We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Worm in c:\windows\system32\user32.dll - help needed!!!
Comments
-
Do i need to select "fix checked" on HijackThis at the end of the scan, i still have the window up? Cheers!0
-
Keep your eye on
C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
&
Trusted Zone: *.home-access.co.uk If you did not add these pages to your trusted pages, they should be fixed.
Run CCleaner http://www.ccleaner.com/I used to have a signature but it disappeared and I just couldn't be bothered writing another, so please feel free to ignore this.0 -
Reg Key Info...
0 -
ok
You still have some AVG in the log
Use the 32 bit AVG removal tool
http://www.avg.com/download-tools
Avast isnt running at ALL according to the log!
Uninstall the ASK toolbar (ASKBARDIS)
Uninstall the Wanadoo toolbar (Or whatever it is)
FIX these using hijack ~
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - {94A5C93F-BD18-4C46-B777-C94C145C3CAB} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O22 - SharedTaskScheduler: babblement - {d3b82107-f8fa-4ef3-8066-136e22872d4e} - C:\WINDOWS\system32\sjrggq.dll (file missing)
Any idea what this is ~
https://south.home-access.co.uk
You have 'Advanced Registry Optimizer' running. Id suggest you dont in case it removes something it shouldnt
Run COMBOFIX (Follow the simple instructions it gives)
Post the WHOLE log it creates:idea:0 -
thanks for help alienRIK, HOME-ACCESS was a website which allowed me access to my work intranet, long left that organisation !!! will do as above & post back...0
-
Below is the COMBOFIX log:-
ComboFix 09-04-04.01 - Will 2009-04-10 23:21:38.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.120 [GMT 1:00]
Running from: c:\documents and settings\Will\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\LocalService\Application Data\twain_32
c:\documents and settings\LocalService\Application Data\twain_32\user.ds
c:\program files\Mozilla Firefox\chrome\chrome\content\browser.js
c:\windows\system32\fxe.sp
c:\windows\ynh.dx
.
((((((((((((((((((((((((( Files Created from 2009-03-10 to 2009-04-10 )))))))))))))))))))))))))))))))
.
2009-04-10 20:39 . 2009-04-10 20:39 <DIR> d
c:\program files\Trend Micro
2009-04-10 19:12 . 2009-04-10 19:12 <DIR> d
c:\program files\Malwarebytes' Anti-Malware
2009-04-10 19:12 . 2009-04-10 19:12 <DIR> d
c:\documents and settings\Will\Application Data\Malwarebytes
2009-04-10 19:12 . 2009-04-10 19:12 <DIR> d
c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-10 19:12 . 2009-04-06 15:32 38,496 --a
c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-10 19:12 . 2009-04-06 15:32 15,504 --a
c:\windows\system32\drivers\mbam.sys
2009-04-10 18:42 . 2009-04-10 18:42 <DIR> d
c:\program files\AskBarDis
2009-04-10 18:17 . 2009-04-10 18:17 <DIR> d--hs---- C:\found.000
2009-04-10 17:43 . 2008-02-02 22:11 <DIR> d
c:\documents and settings\Administrator\Application Data\Apple Computer
2009-04-10 17:43 . 2009-04-10 17:43 <DIR> d
c:\documents and settings\Administrator
2009-04-10 17:15 . 2009-04-10 17:15 <DIR> d
c:\documents and settings\Will\DoctorWeb
2009-04-03 19:57 . 2009-04-03 19:57 <DIR> d
c:\program files\Common Files\Adobe AIR
2009-04-03 19:46 . 2009-04-04 23:06 <DIR> d
c:\program files\NOS
2009-04-03 19:46 . 2009-04-04 23:06 <DIR> d
c:\documents and settings\All Users\Application Data\NOS
2009-03-31 11:34 . 2009-03-31 11:34 <DIR> d
c:\program files\iPod
2009-03-31 11:33 . 2009-03-31 11:34 <DIR> d
c:\program files\iTunes
2009-03-31 11:33 . 2009-03-31 11:34 <DIR> d
c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-31 11:31 . 2009-03-31 11:31 <DIR> d
c:\program files\Bonjour
2009-03-31 11:29 . 2009-03-31 11:30 <DIR> d
c:\program files\QuickTime
2009-03-31 11:26 . 2009-03-05 23:59 1,900,544 --a
c:\windows\system32\usbaaplrc.dll
2009-03-30 20:47 . 2009-03-30 20:47 <DIR> d
c:\program files\Alwil Software
2009-03-30 19:44 . 2009-04-06 19:33 <DIR> d
c:\documents and settings\Will\Application Data\Skype
2009-03-30 19:42 . 2009-03-30 19:42 <DIR> dr
c:\program files\Skype
2009-03-19 23:59 . 2009-04-10 23:17 <DIR> d
c:\documents and settings\Will\Tracing
2009-03-19 23:56 . 2009-03-19 23:56 <DIR> d
c:\program files\Microsoft SQL Server Compact Edition
2009-03-19 23:56 . 2006-11-29 14:06 3,426,072 --a
c:\windows\system32\d3dx9_32.dll
2009-03-19 23:52 . 2009-03-19 23:52 <DIR> d
c:\program files\Windows Live SkyDrive
2009-03-19 23:52 . 2009-03-19 23:52 <DIR> d
c:\program files\Microsoft
2009-03-19 23:46 . 2009-03-19 23:46 <DIR> d
c:\program files\Common Files\Windows Live
2009-03-13 20:52 . 2009-03-13 20:52 <DIR> d
c:\program files\Common Files\xing shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-03 18:55
d
w c:\program files\Common Files\Adobe
2009-03-31 10:34
d
w c:\program files\Common Files\Apple
2009-03-30 19:26
d
w c:\documents and settings\All Users\Application Data\STOPzilla!
