We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
*sigh* help needed with AVSystemcare
kfer_kaz
Posts: 1,237 Forumite
in Techie Stuff
Hiya, I'm feeling rather angry with myself for letting this stuff infect my comp I'm usually quite diligent.
My comp has been hacked, infected whatever it's called, by some spyware that I just can't get rid of. I read the sticky post on this forum and followed the instructions step by step twice. I stopped when it got to the Hijack download 'cos you scared me lol.
I think I have 2 different spyware that I cam't get rid of, AVSystemcare and freepay.com
I don't understand why the different spyware thingies are not picking it up.grrrrrrrrrrrr
I went to a site called precise security that goes through removing AVSystemcare. It mentions deleting values added to the registry, I couldn't find any of the ones mentioned in my registry. I'm at a total loss. I'm close to thinking I will have to format to get rid of the darn thing so any help advise will be greatly received.
My comp has been hacked, infected whatever it's called, by some spyware that I just can't get rid of. I read the sticky post on this forum and followed the instructions step by step twice. I stopped when it got to the Hijack download 'cos you scared me lol.
I think I have 2 different spyware that I cam't get rid of, AVSystemcare and freepay.com
I don't understand why the different spyware thingies are not picking it up.grrrrrrrrrrrr
I went to a site called precise security that goes through removing AVSystemcare. It mentions deleting values added to the registry, I couldn't find any of the ones mentioned in my registry. I'm at a total loss. I'm close to thinking I will have to format to get rid of the darn thing so any help advise will be greatly received.
2008 won £5119.04 :j
2009 won so far £0:rotfl:
All together now..........
Always look on the bright side of life :whistle: :whistle: :whistle: :whistle: :whistle: :whistle: :whistle:
2009 won so far £0:rotfl:
All together now..........
Always look on the bright side of life :whistle: :whistle: :whistle: :whistle: :whistle: :whistle: :whistle:
0
Comments
-
I'm close to thinking I will have to format to get rid of the darn thing so any help advise will be greatly received.
No follow the instructions given in the Malware Spyware removal guide sticky!
That is why they were written.
:rolleyes::doh: Blue text on this forum usually signifies hyperlinks, so click on them!..:wall:0 -
hi expresso I'm sorry it my original post wasn't clear but I have followed the instuction given on the malware spyware removal guide sticky. Twice, but I stopped when it came to downloading the hijack software because I do not see myself as an expert in computing. I ran AVG, spybot, Ad-ware (which I had on my comp anyway and always have AD-watch on), Windows, Ccleaner. None of these programes picked up the spyware, this is why I am so confused. The pop ups start as soon as I open my IE.2008 won £5119.04 :j
2009 won so far £0:rotfl:
All together now..........
Always look on the bright side of life :whistle: :whistle: :whistle: :whistle: :whistle: :whistle: :whistle:0 -
The idea is that you post the hijack this log on here, so that experts can look at it for you to resolve your problem. Works for others, so give it a try!:doh: Blue text on this forum usually signifies hyperlinks, so click on them!..:wall:0
-
ok, installed hijack did the scan and copied the log, I hop I've done this right.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:19:23, on 04/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Karen\My Documents\HiJackThis_v2\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tribalpages.com/tribe/browse?userid=kferkaz&x=11&y=9&rand=848820844
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - !!089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - !!53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - !!7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - !!2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - !!0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - !!92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! MahJong Solitaire - http://download2.games.yahoo.com/games/clients/y/mjst4_x.cab
O16 - DPF: Yahoo! Pyramids - http://download2.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: !!30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: !!3B5E9B23-7537-4601-A9E8-FA0D956DEA16} (csauie1 Control) - http://www.couponreport.net/ftp/v3123/csauie1.cab
O16 - DPF: !!4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: !!6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182809999359
O16 - DPF: !!6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182811030062
O16 - DPF: !!9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O22 - SharedTaskScheduler: Browseui preloader - !!438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - !!8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
--
End of file - 10181 bytes2008 won £5119.04 :j
2009 won so far £0:rotfl:
All together now..........
Always look on the bright side of life :whistle: :whistle: :whistle: :whistle: :whistle: :whistle: :whistle:0 -
download spybot search and destroy get all the updates for this, then run your computer in safe mode, it may tell you what button it is its usualy f10 or f12, just look uop google if unsure for your comp. Then run spybot in safe mode and should hopefully get rid of this. Run all your anti-virus stuff in safe mode aswel, should get rid of this
0 -
shutton54321 wrote: »download spybot search and destroy get all the updates for this, then run your computer in safe mode, it may tell you what button it is its usualy f10 or f12, just look uop google if unsure for your comp. Then run spybot in safe mode and should hopefully get rid of this. Run all your anti-virus stuff in safe mode aswel, should get rid of this
have done this twice, it's hiding there somewhere. It wants a game of hide and seek and at the moment it's winning:mad:2008 won £5119.04 :j
2009 won so far £0:rotfl:
All together now..........
