My startpage is Hijacked Please help

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

frankysplace

Thread Starter
Joined
Apr 22, 2004
Messages
9
Can someone please help. I've been hijack and when I go to my startpage it forces me to http://searchpage.cc/1525/

I've updated my virus software, ran adaware and spybot search and destroy, but it is still there.

I've ran Hijack this and following is what I got.

Can anyone please help.

Thanks in Advance,

Frank

[email protected]

-----------------------------------------------------------------------

Logfile of HijackThis v1.97.7
Scan saved at 1:47:43 PM, on 4/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\WINDOWS\Plaxo\1.4.2.25\InstallStub.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Popup Ad Filter\PopFilter.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Frank\Desktop\Spyware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://nkvd.us/1525/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://nkvd.us/1525/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://nkvd.us/1525/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nkvd.us/1525/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nkvd.us/1525/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://nkvd.us/1525/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://nkvd.us/1525/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://nkvd.us/1525/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nkvd.us/1525/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://nkvd.us/1525/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://nkvd.us/1525/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://nkvd.us/1525/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://nkvd.us/1525/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://nkvd.us/1525/
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://nkvd.us/1525/
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: OsbornTech Popup Blocker - {FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880} - C:\WINDOWS\System32\mshelper.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\RecordNow MAX Platinum\StorageGuard\sgtray.exe" /r
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKCU\..\Run: [HistoryKill] C:\Program Files\HistoryKill\histkill.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "c:\Program Files\MSN Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\1.4.2.25\InstallStub.exe -a
O4 - HKCU\..\Run: [iolo Task Agent] C:\Program Files\iolo\Common\Task Agent\task_agent.exe
O4 - HKLM\..\RunOnce: [System Mechanic Cache Cleanup] C:\Program Files\iolo\System Mechanic\SysMechanic.exe /CompleteCache
O4 - HKLM\..\RunOnce: [HcTSC] C:\WINDOWS\TSC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Live Menu.lnk = C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
O4 - Global Startup: eFax Tray Menu.lnk = C:\Program Files\eFax Messenger Plus\HotTray.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O4 - Global Startup: EZ Firewall.lnk = C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O13 - DefaultPrefix: http://www.nkvd.us/1525/
O13 - WWW Prefix: http://www.nkvd.us/1525/
O13 - Home Prefix: http://www.nkvd.us/1525/
O13 - Mosaic Prefix: http://www.nkvd.us/1525/
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.accessoveloce.com/webline/x/wzsex21x.exe
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/j3rk0of4.cab
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://D:\index.mht!http://members.lycos.co.uk/moremedia//INDEX.CHM::/load.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1EDCB5B7-3212-11D7-A41E-0020781162FD} - http://www.adbros.com/toolbar/install/setup.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.4everyone.com/searchbar/Install.cab
O16 - DPF: {4522DBFE-14CD-4A59-AC2A-54BADFDD6D53} - http://download.wangluoyouxi.com/download/inst.cab
O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://www.euroklik.nl/plugins_zonder_herhaal_bezoek/jongetienersnl327.exe
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestation.com/common/classes/batchdwnl.cab?version=4,3,2,20802
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
O16 - DPF: {66BD3ED9-31E1-11D7-A41E-0020781162FD} - http://www.adbros.com/toolbar/install/setup.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {83637DFE-6EE1-4815-B874-03449C4877B7} - http://icons.com.ne.kr/active-x/shortcut/Comnekr.cab
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} - http://dialxs.nl/install/dialxs.ocx
O16 - DPF: {8A0DCBDA-6E20-489C-9041-C1E8A0352E75} - http://download.getmirar.com/875455/files/installer.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://212.80.66.25/activex/AxisCamControl.cab
O16 - DPF: {9699ACAA-934A-4156-A73E-76D004A55B8E} - http://ace-casino.com/ShortCut.cab
O16 - DPF: {986DDE35-E955-11D0-A707-000000521958} - http://69.56.176.75/webplugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {AE6CEFA8-1223-4337-8D94-977268FF9AA0} - http://www.********com/includes/Download_UL.cab
O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com/update/IESearch.cab
O16 - DPF: {C8BAC37C-A8D2-425E-B7FC-80B9537FB14A} - http://www.spyblast.com/download/SBFullSInst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553555500} - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {E07201D0-8DA2-4BB4-87B1-C1BAACEBF8BD} - http://smartseek.info/xpy/xpy.cab
O16 - DPF: {EEF29D20-9A47-4657-ADF7-283EC2504001} - http://toolbar2.globalwebsearch.com/winenc32.cab
O16 - DPF: {FFFF0029-0001-101A-A3C9-08002B2F49FB} - http://www.covercd.org/cb/c.exe
 
Joined
Nov 21, 2003
Messages
5,402
Don't panic, helpm is on its way. :D
I believe you have a cool web infection, so lets try a little program called Cool Web shredder, located here: http://www.spywareinfo.com/~merijn/files/cwshredder.zip
Unzip to a permanent folder, something like C:\CWS. Open it and close all your browsers, and click on update, to make sure you have the latest version. Click on "Fix" and let it do its thing. It will prompt you a couple of times, just click on "OK". When you are done, repost another HJT log here.
 

frankysplace

Thread Starter
Joined
Apr 22, 2004
Messages
9
Thank you for your prompt reply. I tried the link and I am redirected to http://searchpage.cc/1525/!!! I am not even allowed to download any files or mp3 as I am redirected to that page. help...
 

frankysplace

Thread Starter
Joined
Apr 22, 2004
Messages
9
Ok I got a friend to download the file and email it to me. It's the one called miniremoval_coolwebsearch_smartkiller right?

I ran it and it gave me the following message -

MiniRemoval. Copyright (c) Safer Networking Limited.
CoolWWWSearch.Smartkiller (v1/v2) has not been found on your system.

Now what??? someone please help...........
 
Joined
Nov 21, 2003
Messages
5,402
OK, lets try this. go to www.sherrylynn.us/privacypolicy
Underneath the "spyware"banner add will be two files. Click on "CWS.exe" Open it up and click on the "update" feature of CWS to make sure you have the latest version. Close all you browsers and click on cws's "fix" it will prompt a couple of times while its running, just click "okay"
Let us know if you can't get to that page.
 
Joined
Nov 21, 2003
Messages
5,402
OK, this is what I want you to do. I want you to send me a private message with your e-mail address and I will send you the file via e-mail.
To send me a PM, click on my name and under "contact info" it says send a Private message. send me your e-mail address
 

frankysplace

Thread Starter
Joined
Apr 22, 2004
Messages
9
K here it is I also posted a CWS Report below the Hijack this log


Logfile of HijackThis v1.97.7
Scan saved at 3:35:20 PM, on 4/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\WINDOWS\Plaxo\1.4.2.25\InstallStub.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Popup Ad Filter\PopFilter.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
D:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Frank\Desktop\Spyware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://nkvd.us/1525/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://nkvd.us/1525/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://nkvd.us/1525/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nkvd.us/1525/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nkvd.us/1525/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://nkvd.us/1525/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://nkvd.us/1525/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://nkvd.us/1525/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nkvd.us/1525/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://nkvd.us/1525/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://nkvd.us/1525/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://nkvd.us/1525/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://nkvd.us/1525/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://nkvd.us/1525/
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://nkvd.us/1525/
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\RecordNow MAX Platinum\StorageGuard\sgtray.exe" /r
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKCU\..\Run: [HistoryKill] C:\Program Files\HistoryKill\histkill.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "c:\Program Files\MSN Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\1.4.2.25\InstallStub.exe -a
O4 - HKCU\..\Run: [iolo Task Agent] C:\Program Files\iolo\Common\Task Agent\task_agent.exe
O4 - HKLM\..\RunOnce: [System Mechanic Cache Cleanup] C:\Program Files\iolo\System Mechanic\SysMechanic.exe /CompleteCache
O4 - HKLM\..\RunOnce: [HcTSC] C:\WINDOWS\TSC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Live Menu.lnk = C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
O4 - Global Startup: eFax Tray Menu.lnk = C:\Program Files\eFax Messenger Plus\HotTray.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O4 - Global Startup: EZ Firewall.lnk = C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O13 - DefaultPrefix: http://www.nkvd.us/1525/
O13 - WWW Prefix: http://www.nkvd.us/1525/
O13 - Home Prefix: http://www.nkvd.us/1525/
O13 - Mosaic Prefix: http://www.nkvd.us/1525/
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.accessoveloce.com/webline/x/wzsex21x.exe
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/j3rk0of4.cab
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://D:\index.mht!http://members.lycos.co.uk/moremedia//INDEX.CHM::/load.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1EDCB5B7-3212-11D7-A41E-0020781162FD} - http://www.adbros.com/toolbar/install/setup.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.4everyone.com/searchbar/Install.cab
O16 - DPF: {4522DBFE-14CD-4A59-AC2A-54BADFDD6D53} - http://download.wangluoyouxi.com/download/inst.cab
O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://www.euroklik.nl/plugins_zonder_herhaal_bezoek/jongetienersnl327.exe
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestation.com/common/classes/batchdwnl.cab?version=4,3,2,20802
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
O16 - DPF: {66BD3ED9-31E1-11D7-A41E-0020781162FD} - http://www.adbros.com/toolbar/install/setup.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {83637DFE-6EE1-4815-B874-03449C4877B7} - http://icons.com.ne.kr/active-x/shortcut/Comnekr.cab
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} - http://dialxs.nl/install/dialxs.ocx
O16 - DPF: {8A0DCBDA-6E20-489C-9041-C1E8A0352E75} - http://download.getmirar.com/875455/files/installer.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://212.80.66.25/activex/AxisCamControl.cab
O16 - DPF: {9699ACAA-934A-4156-A73E-76D004A55B8E} - http://ace-casino.com/ShortCut.cab
O16 - DPF: {986DDE35-E955-11D0-A707-000000521958} - http://69.56.176.75/webplugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {AE6CEFA8-1223-4337-8D94-977268FF9AA0} - http://www.********com/includes/Download_UL.cab
O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com/update/IESearch.cab
O16 - DPF: {C8BAC37C-A8D2-425E-B7FC-80B9537FB14A} - http://www.spyblast.com/download/SBFullSInst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553555500} - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {E07201D0-8DA2-4BB4-87B1-C1BAACEBF8BD} - http://smartseek.info/xpy/xpy.cab
O16 - DPF: {EEF29D20-9A47-4657-ADF7-283EC2504001} - http://toolbar2.globalwebsearch.com/winenc32.cab
O16 - DPF: {FFFF0029-0001-101A-A3C9-08002B2F49FB} - http://www.covercd.org/cb/c.exe


-----------------------------------------------------------------------------------

CWShredder v1.56.3 scan only report
Please understand that a CWShredder 'Scan only' report
might not be sufficient to troubleshoot an infected system.
You can use HijackThis for that:
http://www.merijn.org/files/hijackthis.zip
http://www.spywareinfo.com/~merijn/files/hijackthis.zip

Windows XP (5.01.2600 SP1)
Windows dir: C:\WINDOWS
Windows system dir: C:\WINDOWS\system32
AppData folder: C:\Documents and Settings\Frank\Application Data
Username: Frank

Infected Registry value:
HKCU\Software\Microsoft\Internet Explorer,Search
Infected data: http://nkvd.us/1525/
Infected Registry value:
HKCU\Software\Microsoft\Internet Explorer,SearchURL
Infected data: http://nkvd.us/1525/
Infected Registry value:
HKLM\Software\Microsoft\Internet Explorer,Search
Infected data: http://nkvd.us/1525/
Infected Registry value:
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL
Infected data: http://nkvd.us/1525/
Infected Registry value:
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
Infected data: http://nkvd.us/1525/
Infected Registry value:
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar
Infected data: http://nkvd.us/1525/
Infected Registry value:
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page
Infected data: http://nkvd.us/1525/
Infected Registry value:
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page,about:blank
Infected data: http://nkvd.us/1525/
Infected Registry value:
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
Infected data: http://nkvd.us/1525/
Infected Registry value:
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page
Infected data: http://nkvd.us/1525/
Infected Registry value:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page,about:blank
Infected data: http://nkvd.us/1525/
Infected Registry value:
HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant
Infected data: http://nkvd.us/1525/
Infected Registry value:
HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch
Infected data: http://nkvd.us/1525/
Infected Registry value:
HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant,http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Infected data: http://nkvd.us/1525/
Infected Registry value:
HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch,http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
Infected data: http://nkvd.us/1525/
Infected Registry value:
HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes,www,http://
Infected data: http://www.nkvd.us/1525/
Infected Registry value:
HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes,home,http://
Infected data: http://www.nkvd.us/1525/
Infected Registry value:
HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes,mosaic,http://
Infected data: http://www.nkvd.us/1525/
Found Hosts file: C:\WINDOWS\system32\drivers\etc\hosts (2 bytes, A)
Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe
UserInit Registry value: HKLM\..\WinLogon [UserInit] C:\WINDOWS\system32\userinit.exe,
Registry value: DefaultPrefix (should be http://) [] http://www.nkvd.us/1525/
Registry value: WWW Prefix (should be http://) [www] http://www.nkvd.us/1525/
Registry value: Mosaic Prefix (should be http://) [mosaic] http://www.nkvd.us/1525/
Registry value: Home Prefix (should be http://) [home] http://www.nkvd.us/1525/
Found Win.ini file: C:\WINDOWS\win.ini (2032 bytes, -)
Found System.ini file: C:\WINDOWS\system.ini (633 bytes, -)

- END OF REPORT -
 

frankysplace

Thread Starter
Joined
Apr 22, 2004
Messages
9
sorry for not being more clear. I did hit fix with the browsers closed as you instructed. Afterwards I hit scan to get a report and the ran hijack for a report so that I could post both on here. Did I do something wrong?
 
Joined
Nov 21, 2003
Messages
5,402
I guess you didn't if you hit fix. Did you update cool web shredder? Try updating it first, then rerun it and only post a hjt log, not the cws log.
 

frankysplace

Thread Starter
Joined
Apr 22, 2004
Messages
9
K followed directions to a tee..



Logfile of HijackThis v1.97.7
Scan saved at 3:59:03 PM, on 4/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\HistoryKill\histkill.exe
C:\WINDOWS\Plaxo\1.4.2.25\InstallStub.exe
C:\Program Files\iolo\Common\Task Agent\task_agent.exe
C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
D:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Frank\Desktop\Spyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webmasterquest.com/start.php?user=frodriguez
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\RecordNow MAX Platinum\StorageGuard\sgtray.exe" /r
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKCU\..\Run: [HistoryKill] C:\Program Files\HistoryKill\histkill.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "c:\Program Files\MSN Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\1.4.2.25\InstallStub.exe -a
O4 - HKCU\..\Run: [iolo Task Agent] C:\Program Files\iolo\Common\Task Agent\task_agent.exe
O4 - HKLM\..\RunOnce: [System Mechanic Cache Cleanup] C:\Program Files\iolo\System Mechanic\SysMechanic.exe /CompleteCache
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Live Menu.lnk = C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
O4 - Global Startup: eFax Tray Menu.lnk = C:\Program Files\eFax Messenger Plus\HotTray.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O4 - Global Startup: EZ Firewall.lnk = C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.accessoveloce.com/webline/x/wzsex21x.exe
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/j3rk0of4.cab
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://D:\index.mht!http://members.lycos.co.uk/moremedia//INDEX.CHM::/load.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1EDCB5B7-3212-11D7-A41E-0020781162FD} - http://www.adbros.com/toolbar/install/setup.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.4everyone.com/searchbar/Install.cab
O16 - DPF: {4522DBFE-14CD-4A59-AC2A-54BADFDD6D53} - http://download.wangluoyouxi.com/download/inst.cab
O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://www.euroklik.nl/plugins_zonder_herhaal_bezoek/jongetienersnl327.exe
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestation.com/common/classes/batchdwnl.cab?version=4,3,2,20802
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
O16 - DPF: {66BD3ED9-31E1-11D7-A41E-0020781162FD} - http://www.adbros.com/toolbar/install/setup.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {83637DFE-6EE1-4815-B874-03449C4877B7} - http://icons.com.ne.kr/active-x/shortcut/Comnekr.cab
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} - http://dialxs.nl/install/dialxs.ocx
O16 - DPF: {8A0DCBDA-6E20-489C-9041-C1E8A0352E75} - http://download.getmirar.com/875455/files/installer.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://212.80.66.25/activex/AxisCamControl.cab
O16 - DPF: {9699ACAA-934A-4156-A73E-76D004A55B8E} - http://ace-casino.com/ShortCut.cab
O16 - DPF: {986DDE35-E955-11D0-A707-000000521958} - http://69.56.176.75/webplugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {AE6CEFA8-1223-4337-8D94-977268FF9AA0} - http://www.********com/includes/Download_UL.cab
O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com/update/IESearch.cab
O16 - DPF: {C8BAC37C-A8D2-425E-B7FC-80B9537FB14A} - http://www.spyblast.com/download/SBFullSInst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553555500} - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {E07201D0-8DA2-4BB4-87B1-C1BAACEBF8BD} - http://smartseek.info/xpy/xpy.cab
O16 - DPF: {EEF29D20-9A47-4657-ADF7-283EC2504001} - http://toolbar2.globalwebsearch.com/winenc32.cab
O16 - DPF: {FFFF0029-0001-101A-A3C9-08002B2F49FB} - http://www.covercd.org/cb/c.exe
 
Joined
Oct 9, 2001
Messages
9,396
There is more to do to remove this parasite........there are files which you need to find that are hidden from windows........they wont show in a HijackThis log.
Frank.........we need to start from scratch........make sure nothing is disabled with MSConfig and post a new log.
;)
 
Joined
Oct 9, 2001
Messages
9,396
I see you beat me to it.


Run hijackthis again and put a checkmark against these entries....double check
in case you miss anything....
.....then,close all browser and outlook windowsincluding this one and "fix checked"

R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.accessoveloce.com/webline/x/wzsex21x.exe
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.ne...ab/j3rk0of4.cab
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://D:\index.mht!
O16 - DPF: {1EDCB5B7-3212-11D7-A41E-0020781162FD} - http://www.adbros.com/toolbar/install/setup.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.4everyone.com/searchbar/Install.cab
O16 - DPF: {4522DBFE-14CD-4A59-AC2A-54BADFDD6D53} - http://download.wangluoyouxi.com/download/inst.cab
O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://www.euroklik.nl/plugins_zond...ienersnl327.exe
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestation.com/common/...ion=4,3,2,20802
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
O16 - DPF: {66BD3ED9-31E1-11D7-A41E-0020781162FD} - http://www.adbros.com/toolbar/install/setup.cab
O16 - DPF: {83637DFE-6EE1-4815-B874-03449C4877B7} - http://icons.com.ne.kr/active-x/shortcut/Comnekr.cab
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} - http://dialxs.nl/install/dialxs.ocx
O16 - DPF: {8A0DCBDA-6E20-489C-9041-C1E8A0352E75} - http://download.getmirar.com/875455/files/installer.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://212.80.66.25/activex/AxisCamControl.cab
O16 - DPF: {9699ACAA-934A-4156-A73E-76D004A55B8E} - http://ace-casino.com/ShortCut.cab
O16 - DPF: {986DDE35-E955-11D0-A707-000000521958} - http://69.56.176.75/webplugin.cab
O16 - DPF: {AE6CEFA8-1223-4337-8D94-977268FF9AA0} - http://www.********com/includes/Download_UL.cab
O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com/update/IESearch.cab
O16 - DPF: {C8BAC37C-A8D2-425E-B7FC-80B9537FB14A} - http://www.spyblast.com/download/SBFullSInst.cab
O16 - DPF: {E07201D0-8DA2-4BB4-87B1-C1BAACEBF8BD} - http://smartseek.info/xpy/xpy.cab
O16 - DPF: {EEF29D20-9A47-4657-ADF7-283EC2504001} - http://toolbar2.globalwebsearch.com/winenc32.cab
O16 - DPF: {FFFF0029-0001-101A-A3C9-08002B2F49FB} - http://www.covercd.org/cb/c.exe


Reboot into safe mode by following instructions here: http://helpdesk.its.bethel.edu/resnet/Documents/Antivirus/Safemode.html
then as some of the files or folders you need to delete may be hidden do this:
Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

Locate and delete:
C:\PROGRAM FILES\INCREDIFIND [FOLDER]
C:\Program Files\WebSavingsfromEbates
D:\index.mht!


These next 2 are really important you find and remove them
or the hijack will return.

C:\Windows\System32\mtwirl.dll file
C:\Windows\System32\mtwcnl32.dll file


;)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top