2009-03-30 18:42
d
w c:\documents and settings\All Users\Application Data\Skype
2009-03-30 11:16
d
w c:\documents and settings\All Users\Application Data\SITEguard
2009-03-19 22:57
d
w c:\program files\Windows Live
2009-03-13 19:52
d
w c:\program files\Common Files\Real
2009-03-13 19:51
d
w c:\program files\Real
2009-03-05 22:59 36,864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-02-19 23:28
d--h--w c:\program files\InstallShield Installation Information
2009-02-19 23:28
d
w c:\program files\Microsoft Reader
2009-02-12 19:09
d
w c:\program files\Blubster
2009-02-12 19:07
d
w c:\documents and settings\Will\Application Data\skypePM
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 19:03 307,576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 18:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2008-07-14 09:55 308,600 ----a-w c:\documents and settings\All Users\Application Data\NortonProtectionMemo.exe
2006-12-21 12:11 278,528 ----a-w c:\program files\Common Files\FDEUnInstaller.exe
2008-08-26 17:02 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082620080827\index.dat
.
c:\windows\system32\user32.dll ... is infected !!
577,024 2005-03-02 18:19:56 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
578,048 2007-03-08 15:48:36 c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
577,536 2007-03-08 15:36:28 c:\windows\$NtServicePackUninstall$\user32.dll
577,024 2004-08-04 12:00:00 c:\windows\$NtUninstallKB890859$\user32.dll
577,024 2005-03-02 18:09:30 c:\windows\$NtUninstallKB925902$\user32.dll
578,560 2008-04-14 00:12:08 c:\windows\ServicePackFiles\i386\user32.dll
578,560 2008-11-27 12:36:34 c:\windows\system32\user32.DLL
Sigcheck
2005-03-02 19:19 577024 1800f293bccc8ede8a70e12b88d80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 16:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
2007-03-08 16:36 577536 b409909f6e2e8a7067076ed748abf1e7 c:\windows\$NtServicePackUninstall$\user32.dll
2004-08-04 13:00 577024 c72661f8552ace7c5c85e16a3cf505c4 c:\windows\$NtUninstallKB890859$\user32.dll
2005-03-02 19:09 577024 de2db164bbb35db061af0997e4499054 c:\windows\$NtUninstallKB925902$\user32.dll
2008-04-14 01:12 578560 b26b135ff1b9f60c9388b4a7d16f600b c:\windows\ServicePackFiles\i386\user32.dll
2008-11-27 13:36 578560 7e22a06a149dae372941cbd3a07201cd c:\windows\system32\user32.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 15:20 279944 --a
c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-26 136600]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-05 339968]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-03-18 98393]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-03-18 688217]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-03-30 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-05-02 57344]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2005-03-16 204800]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2004-10-11 245760]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-04-18 81920]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"OdTray.exe"="c:\program files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe" [2005-05-18 1015871]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-13 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SoundMan"="SOUNDMAN.EXE" [2005-03-24 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\system32\narrator.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office XP\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
2006-12-21 15:48 106496 c:\windows\system32\odyEvent.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 Hotkey;Hotkey;c:\windows\system32\drivers\HOTKEY.sys [2006-10-22 9867]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2006-10-22 200192]
S1 mailKmd;mailKmd; [x]
S1 Wbutton;Wbutton;c:\windows\system32\drivers\Wbutton.sys --> c:\windows\system32\drivers\Wbutton.sys [?]