Always look on the bright side of life :whistle: :whistle: :whistle: :whistle: :whistle: :whistle: :whistle:0 -
further to my troubles I downloaded an application called spywear doctor, did a scan NOT in safe mode. I found 9 instances of infection and cleared the lot.
Does this throw up some questions as to whether or not to scan in safe mode? I did 10 scans in total in safe mode, using reputable aplications and none of them found the spy/mal ware. I do 1 scan not in safe mode and all the infections are found?
Anyway thanks for everyones help, comp is now uninfected:T :j :beer:2008 won £5119.04 :j
2009 won so far £0:rotfl:
All together now..........
Always look on the bright side of life :whistle: :whistle: :whistle: :whistle: :whistle: :whistle: :whistle:0 -
I also have the problem with this and cannot get rid of it. I am sending my hijack this log as well. Thanks so much for any help you can give me.
Logfile of HijackThis v1.99.0
Scan saved at 7:32:37 AM, on 7/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Foxie Suite\StartFoxie.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\backup\MyDownloadFiles\hijackthis.exe\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.winzy.com/sweepstakes.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com//0seenus/saos01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://winzy.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://winzy.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=LOCALHOST:12080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - !!02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - !!089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: Yahoo! IE Suggest - !!5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - !!5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - !!724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - !!7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Virtual Debit Card\PayPalHelper.dll
O3 - Toolbar: McAfee SiteAdvisor - !!0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: &RoboForm - !!724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: PayPal Virtual Debit Card - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Virtual Debit Card\OToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [StartFoxie] C:\Program Files\Foxie Suite\StartFoxie.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AvaFind] "C:\Program Files\AvaFind\AvaFind.exe" /minimized
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [SpamBully 3 for Outlook Express] "C:\Program Files\Axaware\Spam Bully 3 for OE\sb3oe.exe" install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Email It - C:\Program Files\QuickSend\quicksend.html
O8 - Extra context menu item: Clear Fields - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
O8 - Extra context menu item: Customize Menu - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Identities Editor - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O8 - Extra context menu item: Logoff - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
O8 - Extra context menu item: Passcards Editor - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O8 - Extra context menu item: Password Generator - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O8 - Extra context menu item: Reset Fields - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html
O8 - Extra context menu item: RoboForm Options - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O8 - Extra context menu item: RoboForm TaskBar Icon - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O8 - Extra context menu item: RoboForm Toolbar - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Safenotes Editor - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html
O8 - Extra context menu item: Save Forms - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Set Fields - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Fill Forms - !!320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - !!320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - !!320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - !!320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Customize - !!320AF880-6646-11D3-ABEE-C5DBF3571F4E} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra 'Tools' menuitem: Customize Menu - !!320AF880-6646-11D3-ABEE-C5DBF3571F4E} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: Generate - !!320AF880-6646-11D3-ABEE-C5DBF3571F50} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O9 - Extra 'Tools' menuitem: Password Generator - !!320AF880-6646-11D3-ABEE-C5DBF3571F50} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O9 - Extra button: TaskBar - !!320AF880-6646-11D3-ABEE-C5DBF3571F51} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra 'Tools' menuitem: RoboForm TaskBar Icon - !!320AF880-6646-11D3-ABEE-C5DBF3571F51} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra button: Clear Fields - !!320AF880-6646-11D3-ABEE-C5DBF3571F54} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
O9 - Extra 'Tools' menuitem: Clear Fields - !!320AF880-6646-11D3-ABEE-C5DBF3571F54} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
O9 - Extra button: LWA - Add - !!4540C790-267C-4C9C-B95F-D7D0C92B392F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Identities - !!45DB34C3-955C-11D3-ABEF-444553540000} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O9 - Extra 'Tools' menuitem: Identities Editor - !!45DB34C3-955C-11D3-ABEF-444553540000} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O9 - Extra button: Passcards - !!45DB34C3-955C-11D3-ABEF-444553540001} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra 'Tools' menuitem: Passcards Editor - !!45DB34C3-955C-11D3-ABEF-444553540001} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra button: Yahoo! Services - !!5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - !!724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - !!724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: LWA - Load - !!849EC117-49C9-4932-9C0C-C15DA8DB3BB9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: (no name) - {B9441BD6-7896-4C41-AE26-554A61685E6C} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Add to Local Website Archive - {B9441BD6-7896-4C41-AE26-554A61685E6C} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\prls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prls.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: www.clickiq.com
O15 - Trusted Zone: http://www.dell.com
O15 - Trusted Zone: http://*.electric-blue-clicks.com
O15 - Trusted Zone: http://www.gamebonus.com
O15 - Trusted Zone: www.iqportal.com
O15 - Trusted Zone: http://www.jcoc.net
O15 - Trusted Zone: http://*.king.com
O15 - Trusted Zone: www.pineconeresearch.com
O15 - Trusted Zone: www1.pineconeresearch.com
O15 - Trusted Zone: www2.pineconeresearch.com
O15 - Trusted Zone: www.reflexis.com
O15 - Trusted Zone: http://skill.skilljam.com
O15 - Trusted Zone: http://www.ts25.com
O15 - Trusted Zone: http://www.valuedopinions.com
O15 - Trusted Zone: http://www.winzy.com
O15 - Trusted Zone: *.youtube.com
O16 - DPF: !!02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab
O16 - DPF: !!0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: !!193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: !!1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: !!2E4A92AB-F2C0-456A-9935-B715439790D7} (Setup Class) - https://www.permissionresearch.com/Config/CSetup_xp.cab
O16 - DPF: !!30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: !!49937C71-B31C-4EE4-8096-9C935DE005C9} (GBTripeak Control) - http://www.gamebonus.com/dngame/gbtripeak.cab
O16 - DPF: !!4C226336-4032-489F-9674-67E74225979B} -
O16 - DPF: !!50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
O16 - DPF: !!54BA1E8F-818D-407F-949D-BAE1692C5C18} (Attribute Class) - http://gemal.dk/browserspy/capicom.dll
O16 - DPF: !!5C882F0B-967C-4151-980D-B18E711B03B2} (GBBlitz Control) - http://www.gamebonus.com/dngame/gbblitz.cab
O16 - DPF: !!615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: !!62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
O16 - DPF: !!651E822E-364A-4BA2-A5FE-F753CE421884} (GBWordDrop Control) - http://www.gamebonus.com/dngame/gbworddrop.cab
O16 - DPF: !!6944D0ED-F974-40CC-AE94-5A6ABAA2557A} (GBSolitaire Control) - http://www.gamebonus.com/dngame/gbsolitaire.cab
O16 - DPF: !!8401528F-C7D8-446D-8A01-F8DA9491FBB1} (DcaDiagCtrl Class) - http://www.consumerinput.com.edgesuite.net/bot/BotCtrl.cab
O16 - DPF: !!8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: !!93EFDAB8-8800-4896-B428-76F943140E1B} - http://www.consumerinput.com.edgesuite.net/panel/maple/dcainst.cab
O16 - DPF: !!94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
O16 - DPF: !!9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/NaturesBounty/Coupons.cab
O16 - DPF: !!97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v57/cubis/cubis.cab
O16 - DPF: !!9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {AAB73FA7-2F0D-4750-B86C-A12FF5EE53F0} (GBBlitz2 Control) - http://www.gamebonus.com/dngame/gbblitz2.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41/hangman/hangman.cab
O16 - DPF: {B87F4CF3-FC0E-45FB-8564-30F3F1F7A7C7} (GBMahJongSolitaire Control) - http://www.gamebonus.com/dngame/gbmahjongsolitaire.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CA00913E-FA18-47DC-8AF7-5797E160ABB8} (GBMunchnMatchOCX New Control) - http://www.gamebonus.com/dngame/gbmunchnmatch2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://rms2.invokesolutions.com/events/bin/media/5.1.3.1429-3.0.0.7207/MILive.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://www.worldwinner.com/games/v44/golfsol/golfsol.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F7FAB51C-5552-440E-A957-63A542100824} (GBEliminati Control) - http://www.gamebonus.com/dngame/gbeliminate.cab
O16 - DPF: {F966DD44-E369-4390-A801-19D225BEB129} (GBScramble Control) - http://www.gamebonus.com/dngame/gbscramble.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: livecall - !!828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - !!828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - !!3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe0 -
rosan, can you start your own thread otherwise the instructions for removal get confused for each log,
ta
Ex forum ambassador
Long term forum member0 -
download and run
- Download combofix.exe to your desktop.
- Double click on combofix.exe & follow the prompts.
- When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
Ex forum ambassador
Long term forum member0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.5K Banking & Borrowing
- 254.2K Reduce Debt & Boost Income
- 455.1K Spending & Discounts
- 246.6K Work, Benefits & Business
- 603K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards