop.io/daerk)

Step 2

Download RootRepeal from one of the following locations and save it to your desktop:

Link 1
Link 2
Link 3

Double click to start the program
Click on the Report tab at the bottom of the program window
Click the button
In the Select Scan dialog, check:
- Shadow SSDT
Click the OK button
In the next dialog, select all drives showing
Click OK to start the scan
Note: The scan can take some time. DO NOT run any other programs while the scan is running
When the scan is complete, click the button and save the report to your Desktop as RootRepeal.txt
Go to File, then Exit to close the program

If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

sagu · 10-Nov-2009, 07:16 PM #3

Step One : See attachment.

I'm working on step two now.

NeonFx · 10-Nov-2009, 07:27 PM #4

Alright, once you get done with step two please attach the results here.

If you have problems with RootRepeal just skip that step and do the following:

STEP 1

Run OTS

Under the Paste Fix Here box on the right, paste in the contents of following code box

Code:

[Unregister Dlls]
[Modules - Safe List]
YY -> rejemufa.dll -> C:\WINDOWS\system32\rejemufa.dll
YY -> mirupuho.dll -> C:\WINDOWS\system32\mirupuho.dll
YY -> lisuhufu.dll -> C:\WINDOWS\system32\lisuhufu.dll
[Registry - Safe List]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3930498006-690861642-4085928141-1006\] > -> HKEY_USERS\S-1-5-21-3930498006-690861642-4085928141-1006\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "" -> []
YY -> "mulohufor" -> C:\WINDOWS\System32\rejemufa.DLL [Rundll32.exe "c:\windows\system32\rejemufa.dll",a]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YY -> c:\windows\system32\rejemufa.dll -> C:\WINDOWS\system32\rejemufa.dll
YY -> lisuhufu.dll -> C:\WINDOWS\System32\lisuhufu.dll
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell
YY -> logon.exe -> C:\WINDOWS\System32\logon.exe
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YN -> "{D46B2ED7-94D0-4D30-B1C6-517B5365E692}" [HKLM] -> C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll [SysNet]
YY -> "{d06f7265-bc5c-4436-a67a-a63618c7dbe3}" [HKLM] -> C:\WINDOWS\system32\rejemufa.dll [tapihurol]
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
YN -> "{52bc325f-680e-4022-b24d-fbf928a47178}" [HKLM] -> C:\WINDOWS\System32\zabegulo.dll [jugezatag]
YY -> "{d06f7265-bc5c-4436-a67a-a63618c7dbe3}" [HKLM] -> C:\WINDOWS\system32\rejemufa.dll [tokatiluy]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\WINDOWS\explorer.exe" -> C:\WINDOWS\explorer.exe [C:\WINDOWS\explorer.exe:*:Enabled:Explorer]
YN -> "C:\WINDOWS\system32\logonui.exe" -> C:\WINDOWS\System32\logonui.exe [C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui]
YN -> "C:\WINDOWS\system32\winlogon.exe" -> C:\WINDOWS\System32\winlogon.exe [C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon]
[Registry - Additional Scans - Safe List]
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
YN -> Personal Guard 2009 -> Personal Guard 2009
[Files/Folders - Created Within 30 Days]
NY -> Microsoft AData -> C:\Documents and Settings\All Users\Microsoft AData
NY ->  C:\Program Files\Personal Guard 2009 -> C:\Program Files\Personal Guard 2009
[Files/Folders - Modified Within 30 Days]
NY ->  joguyiro -> C:\WINDOWS\System32\joguyiro
NY ->  vdmjuyqk.job -> C:\WINDOWS\tasks\vdmjuyqk.job
NY ->  jigedohu.dll -> C:\WINDOWS\System32\jigedohu.dll
NY ->  gaduvoma.dll -> C:\WINDOWS\System32\gaduvoma.dll
NY ->  rejemufa.dll -> C:\WINDOWS\System32\rejemufa.dll
NY ->  spoov.exe -> C:\WINDOWS\spoov.exe
NY ->  certsystem.exe -> C:\WINDOWS\certsystem.exe
NY ->  regred.exe -> C:\WINDOWS\regred.exe
NY ->  usexplorer.exe -> C:\WINDOWS\usexplorer.exe
NY ->  securits.com -> C:\WINDOWS\securits.com
NY ->  microsoftdef.dll -> C:\WINDOWS\microsoftdef.dll
NY ->  Personal Guard 2009.lnk -> C:\Documents and Settings\Sam\Desktop\Personal Guard 2009.lnk
NY ->  boliraka.dll -> C:\WINDOWS\System32\boliraka.dll
NY ->  dejufedu.dll -> C:\WINDOWS\System32\dejufedu.dll
NY ->  lafegana.dll -> C:\WINDOWS\System32\lafegana.dll
NY ->  behubaza.dll -> C:\WINDOWS\System32\behubaza.dll
NY ->  luhuwuji.dll -> C:\WINDOWS\System32\luhuwuji.dll
NY ->  daluyoja.dll -> C:\WINDOWS\System32\daluyoja.dll
NY ->  mafomeba.dll -> C:\WINDOWS\System32\mafomeba.dll
NY ->  logon.exe -> C:\WINDOWS\System32\logon.exe
[Files - No Company Name]
NY ->  jigedohu.dll -> C:\WINDOWS\System32\jigedohu.dll
NY ->  gaduvoma.dll -> C:\WINDOWS\System32\gaduvoma.dll
NY ->  rejemufa.dll -> C:\WINDOWS\System32\rejemufa.dll
NY ->  Personal Guard 2009.lnk -> C:\Documents and Settings\Sam\Desktop\Personal Guard 2009.lnk
NY ->  vdmjuyqk.job -> C:\WINDOWS\tasks\vdmjuyqk.job
NY ->  certsystem.exe -> C:\WINDOWS\certsystem.exe
NY ->  regred.exe -> C:\WINDOWS\regred.exe
NY ->  usexplorer.exe -> C:\WINDOWS\usexplorer.exe
NY ->  microsoftdef.dll -> C:\WINDOWS\microsoftdef.dll
NY ->  spoov.exe -> C:\WINDOWS\spoov.exe
NY ->  securits.com -> C:\WINDOWS\securits.com
NY ->  tempfile2.bat -> C:\WINDOWS\tempfile2.bat
NY ->  boliraka.dll -> C:\WINDOWS\System32\boliraka.dll
NY ->  dejufedu.dll -> C:\WINDOWS\System32\dejufedu.dll
NY ->  lafegana.dll -> C:\WINDOWS\System32\lafegana.dll
NY ->  behubaza.dll -> C:\WINDOWS\System32\behubaza.dll
NY ->  luhuwuji.dll -> C:\WINDOWS\System32\luhuwuji.dll
NY ->  daluyoja.dll -> C:\WINDOWS\System32\daluyoja.dll
NY ->  mafomeba.dll -> C:\WINDOWS\System32\mafomeba.dll
NY ->  logon.exe -> C:\WINDOWS\System32\logon.exe
NY ->  oeminfo.ini -> C:\WINDOWS\System32\oeminfo.ini
NY ->  vemejofa.dll -> C:\WINDOWS\System32\vemejofa.dll
NY ->  mirupuho.dll -> C:\WINDOWS\System32\mirupuho.dll
NY ->  lisuhufu.dll -> C:\WINDOWS\System32\lisuhufu.dll
NY ->  lumiwoyo.dll -> C:\WINDOWS\System32\lumiwoyo.dll
NY ->  lilomijo.dll -> C:\WINDOWS\System32\lilomijo.dll
NY ->  sibukigu.dll -> C:\WINDOWS\System32\sibukigu.dll
[File - Lop Check]
NY ->  vdmjuyqk.job -> C:\WINDOWS\Tasks\vdmjuyqk.job
[Custom Items]
:files
C:\WINDOWS\Tasks\*.job
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=""
:end
[Empty Temp Folders]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
This will create a log in C:\_OTS\MovedFiles\<date>_<time>.txt where date and time are those of when the fix was run. Open it from there if it does not appear automatically on reboot. Please copy and paste or attach the contents of that file here.

Note: You may receive some errors while running the fix. Just press Ok and the fix should continue normally.
If it seems to get stuck, give it some time. It's probably still working.

STEP 2

Run OTS again and click on the Quick Scan button at the top. Attach the results of this scan in your next reply.

sagu · 10-Nov-2009, 10:13 PM #5

I had no problem with the Root Repeal, here are the results of Step 2:

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/11/10 18:20
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xECE67000 Size: 876544 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB8B56000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\windows\schedlgu.txt
Status: Allocation size mismatch (API: 40960, Raw: 28672)

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\tm_mbd_c.sys" at address 0xb98d1ce0

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf73d9d30

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\tm_mbd_c.sys" at address 0xb98d2150

Shadow SSDT
-------------------
#: 548 Function Name: NtUserSetWindowsHookAW
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\tm_mbd_c.sys" at address 0xb98d2d80

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\tm_mbd_c.sys" at address 0xb98d2e30

==EOF==

NeonFx · 10-Nov-2009, 10:17 PM #6

Good. Nothing there

I'll wait for the other stuff. There's no rush, I just like to be the last to reply so that I can keep track of which threads need attention.

sagu · 11-Nov-2009, 12:42 AM #7

I completed the OTS Fix, see attached...

NeonFx · 11-Nov-2009, 02:43 AM #8

Thank you. Do you have the results from the Quick Scan?

sagu · 11-Nov-2009, 09:19 AM #9

And here's the quick scan.

NeonFx · 11-Nov-2009, 02:50 PM **#10**

This bugger is reproducing faster than I can get it... let's do the following:

STEP 1

Run OTS

Under the Paste Fix Here box on the right, paste in the contents of following code box

Code:

[Unregister Dlls]
[Modules - Safe List]
YY -> jepiliwu.dll -> C:\WINDOWS\system32\jepiliwu.dll
YY -> zogonaha.dll -> C:\WINDOWS\system32\zogonaha.dll
[Registry - Safe List]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "mulohufor" -> C:\WINDOWS\System32\jepiliwu.DLL [Rundll32.exe "c:\windows\system32\jepiliwu.dll",a]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YY -> zogonaha.dll -> C:\WINDOWS\System32\zogonaha.dll
YY -> c:\windows\system32\rejemufa.dll -> C:\WINDOWS\System32\rejemufa.dll
YY -> c:\windows\system32\dejufedu.dll -> C:\WINDOWS\System32\dejufedu.dll
YY -> c:\windows\system32\mafomeba.dll -> C:\WINDOWS\System32\mafomeba.dll
YY -> c:\windows\system32\lumiwoyo.dll -> C:\WINDOWS\System32\lumiwoyo.dll
YY -> c:\windows\system32\jepiliwu.dll -> C:\WINDOWS\system32\jepiliwu.dll
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YY -> "{1679682b-dbb5-4e88-93ca-5c8c43d765d2}" [HKLM] -> C:\WINDOWS\system32\jepiliwu.dll [bagajewek]
YN -> "{5558f9ef-1dc8-4b68-b3c7-79101c37d559}" [HKLM] -> C:\WINDOWS\System32\lumiwoyo.dll [raziyalet]
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
YY -> "{1679682b-dbb5-4e88-93ca-5c8c43d765d2}" [HKLM] -> C:\WINDOWS\system32\jepiliwu.dll [tokatiluy]
YN -> "{5558f9ef-1dc8-4b68-b3c7-79101c37d559}" [HKLM] -> C:\WINDOWS\System32\lumiwoyo.dll [tokatiluy]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\WINDOWS\system32\logonui.exe" -> C:\WINDOWS\System32\logonui.exe [C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui]
[Files/Folders - Created Within 14 Days]
NY -> Microsoft AData2 -> C:\Documents and Settings\All Users\Microsoft AData2
[Files/Folders - Modified Within 14 Days]
NY ->  joguyiro -> C:\WINDOWS\System32\joguyiro
NY ->  lwwnzuif.job -> C:\WINDOWS\tasks\lwwnzuif.job
[Files - No Company Name]
NY ->  lwwnzuif.job -> C:\WINDOWS\tasks\lwwnzuif.job
NY ->  jepiliwu.dll -> C:\WINDOWS\System32\jepiliwu.dll
NY ->  dinizuha.dll -> C:\WINDOWS\System32\dinizuha.dll
NY ->  nuyimuto.dll -> C:\WINDOWS\System32\nuyimuto.dll
NY ->  zogonaha.dll -> C:\WINDOWS\System32\zogonaha.dll
NY ->  nenejiyo.dll -> C:\WINDOWS\System32\nenejiyo.dll
NY ->  nemabuta.dll -> C:\WINDOWS\System32\nemabuta.dll
NY ->  lakotite.dll -> C:\WINDOWS\System32\lakotite.dll
NY ->  notosujo.dll -> C:\WINDOWS\System32\notosujo.dll
NY ->  punajita.dll -> C:\WINDOWS\System32\punajita.dll
[File - Lop Check]
NY ->  lwwnzuif.job -> C:\WINDOWS\Tasks\lwwnzuif.job
[Custom Items]
:files
C:\WINDOWS\tasks\*.job
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
:end

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
This will create a log in C:\_OTS\MovedFiles\<date>_<time>.txt where date and time are those of when the fix was run. Open it from there if it does not appear automatically on reboot. Please copy and paste or attach the contents of that file here.

Note: You may receive some errors while running the fix. Just press Ok and the fix should continue normally.
If it seems to get stuck, give it some time. It's probably still working.

STEP 2

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan. Scan all of your harddrives.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

STEP 3

Run OTS again and click on the Quick Scan button at the top. Attach the results of this scan in your next reply.

sagu · 11-Nov-2009, 08:06 PM **#11**

Here's the fix....

sagu · 11-Nov-2009, 08:08 PM **#12**

And here's the Malewarebytes Scan:

Malwarebytes' Anti-Malware 1.41
Database version: 3150
Windows 5.1.2600 Service Pack 3

11/11/2009 7:00:05 PM
mbam-log-2009-11-11 (19-00-05).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 198296
Time elapsed: 1 hour(s), 27 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 27

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\jinujone.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{c4d2c899-b882-439c-a918-98d91ecd8897} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Personal Guard 2009 (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mulohufor (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Share dTaskScheduler\{c4d2c899-b882-439c-a918-98d91ecd8897} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad\jefewarin (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\koliyasude (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\jinujone.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\jinujone.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Sam\Start Menu\Programs\Personal Guard 2009 (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\jinujone.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\8LEVC56N\OQjal0tRsb6nmmvhLX4EhRvr9S_o6nWqllyQIt0dmylLEMCT 7yPGvX1ci-eUz1s_17L3-UII_qaRCfaqPxezaaRCxN4NbXvU2dLsgW0B-bt2A3DwOnZlrijii1py-i9-jqGnDby-VI-enwbeM2rXw-sj0z2JKCK[1].htm (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP87\A0015628.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP88\A0015647.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP88\A0015649.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP88\A0015666.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP88\A0015669.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP88\A0015663.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP89\A0016045.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP89\A0016046.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP89\A0016051.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP89\A0016052.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP89\A0016082.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP89\A0016096.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP89\A0016098.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP89\A0016114.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP89\A0016117.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\_OTS\MovedFiles\11102009_232222\C_Program Files\Personal Guard 2009\personalguard.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\_OTS\MovedFiles\11102009_232222\C_Program Files\Personal Guard 2009\personalguard.****.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\_OTS\MovedFiles\11102009_232222\C_Program Files\Personal Guard 2009\uninstalls.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\_OTS\MovedFiles\11102009_232222\C_WINDOWS\System32\behubaza.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTS\MovedFiles\11102009_232222\C_WINDOWS\System32\logon.exe (Worm.Emold) -> Quarantined and deleted successfully.
C:\_OTS\MovedFiles\11112009_170005\C_Documents and Settings\All Users\Microsoft AData2\setup.jpg.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\_OTS\MovedFiles\11112009_170005\C_Documents and Settings\All Users\Microsoft AData2\sysnet.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\_OTS\MovedFiles\11112009_170005\C_WINDOWS\system32\dinizuha.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Start Menu\Programs\Personal Guard 2009\Personal Guard 2009.lnk (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Start Menu\Programs\Personal Guard 2009\Uninstall.lnk (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully.

sagu · 11-Nov-2009, 08:11 PM **#13**

It virus doesn't appear to be a bother anymore, and I can't find any traces of it. I'll give it 24 hours before I'll call it officially defeated.

In the meantime, do you have any suggestions on how to avoid this virus in the future? I've upped the security on Trend Micro PC-cillin, but any suggestions would be great.

I thoroughly appreciate the help. Thank you! <3

I'll let you know how my computer is in 24 hours.

sagu · 11-Nov-2009, 08:12 PM **#14**

Oh. Let me do that last quickscan...

NeonFx · 11-Nov-2009, 08:13 PM **#15**

Please complete step 3 so that I can get a look at the system before I can say you're clean. I'll give you advice once we're done.

EDIT* seems we answered at the same time ^_^

Tag Cloud
access acer asus bios bsod crash desktop driver drivers error ethernet excel freeze games gaming hard drive hardware hdmi internet laptop malware memory missing monitor motherboard network printer problem ram random registry router slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless xbox

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for:

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!