S2 mdvrmng;Mobile IP Route Manager;\??\c:\windows\system32\drivers\mdvrmng.sys --> c:\windows\system32\drivers\mdvrmng.sys [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64a69a46-917d-11dd-a78b-0014a50f0faf}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64a69a48-917d-11dd-a78b-0014a50f0faf}]
\Shell\AutoRun\command - E:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder
2008-08-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -
Toolbar-SITEguard - (no file)
HKLM-Run-SNM - c:\program files\SpyNoMore\SNM.exe
HKLM-Run-Blubster - c:\program files\Blubster\Blubster.exe
.
Supplementary Scan
.
uStart Page = www.google.co.uk
uSearchMigratedDefaultURL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}
uInternet Connection Wizard,ShellNext = hxxp://www.wanadoo.co.uk/cd_redirects/wanadoohome
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Search with Wanadoo - c:\progra~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
Trusted Zone: home-access.co.uk
DPF: {705EC6D4-B138-4079-A307-EF13E40C2416} - hxxps://south.home-access.co.uk/CACHE/sdesktop/install/binaries/instweb.cab
FF - ProfilePath - c:\documents and settings\Will\Application Data\Mozilla\Firefox\Profiles\awrz5187.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-10 23:24:57
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?????T??????|x??|????q??|?j?wQj?w????????,??? ???|???????????\??????|????????h?????@????????????????s???????s???sx??s@??????????????|h??sl??????????s?????????????????C?sc"?sx??s???????w??@?N'?s?>??-6@??>?????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERS\S-1-5-21-57989841-1390067357-725345543-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(1032)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\odyEvent.dll
.
Completion time: 2009-04-10 23:27:16
ComboFix-quarantined-files.txt 2009-04-10 22:26:30
Pre-Run: 78,919,831,552 bytes free
Post-Run: 80,120,496,128 bytes free
208 --- E O F --- 2009-03-20 22:49:52
Still infected by the looks of things?????0 -
The user 32dll part doesnt look good
Run a COMPLETE scan with the kaspersky online scanner
http://www.kaspersky.co.uk/kos_trialpay_offer
Post the whole log here please:idea:0 -
Saturday, April 11, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, April 11, 2009 12:46:00
Records in database: 2034571
Scan settings
Scan using the following database
extended
Scan archives
yes
Scan mail databases
yes
Scan area
My Computer
C:\
\
Scan statistics
Files scanned
46468
Threat name
6
Infected objects
44
Suspicious objects
3
Duration of the scan
01:43:31
File name
Threat name
Threats count
C:\WINDOWS\system32\USER32.dll/C:\WINDOWS\system32\USER32.dll
Infected: Trojan.Win32.Patched.dr
40
C:\Documents and Settings\Will\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst
Suspicious: Trojan-Spy.HTML.Fraud.gen
3
C:\Documents and Settings\Will\My Documents\Personal\carradiodecoders.zip
Infected: Trojan.Win32.Agent.blfs
1
C:\Documents and Settings\Will\My Documents\Personal\carradiodecoders.zip
Infected: Backdoor.Win32.Delf.nut
1
C:\Program Files\Orange\setup\Orange_icons.EXE
Infected: not-a-virus:AdWare.Win32.BHO.ahy
1
C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\chrome\chrome\content\browser.js.vir
Infected: Trojan.JS.Agent.dx
1
The selected area was scanned.
0 -
Im not really sure how to go about fixing the user32.dll part as its a part of windows
Looks like you have some form of email attachment that has a trojan (Id delete all unknown attachments if I were you)
Open notepad and copy/paste the text in RED below
File::
C:\Documents and Settings\Will\My Documents\Personal\carradiodecoders.zip
C:\Program Files\Orange\setup\Orange_icons.EXE
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.:idea:0 -
Download GLARY UTILITIES (Make sure you click 'DOWNLOAD NOW' ~ UNTICK the ASK toolbar on installation)
http://www.download.com/Glary-Utilities/3000-2094_4-10508531.html
Run the ONE CLICK scan
then goto MODULES, SYSTEM TOOLS, WINDOWS STANDARD TOOLS and try SYSTEM FILE CHECKER
then ~
Download AVIRA ANTI VIRUS PERSONAL (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_antivir/
Avira is your new anti virus software (If just for now)
UPDATE and run a COMPLETE SYSTEM SCAN:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.5K Banking & Borrowing
- 253.7K Reduce Debt & Boost Income
- 454.5K Spending & Discounts
- 245.5K Work, Benefits & Business
- 601.5K Mortgages, Homes & Bills
- 177.6K Life & Family
- 259.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards